x-kom hosting

Komputer czasem lekko się ścina, pojawiają się bluescreeny

PoProstuKrzysiek
utworzono
utworzono (edytowane)

Hej, ostatnio z moim komputerem dzieją dziwne rzeczy i zastanawiam się czy nie jest to wina jakiegoś wirusa. Czasem komputer ścina mi się na 1 s. i wraca do pracy. Co więcej w przeciągu ostatnich 2 tyg. miałem 2 bluescreeny. Mam też podejrzenia co do tego, że ktoś loguje się na moje konta online. Załączam skany z OTL, Gmera i FRST.

[log]Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:10-01-2015 01
Uruchomiony przez Krzysiek (2016-01-10 21:23:15)
Uruchomiony z C:\Users\Krzysiek\Downloads
Windows 7 Home Premium (X64) (2014-07-13 11:36:37)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Administrator (S-1-5-21-1933921575-738410443-1074386466-500 - Administrator - Disabled)
Gość (S-1-5-21-1933921575-738410443-1074386466-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1933921575-738410443-1074386466-1002 - Limited - Enabled)
Inni (S-1-5-21-1933921575-738410443-1074386466-1003 - Limited - Enabled) => C:\Users\Inni
Krzysiek (S-1-5-21-1933921575-738410443-1074386466-1000 - Administrator - Enabled) => C:\Users\Krzysiek

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: AVG Internet Security (Enabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Enabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

4game (HKLM-x32\...\4game) (Version: 3.5.8.180 - Innova Systems)
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AMD Catalyst Install Manager (HKLM\...\{90B5277A-5B7E-AD24-3FDB-E67BB5C2C5C5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AVG (Version: 16.12.7294 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4492 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.12.7294 - AVG Technologies)
Brother MFL-Pro Suite DCP-J152W (HKLM-x32\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Camtasia Studio 8 (HKLM-x32\...\{45F34E54-DAD9-405B-A4F6-B12B0A46B984}) (Version: 8.4.1.1745 - TechSmith Corporation)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.1 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dziobas Rar Player 0.009.52 (HKLM-x32\...\Dziobas Rar Player_is1) (Version:  - Kamil Dzióbek)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FMW 1 (Version: 1.42.1 - AVG Technologies) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.2.929 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Heroes of Might and Magic 3 Complete (HKLM-x32\...\Heroes of Might and Magic 3 Complete_is1) (Version:  - GOG.com)
Heroes of Might and Magic® III: Horn of the Abyss (HKLM-x32\...\HotA_is1) (Version: 1.3.8 - HotA Crew)
IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.1 - IBM Corp)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
K-Lite Codec Pack 10.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.5 - )
LineageII EU (HKLM-x32\...\4game_lineage2eu) (Version:  - Innova Systems)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 pl) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 pl)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{7EB1185B-6319-42D7-B103-707570BFB0D8}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Nazwa firmy) Hidden
PS IMAGO (HKLM\...\PSImago) (Version: 2.0 - Predictive Solutions Sp. z o. o.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39039 - Realtek Semiconductor Corp.)
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
War Thunder Launcher 1.0.1.391 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

CustomCLSID: HKU\S-1-5-21-1933921575-738410443-1074386466-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Krzysiek\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {331C526C-86F1-4820-BCC0-0706B86A6CDE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-10] (Google Inc.)
Task: {387F3169-471A-45E5-88FC-E9188CC4BC2C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000UA => C:\Users\Krzysiek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-12-02] (Facebook Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {8E0BC26E-23E6-4FAE-804B-0D48C9D24CF0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {9A87D031-2BD1-473A-8270-10E5E59CBA44} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_296_pepper.exe
Task: {A023B7D3-48AE-4F63-818B-FE78508E3B42} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {A615DE2C-166D-4ABB-9493-6FEF82DEC904} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B13D2309-EF90-4AEC-A974-6B325EDF6FD6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000Core => C:\Users\Krzysiek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-12-02] (Facebook Inc.)
Task: {BA346734-5B5F-4E0A-BAFB-F43963A8AD75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-10] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_296_pepper.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000Core.job => C:\Users\Krzysiek\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000UA.job => C:\Users\Krzysiek\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Skróty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

==================== Załadowane moduły (filtrowane) ==============

2015-06-19 14:59 - 2005-04-22 05:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2012-10-01 19:36 - 2012-10-01 19:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-07-02 22:51 - 2013-07-02 22:51 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2015-10-20 09:17 - 2015-10-20 09:17 - 00242176 _____ () C:\Program Files (x86)\4game\3.5.8.180\PocoUtil.dll
2015-10-20 09:18 - 2015-10-20 09:18 - 00714240 _____ () C:\Program Files (x86)\4game\3.5.8.180\PocoNet.dll
2015-10-20 09:16 - 2015-10-20 09:16 - 00394240 _____ () C:\Program Files (x86)\4game\3.5.8.180\PocoXML.dll
2015-10-19 09:09 - 2015-10-19 09:07 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2012-10-01 19:37 - 2012-10-01 19:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-16 20:47 - 2015-12-11 04:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 20:47 - 2015-12-11 04:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-12-25 02:03 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)


==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"

==================== EXE - Powiązania (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)

IE trusted site: HKU\S-1-5-21-1933921575-738410443-1074386466-1000\...\dell.com -> dell.com

==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-1933921575-738410443-1074386466-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

(Obecnie brak automatycznej naprawy dla tej sekcji.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Krzysiek\AppData\Local\Apps\2.0\J66ETVMA.N5W\MDQWJEL8.KL7\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Krzysiek\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
MSCONFIG\startupreg: PrivDogService => "C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe"
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [{E801B8ED-819D-4C70-8CB1-3AE0726CC5CB}] => (Allow) LPort=8317
FirewallRules: [{FD8EB297-CBCF-489B-B9BF-9640F0076996}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{5AC93C14-BBFB-460B-AF23-89631DFBF83C}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{C844406D-3C5E-499A-8BE3-5221C1052E29}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{B2FCE92B-9EE9-42FD-AF53-A97C2A2EC649}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{CA45D956-832B-4D4A-8440-60F0F1611EA7}] => (Allow) C:\Program Files (x86)\WarThunder\aces.exe
FirewallRules: [{57908499-4538-4D99-9C03-B1438F6DA2B6}] => (Allow) C:\Program Files (x86)\WarThunder\aces.exe
FirewallRules: [{4E10F3B4-F697-4EE0-B0ED-93FF1D73F6FA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FC302315-D491-4428-B65D-3702671C06AB}] => (Allow) C:\Users\Krzysiek\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{38037EA2-5F6B-42D6-9056-CBAE2C08D440}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8E75A2F5-7FF3-4A82-9F66-06BBBF7C4003}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6A5E45DE-2F83-4125-9078-F1251EE45477}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{130B4143-7FD5-43F7-9AB2-EBB1C7E7B6C1}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{892C183C-B3DA-4504-9C0C-C1691710477D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F3E563AA-2437-42E1-81BD-BABB2178A464}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BAF1AA0E-F7ED-4802-9BC6-2B637FC415B8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{94BF538C-8657-4304-BF95-6FB43A08E82E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4B7B34C3-3202-4704-AB7C-5C983622B652}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B343F74B-3CB1-4BE3-8943-A64F0D5321AE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{D14F0E5C-DAF2-4E98-8552-9998D1F4780A}C:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe] => (Allow) C:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe
FirewallRules: [UDP Query User{A73F3FD6-3764-4C8C-A110-9EEB9E8A2C9A}C:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe] => (Allow) C:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe
FirewallRules: [TCP Query User{6AC97E8D-4B40-4BA5-B46F-C3AB20E4392F}C:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe] => (Allow) C:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe
FirewallRules: [UDP Query User{89AA3D32-BF31-4403-AAD2-AB24885A4212}C:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe] => (Allow) C:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe
FirewallRules: [{6EFC8D34-1707-4769-B488-1C8F2C7C7A0E}] => (Allow) LPort=54925
FirewallRules: [{E93CCC5D-7162-4B64-8FC9-CB613F36D3C8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{82693349-D0DC-4746-BBA7-A7550AA6285B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E7757F0D-6D5F-49F2-87FD-720EA16DA3DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7C61000C-D440-4E1B-BADC-4E0893259EEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C0829D48-1044-488E-BC38-6025B016D309}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{DF2224E6-8917-4CED-8695-4B46565C76A9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{01713E54-BAA7-4983-99A2-0F8BE9F7D155}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{6A3A85CD-A2C7-475B-AEC4-1E0E2486219F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{DEB2823C-297E-4509-A8D3-BF5640DAEE06}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{BB3FE039-F20E-404E-9D35-CA6A2E499936}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{2E83B817-E476-4A51-81A0-B98EDDD90DB2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{88737F62-55B4-4606-9C1C-FBFB0363DF78}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{8A96FA71-E705-4B24-A795-DE8D5D6AE27A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9B1ADEE2-FEB8-4014-847C-9C25FF8DB127}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{C857018C-D9CA-474A-ABBD-772F04A99337}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

==================== Punkty Przywracania systemu =========================

27-12-2015 10:42:38 DDU System Restored Point
27-12-2015 10:51:57 DDU System Restored Point
27-12-2015 11:20:19 AMDCleanupUtility Restore Point
27-12-2015 12:02:20 DDU System Restored Point
10-01-2016 20:31:35 SPTD setup V1.87

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

Name: Kontroler PCI Simple Communications
Description: Kontroler PCI Simple Communications
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (01/10/2016 08:43:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 43.0.4.5848, sygnatura czasowa: 0x568c88bd
Nazwa modułu powodującego błąd: mozglue.dll, wersja: 43.0.4.5848, sygnatura czasowa: 0x568c7b16
Kod wyjątku: 0x80000003
Przesunięcie błędu: 0x0000ed44
Identyfikator procesu powodującego błąd: 0xe28
Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0
Ścieżka aplikacji powodującej błąd: plugin-container.exe1
Ścieżka modułu powodującego błąd: plugin-container.exe2
Identyfikator raportu: plugin-container.exe3

Error: (01/10/2016 08:35:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 43.0.4.5848, sygnatura czasowa: 0x568c88bd
Nazwa modułu powodującego błąd: mozglue.dll, wersja: 43.0.4.5848, sygnatura czasowa: 0x568c7b16
Kod wyjątku: 0x80000003
Przesunięcie błędu: 0x0000ed44
Identyfikator procesu powodującego błąd: 0x98c
Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0
Ścieżka aplikacji powodującej błąd: plugin-container.exe1
Ścieżka modułu powodującego błąd: plugin-container.exe2
Identyfikator raportu: plugin-container.exe3

Error: (01/10/2016 08:31:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu.
.
To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym.


Operacja:
   Zbieranie danych modułu zapisującego

Kontekst:
   Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220}
   Nazwa modułu zapisującego: System Writer
   Identyfikator wystąpienia modułu zapisującego: {0705ec43-71c6-4d6d-9dac-fd47ae7c60c0}

Error: (01/10/2016 06:07:05 PM) (Source: Google Update) (EventID: 20) (User: Gościu)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (01/10/2016 02:52:57 PM) (Source: Google Update) (EventID: 20) (User: Gościu)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (01/10/2016 12:13:38 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (01/09/2016 10:58:30 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (01/08/2016 01:03:55 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (01/07/2016 05:43:06 PM) (Source: Google Update) (EventID: 20) (User: Gościu)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (01/07/2016 08:28:07 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231


Dziennik System:
=============
Error: (01/10/2016 08:44:49 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT)
Description: Wystąpił krytyczny błąd sprzętowy.

Zgłoszone przez składnik: rdzeń procesora
Źródło błędu: 3
Typ błędu: 9
Identyfikator procesora: 0

Widok szczegółów tego wpisu zawiera dodatkowe informacje.

Error: (01/10/2016 08:44:49 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT)
Description: Wystąpił krytyczny błąd sprzętowy.

Zgłoszone przez składnik: rdzeń procesora
Źródło błędu: 3
Typ błędu: 9
Identyfikator procesora: 0

Widok szczegółów tego wpisu zawiera dodatkowe informacje.

Error: (01/10/2016 08:38:29 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT)
Description: Wystąpił krytyczny błąd sprzętowy.

Zgłoszone przez składnik: rdzeń procesora
Źródło błędu: 3
Typ błędu: 9
Identyfikator procesora: 0

Widok szczegółów tego wpisu zawiera dodatkowe informacje.

Error: (01/10/2016 08:38:29 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT)
Description: Wystąpił krytyczny błąd sprzętowy.

Zgłoszone przez składnik: rdzeń procesora
Źródło błędu: 3
Typ błędu: 9
Identyfikator procesora: 0

Widok szczegółów tego wpisu zawiera dodatkowe informacje.

Error: (01/10/2016 11:27:27 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT)
Description: Wystąpił krytyczny błąd sprzętowy.

Zgłoszone przez składnik: rdzeń procesora
Źródło błędu: 3
Typ błędu: 9
Identyfikator procesora: 0

Widok szczegółów tego wpisu zawiera dodatkowe informacje.

Error: (01/10/2016 11:27:27 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT)
Description: Wystąpił krytyczny błąd sprzętowy.

Zgłoszone przez składnik: rdzeń procesora
Źródło błędu: 3
Typ błędu: 9
Identyfikator procesora: 0

Widok szczegółów tego wpisu zawiera dodatkowe informacje.

Error: (01/09/2016 09:49:48 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT)
Description: Wystąpił krytyczny błąd sprzętowy.

Zgłoszone przez składnik: rdzeń procesora
Źródło błędu: 3
Typ błędu: 9
Identyfikator procesora: 0

Widok szczegółów tego wpisu zawiera dodatkowe informacje.

Error: (01/09/2016 09:49:48 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT)
Description: Wystąpił krytyczny błąd sprzętowy.

Zgłoszone przez składnik: rdzeń procesora
Źródło błędu: 3
Typ błędu: 9
Identyfikator procesora: 0

Widok szczegółów tego wpisu zawiera dodatkowe informacje.

Error: (01/09/2016 09:49:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 18:25:52 na ‎2016-‎01-‎09 było nieoczekiwane.

Error: (01/09/2016 01:54:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR2.


CodeIntegrity:
===================================
  Date: 2016-01-05 12:58:46.353
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost_64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-05 12:58:46.329
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost_64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-05 12:58:46.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost_64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-05 12:58:45.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-05 12:58:45.775
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-05 12:58:45.719
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-02 15:51:15.011
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost_64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-02 15:51:14.985
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost_64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-02 15:51:14.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost_64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-02 15:51:14.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost.sys because the set of per-page image hashes could not be found on the system.


==================== Statystyki pamięci ===========================

Procesor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Procent pamięci w użyciu: 75%
Całkowita pamięć fizyczna: 3984.36 MB
Dostępna pamięć fizyczna: 974.88 MB
Całkowita pamięć wirtualna: 7966.86 MB
Dostępna pamięć wirtualna: 4646.93 MB

==================== Dyski ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:726.88 GB) NTFS
Drive e: (CDROM) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0008611B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== Koniec  Addition.txt ============================[/log]

[log]OTL Extras logfile created on: 2016-01-10 20:17:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Krzysiek\Documents\pliki
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,89 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 21,45% Memory free
7,78 Gb Paging File | 4,45 Gb Available in Paging File | 57,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 721,52 Gb Free Space | 77,46% Space Free | Partition Type: NTFS
Drive E: | 11,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: GOŚCIU | User Name: Krzysiek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2468EBD6-C136-4DC1-9FA6-7D9FF02A0FF0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2775F741-DA62-4A00-BC88-CAC0E5EAC3C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E83B817-E476-4A51-81A0-B98EDDD90DB2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{30185BDD-52EB-431D-85AC-E64C1AE4984E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32585FA0-A0A5-4732-922F-25944A58AF1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A28CB19-0BB0-4D0C-BC7D-0B289E496AE6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4CA5C7EA-8020-4D0A-8414-E44F24B5CC5A}" = rport=445 | protocol=6 | dir=out | app=system |
"{532ACCD4-8FC2-4A90-80CA-1E34B2F37592}" = lport=10243 | protocol=6 | dir=in | app=system |
"{56559F10-1A04-4F05-8CD9-62D80FB78F63}" = rport=10243 | protocol=6 | dir=out | app=system |
"{57D7783E-D29F-4929-82F1-1C42A5CF1B74}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A3C391E-7889-4F70-8740-A39091BE01BD}" = lport=137 | protocol=17 | dir=in | app=system |
"{5F40EF78-2805-4E60-A665-4942B8453FFE}" = lport=139 | protocol=6 | dir=in | app=system |
"{6EFC8D34-1707-4769-B488-1C8F2C7C7A0E}" = lport=54925 | protocol=17 | dir=in | svc=stisvc | name=brothernetwork scanner |
"{7D02E13F-7A74-455D-A075-99355E6EB10B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{81B8C33A-7F18-4F46-808F-9F60D8E23C3F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{86E7F2BB-3A94-4160-A863-F02C8C55B5D2}" = rport=137 | protocol=17 | dir=out | app=system |
"{94E8DF56-566B-4FB1-863B-407BCA89A513}" = rport=138 | protocol=17 | dir=out | app=system |
"{AABE6F63-46C6-4297-9D34-5E8E5AA65588}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3D5C8B2-C44F-44C2-A115-59936FEB11D3}" = lport=138 | protocol=17 | dir=in | app=system |
"{BA047547-77A0-40B1-9031-01869C563B66}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE41BCB7-A8D4-4BBE-BAB5-C7840F69FD79}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C13761A9-28DC-4231-8F5E-BCC7945D0E20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE6F047E-9137-481D-AAEF-F59CAAE7EF91}" = lport=445 | protocol=6 | dir=in | app=system |
"{E801B8ED-819D-4C70-8CB1-3AE0726CC5CB}" = lport=8317 | protocol=6 | dir=in | name=techsmith camtasia studio |
"{F49A780B-3F67-4FEB-816D-940157D656D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{F82E1FFA-85AE-4785-930B-D003FAC3BE0A}" = lport=2869 | protocol=6 | dir=in | app=system |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01713E54-BAA7-4983-99A2-0F8BE9F7D155}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\av\avgdiagex.exe |
"{056F0D6A-BC64-4623-A0D0-3236C163F5C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{130B4143-7FD5-43F7-9AB2-EBB1C7E7B6C1}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe |
"{14FCF4DC-D12B-4040-9DCB-89C6854D5AEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2ECD66E5-3081-448E-8DFB-E229B0BE9F3C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3646E04B-19A4-41B6-853D-CE09B1F7BB0D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{36C9C553-E1B4-4A57-A0BB-D48D74969B84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38037EA2-5F6B-42D6-9056-CBAE2C08D440}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{4B7B34C3-3202-4704-AB7C-5C983622B652}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{4E10F3B4-F697-4EE0-B0ED-93FF1D73F6FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4F5416FF-1066-49BF-A096-FC6CC6FECC95}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57908499-4538-4D99-9C03-B1438F6DA2B6}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"{5AC93C14-BBFB-460B-AF23-89631DFBF83C}" = protocol=17 | dir=in | app=c:\programdata\emailnotifier\emailnotifier.exe |
"{61311A3F-106C-4150-8337-1E387A410347}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A3A85CD-A2C7-475B-AEC4-1E0E2486219F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\av\avgdiagex.exe |
"{6A5E45DE-2F83-4125-9078-F1251EE45477}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe |
"{6F22815A-1787-485B-A471-5ABA0BFE891D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{71055D15-D6CB-4A80-BE7D-E8421D616BC1}" = protocol=6 | dir=out | app=system |
"{71741E42-3F16-4591-B300-F1FF6CF00DFC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{744814FF-3A11-4736-98A7-B5813AD38801}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A868A89-4E43-4C68-939F-C27B3D0D00C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C61000C-D440-4E1B-BADC-4E0893259EEA}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{82693349-D0DC-4746-BBA7-A7550AA6285B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\av\avgmfapx.exe |
"{88737F62-55B4-4606-9C1C-FBFB0363DF78}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{8A96FA71-E705-4B24-A795-DE8D5D6AE27A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{8E75A2F5-7FF3-4A82-9F66-06BBBF7C4003}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{94BF538C-8657-4304-BF95-6FB43A08E82E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{95DF848F-CCE4-46C7-96CF-3249596C3603}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{987B22A4-9011-44A7-B1D2-A241C9ADDED2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9B1ADEE2-FEB8-4014-847C-9C25FF8DB127}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{ABB3A72E-7413-4757-9B2E-0A9CB3F9AC99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B2FCE92B-9EE9-42FD-AF53-A97C2A2EC649}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe |
"{B343F74B-3CB1-4BE3-8943-A64F0D5321AE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{BAF1AA0E-F7ED-4802-9BC6-2B637FC415B8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{BB3FE039-F20E-404E-9D35-CA6A2E499936}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\av\avgemca.exe |
"{C0829D48-1044-488E-BC38-6025B016D309}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\av\avgnsa.exe |
"{C33E3E79-3385-4668-BA03-7ACCAFCBE267}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C844406D-3C5E-499A-8BE3-5221C1052E29}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe |
"{C857018C-D9CA-474A-ABBD-772F04A99337}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{CA45D956-832B-4D4A-8440-60F0F1611EA7}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"{CCB2FCFB-065D-40DA-9228-AA4B71EB1A44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DCBF3089-4019-473C-8AF1-F557A1619E6C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DEB2823C-297E-4509-A8D3-BF5640DAEE06}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\av\avgemca.exe |
"{DF2224E6-8917-4CED-8695-4B46565C76A9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\av\avgnsa.exe |
"{E7757F0D-6D5F-49F2-87FD-720EA16DA3DE}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{E93CCC5D-7162-4B64-8FC9-CB613F36D3C8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\av\avgmfapx.exe |
"{FC302315-D491-4428-B65D-3702671C06AB}" = dir=in | app=c:\users\krzysiek\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{FD8EB297-CBCF-489B-B9BF-9640F0076996}" = protocol=6 | dir=in | app=c:\programdata\emailnotifier\emailnotifier.exe |
"{FDE25E5C-68A4-41B9-B342-68AA7DB30409}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{6AC97E8D-4B40-4BA5-B46F-C3AB20E4392F}C:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe |
"TCP Query User{892C183C-B3DA-4504-9C0C-C1691710477D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{D14F0E5C-DAF2-4E98-8552-9998D1F4780A}C:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe" = protocol=6 | dir=in | app=c:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe |
"UDP Query User{89AA3D32-BF31-4403-AAD2-AB24885A4212}C:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe |
"UDP Query User{A73F3FD6-3764-4C8C-A110-9EEB9E8A2C9A}C:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe" = protocol=17 | dir=in | app=c:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe |
"UDP Query User{F3E563AA-2437-42E1-81BD-BABB2178A464}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{104875A1-D083-4A34-BC4F-3F635B7F8EF7}" = IBM SPSS Statistics 22
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86418066F0}" = Java 8 Update 66 (64-bit)
"{2A80E22D-6BA7-4DBB-9DF4-ACE142AB633F}" = AVG 2016
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{5AAEF944-C62A-D1BB-46B1-FC7E5DC772B3}" = AMD Accelerated Video Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{90B5277A-5B7E-AD24-3FDB-E67BB5C2C5C5}" = AMD Catalyst Install Manager
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{AB11E7BD-211E-4EBD-9EAE-0C11CE7B48AE}" = AVG
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C74C8334-8439-2D2C-E977-1625041A0507}" = ccc-utility64
"{CB0B1BB5-7FCE-4985-BC8E-BFAFDB8F892E}" = FMW 1
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"7-Zip" = 7-Zip 15.12 (x64)
"AVG" = AVG Protection
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"PSImago" = PS IMAGO
"SynTPDeinstKey" = Dell Touchpad
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1E496A68-4943-424E-829D-5C3C85B7B8F2}" = Realtek USB Card Reader
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{24E0A5A3-8B05-A8E5-9114-0B0E27BE6907}" = CCC Help Finnish
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2AC3FDD9-B141-8814-BBAA-D471B199EFED}" = CCC Help Italian
"{2F4BC9F2-3187-EC19-15AE-375F70CF28B8}" = CCC Help Chinese Standard
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3DC38E2E-2BD7-A4B9-AFC4-8229DAC1AE58}" = PX Profile Update
"{45F34E54-DAD9-405B-A4F6-B12B0A46B984}" = Camtasia Studio 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB9337C-815F-6953-67DB-B51EC573D98E}" = CCC Help Portuguese
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51FDC2DE-0917-46B7-EAEC-5377504701DE}" = PowerXpressHybrid
"{53504A99-F716-9A94-C490-722A06C32AE8}" = CCC Help English
"{538D7912-CDB6-39A3-D56E-0DEF31DBF343}" = CCC Help Dutch
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{626F9EBF-2B4E-FA83-9040-0748853AB562}" = Catalyst Control Center
"{62C2B951-387C-A86E-D047-3A3627CE0CD8}" = CCC Help Korean
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6A0549A9-1B96-498C-ACBC-3943001FEB19}" = Skype™ 7.14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725DCA77-930D-6F2C-89DC-D6228FF38E59}" = CCC Help German
"{745C2137-F267-2463-B002-955E54FDFF3F}" = CCC Help Norwegian
"{7D259B55-73B9-7A45-919F-782D992D0EDA}" = CCC Help Japanese
"{7E20BAD9-6CFC-4EFD-F3C0-3B0967955D58}" = CCC Help French
"{7EB1185B-6319-42D7-B103-707570BFB0D8}" = OpenOffice 4.1.0
"{89DE5F5C-5381-BFAE-8607-AA373F0D40BE}" = CCC Help Swedish
"{8CDF39C7-81B0-73D7-0C14-4B25369EC74D}" = CCC Help Chinese Traditional
"{94A0C74B-6003-1089-57E1-BE236F95345D}" = Catalyst Control Center InstallProxy
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B0CCBB4E-B4A1-E2E6-5C48-137FEEC38FA6}" = CCC Help Spanish
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B742757A-7658-4E09-A51A-085CF0F7F4D3}" = Brother MFL-Pro Suite DCP-J152W
"{B9A9E16C-1C26-0F3D-4C0A-FFA40749B091}" = Catalyst Control Center Localization All
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CFDFA70A-2373-9CD9-3333-595CC674AFCA}" = Catalyst Control Center Profiles Mobile
"{DAC469D7-B642-4BDB-AE34-C6B3952BFF48}" = Catalyst Control Center - Branding
"{EB462140-628D-6BC2-D1B8-F98654F3130B}" = CCC Help Russian
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.391
"{EE0F6AB7-8360-F5FD-936E-2A40EDB0A198}" = CCC Help Danish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"4game" = 4game
"4game_lineage2eu" = LineageII EU
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Adobe Flash Player PPAPI" = Adobe Flash Player 16 PPAPI
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Webcam Central" = Dell Webcam Central
"Dziobas Rar Player_is1" = Dziobas Rar Player 0.009.52
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"Heroes of Might and Magic 3 Complete_is1" = Heroes of Might and Magic 3 Complete
"HotA_is1" = Heroes of Might and Magic® III: Horn of the Abyss
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.7.5 Full
"Mozilla Firefox 43.0.4 (x86 pl)" = Mozilla Firefox 43.0.4 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Origin" = Origin
"SpeedFan" = SpeedFan (remove only)
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2015-10-05 08:43:29 | Computer Name = Gościu | Source = Google Update | ID = 20
Description =
 
Error - 2015-10-06 00:34:42 | Computer Name = Gościu | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 2015-10-07 02:41:46 | Computer Name = Gościu | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 2015-10-08 03:33:44 | Computer Name = Gościu | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 2015-10-09 02:22:46 | Computer Name = Gościu | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 2015-10-10 03:07:26 | Computer Name = Gościu | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 2015-10-11 07:34:59 | Computer Name = Gościu | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 2015-10-11 07:39:00 | Computer Name = Gościu | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: avgui.exe, wersja: 15.0.0.6140,
sygnatura czasowa: 0x55db2723  Nazwa modułu powodującego błąd: avgui.exe, wersja:
15.0.0.6140, sygnatura czasowa: 0x55db2723  Kod wyjątku: 0xc0000005  Przesunięcie błędu:
 0x000473a1  Identyfikator procesu powodującego błąd: 0x1134  Godzina uruchomienia aplikacji
 powodującej błąd: 0x01d10261d07298b5  Ścieżka aplikacji powodującej błąd: C:\Program
 Files (x86)\AVG\AVG2015\avgui.exe  Ścieżka modułu powodującego błąd: C:\Program Files
 (x86)\AVG\AVG2015\avgui.exe  Identyfikator raportu: a99df57c-700c-11e5-adb6-485ab66f4e04
 
Error - 2015-10-11 07:53:30 | Computer Name = Gościu | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: jucheck.exe, wersja: 2.8.60.27,
sygnatura czasowa: 0x55c116b1  Nazwa modułu powodującego błąd: jucheck.exe, wersja:
 2.8.60.27, sygnatura czasowa: 0x55c116b1  Kod wyjątku: 0x40000015  Przesunięcie błędu:
 0x00052d24  Identyfikator procesu powodującego błąd: 0x1590  Godzina uruchomienia aplikacji
 powodującej błąd: 0x01d1041b6ec16430  Ścieżka aplikacji powodującej błąd: C:\Program
 Files (x86)\Common Files\Java\Java Update\jucheck.exe  Ścieżka modułu powodującego
 błąd: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe  Identyfikator
 raportu: b01e434d-700e-11e5-a919-485ab66f4e04
 
Error - 2015-10-11 08:33:12 | Computer Name = Gościu | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: WebcamDell2.exe, wersja: 1.0.24.0,
 sygnatura czasowa: 0x4a41e20f  Nazwa modułu powodującego błąd: CTViewCtrl.dll, wersja:
 1.0.20.0, sygnatura czasowa: 0x4a42dd62  Kod wyjątku: 0xc0000005  Przesunięcie błędu:
 0x00004080  Identyfikator procesu powodującego błąd: 0x114c  Godzina uruchomienia aplikacji
 powodującej błąd: 0x01d10420d3c7a582  Ścieżka aplikacji powodującej błąd: C:\Program
 Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe  Ścieżka modułu powodującego
 błąd: C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\CTViewCtrl.dll  Identyfikator
 raportu: 3c026d8f-7014-11e5-a919-485ab66f4e04
 
[ System Events ]
Error - 2016-01-09 08:54:30 | Computer Name = Gościu | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR2.
 
Error - 2016-01-09 08:54:30 | Computer Name = Gościu | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR2.
 
Error - 2016-01-09 08:54:31 | Computer Name = Gościu | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR2.
 
Error - 2016-01-09 08:54:31 | Computer Name = Gościu | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR2.
 
Error - 2016-01-09 08:54:32 | Computer Name = Gościu | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR2.
 
Error - 2016-01-09 16:49:24 | Computer Name = Gościu | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 18:25:52 na ?2016-?01-?09 było
nieoczekiwane.
 
Error - 2016-01-09 16:49:48 | Computer Name = Gościu | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Wystąpił krytyczny błąd sprzętowy.    Zgłoszone przez składnik: rdzeń
procesora  Źródło błędu: 3  Typ błędu: 9  Identyfikator procesora: 0    Widok szczegółów tego
 wpisu zawiera dodatkowe informacje.
 
Error - 2016-01-09 16:49:48 | Computer Name = Gościu | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Wystąpił krytyczny błąd sprzętowy.    Zgłoszone przez składnik: rdzeń
procesora  Źródło błędu: 3  Typ błędu: 9  Identyfikator procesora: 0    Widok szczegółów tego
 wpisu zawiera dodatkowe informacje.
 
Error - 2016-01-10 06:27:27 | Computer Name = Gościu | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Wystąpił krytyczny błąd sprzętowy.    Zgłoszone przez składnik: rdzeń
procesora  Źródło błędu: 3  Typ błędu: 9  Identyfikator procesora: 0    Widok szczegółów tego
 wpisu zawiera dodatkowe informacje.
 
Error - 2016-01-10 06:27:27 | Computer Name = Gościu | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Wystąpił krytyczny błąd sprzętowy.    Zgłoszone przez składnik: rdzeń
procesora  Źródło błędu: 3  Typ błędu: 9  Identyfikator procesora: 0    Widok szczegółów tego
 wpisu zawiera dodatkowe informacje.
 
 
< End of report >

[/log]

[log]Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:10-01-2015 01
Uruchomiony przez Krzysiek (administrator)  GOŚCIU (10-01-2016 21:22:26)
Uruchomiony z C:\Users\Krzysiek\Downloads
Załadowane profile: Krzysiek (Dostępne profile: Krzysiek & Inni)
Platform: Windows 7 Home Premium (X64) Język: Polski (Polska)
Internet Explorer Wersja 9 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Innova Co S.a r.l.) C:\Program Files (x86)\4game\3.5.8.180\4game-service.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-11] (Synaptics Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1139112 2015-12-08] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-05] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-02] (Atheros Communications)
HKU\S-1-5-21-1933921575-738410443-1074386466-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1933921575-738410443-1074386466-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1933921575-738410443-1074386466-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1933921575-738410443-1074386466-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1933921575-738410443-1074386466-1000\...\MountPoints2: {40757a69-966d-11e4-a193-485ab66f4e03} - G:\.\Driver\DriverInstaller.exe -eject
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Brak pliku
GroupPolicyUsers\S-1-5-21-1933921575-738410443-1074386466-1003\User: Ograniczenia <======= UWAGA

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{5EF1D79C-18CB-4ABD-984C-85E1D4DC479C}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-17] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-02] (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-17] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-09] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-17] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @4game.com/plugin -> C:\Program Files (x86)\4game\3.5.8.180\npplugin4game.dll [2015-12-25] (Innova Co S.a r.l.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-09] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1933921575-738410443-1074386466-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Krzysiek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Flashlight - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977\Extensions\flashlight@stephennolan.com.au [2015-05-28]
FF Extension: Magic Actions for YouTube™ - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2015-12-28]
FF Extension: Adblock Plus - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]

Chrome:
=======
CHR Profile: C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-01]
CHR Extension: (Dysk Google) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]
CHR Extension: (Google Search) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Arkusze Google) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Gmail) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-01]

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 4game-service; C:\Program Files (x86)\4game\3.5.8.180\4game-service.exe [1561312 2015-12-25] (Innova Co S.a r.l.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1587128 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1049000 2015-12-08] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-27] (Electronic Arts)
S3 PAExec; C:\Windows\PAExec.exe [189112 2015-12-27] (Power Admin LLC)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [Brak podpisu cyfrowego]

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-21] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42224 2014-05-13] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-11] (Synaptics Incorporated)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-06-17] (wisecleaner.com)
S3 btmaux; system32\DRIVERS\btmaux.sys [X]
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
U3 pfldqpog; \??\C:\Users\Krzysiek\AppData\Local\Temp\pfldqpog.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-01-10 21:22 - 2016-01-10 21:22 - 00017812 _____ C:\Users\Krzysiek\Downloads\FRST.txt
2016-01-10 21:21 - 2016-01-10 21:22 - 00000000 ____D C:\FRST
2016-01-10 21:19 - 2016-01-10 21:21 - 02370560 _____ (Farbar) C:\Users\Krzysiek\Downloads\FRST64.exe
2016-01-10 20:45 - 2016-01-10 20:45 - 00000000 ___RD C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-01-10 20:26 - 2016-01-10 20:49 - 00000000 ____D C:\Users\Krzysiek\Desktop\logi
2016-01-10 20:08 - 2016-01-10 20:08 - 00000000 ____D C:\AdwCleaner
2016-01-10 15:32 - 2016-01-10 15:32 - 00010050 _____ C:\Users\Krzysiek\Desktop\co muszę wiedzieć.odt
2016-01-10 14:25 - 2016-01-10 14:25 - 00029745 _____ C:\Users\Krzysiek\Desktop\bilet_KA02341179_2016-01-10.pdf
2016-01-09 13:00 - 2016-01-09 13:01 - 00282120 _____ C:\Windows\Minidump\010916-45177-01.dmp
2016-01-07 15:25 - 2016-01-09 13:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-06 17:34 - 2016-01-06 17:35 - 00282120 _____ C:\Windows\Minidump\010616-34538-01.dmp
2016-01-03 15:10 - 2016-01-03 15:10 - 00352198 _____ C:\Users\Krzysiek\Desktop\The distinction between personality disorder and mental illness.pdf
2016-01-02 17:06 - 2016-01-06 10:16 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Atheros
2016-01-02 17:06 - 2016-01-02 17:06 - 00000000 ____D C:\ProgramData\Atheros
2016-01-02 17:01 - 2016-01-02 17:03 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2016-01-02 17:01 - 2016-01-02 17:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2016-01-02 16:59 - 2013-06-21 04:07 - 00440320 _____ (Atheros) C:\Windows\system32\athihvs.dll
2016-01-02 16:49 - 2016-01-02 16:49 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\ElevatedDiagnostics
2015-12-30 17:04 - 2015-12-30 17:05 - 00135009 _____ C:\Users\Krzysiek\Desktop\diagnoza monika.pdf
2015-12-27 12:44 - 2015-12-27 12:44 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\ATI
2015-12-27 12:44 - 2015-12-27 12:44 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\ATI
2015-12-27 12:44 - 2015-12-27 12:44 - 00000000 ____D C:\ProgramData\ATI
2015-12-27 12:40 - 2015-12-27 12:40 - 00002178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przełączania Grafiki.lnk
2015-12-27 12:40 - 2015-12-27 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-12-27 12:40 - 2015-12-27 12:40 - 00000000 ____D C:\ProgramData\AMD
2015-12-27 12:40 - 2015-12-27 12:40 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-12-27 12:40 - 2015-12-27 12:40 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2015-12-27 12:39 - 2011-09-12 18:05 - 00003917 _____ C:\Windows\SysWOW64\atipblup.dat
2015-12-27 12:39 - 2011-09-12 18:05 - 00003917 _____ C:\Windows\system32\atipblup.dat
2015-12-27 12:38 - 2015-12-27 12:39 - 00000000 ____D C:\Program Files\ATI Technologies
2015-12-27 12:38 - 2015-12-27 12:39 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-12-27 12:38 - 2015-12-27 12:38 - 00000000 ____D C:\Program Files\ATI
2015-12-27 12:37 - 2013-04-10 12:19 - 00035936 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys
2015-12-27 12:21 - 2015-12-27 12:21 - 00000000 _____ C:\Windows\ativpsrm.bin
2015-12-27 12:13 - 2013-05-05 22:53 - 08272648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 07234360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 06985624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 05944264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 05001344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 04450776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 01155264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 00970912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 00139696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 00118584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 00112440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 00092304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-12-27 12:13 - 2013-05-05 22:53 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-12-27 12:13 - 2013-05-05 22:51 - 11661312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-12-27 12:13 - 2013-05-05 22:35 - 29157376 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-12-27 12:13 - 2013-05-05 22:35 - 01187342 _____ C:\Windows\system32\amdocl_as64.exe
2015-12-27 12:13 - 2013-05-05 22:35 - 01061902 _____ C:\Windows\system32\amdocl_ld64.exe
2015-12-27 12:13 - 2013-05-05 22:35 - 00995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2015-12-27 12:13 - 2013-05-05 22:35 - 00798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2015-12-27 12:13 - 2013-05-05 22:35 - 00222720 _____ C:\Windows\system32\clinfo.exe
2015-12-27 12:13 - 2013-05-05 22:35 - 00076288 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2015-12-27 12:13 - 2013-05-05 22:35 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2015-12-27 12:13 - 2013-05-05 22:35 - 00064000 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2015-12-27 12:13 - 2013-05-05 22:35 - 00056320 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2015-12-27 12:13 - 2013-05-05 22:33 - 23815168 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-12-27 12:13 - 2013-05-05 22:31 - 00054784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-12-27 12:13 - 2013-05-05 22:31 - 00050176 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-12-27 12:13 - 2013-05-05 22:27 - 24229376 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-12-27 12:13 - 2013-05-05 22:24 - 00524464 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-12-27 12:13 - 2013-05-05 22:24 - 00524464 _____ C:\Windows\system32\atiapfxx.blb
2015-12-27 12:13 - 2013-05-05 22:22 - 00163840 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-12-27 12:13 - 2013-05-05 22:19 - 16082944 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-12-27 12:13 - 2013-05-05 22:19 - 00051200 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-12-27 12:13 - 2013-05-05 22:19 - 00046080 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-12-27 12:13 - 2013-05-05 22:19 - 00044544 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-12-27 12:13 - 2013-05-05 22:19 - 00044032 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-12-27 12:13 - 2013-05-05 22:18 - 00076800 _____ (AMD) C:\Windows\system32\coinst_12.105.4.dll
2015-12-27 12:13 - 2013-05-05 22:15 - 13703168 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-12-27 12:13 - 2013-05-05 22:09 - 19870720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-12-27 12:13 - 2013-05-05 21:59 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-12-27 12:13 - 2013-05-05 21:58 - 03309936 _____ C:\Windows\system32\atiumd6a.cap
2015-12-27 12:13 - 2013-05-05 21:58 - 00562688 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-12-27 12:13 - 2013-05-05 21:58 - 00241152 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-12-27 12:13 - 2013-05-05 21:58 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2015-12-27 12:13 - 2013-05-05 21:58 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2015-12-27 12:13 - 2013-05-05 21:58 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2015-12-27 12:13 - 2013-05-05 21:58 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2015-12-27 12:13 - 2013-05-05 21:56 - 00120320 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-12-27 12:13 - 2013-05-05 21:56 - 00059392 _____ (ATI Technologies, Inc.) C:\Windows\system32\atiedu64.dll
2015-12-27 12:13 - 2013-05-05 21:56 - 00043520 _____ (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2015-12-27 12:13 - 2013-05-05 21:56 - 00026112 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-12-27 12:13 - 2013-05-05 21:45 - 03342768 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-12-27 12:13 - 2013-05-05 21:33 - 00636416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-12-27 12:13 - 2013-05-05 21:33 - 00430080 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-12-27 12:13 - 2013-05-05 21:32 - 00581632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-12-27 12:13 - 2013-05-05 21:32 - 00079360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-12-27 12:13 - 2013-05-05 21:32 - 00078336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-12-27 12:13 - 2013-05-05 21:32 - 00074240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-12-27 12:13 - 2013-05-05 21:32 - 00071168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-12-27 12:13 - 2013-05-05 21:32 - 00044032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-12-27 12:13 - 2013-05-05 21:32 - 00034816 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-12-27 12:13 - 2013-05-05 21:32 - 00017920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-12-27 12:13 - 2013-05-05 21:32 - 00014848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-12-27 12:13 - 2013-05-05 21:32 - 00014848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-12-27 12:13 - 2013-05-05 21:28 - 00053248 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-12-27 12:13 - 2013-04-10 08:53 - 00231604 _____ C:\Windows\system32\ativvaxy_cik.dat
2015-12-27 12:13 - 2013-04-09 19:30 - 00695004 _____ C:\Windows\system32\atiicdxx.dat
2015-12-27 12:13 - 2013-02-28 08:08 - 00044066 _____ C:\Windows\atiogl.xml
2015-12-27 12:13 - 2013-02-01 14:14 - 00075600 _____ C:\Windows\system32\ativce02.dat
2015-12-27 12:13 - 2012-11-23 05:14 - 00230064 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2015-12-27 12:13 - 2011-09-13 12:06 - 00003917 _____ C:\Windows\SysWOW64\atipblag.dat
2015-12-27 12:13 - 2011-09-13 12:06 - 00003917 _____ C:\Windows\system32\atipblag.dat
2015-12-27 12:13 - 2010-08-28 08:33 - 00332800 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2015-12-27 12:13 - 2009-06-23 05:34 - 00051200 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2015-12-27 12:13 - 2009-05-12 11:35 - 00118784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atibtmon.exe
2015-12-27 12:04 - 2015-12-27 12:04 - 00189112 _____ (Power Admin LLC) C:\Windows\PAExec.exe
2015-12-27 11:48 - 2015-12-27 11:49 - 00282280 _____ C:\Windows\Minidump\122715-51449-01.dmp
2015-12-27 11:41 - 2015-12-27 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-12-27 11:41 - 2015-12-27 11:41 - 00000000 ____D C:\Program Files\7-Zip
2015-12-27 11:07 - 2015-12-27 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2015-12-26 15:49 - 2016-01-09 13:00 - 511548252 _____ C:\Windows\MEMORY.DMP
2015-12-26 15:49 - 2015-12-26 15:51 - 00282280 _____ C:\Windows\Minidump\122615-43836-01.dmp
2015-12-23 17:43 - 2015-12-23 17:43 - 00117528 _____ C:\Users\Krzysiek\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-23 07:44 - 2015-12-23 07:45 - 00469240 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-23 07:44 - 2015-12-23 07:44 - 00262144 ____N C:\Windows\Minidump\122315-44725-01.dmp
2015-12-21 15:50 - 2015-12-21 15:50 - 00000000 ____D C:\Program Files (x86)\Dell
2015-12-21 13:37 - 2015-12-22 13:56 - 00000000 ____D C:\Program Files\Dell
2015-12-19 23:02 - 2016-01-09 23:25 - 00000000 ____D C:\Users\Krzysiek\Desktop\badanie
2015-12-18 19:24 - 2015-12-18 19:25 - 00389379 _____ C:\Users\Krzysiek\Documents\raport i portfolio.pdf
2015-12-18 19:21 - 2015-12-18 19:21 - 00187454 _____ C:\Users\Krzysiek\Documents\raport i portfolio.odt
2015-12-18 19:09 - 2015-12-18 19:32 - 41471184 _____ C:\Users\Krzysiek\Documents\Psychopatologia procesow poznawczych.rar
2015-12-17 09:34 - 2015-12-17 09:33 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64664002.dll
2015-12-17 09:34 - 2015-12-17 09:33 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64625969.dll
2015-12-11 16:11 - 2016-01-08 15:50 - 00022778 _____ C:\Users\Krzysiek\Desktop\umowa.odt

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-01-10 21:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-10 21:18 - 2015-06-17 08:52 - 00000000 ____D C:\Users\Krzysiek\Documents\pliki
2016-01-10 21:11 - 2014-09-18 17:54 - 00000000 ____D C:\ProgramData\MFAData
2016-01-10 21:10 - 2015-07-10 12:50 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 20:53 - 2009-07-14 05:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-10 20:53 - 2009-07-14 05:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-10 20:51 - 2009-07-14 18:55 - 00739432 _____ C:\Windows\system32\perfh015.dat
2016-01-10 20:51 - 2009-07-14 18:55 - 00155510 _____ C:\Windows\system32\perfc015.dat
2016-01-10 20:51 - 2009-07-14 06:13 - 01666944 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-10 20:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-10 20:45 - 2015-08-30 15:42 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-10 20:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-10 20:43 - 2014-12-02 20:38 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000UA.job
2016-01-10 20:43 - 2014-12-02 20:38 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000Core.job
2016-01-10 20:43 - 2014-07-25 14:00 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\CrashDumps
2016-01-10 18:10 - 2014-09-06 18:04 - 00000000 ____D C:\Users\Krzysiek\Documents\Bluetooth Folder
2016-01-10 14:21 - 2015-11-29 12:04 - 00000000 ____D C:\Users\Krzysiek\Desktop\u2b
2016-01-10 14:05 - 2015-06-19 15:00 - 00007889 _____ C:\Windows\BRRBCOM.INI
2016-01-10 00:04 - 2015-01-29 20:38 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-01-09 13:43 - 2014-07-15 15:41 - 00000000 ____D C:\Users\Krzysiek\Documents\Camtasia Studio
2016-01-09 13:00 - 2014-08-01 16:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-09 13:00 - 2014-07-13 18:41 - 00000000 ____D C:\Windows\Minidump
2016-01-09 11:08 - 2014-10-25 15:13 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Adobe
2016-01-09 11:08 - 2014-07-13 23:09 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-09 11:08 - 2014-07-13 23:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-08 16:13 - 2015-06-30 13:20 - 00000000 ____D C:\Users\Krzysiek\Desktop\pen
2016-01-06 20:12 - 2015-11-05 17:19 - 00023319 _____ C:\Users\Krzysiek\Desktop\Nowy OpenDocument Dokument tekstowy (2).odt
2016-01-06 16:19 - 2014-09-13 14:48 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-01-06 11:13 - 2015-07-06 11:52 - 00000327 _____ C:\Users\Krzysiek\Desktop\lęk.txt
2016-01-02 17:05 - 2014-09-06 18:02 - 00000000 ____D C:\Program Files (x86)\Dell Wireless
2016-01-02 16:59 - 2014-09-06 18:02 - 00000000 ____D C:\Windows\system32\nn-NO
2016-01-02 16:54 - 2014-07-13 12:43 - 00000000 ____D C:\Users\Krzysiek\Desktop\dell
2015-12-31 13:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-31 10:16 - 2015-08-19 16:52 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Foxit Reader
2015-12-29 20:20 - 2015-06-30 13:04 - 00000000 ____D C:\Users\Krzysiek\Documents\obrazki
2015-12-27 12:36 - 2014-10-13 12:11 - 00000000 ____D C:\ProgramData\Origin
2015-12-27 12:35 - 2014-10-13 12:13 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Origin
2015-12-27 12:30 - 2015-02-17 18:44 - 00000000 ____D C:\Program Files (x86)\Origin
2015-12-27 12:12 - 2014-07-14 21:39 - 00015354 _____ C:\Windows\system32\results.xml
2015-12-27 12:09 - 2014-07-13 13:18 - 00000000 ____D C:\Program Files (x86)\Intel
2015-12-27 12:08 - 2015-02-07 12:31 - 00000000 ____D C:\Intel
2015-12-27 11:40 - 2014-08-09 13:12 - 00000000 ____D C:\Program Files\WinRAR
2015-12-25 13:08 - 2014-09-30 12:19 - 00001210 _____ C:\Users\Public\Desktop\Lineage 2 EU.lnk
2015-12-25 13:08 - 2014-07-13 15:12 - 00000000 ____D C:\Program Files (x86)\4game
2015-12-25 02:33 - 2014-08-17 13:39 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Skype
2015-12-23 07:16 - 2014-12-24 13:12 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-23 07:10 - 2014-07-13 14:46 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Deployment
2015-12-23 07:09 - 2015-09-13 18:10 - 00000000 ____D C:\Users\Krzysiek\Documents\Fiddler2
2015-12-23 07:09 - 2014-07-20 22:43 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2015-12-23 07:08 - 2014-09-05 09:28 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\uTorrent
2015-12-21 15:51 - 2015-02-05 15:45 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-12-21 15:51 - 2014-07-13 14:14 - 00000000 ____D C:\ProgramData\Dell
2015-12-21 15:46 - 2015-02-05 15:58 - 00000000 ____D C:\ProgramData\PCDr
2015-12-21 15:46 - 2015-02-05 15:56 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\PCDr
2015-12-21 14:01 - 2015-02-05 15:56 - 00000000 ____D C:\temp
2015-12-17 09:49 - 2014-11-25 21:46 - 00000000 ____D C:\ProgramData\Oracle
2015-12-17 09:34 - 2015-08-27 07:21 - 00000000 ____D C:\Users\Krzysiek\.oracle_jre_usage
2015-12-17 09:34 - 2015-07-12 09:37 - 00000000 ____D C:\Program Files\Java
2015-12-17 09:34 - 2014-11-25 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-16 13:24 - 2015-10-06 06:42 - 00000172 _____ C:\Users\Krzysiek\Desktop\Nowy dokument tekstowy.txt

==================== Pliki w katalogu głównym wybranych folderów =======

2014-11-29 20:36 - 2014-11-29 20:57 - 6000640 _____ () C:\Program Files (x86)\GUT5C0B.tmp
2014-11-29 20:56 - 2014-11-29 20:57 - 46766080 _____ () C:\Program Files (x86)\GUT7BFA.tmp
2014-11-29 20:54 - 2014-11-29 20:57 - 46766080 _____ () C:\Program Files (x86)\GUTBE37.tmp
2014-11-29 20:36 - 2014-11-29 20:57 - 6000640 _____ () C:\Program Files (x86)\GUTE852.tmp
2014-11-29 13:11 - 2014-11-29 13:17 - 6000640 _____ () C:\Program Files (x86)\GUTF430.tmp
2015-11-08 16:07 - 2015-11-08 16:19 - 0006656 _____ () C:\Users\Krzysiek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-23 14:18 - 2014-12-23 14:18 - 0003054 _____ () C:\Users\Krzysiek\AppData\Local\recently-used.xbel
2014-07-23 14:20 - 2014-11-05 19:28 - 0007601 _____ () C:\Users\Krzysiek\AppData\Local\resmon.resmoncfg
2014-11-29 13:25 - 2014-11-29 13:25 - 0000000 _____ () C:\Users\Krzysiek\AppData\Local\{34531EFF-384C-4A24-9129-5B91D2A8D49B}
2014-12-20 13:25 - 2014-12-20 13:25 - 0000000 _____ () C:\Users\Krzysiek\AppData\Local\{65D6B3F2-BCA4-49AC-96B0-FCF99D026E9A}
2014-11-30 13:26 - 2014-11-30 13:26 - 0000000 _____ () C:\Users\Krzysiek\AppData\Local\{B05A239E-F9E7-415D-8CB5-FFDA6F034DB3}
2014-09-21 13:56 - 2014-09-21 13:56 - 0000000 _____ () C:\Users\Krzysiek\AppData\Local\{E5B06239-D04D-43E1-94CB-B945021675E4}
2015-09-05 16:35 - 2015-09-05 16:35 - 0000000 _____ () C:\Users\Krzysiek\AppData\Local\{E61E8544-9865-4BEE-ADFF-D6A5B0CD1207}
2014-07-13 13:38 - 2014-07-13 13:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Niektóre pliki w TEMP:
====================
C:\Users\Krzysiek\AppData\Local\Temp\4game_setup-pl.exe
C:\Users\Krzysiek\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Krzysiek\AppData\Local\Temp\avguirn_081315415763.exe
C:\Users\Krzysiek\AppData\Local\Temp\Cleanup.dll
C:\Users\Krzysiek\AppData\Local\Temp\ddu.exe
C:\Users\Krzysiek\AppData\Local\Temp\difxapi.dll
C:\Users\Krzysiek\AppData\Local\Temp\msvcm80.dll
C:\Users\Krzysiek\AppData\Local\Temp\msvcp80.dll
C:\Users\Krzysiek\AppData\Local\Temp\msvcr80.dll
C:\Users\Krzysiek\AppData\Local\Temp\radeon-crimson-15.12-minimalsetup.exe
C:\Users\Krzysiek\AppData\Local\Temp\raptrpatch.exe
C:\Users\Krzysiek\AppData\Local\Temp\raptr_stub.exe
C:\Users\Krzysiek\AppData\Local\Temp\sfamcc00001.dll


==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


LastRegBack: 2016-01-09 14:41

==================== Koniec  FRST.txt ============================[/log]

[log]GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2016-01-10 21:05:06
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10JPVX-75JC3T0 rev.01.01A01 931,51GB
Running: gmer.exe; Driver: C:\Users\Krzysiek\AppData\Local\Temp\pfldqpog.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                                             fffff96000183d00 7 bytes [80, A6, F3, FF, 01, B0, F0]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                         fffff96000183d08 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\AVG\Av\avgfws.exe[2256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                      0000000075b41465 2 bytes [B4, 75]
.text  C:\Program Files (x86)\AVG\Av\avgfws.exe[2256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                     0000000075b414bb 2 bytes [B4, 75]
.text  ...                                                                                                                         * 2
.text  C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                      000000007780f930 5 bytes JMP 00000001777b00a0
.text  C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                    000000007780fa50 5 bytes JMP 00000001777b0018
.text  C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                             000000007780fab0 5 bytes JMP 00000001777b03d0
.text  C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                           000000007780fb30 5 bytes JMP 00000001777b01b0
.text  C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                          000000007780fbd0 5 bytes JMP 00000001777b0128
.text  C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                          0000000077810080 5 bytes JMP 00000001777b0238
.text  C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                       0000000077810110 5 bytes JMP 00000001777b02c0
.text  C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                     0000000077810180 5 bytes JMP 00000001777b0348
.text  C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                            0000000077810640 5 bytes JMP 00000001777b0458
.text  C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                         0000000077810690 5 bytes JMP 00000001777b04e0
.text  C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                      000000007780f930 5 bytes JMP 00000001777b00a0
.text  C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                    000000007780fa50 5 bytes JMP 00000001777b0018
.text  C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                             000000007780fab0 5 bytes JMP 00000001777b03d0
.text  C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                           000000007780fb30 5 bytes JMP 00000001777b01b0
.text  C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                          000000007780fbd0 5 bytes JMP 00000001777b0128
.text  C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                          0000000077810080 5 bytes JMP 00000001777b0238
.text  C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                       0000000077810110 5 bytes JMP 00000001777b02c0
.text  C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                     0000000077810180 5 bytes JMP 00000001777b0348
.text  C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                            0000000077810640 5 bytes JMP 00000001777b0458
.text  C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                         0000000077810690 5 bytes JMP 00000001777b04e0
.text  C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                     000000007780f930 5 bytes JMP 00000001777b00a0
.text  C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                   000000007780fa50 5 bytes JMP 00000001777b0018
.text  C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                            000000007780fab0 5 bytes JMP 00000001777b03d0
.text  C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                          000000007780fb30 5 bytes JMP 00000001777b01b0
.text  C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                         000000007780fbd0 5 bytes JMP 00000001777b0128
.text  C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                         0000000077810080 5 bytes JMP 00000001777b0238
.text  C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                      0000000077810110 5 bytes JMP 00000001777b02c0
.text  C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                    0000000077810180 5 bytes JMP 00000001777b0348
.text  C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                           0000000077810640 5 bytes JMP 00000001777b0458
.text  C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                        0000000077810690 5 bytes JMP 00000001777b04e0
.text  C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection    000000007780f930 5 bytes JMP 00000001777b00a0
.text  C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory  000000007780fa50 5 bytes JMP 00000001777b0018
.text  C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent           000000007780fab0 5 bytes JMP 00000001777b03d0
.text  C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent         000000007780fb30 5 bytes JMP 00000001777b01b0
.text  C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread        000000007780fbd0 5 bytes JMP 00000001777b0128
.text  C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant        0000000077810080 5 bytes JMP 00000001777b0238
.text  C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore     0000000077810110 5 bytes JMP 00000001777b02c0
.text  C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess   0000000077810180 5 bytes JMP 00000001777b0348
.text  C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant          0000000077810640 5 bytes JMP 00000001777b0458
.text  C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore       0000000077810690 5 bytes JMP 00000001777b04e0
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                       000000007780f930 5 bytes JMP 00000001777b00a0
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                     000000007780fa50 5 bytes JMP 00000001777b0018
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                              000000007780fab0 5 bytes JMP 00000001777b03d0
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                            000000007780fb30 5 bytes JMP 00000001777b01b0
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                           000000007780fbd0 5 bytes JMP 00000001777b0128
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                           0000000077810080 5 bytes JMP 00000001777b0238
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                        0000000077810110 5 bytes JMP 00000001777b02c0
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                      0000000077810180 5 bytes JMP 00000001777b0348
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                             0000000077810640 5 bytes JMP 00000001777b0458
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                          0000000077810690 5 bytes JMP 00000001777b04e0
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                       000000007780f930 5 bytes JMP 00000001777b00a0
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                     000000007780fa50 5 bytes JMP 00000001777b0018
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                              000000007780fab0 5 bytes JMP 00000001777b03d0
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                            000000007780fb30 5 bytes JMP 00000001777b01b0
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                           000000007780fbd0 5 bytes JMP 00000001777b0128
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                           0000000077810080 5 bytes JMP 00000001777b0238
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                        0000000077810110 5 bytes JMP 00000001777b02c0
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                      0000000077810180 5 bytes JMP 00000001777b0348
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                             0000000077810640 5 bytes JMP 00000001777b0458
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                          0000000077810690 5 bytes JMP 00000001777b04e0
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                        000000007780f930 5 bytes JMP 00000001777b00a0
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                      000000007780fa50 5 bytes JMP 00000001777b0018
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                               000000007780fab0 5 bytes JMP 00000001777b03d0
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                             000000007780fb30 5 bytes JMP 00000001777b01b0
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                            000000007780fbd0 5 bytes JMP 00000001777b0128
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                            0000000077810080 5 bytes JMP 00000001777b0238
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                         0000000077810110 5 bytes JMP 00000001777b02c0
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                       0000000077810180 5 bytes JMP 00000001777b0348
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                              0000000077810640 5 bytes JMP 00000001777b0458
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                           0000000077810690 5 bytes JMP 00000001777b04e0
.text  C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                     000000007780f930 5 bytes JMP 00000001777b00a0
.text  C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                   000000007780fa50 5 bytes JMP 00000001777b0018
.text  C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                            000000007780fab0 5 bytes JMP 00000001777b03d0
.text  C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                          000000007780fb30 5 bytes JMP 00000001777b01b0
.text  C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                         000000007780fbd0 5 bytes JMP 00000001777b0128
.text  C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                         0000000077810080 5 bytes JMP 00000001777b0238
.text  C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                      0000000077810110 5 bytes JMP 00000001777b02c0
.text  C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                    0000000077810180 5 bytes JMP 00000001777b0348
.text  C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                           0000000077810640 5 bytes JMP 00000001777b0458
.text  C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                        0000000077810690 5 bytes JMP 00000001777b04e0
.text  C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                        000000007780f930 5 bytes JMP 00000001777b00a0
.text  C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                      000000007780fa50 5 bytes JMP 00000001777b0018
.text  C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                               000000007780fab0 5 bytes JMP 00000001777b03d0
.text  C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                             000000007780fb30 5 bytes JMP 00000001777b01b0
.text  C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                            000000007780fbd0 5 bytes JMP 00000001777b0128
.text  C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                            0000000077810080 5 bytes JMP 00000001777b0238
.text  C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                         0000000077810110 5 bytes JMP 00000001777b02c0
.text  C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                       0000000077810180 5 bytes JMP 00000001777b0348
.text  C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                              0000000077810640 5 bytes JMP 00000001777b0458
.text  C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                           0000000077810690 5 bytes JMP 00000001777b04e0
.text  C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                     000000007780f930 5 bytes JMP 00000001777b00a0
.text  C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                   000000007780fa50 5 bytes JMP 00000001777b0018
.text  C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                            000000007780fab0 5 bytes JMP 00000001777b03d0
.text  C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                          000000007780fb30 5 bytes JMP 00000001777b01b0
.text  C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                         000000007780fbd0 5 bytes JMP 00000001777b0128
.text  C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                         0000000077810080 5 bytes JMP 00000001777b0238
.text  C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                      0000000077810110 5 bytes JMP 00000001777b02c0
.text  C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                    0000000077810180 5 bytes JMP 00000001777b0348
.text  C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                           0000000077810640 5 bytes JMP 00000001777b0458
.text  C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                        0000000077810690 5 bytes JMP 00000001777b04e0
.text  C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                     000000007780f930 5 bytes JMP 00000001777b00a0
.text  C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                   000000007780fa50 5 bytes JMP 00000001777b0018
.text  C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                            000000007780fab0 5 bytes JMP 00000001777b03d0
.text  C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                          000000007780fb30 5 bytes JMP 00000001777b01b0
.text  C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                         000000007780fbd0 5 bytes JMP 00000001777b0128
.text  C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                         0000000077810080 5 bytes JMP 00000001777b0238
.text  C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                      0000000077810110 5 bytes JMP 00000001777b02c0
.text  C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                    0000000077810180 5 bytes JMP 00000001777b0348
.text  C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                           0000000077810640 5 bytes JMP 00000001777b0458
.text  C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                        0000000077810690 5 bytes JMP 00000001777b04e0
.text  C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                              00000000779bfbe0 5 bytes JMP 0000000170c622f0
.text  C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                            00000000779bfda4 5 bytes JMP 0000000170c62180
.text  C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                     00000000779bfe38 5 bytes JMP 0000000170c625b0
.text  C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent                                   00000000779bff04 5 bytes JMP 0000000170c62590
.text  C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                  00000000779bfff8 5 bytes JMP 0000000170c624b0
.text  C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                  00000000779c072c 5 bytes JMP 0000000170c625d0
.text  C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore                               00000000779c0804 5 bytes JMP 0000000170c62610
.text  C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                             00000000779c08ac 5 bytes JMP 0000000170c62650
.text  C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant                                    00000000779c1008 5 bytes JMP 0000000170c625f0
.text  C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore                                 00000000779c1080 5 bytes JMP 0000000170c62630
.text  C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection               00000000779bfbe0 5 bytes JMP 0000000170c622f0
.text  C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory             00000000779bfda4 5 bytes JMP 0000000170c62180
.text  C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                      00000000779bfe38 5 bytes JMP 0000000170c625b0
.text  C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent                    00000000779bff04 5 bytes JMP 0000000170c62590
.text  C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                   00000000779bfff8 5 bytes JMP 0000000170c624b0
.text  C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                   00000000779c072c 5 bytes JMP 0000000170c625d0
.text  C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore                00000000779c0804 5 bytes JMP 0000000170c62610
.text  C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess              00000000779c08ac 5 bytes JMP 0000000170c62650
.text  C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant                     00000000779c1008 5 bytes JMP 0000000170c625f0
.text  C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore                  00000000779c1080 5 bytes JMP 0000000170c62630
.text  C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        0000000075b41465 2 bytes [B4, 75]
.text  C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155       0000000075b414bb 2 bytes [B4, 75]
.text  ...                                                                                                                         * 2
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection     00000000779bfbe0 5 bytes JMP 0000000170c622f0
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory   00000000779bfda4 5 bytes JMP 0000000170c62180
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent            00000000779bfe38 5 bytes JMP 0000000170c625b0
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent          00000000779bff04 5 bytes JMP 0000000170c62590
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread         00000000779bfff8 5 bytes JMP 0000000170c624b0
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant         00000000779c072c 5 bytes JMP 0000000170c625d0
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore      00000000779c0804 5 bytes JMP 0000000170c62610
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess    00000000779c08ac 5 bytes JMP 0000000170c62650
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant           00000000779c1008 5 bytes JMP 0000000170c625f0
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore        00000000779c1080 5 bytes JMP 0000000170c62630
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                     000000007780f930 5 bytes JMP 00000001777b00a0
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                   000000007780fa50 5 bytes JMP 00000001777b0018
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                            000000007780fab0 5 bytes JMP 00000001777b03d0
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                          000000007780fb30 5 bytes JMP 00000001777b01b0
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                         000000007780fbd0 5 bytes JMP 00000001777b0128
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                         0000000077810080 5 bytes JMP 00000001777b0238
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                      0000000077810110 5 bytes JMP 00000001777b02c0
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                    0000000077810180 5 bytes JMP 00000001777b0348
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                           0000000077810640 5 bytes JMP 00000001777b0458
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                        0000000077810690 5 bytes JMP 00000001777b04e0
.text  C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                       00000000779bfbe0 5 bytes JMP 0000000170c622f0
.text  C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                     00000000779bfda4 5 bytes JMP 0000000170c62180
.text  C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                              00000000779bfe38 5 bytes JMP 0000000170c625b0
.text  C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent                                            00000000779bff04 5 bytes JMP 0000000170c62590
.text  C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                           00000000779bfff8 5 bytes JMP 0000000170c624b0
.text  C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                           00000000779c072c 5 bytes JMP 0000000170c625d0
.text  C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore                                        00000000779c0804 5 bytes JMP 0000000170c62610
.text  C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                      00000000779c08ac 5 bytes JMP 0000000170c62650
.text  C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant                                             00000000779c1008 5 bytes JMP 0000000170c625f0
.text  C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore                                          00000000779c1080 5 bytes JMP 0000000170c62630
.text  C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                      000000007780f930 5 bytes JMP 00000001777b00a0
.text  C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                    000000007780fa50 5 bytes JMP 00000001777b0018
.text  C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                             000000007780fab0 5 bytes JMP 00000001777b03d0
.text  C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                           000000007780fb30 5 bytes JMP 00000001777b01b0
.text  C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                          000000007780fbd0 5 bytes JMP 00000001777b0128
.text  C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                          0000000077810080 5 bytes JMP 00000001777b0238
.text  C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                       0000000077810110 5 bytes JMP 00000001777b02c0
.text  C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                     0000000077810180 5 bytes JMP 00000001777b0348
.text  C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                            0000000077810640 5 bytes JMP 00000001777b0458
.text  C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                         0000000077810690 5 bytes JMP 00000001777b04e0

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\485ab66f4e04                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\485ab66f4e04@5001bb251086                                    0xE4 0x06 0x7A 0xDA ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                            
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                         C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\485ab66f4e04 (not active ControlSet)                             
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\485ab66f4e04@5001bb251086                                        0xE4 0x06 0x7A 0xDA ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                        
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                             C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                             0x00 0x00 0x00 0x00 ...

---- EOF - GMER 2.1 ----

[/log]

[log]OTL logfile created on: 2016-01-10 20:17:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Krzysiek\Documents\pliki
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,89 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 21,45% Memory free
7,78 Gb Paging File | 4,45 Gb Available in Paging File | 57,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 721,52 Gb Free Space | 77,46% Space Free | Partition Type: NTFS
Drive E: | 11,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: GOŚCIU | User Name: Krzysiek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2016-01-10 20:16:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Krzysiek\Moje dokumenty\pliki\OTL.exe
PRC - [2016-01-09 11:08:01 | 003,442,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
PRC - [2016-01-07 15:25:46 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015-12-25 09:40:04 | 001,561,312 | ---- | M] (Innova Co S.a r.l.) -- C:\Program Files (x86)\4game\3.5.8.180\4game-service.exe
PRC - [2015-12-11 04:54:14 | 000,741,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015-12-08 07:25:36 | 001,139,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
PRC - [2015-11-20 08:19:56 | 003,857,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Av\avgidsagent.exe
PRC - [2015-11-20 08:16:04 | 001,587,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Av\avgfws.exe
PRC - [2015-11-20 08:15:18 | 003,855,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Av\avgui.exe
PRC - [2015-11-20 08:14:54 | 000,579,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
PRC - [2015-09-29 21:02:16 | 048,220,352 | ---- | M] (Foxit Software Inc.) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
PRC - [2014-04-22 15:17:00 | 009,837,056 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
PRC - [2014-04-22 15:17:00 | 009,828,864 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
PRC - [2014-04-22 15:17:00 | 000,103,936 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
PRC - [2013-06-21 03:53:16 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2010-09-01 05:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2016-01-09 11:08:01 | 017,882,304 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll
MOD - [2015-12-24 07:46:02 | 016,792,256 | ---- | M] () -- C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll
MOD - [2015-12-11 04:54:11 | 001,583,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
MOD - [2015-12-11 04:54:09 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
MOD - [2015-10-19 09:07:34 | 040,500,224 | ---- | M] () -- C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
MOD - [2015-09-21 17:21:00 | 003,426,496 | ---- | M] () -- C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\CommentsSummary.fpi
MOD - [2014-04-22 12:00:08 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
MOD - [2014-04-15 15:23:14 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
MOD - [2014-04-15 15:23:12 | 000,303,616 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll
MOD - [2014-04-15 15:23:12 | 000,136,192 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
MOD - [2012-10-01 19:37:48 | 006,522,480 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office15\1033\GrooveIntlResource.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2013-06-18 18:18:38 | 000,246,488 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:[b]64bit:[/b] - [2013-05-05 21:58:02 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009-11-17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2016-01-07 15:25:45 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015-12-27 12:29:28 | 002,104,840 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2015-12-27 12:04:37 | 000,189,112 | ---- | M] (Power Admin LLC) [On_Demand | Stopped] -- C:\Windows\PAExec.exe -- (PAExec)
SRV - [2015-12-25 09:40:04 | 001,561,312 | ---- | M] (Innova Co S.a r.l.) [Auto | Running] -- C:\Program Files (x86)\4game\3.5.8.180\4game-service.exe -- (4game-service)
SRV - [2015-12-08 07:25:24 | 001,049,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe -- (avgsvc)
SRV - [2015-11-20 08:19:56 | 003,857,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Av\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2015-11-20 08:16:04 | 001,587,128 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Av\avgfws.exe -- (avgfws)
SRV - [2015-11-20 08:14:54 | 000,579,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe -- (avgwd)
SRV - [2015-11-20 08:13:38 | 000,615,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\Av\avgamps.exe -- (AvgAMPS)
SRV - [2015-07-09 12:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-09-04 22:01:14 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-07-02 23:00:14 | 000,312,448 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2013-06-21 03:53:16 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012-10-26 09:40:10 | 000,282,112 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012-07-09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2015-11-06 15:50:34 | 000,184,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:[b]64bit:[/b] - [2015-11-06 15:49:38 | 000,313,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:[b]64bit:[/b] - [2015-11-06 15:49:38 | 000,256,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:[b]64bit:[/b] - [2015-10-21 16:16:48 | 000,284,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:[b]64bit:[/b] - [2015-10-08 07:46:44 | 000,302,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:[b]64bit:[/b] - [2015-09-11 16:53:23 | 000,032,464 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DDDriver64Dcsa.sys -- (DDDriver)
DRV:[b]64bit:[/b] - [2015-09-11 16:53:23 | 000,024,240 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DellProf.sys -- (DellProf)
DRV:[b]64bit:[/b] - [2015-08-29 14:31:02 | 000,097,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:[b]64bit:[/b] - [2015-08-20 12:58:04 | 000,298,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:[b]64bit:[/b] - [2015-08-14 13:24:40 | 000,398,256 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:[b]64bit:[/b] - [2015-08-10 14:25:40 | 000,042,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:[b]64bit:[/b] - [2014-12-21 12:10:55 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2014-05-13 14:21:18 | 000,035,440 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:[b]64bit:[/b] - [2014-05-13 14:06:08 | 000,042,224 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv.sys -- (ManyCam)
DRV:[b]64bit:[/b] - [2013-12-20 15:38:04 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:[b]64bit:[/b] - [2013-12-20 15:38:02 | 000,790,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:[b]64bit:[/b] - [2013-12-20 15:38:02 | 000,369,648 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:[b]64bit:[/b] - [2013-08-11 21:54:36 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2013-08-11 21:54:36 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:[b]64bit:[/b] - [2013-08-01 00:15:08 | 000,452,088 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2013-07-09 10:03:44 | 004,445,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,589,000 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,347,336 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2013-06-24 21:56:16 | 003,979,776 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2013-06-18 15:22:36 | 000,872,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2013-05-05 22:51:16 | 011,661,312 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2013-05-05 21:32:30 | 000,581,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2013-04-10 12:19:40 | 000,035,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:[b]64bit:[/b] - [2012-12-21 14:42:28 | 000,326,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:[b]64bit:[/b] - [2012-03-01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:[b]64bit:[/b] - [2009-06-15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2015-06-17 10:45:08 | 000,014,800 | ---- | M] (wisecleaner.com) [Kernel | On_Demand | Stopped] -- C:\Windows\WiseHDInfo64.dll -- (WiseHDInfo)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl-PL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 60 94 1D C9 54 D0 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.countryCode: "PL"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "PL"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:43.0.4
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.66.2: C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2: C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@4game.com/plugin: C:\Program Files (x86)\4game\3.5.8.180\npplugin4game.dll (Innova Co S.a r.l.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Krzysiek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014-07-13 23:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Extensions
[2016-01-09 17:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977\extensions
[2015-05-28 21:39:44 | 000,000,000 | ---D | M] (Flashlight) -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977\extensions\flashlight@stephennolan.com.au
[2015-12-28 14:00:58 | 000,411,147 | ---- | M] () (No name found) -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi
[2015-12-15 16:21:31 | 000,989,188 | ---- | M] () (No name found) -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016-01-07 15:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2016-01-07 15:25:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.10_0\
CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.45_0\
CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AvgUi] C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Atheros Communications)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EF1D79C-18CB-4ABD-984C-85E1D4DC479C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{40757a69-966d-11e4-a193-485ab66f4e03}\Shell - "" = AutoRun
O33 - MountPoints2\{40757a69-966d-11e4-a193-485ab66f4e03}\Shell\AutoRun\command - "" = G:\.\Driver\DriverInstaller.exe -eject
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2016-01-10 20:08:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016-01-10 18:10:39 | 000,000,000 | R--D | C] -- C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2016-01-07 15:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016-01-02 17:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2016-01-02 17:06:44 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Roaming\Atheros
[2016-01-02 17:01:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
[2016-01-02 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\QCA_Bluetooth
[2016-01-02 16:59:08 | 000,440,320 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2016-01-02 16:49:08 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Local\ElevatedDiagnostics
[2015-12-27 12:44:50 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Roaming\ATI
[2015-12-27 12:44:50 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Local\ATI
[2015-12-27 12:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2015-12-27 12:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2015-12-27 12:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2015-12-27 12:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2015-12-27 12:40:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2015-12-27 12:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2015-12-27 12:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2015-12-27 12:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2015-12-27 12:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2015-12-27 12:37:40 | 000,035,936 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\amdkmpfd.sys
[2015-12-27 12:13:34 | 006,985,624 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2015-12-27 12:13:34 | 005,944,264 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2015-12-27 12:13:34 | 005,001,344 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2015-12-27 12:13:34 | 004,450,776 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2015-12-27 12:13:34 | 000,139,696 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2015-12-27 12:13:34 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2015-12-27 12:13:34 | 000,118,584 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2015-12-27 12:13:34 | 000,112,440 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2015-12-27 12:13:34 | 000,092,304 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2015-12-27 12:13:34 | 000,076,800 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_12.105.4.dll
[2015-12-27 12:13:34 | 000,076,288 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OpenVideo64.dll
[2015-12-27 12:13:34 | 000,074,240 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atisamu64.dll
[2015-12-27 12:13:34 | 000,071,168 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atisamu32.dll
[2015-12-27 12:13:34 | 000,065,536 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OpenVideo.dll
[2015-12-27 12:13:34 | 000,064,000 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OVDecode64.dll
[2015-12-27 12:13:34 | 000,056,320 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OVDecode.dll
[2015-12-27 12:13:33 | 024,229,376 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2015-12-27 12:13:33 | 019,870,720 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2015-12-27 12:13:33 | 016,082,944 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2015-12-27 12:13:33 | 013,703,168 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2015-12-27 12:13:33 | 011,661,312 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2015-12-27 12:13:33 | 008,272,648 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2015-12-27 12:13:33 | 007,234,360 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2015-12-27 12:13:33 | 001,155,264 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2015-12-27 12:13:33 | 000,970,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2015-12-27 12:13:33 | 000,636,416 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2015-12-27 12:13:33 | 000,581,632 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2015-12-27 12:13:33 | 000,562,688 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2015-12-27 12:13:33 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atidemgy.dll
[2015-12-27 12:13:33 | 000,430,080 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2015-12-27 12:13:33 | 000,332,800 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODE.exe
[2015-12-27 12:13:33 | 000,241,152 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2015-12-27 12:13:33 | 000,163,840 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2015-12-27 12:13:33 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe
[2015-12-27 12:13:33 | 000,078,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2015-12-27 12:13:33 | 000,078,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2015-12-27 12:13:33 | 000,071,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2015-12-27 12:13:33 | 000,071,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2015-12-27 12:13:33 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2015-12-27 12:13:33 | 000,054,784 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2015-12-27 12:13:33 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2015-12-27 12:13:33 | 000,051,200 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODCLI.exe
[2015-12-27 12:13:33 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2015-12-27 12:13:33 | 000,050,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2015-12-27 12:13:33 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2015-12-27 12:13:33 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2015-12-27 12:13:33 | 000,044,032 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2015-12-27 12:13:33 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2015-12-27 12:13:33 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2015-12-27 12:13:33 | 000,034,816 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2015-12-27 12:13:33 | 000,026,112 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2015-12-27 12:13:33 | 000,017,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2015-12-27 12:13:33 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2015-12-27 12:13:33 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2015-12-27 12:13:32 | 029,157,376 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2015-12-27 12:13:32 | 023,815,168 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
[2015-12-27 12:13:32 | 000,079,360 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdave64.dll
[2015-12-27 12:13:32 | 000,078,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdave32.dll
[2015-12-27 12:04:50 | 000,189,112 | ---- | C] (Power Admin LLC) -- C:\Windows\PAExec.exe
[2015-12-27 11:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2015-12-27 11:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2015-12-27 11:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
[2015-12-21 15:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2015-12-21 13:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2015-12-19 23:02:03 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\Desktop\badanie
[2015-12-17 09:34:40 | 000,110,176 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64664002.dll
[2015-12-17 09:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015-12-17 09:34:02 | 000,110,176 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64625969.dll
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2016-01-10 20:10:03 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016-01-10 18:11:53 | 001,666,944 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016-01-10 18:11:53 | 000,739,432 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2016-01-10 18:11:53 | 000,653,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016-01-10 18:11:53 | 000,155,510 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2016-01-10 18:11:53 | 000,121,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016-01-10 18:07:05 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000UA.job
[2016-01-10 18:06:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016-01-10 15:32:47 | 000,010,050 | ---- | M] () -- C:\Users\Krzysiek\Desktop\co muszę wiedzieć.odt
[2016-01-10 14:25:05 | 000,029,745 | ---- | M] () -- C:\Users\Krzysiek\Desktop\bilet_KA02341179_2016-01-10.pdf
[2016-01-10 14:05:50 | 000,007,889 | ---- | M] () -- C:\Windows\BRRBCOM.INI
[2016-01-10 11:34:32 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016-01-10 11:34:32 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016-01-10 11:28:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016-01-10 11:27:07 | 3133,427,712 | -HS- | M] () -- C:\hiberfil.sys
[2016-01-10 00:04:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job
[2016-01-09 13:00:06 | 511,548,252 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2016-01-09 11:08:01 | 000,796,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016-01-09 11:08:01 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016-01-08 20:48:59 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000Core.job
[2016-01-08 15:50:33 | 000,022,778 | ---- | M] () -- C:\Users\Krzysiek\Desktop\umowa.odt
[2016-01-06 20:12:26 | 000,023,319 | ---- | M] () -- C:\Users\Krzysiek\Desktop\Nowy OpenDocument Dokument tekstowy (2).odt
[2016-01-03 15:10:07 | 000,352,198 | ---- | M] () -- C:\Users\Krzysiek\Desktop\The distinction between personality disorder and mental illness.pdf
[2015-12-30 17:05:02 | 000,135,009 | ---- | M] () -- C:\Users\Krzysiek\Desktop\diagnoza monika.pdf
[2015-12-27 12:21:51 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2015-12-27 12:12:29 | 000,015,354 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2015-12-27 12:04:37 | 000,189,112 | ---- | M] (Power Admin LLC) -- C:\Windows\PAExec.exe
[2015-12-25 13:08:32 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Lineage 2 EU.lnk
[2015-12-23 07:45:26 | 000,469,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015-12-19 01:40:48 | 000,019,924 | ---- | M] () -- C:\Users\Krzysiek\Documents\Obraz11.jpg
[2015-12-18 19:32:10 | 041,471,184 | ---- | M] () -- C:\Users\Krzysiek\Documents\Psychopatologia procesow poznawczych.rar
[2015-12-18 19:25:02 | 000,389,379 | ---- | M] () -- C:\Users\Krzysiek\Documents\raport i portfolio.pdf
[2015-12-18 19:21:22 | 000,187,454 | ---- | M] () -- C:\Users\Krzysiek\Documents\raport i portfolio.odt
[2015-12-17 09:33:56 | 000,110,176 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64664002.dll
[2015-12-17 09:33:56 | 000,110,176 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64625969.dll
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2016-01-10 15:32:11 | 000,010,050 | ---- | C] () -- C:\Users\Krzysiek\Desktop\co muszę wiedzieć.odt
[2016-01-10 14:25:05 | 000,029,745 | ---- | C] () -- C:\Users\Krzysiek\Desktop\bilet_KA02341179_2016-01-10.pdf
[2016-01-03 15:10:06 | 000,352,198 | ---- | C] () -- C:\Users\Krzysiek\Desktop\The distinction between personality disorder and mental illness.pdf
[2015-12-30 17:04:57 | 000,135,009 | ---- | C] () -- C:\Users\Krzysiek\Desktop\diagnoza monika.pdf
[2015-12-27 12:40:00 | 000,002,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przełączania Grafiki.lnk
[2015-12-27 12:39:29 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2015-12-27 12:39:29 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblup.dat
[2015-12-27 12:21:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2015-12-27 12:13:34 | 003,342,768 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2015-12-27 12:13:34 | 003,309,936 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2015-12-27 12:13:34 | 000,231,604 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik.dat
[2015-12-27 12:13:34 | 000,230,064 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik_nd.dat
[2015-12-27 12:13:34 | 000,222,720 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2015-12-27 12:13:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2015-12-27 12:13:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
[2015-12-27 12:13:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2015-12-27 12:13:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
[2015-12-27 12:13:34 | 000,075,600 | ---- | C] () -- C:\Windows\SysNative\ativce02.dat
[2015-12-27 12:13:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2015-12-27 12:13:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2015-12-27 12:13:33 | 001,061,902 | ---- | C] () -- C:\Windows\SysNative\amdocl_ld64.exe
[2015-12-27 12:13:33 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2015-12-27 12:13:33 | 000,695,004 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2015-12-27 12:13:33 | 000,524,464 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2015-12-27 12:13:33 | 000,524,464 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2015-12-27 12:13:33 | 000,044,066 | ---- | C] () -- C:\Windows\atiogl.xml
[2015-12-27 12:13:32 | 001,187,342 | ---- | C] () -- C:\Windows\SysNative\amdocl_as64.exe
[2015-12-27 12:13:32 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2015-12-26 15:49:42 | 511,548,252 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2015-12-23 07:44:49 | 000,469,240 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015-12-19 01:40:47 | 000,019,924 | ---- | C] () -- C:\Users\Krzysiek\Documents\Obraz11.jpg
[2015-12-18 19:24:56 | 000,389,379 | ---- | C] () -- C:\Users\Krzysiek\Documents\raport i portfolio.pdf
[2015-12-18 19:21:21 | 000,187,454 | ---- | C] () -- C:\Users\Krzysiek\Documents\raport i portfolio.odt
[2015-12-18 19:09:39 | 041,471,184 | ---- | C] () -- C:\Users\Krzysiek\Documents\Psychopatologia procesow poznawczych.rar
[2015-11-08 16:07:01 | 000,006,656 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015-09-05 16:35:16 | 000,000,000 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\{E61E8544-9865-4BEE-ADFF-D6A5B0CD1207}
[2015-06-20 21:50:28 | 000,000,640 | RHS- | C] () -- C:\Users\Krzysiek\ntuser.pol
[2015-06-19 15:00:50 | 000,007,889 | ---- | C] () -- C:\Windows\BRRBCOM.INI
[2015-06-19 15:00:50 | 000,007,818 | ---- | C] () -- C:\Windows\BROPJ152W.INI
[2015-06-19 14:59:34 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2015-06-19 14:59:34 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2015-04-28 08:46:40 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2015-04-28 08:46:40 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2014-12-23 14:18:03 | 000,003,054 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\recently-used.xbel
[2014-12-20 13:25:01 | 000,000,000 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\{65D6B3F2-BCA4-49AC-96B0-FCF99D026E9A}
[2014-11-30 13:26:40 | 000,000,000 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\{B05A239E-F9E7-415D-8CB5-FFDA6F034DB3}
[2014-11-29 13:25:00 | 000,000,000 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\{34531EFF-384C-4A24-9129-5B91D2A8D49B}
[2014-09-28 14:02:18 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014-09-21 13:56:20 | 000,000,000 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\{E5B06239-D04D-43E1-94CB-B945021675E4}
[2014-08-07 11:35:15 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2014-07-23 14:20:58 | 000,007,601 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\resmon.resmoncfg
[2014-07-13 14:07:21 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2014-07-13 14:07:21 | 000,241,152 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014-07-13 14:07:21 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014-07-13 14:04:53 | 001,639,550 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014-07-13 13:38:48 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2015-10-19 09:15:06 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\AVG
[2015-08-09 18:28:06 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Awesomium
[2015-06-19 15:04:52 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\ControlCenter4
[2014-12-21 12:12:47 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\DAEMON Tools Lite
[2014-09-08 11:22:30 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Foxit Software
[2015-08-24 11:09:07 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\GG
[2014-10-03 13:43:44 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\IrfanView
[2015-02-05 18:37:24 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\library_dir
[2014-07-15 11:03:28 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\OpenOffice
[2015-07-09 19:09:22 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Opera Software
[2015-12-27 12:35:17 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Origin
[2015-12-21 15:46:57 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\PCDr
[2015-08-06 13:35:46 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\pxgclient
[2014-07-15 15:42:10 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\TechSmith
[2014-08-14 12:32:02 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\TS3Client
[2014-09-18 17:57:04 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\TuneUp Software
[2015-04-16 20:27:25 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Ubisoft
[2015-12-23 07:08:56 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\uTorrent
[2014-07-14 08:32:32 | 000,000,000 | -HSD | M] -- C:\Users\Krzysiek\AppData\Roaming\wyUpdate AU
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

[/log]

 

Twój_Anioł_Stróż
komentarz
komentarz

W logach nie widzę żadnej infekcji.

 

Otwórz Notatnik i wklej w nim:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Brak pliku
GroupPolicyUsers\S-1-5-21-1933921575-738410443-1074386466-1003\User: Ograniczenia <======= UWAGA
S3 btmaux; system32\DRIVERS\btmaux.sys [X]
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
C:\Users\Krzysiek\AppData\Roaming\wyUpdate AU
EmptyTemp:

Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe
Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW).
 

 

========================================

 

Error - 2016-01-10 06:27:27 | Computer Name = Gościu | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Wystąpił krytyczny błąd sprzętowy.    Zgłoszone przez składnik: rdzeń
procesora  Źródło błędu: 3  Typ błędu: 9  Identyfikator procesora: 0    Widok szczegółów tego
 wpisu zawiera dodatkowe informacje.

 

to nie do tego działu forum

.

  • Dobra wypowiedź 1

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.