PoProstuKrzysiek utworzono 10 stycznia 2016 utworzono 10 stycznia 2016 (edytowane) Hej, ostatnio z moim komputerem dzieją dziwne rzeczy i zastanawiam się czy nie jest to wina jakiegoś wirusa. Czasem komputer ścina mi się na 1 s. i wraca do pracy. Co więcej w przeciągu ostatnich 2 tyg. miałem 2 bluescreeny. Mam też podejrzenia co do tego, że ktoś loguje się na moje konta online. Załączam skany z OTL, Gmera i FRST. [log]Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:10-01-2015 01 Uruchomiony przez Krzysiek (2016-01-10 21:23:15) Uruchomiony z C:\Users\Krzysiek\Downloads Windows 7 Home Premium (X64) (2014-07-13 11:36:37) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-1933921575-738410443-1074386466-500 - Administrator - Disabled) Gość (S-1-5-21-1933921575-738410443-1074386466-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1933921575-738410443-1074386466-1002 - Limited - Enabled) Inni (S-1-5-21-1933921575-738410443-1074386466-1003 - Limited - Enabled) => C:\Users\Inni Krzysiek (S-1-5-21-1933921575-738410443-1074386466-1000 - Administrator - Enabled) => C:\Users\Krzysiek ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: AVG Internet Security (Enabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Internet Security (Enabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE} FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 4game (HKLM-x32\...\4game) (Version: 3.5.8.180 - Innova Systems) 7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) AMD Catalyst Install Manager (HKLM\...\{90B5277A-5B7E-AD24-3FDB-E67BB5C2C5C5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AVG (Version: 16.12.7294 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4492 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.12.7294 - AVG Technologies) Brother MFL-Pro Suite DCP-J152W (HKLM-x32\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.) Camtasia Studio 8 (HKLM-x32\...\{45F34E54-DAD9-405B-A4F6-B12B0A46B984}) (Version: 8.4.1.1745 - TechSmith Corporation) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.1 - Synaptics Incorporated) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts) Dziobas Rar Player 0.009.52 (HKLM-x32\...\Dziobas Rar Player_is1) (Version: - Kamil Dzióbek) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FMW 1 (Version: 1.42.1 - AVG Technologies) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.2.929 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Heroes of Might and Magic 3 Complete (HKLM-x32\...\Heroes of Might and Magic 3 Complete_is1) (Version: - GOG.com) Heroes of Might and Magic® III: Horn of the Abyss (HKLM-x32\...\HotA_is1) (Version: 1.3.8 - HotA Crew) IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.1 - IBM Corp) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation) K-Lite Codec Pack 10.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.5 - ) LineageII EU (HKLM-x32\...\4game_lineage2eu) (Version: - Innova Systems) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 43.0.4 (x86 pl) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 pl)) (Version: 43.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla) NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.0 (HKLM-x32\...\{7EB1185B-6319-42D7-B103-707570BFB0D8}) (Version: 4.10.9764 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden PowerXpressHybrid (x32 Version: 1.00.0000 - Nazwa firmy) Hidden PS IMAGO (HKLM\...\PSImago) (Version: 2.0 - Predictive Solutions Sp. z o. o.) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39039 - Realtek Semiconductor Corp.) Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) War Thunder Launcher 1.0.1.391 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-1933921575-738410443-1074386466-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Krzysiek\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {331C526C-86F1-4820-BCC0-0706B86A6CDE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-10] (Google Inc.) Task: {387F3169-471A-45E5-88FC-E9188CC4BC2C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000UA => C:\Users\Krzysiek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-12-02] (Facebook Inc.) Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {8E0BC26E-23E6-4FAE-804B-0D48C9D24CF0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {9A87D031-2BD1-473A-8270-10E5E59CBA44} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_296_pepper.exe Task: {A023B7D3-48AE-4F63-818B-FE78508E3B42} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {A615DE2C-166D-4ABB-9493-6FEF82DEC904} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {B13D2309-EF90-4AEC-A974-6B325EDF6FD6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000Core => C:\Users\Krzysiek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-12-02] (Facebook Inc.) Task: {BA346734-5B5F-4E0A-BAFB-F43963A8AD75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-10] (Google Inc.) Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_296_pepper.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000Core.job => C:\Users\Krzysiek\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000UA.job => C:\Users\Krzysiek\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2015-06-19 14:59 - 2005-04-22 05:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll 2012-10-01 19:36 - 2012-10-01 19:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-07-02 22:51 - 2013-07-02 22:51 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2015-10-20 09:17 - 2015-10-20 09:17 - 00242176 _____ () C:\Program Files (x86)\4game\3.5.8.180\PocoUtil.dll 2015-10-20 09:18 - 2015-10-20 09:18 - 00714240 _____ () C:\Program Files (x86)\4game\3.5.8.180\PocoNet.dll 2015-10-20 09:16 - 2015-10-20 09:16 - 00394240 _____ () C:\Program Files (x86)\4game\3.5.8.180\PocoXML.dll 2015-10-19 09:09 - 2015-10-19 09:07 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll 2012-10-01 19:37 - 2012-10-01 19:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-12-16 20:47 - 2015-12-11 04:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll 2015-12-16 20:47 - 2015-12-11 04:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll 2015-12-25 02:03 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service" ==================== EXE - Powiązania (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) IE trusted site: HKU\S-1-5-21-1933921575-738410443-1074386466-1000\...\dell.com -> dell.com ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-1933921575-738410443-1074386466-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Obecnie brak automatycznej naprawy dla tej sekcji.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 MSCONFIG\startupreg: DellSystemDetect => C:\Users\Krzysiek\AppData\Local\Apps\2.0\J66ETVMA.N5W\MDQWJEL8.KL7\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe MSCONFIG\startupreg: Facebook Update => "C:\Users\Krzysiek\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" MSCONFIG\startupreg: PrivDogService => "C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe" MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{E801B8ED-819D-4C70-8CB1-3AE0726CC5CB}] => (Allow) LPort=8317 FirewallRules: [{FD8EB297-CBCF-489B-B9BF-9640F0076996}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe FirewallRules: [{5AC93C14-BBFB-460B-AF23-89631DFBF83C}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe FirewallRules: [{C844406D-3C5E-499A-8BE3-5221C1052E29}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe FirewallRules: [{B2FCE92B-9EE9-42FD-AF53-A97C2A2EC649}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe FirewallRules: [{CA45D956-832B-4D4A-8440-60F0F1611EA7}] => (Allow) C:\Program Files (x86)\WarThunder\aces.exe FirewallRules: [{57908499-4538-4D99-9C03-B1438F6DA2B6}] => (Allow) C:\Program Files (x86)\WarThunder\aces.exe FirewallRules: [{4E10F3B4-F697-4EE0-B0ED-93FF1D73F6FA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{FC302315-D491-4428-B65D-3702671C06AB}] => (Allow) C:\Users\Krzysiek\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{38037EA2-5F6B-42D6-9056-CBAE2C08D440}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8E75A2F5-7FF3-4A82-9F66-06BBBF7C4003}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6A5E45DE-2F83-4125-9078-F1251EE45477}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{130B4143-7FD5-43F7-9AB2-EBB1C7E7B6C1}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe FirewallRules: [TCP Query User{892C183C-B3DA-4504-9C0C-C1691710477D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{F3E563AA-2437-42E1-81BD-BABB2178A464}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{BAF1AA0E-F7ED-4802-9BC6-2B637FC415B8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{94BF538C-8657-4304-BF95-6FB43A08E82E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{4B7B34C3-3202-4704-AB7C-5C983622B652}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{B343F74B-3CB1-4BE3-8943-A64F0D5321AE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{D14F0E5C-DAF2-4E98-8552-9998D1F4780A}C:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe] => (Allow) C:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe FirewallRules: [UDP Query User{A73F3FD6-3764-4C8C-A110-9EEB9E8A2C9A}C:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe] => (Allow) C:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe FirewallRules: [TCP Query User{6AC97E8D-4B40-4BA5-B46F-C3AB20E4392F}C:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe] => (Allow) C:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe FirewallRules: [UDP Query User{89AA3D32-BF31-4403-AAD2-AB24885A4212}C:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe] => (Allow) C:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe FirewallRules: [{6EFC8D34-1707-4769-B488-1C8F2C7C7A0E}] => (Allow) LPort=54925 FirewallRules: [{E93CCC5D-7162-4B64-8FC9-CB613F36D3C8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{82693349-D0DC-4746-BBA7-A7550AA6285B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{E7757F0D-6D5F-49F2-87FD-720EA16DA3DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7C61000C-D440-4E1B-BADC-4E0893259EEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C0829D48-1044-488E-BC38-6025B016D309}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{DF2224E6-8917-4CED-8695-4B46565C76A9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{01713E54-BAA7-4983-99A2-0F8BE9F7D155}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{6A3A85CD-A2C7-475B-AEC4-1E0E2486219F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{DEB2823C-297E-4509-A8D3-BF5640DAEE06}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{BB3FE039-F20E-404E-9D35-CA6A2E499936}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{2E83B817-E476-4A51-81A0-B98EDDD90DB2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{88737F62-55B4-4606-9C1C-FBFB0363DF78}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{8A96FA71-E705-4B24-A795-DE8D5D6AE27A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{9B1ADEE2-FEB8-4014-847C-9C25FF8DB127}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{C857018C-D9CA-474A-ABBD-772F04A99337}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe ==================== Punkty Przywracania systemu ========================= 27-12-2015 10:42:38 DDU System Restored Point 27-12-2015 10:51:57 DDU System Restored Point 27-12-2015 11:20:19 AMDCleanupUtility Restore Point 27-12-2015 12:02:20 DDU System Restored Point 10-01-2016 20:31:35 SPTD setup V1.87 ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Kontroler PCI Simple Communications Description: Kontroler PCI Simple Communications Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (01/10/2016 08:43:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 43.0.4.5848, sygnatura czasowa: 0x568c88bd Nazwa modułu powodującego błąd: mozglue.dll, wersja: 43.0.4.5848, sygnatura czasowa: 0x568c7b16 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x0000ed44 Identyfikator procesu powodującego błąd: 0xe28 Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0 Ścieżka aplikacji powodującej błąd: plugin-container.exe1 Ścieżka modułu powodującego błąd: plugin-container.exe2 Identyfikator raportu: plugin-container.exe3 Error: (01/10/2016 08:35:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 43.0.4.5848, sygnatura czasowa: 0x568c88bd Nazwa modułu powodującego błąd: mozglue.dll, wersja: 43.0.4.5848, sygnatura czasowa: 0x568c7b16 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x0000ed44 Identyfikator procesu powodującego błąd: 0x98c Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0 Ścieżka aplikacji powodującej błąd: plugin-container.exe1 Ścieżka modułu powodującego błąd: plugin-container.exe2 Identyfikator raportu: plugin-container.exe3 Error: (01/10/2016 08:31:35 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {0705ec43-71c6-4d6d-9dac-fd47ae7c60c0} Error: (01/10/2016 06:07:05 PM) (Source: Google Update) (EventID: 20) (User: Gościu) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80 Error: (01/10/2016 02:52:57 PM) (Source: Google Update) (EventID: 20) (User: Gościu) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80 Error: (01/10/2016 12:13:38 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418231 Error: (01/09/2016 10:58:30 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418231 Error: (01/08/2016 01:03:55 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418231 Error: (01/07/2016 05:43:06 PM) (Source: Google Update) (EventID: 20) (User: Gościu) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80 Error: (01/07/2016 08:28:07 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418231 Dziennik System: ============= Error: (01/10/2016 08:44:49 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT) Description: Wystąpił krytyczny błąd sprzętowy. Zgłoszone przez składnik: rdzeń procesora Źródło błędu: 3 Typ błędu: 9 Identyfikator procesora: 0 Widok szczegółów tego wpisu zawiera dodatkowe informacje. Error: (01/10/2016 08:44:49 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT) Description: Wystąpił krytyczny błąd sprzętowy. Zgłoszone przez składnik: rdzeń procesora Źródło błędu: 3 Typ błędu: 9 Identyfikator procesora: 0 Widok szczegółów tego wpisu zawiera dodatkowe informacje. Error: (01/10/2016 08:38:29 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT) Description: Wystąpił krytyczny błąd sprzętowy. Zgłoszone przez składnik: rdzeń procesora Źródło błędu: 3 Typ błędu: 9 Identyfikator procesora: 0 Widok szczegółów tego wpisu zawiera dodatkowe informacje. Error: (01/10/2016 08:38:29 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT) Description: Wystąpił krytyczny błąd sprzętowy. Zgłoszone przez składnik: rdzeń procesora Źródło błędu: 3 Typ błędu: 9 Identyfikator procesora: 0 Widok szczegółów tego wpisu zawiera dodatkowe informacje. Error: (01/10/2016 11:27:27 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT) Description: Wystąpił krytyczny błąd sprzętowy. Zgłoszone przez składnik: rdzeń procesora Źródło błędu: 3 Typ błędu: 9 Identyfikator procesora: 0 Widok szczegółów tego wpisu zawiera dodatkowe informacje. Error: (01/10/2016 11:27:27 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT) Description: Wystąpił krytyczny błąd sprzętowy. Zgłoszone przez składnik: rdzeń procesora Źródło błędu: 3 Typ błędu: 9 Identyfikator procesora: 0 Widok szczegółów tego wpisu zawiera dodatkowe informacje. Error: (01/09/2016 09:49:48 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT) Description: Wystąpił krytyczny błąd sprzętowy. Zgłoszone przez składnik: rdzeń procesora Źródło błędu: 3 Typ błędu: 9 Identyfikator procesora: 0 Widok szczegółów tego wpisu zawiera dodatkowe informacje. Error: (01/09/2016 09:49:48 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: ZARZĄDZANIE NT) Description: Wystąpił krytyczny błąd sprzętowy. Zgłoszone przez składnik: rdzeń procesora Źródło błędu: 3 Typ błędu: 9 Identyfikator procesora: 0 Widok szczegółów tego wpisu zawiera dodatkowe informacje. Error: (01/09/2016 09:49:24 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 18:25:52 na 2016-01-09 było nieoczekiwane. Error: (01/09/2016 01:54:32 PM) (Source: Disk) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR2. CodeIntegrity: =================================== Date: 2016-01-05 12:58:46.353 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost_64.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-05 12:58:46.329 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost_64.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-05 12:58:46.304 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost_64.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-05 12:58:45.800 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-05 12:58:45.775 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-05 12:58:45.719 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-02 15:51:15.011 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost_64.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-02 15:51:14.985 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost_64.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-02 15:51:14.959 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost_64.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-02 15:51:14.528 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\LineageII EU\Frost\frost.sys because the set of per-page image hashes could not be found on the system. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Procent pamięci w użyciu: 75% Całkowita pamięć fizyczna: 3984.36 MB Dostępna pamięć fizyczna: 974.88 MB Całkowita pamięć wirtualna: 7966.86 MB Dostępna pamięć wirtualna: 4646.93 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:726.88 GB) NTFS Drive e: (CDROM) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0008611B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================[/log] [log]OTL Extras logfile created on: 2016-01-10 20:17:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Krzysiek\Documents\pliki 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,89 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 21,45% Memory free 7,78 Gb Paging File | 4,45 Gb Available in Paging File | 57,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 721,52 Gb Free Space | 77,46% Space Free | Partition Type: NTFS Drive E: | 11,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: GOŚCIU | User Name: Krzysiek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2468EBD6-C136-4DC1-9FA6-7D9FF02A0FF0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2775F741-DA62-4A00-BC88-CAC0E5EAC3C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2E83B817-E476-4A51-81A0-B98EDDD90DB2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{30185BDD-52EB-431D-85AC-E64C1AE4984E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{32585FA0-A0A5-4732-922F-25944A58AF1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4A28CB19-0BB0-4D0C-BC7D-0B289E496AE6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4CA5C7EA-8020-4D0A-8414-E44F24B5CC5A}" = rport=445 | protocol=6 | dir=out | app=system | "{532ACCD4-8FC2-4A90-80CA-1E34B2F37592}" = lport=10243 | protocol=6 | dir=in | app=system | "{56559F10-1A04-4F05-8CD9-62D80FB78F63}" = rport=10243 | protocol=6 | dir=out | app=system | "{57D7783E-D29F-4929-82F1-1C42A5CF1B74}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5A3C391E-7889-4F70-8740-A39091BE01BD}" = lport=137 | protocol=17 | dir=in | app=system | "{5F40EF78-2805-4E60-A665-4942B8453FFE}" = lport=139 | protocol=6 | dir=in | app=system | "{6EFC8D34-1707-4769-B488-1C8F2C7C7A0E}" = lport=54925 | protocol=17 | dir=in | svc=stisvc | name=brothernetwork scanner | "{7D02E13F-7A74-455D-A075-99355E6EB10B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | "{81B8C33A-7F18-4F46-808F-9F60D8E23C3F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{86E7F2BB-3A94-4160-A863-F02C8C55B5D2}" = rport=137 | protocol=17 | dir=out | app=system | "{94E8DF56-566B-4FB1-863B-407BCA89A513}" = rport=138 | protocol=17 | dir=out | app=system | "{AABE6F63-46C6-4297-9D34-5E8E5AA65588}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B3D5C8B2-C44F-44C2-A115-59936FEB11D3}" = lport=138 | protocol=17 | dir=in | app=system | "{BA047547-77A0-40B1-9031-01869C563B66}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BE41BCB7-A8D4-4BBE-BAB5-C7840F69FD79}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C13761A9-28DC-4231-8F5E-BCC7945D0E20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CE6F047E-9137-481D-AAEF-F59CAAE7EF91}" = lport=445 | protocol=6 | dir=in | app=system | "{E801B8ED-819D-4C70-8CB1-3AE0726CC5CB}" = lport=8317 | protocol=6 | dir=in | name=techsmith camtasia studio | "{F49A780B-3F67-4FEB-816D-940157D656D6}" = rport=139 | protocol=6 | dir=out | app=system | "{F82E1FFA-85AE-4785-930B-D003FAC3BE0A}" = lport=2869 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01713E54-BAA7-4983-99A2-0F8BE9F7D155}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\av\avgdiagex.exe | "{056F0D6A-BC64-4623-A0D0-3236C163F5C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{130B4143-7FD5-43F7-9AB2-EBB1C7E7B6C1}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe | "{14FCF4DC-D12B-4040-9DCB-89C6854D5AEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2ECD66E5-3081-448E-8DFB-E229B0BE9F3C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3646E04B-19A4-41B6-853D-CE09B1F7BB0D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{36C9C553-E1B4-4A57-A0BB-D48D74969B84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{38037EA2-5F6B-42D6-9056-CBAE2C08D440}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{4B7B34C3-3202-4704-AB7C-5C983622B652}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{4E10F3B4-F697-4EE0-B0ED-93FF1D73F6FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4F5416FF-1066-49BF-A096-FC6CC6FECC95}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{57908499-4538-4D99-9C03-B1438F6DA2B6}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe | "{5AC93C14-BBFB-460B-AF23-89631DFBF83C}" = protocol=17 | dir=in | app=c:\programdata\emailnotifier\emailnotifier.exe | "{61311A3F-106C-4150-8337-1E387A410347}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6A3A85CD-A2C7-475B-AEC4-1E0E2486219F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\av\avgdiagex.exe | "{6A5E45DE-2F83-4125-9078-F1251EE45477}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe | "{6F22815A-1787-485B-A471-5ABA0BFE891D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{71055D15-D6CB-4A80-BE7D-E8421D616BC1}" = protocol=6 | dir=out | app=system | "{71741E42-3F16-4591-B300-F1FF6CF00DFC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{744814FF-3A11-4736-98A7-B5813AD38801}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7A868A89-4E43-4C68-939F-C27B3D0D00C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7C61000C-D440-4E1B-BADC-4E0893259EEA}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{82693349-D0DC-4746-BBA7-A7550AA6285B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\av\avgmfapx.exe | "{88737F62-55B4-4606-9C1C-FBFB0363DF78}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "{8A96FA71-E705-4B24-A795-DE8D5D6AE27A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "{8E75A2F5-7FF3-4A82-9F66-06BBBF7C4003}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{94BF538C-8657-4304-BF95-6FB43A08E82E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{95DF848F-CCE4-46C7-96CF-3249596C3603}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{987B22A4-9011-44A7-B1D2-A241C9ADDED2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9B1ADEE2-FEB8-4014-847C-9C25FF8DB127}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | "{ABB3A72E-7413-4757-9B2E-0A9CB3F9AC99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B2FCE92B-9EE9-42FD-AF53-A97C2A2EC649}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe | "{B343F74B-3CB1-4BE3-8943-A64F0D5321AE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{BAF1AA0E-F7ED-4802-9BC6-2B637FC415B8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{BB3FE039-F20E-404E-9D35-CA6A2E499936}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\av\avgemca.exe | "{C0829D48-1044-488E-BC38-6025B016D309}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\av\avgnsa.exe | "{C33E3E79-3385-4668-BA03-7ACCAFCBE267}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C844406D-3C5E-499A-8BE3-5221C1052E29}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe | "{C857018C-D9CA-474A-ABBD-772F04A99337}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | "{CA45D956-832B-4D4A-8440-60F0F1611EA7}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe | "{CCB2FCFB-065D-40DA-9228-AA4B71EB1A44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DCBF3089-4019-473C-8AF1-F557A1619E6C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DEB2823C-297E-4509-A8D3-BF5640DAEE06}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\av\avgemca.exe | "{DF2224E6-8917-4CED-8695-4B46565C76A9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\av\avgnsa.exe | "{E7757F0D-6D5F-49F2-87FD-720EA16DA3DE}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{E93CCC5D-7162-4B64-8FC9-CB613F36D3C8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\av\avgmfapx.exe | "{FC302315-D491-4428-B65D-3702671C06AB}" = dir=in | app=c:\users\krzysiek\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{FD8EB297-CBCF-489B-B9BF-9640F0076996}" = protocol=6 | dir=in | app=c:\programdata\emailnotifier\emailnotifier.exe | "{FDE25E5C-68A4-41B9-B342-68AA7DB30409}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{6AC97E8D-4B40-4BA5-B46F-C3AB20E4392F}C:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe | "TCP Query User{892C183C-B3DA-4504-9C0C-C1691710477D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{D14F0E5C-DAF2-4E98-8552-9998D1F4780A}C:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe" = protocol=6 | dir=in | app=c:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe | "UDP Query User{89AA3D32-BF31-4403-AAD2-AB24885A4212}C:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ps_imago\2\ibm\spss\statistics\22\jre\bin\javaw.exe | "UDP Query User{A73F3FD6-3764-4C8C-A110-9EEB9E8A2C9A}C:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe" = protocol=17 | dir=in | app=c:\program files\ps_imago\2\ibm\spss\statistics\22\stats.exe | "UDP Query User{F3E563AA-2437-42E1-81BD-BABB2178A464}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{104875A1-D083-4A34-BC4F-3F635B7F8EF7}" = IBM SPSS Statistics 22 "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86418066F0}" = Java 8 Update 66 (64-bit) "{2A80E22D-6BA7-4DBB-9DF4-ACE142AB633F}" = AVG 2016 "{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 "{5AAEF944-C62A-D1BB-46B1-FC7E5DC772B3}" = AMD Accelerated Video Transcoding "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables "{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013 "{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013 "{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013 "{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013 "{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013 "{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013 "{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français "{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español "{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013 "{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013 "{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013 "{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013 "{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013 "{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013 "{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013 "{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013 "{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013 "{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013 "{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013 "{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013 "{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013 "{90B5277A-5B7E-AD24-3FDB-E67BB5C2C5C5}" = AMD Catalyst Install Manager "{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 "{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64) "{AB11E7BD-211E-4EBD-9EAE-0C11CE7B48AE}" = AVG "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C74C8334-8439-2D2C-E977-1625041A0507}" = ccc-utility64 "{CB0B1BB5-7FCE-4985-BC8E-BFAFDB8F892E}" = FMW 1 "{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 "7-Zip" = 7-Zip 15.12 (x64) "AVG" = AVG Protection "Office15.PROPLUSR" = Microsoft Office Professional Plus 2013 "PSImago" = PS IMAGO "SynTPDeinstKey" = Dell Touchpad "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{1E496A68-4943-424E-829D-5C3C85B7B8F2}" = Realtek USB Card Reader "{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521 "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{24E0A5A3-8B05-A8E5-9114-0B0E27BE6907}" = CCC Help Finnish "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation "{2AC3FDD9-B141-8814-BBAA-D471B199EFED}" = CCC Help Italian "{2F4BC9F2-3187-EC19-15AE-375F70CF28B8}" = CCC Help Chinese Standard "{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 "{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 "{3DC38E2E-2BD7-A4B9-AFC4-8229DAC1AE58}" = PX Profile Update "{45F34E54-DAD9-405B-A4F6-B12B0A46B984}" = Camtasia Studio 8 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BB9337C-815F-6953-67DB-B51EC573D98E}" = CCC Help Portuguese "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{51FDC2DE-0917-46B7-EAEC-5377504701DE}" = PowerXpressHybrid "{53504A99-F716-9A94-C490-722A06C32AE8}" = CCC Help English "{538D7912-CDB6-39A3-D56E-0DEF31DBF343}" = CCC Help Dutch "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{626F9EBF-2B4E-FA83-9040-0748853AB562}" = Catalyst Control Center "{62C2B951-387C-A86E-D047-3A3627CE0CD8}" = CCC Help Korean "{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{6A0549A9-1B96-498C-ACBC-3943001FEB19}" = Skype™ 7.14 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{725DCA77-930D-6F2C-89DC-D6228FF38E59}" = CCC Help German "{745C2137-F267-2463-B002-955E54FDFF3F}" = CCC Help Norwegian "{7D259B55-73B9-7A45-919F-782D992D0EDA}" = CCC Help Japanese "{7E20BAD9-6CFC-4EFD-F3C0-3B0967955D58}" = CCC Help French "{7EB1185B-6319-42D7-B103-707570BFB0D8}" = OpenOffice 4.1.0 "{89DE5F5C-5381-BFAE-8607-AA373F0D40BE}" = CCC Help Swedish "{8CDF39C7-81B0-73D7-0C14-4B25369EC74D}" = CCC Help Chinese Traditional "{94A0C74B-6003-1089-57E1-BE236F95345D}" = Catalyst Control Center InstallProxy "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B0CCBB4E-B4A1-E2E6-5C48-137FEEC38FA6}" = CCC Help Spanish "{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 "{B742757A-7658-4E09-A51A-085CF0F7F4D3}" = Brother MFL-Pro Suite DCP-J152W "{B9A9E16C-1C26-0F3D-4C0A-FFA40749B091}" = Catalyst Control Center Localization All "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 "{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 "{CFDFA70A-2373-9CD9-3333-595CC674AFCA}" = Catalyst Control Center Profiles Mobile "{DAC469D7-B642-4BDB-AE34-C6B3952BFF48}" = Catalyst Control Center - Branding "{EB462140-628D-6BC2-D1B8-F98654F3130B}" = CCC Help Russian "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.391 "{EE0F6AB7-8360-F5FD-936E-2A40EDB0A198}" = CCC Help Danish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 "{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "4game" = 4game "4game_lineage2eu" = LineageII EU "Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX "Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI "Adobe Flash Player PPAPI" = Adobe Flash Player 16 PPAPI "Advanced Audio FX Engine" = Advanced Audio FX Engine "DAEMON Tools Lite" = DAEMON Tools Lite "Dell Webcam Central" = Dell Webcam Central "Dziobas Rar Player_is1" = Dziobas Rar Player 0.009.52 "Foxit Reader_is1" = Foxit Reader "Google Chrome" = Google Chrome "Heroes of Might and Magic 3 Complete_is1" = Heroes of Might and Magic 3 Complete "HotA_is1" = Heroes of Might and Magic® III: Horn of the Abyss "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 10.7.5 Full "Mozilla Firefox 43.0.4 (x86 pl)" = Mozilla Firefox 43.0.4 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "OpenAL" = OpenAL "Origin" = Origin "SpeedFan" = SpeedFan (remove only) [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2015-10-05 08:43:29 | Computer Name = Gościu | Source = Google Update | ID = 20 Description = Error - 2015-10-06 00:34:42 | Computer Name = Gościu | Source = Office 2013 Licensing Service | ID = 0 Description = Error - 2015-10-07 02:41:46 | Computer Name = Gościu | Source = Office 2013 Licensing Service | ID = 0 Description = Error - 2015-10-08 03:33:44 | Computer Name = Gościu | Source = Office 2013 Licensing Service | ID = 0 Description = Error - 2015-10-09 02:22:46 | Computer Name = Gościu | Source = Office 2013 Licensing Service | ID = 0 Description = Error - 2015-10-10 03:07:26 | Computer Name = Gościu | Source = Office 2013 Licensing Service | ID = 0 Description = Error - 2015-10-11 07:34:59 | Computer Name = Gościu | Source = Office 2013 Licensing Service | ID = 0 Description = Error - 2015-10-11 07:39:00 | Computer Name = Gościu | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: avgui.exe, wersja: 15.0.0.6140, sygnatura czasowa: 0x55db2723 Nazwa modułu powodującego błąd: avgui.exe, wersja: 15.0.0.6140, sygnatura czasowa: 0x55db2723 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000473a1 Identyfikator procesu powodującego błąd: 0x1134 Godzina uruchomienia aplikacji powodującej błąd: 0x01d10261d07298b5 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\AVG\AVG2015\avgui.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\AVG\AVG2015\avgui.exe Identyfikator raportu: a99df57c-700c-11e5-adb6-485ab66f4e04 Error - 2015-10-11 07:53:30 | Computer Name = Gościu | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: jucheck.exe, wersja: 2.8.60.27, sygnatura czasowa: 0x55c116b1 Nazwa modułu powodującego błąd: jucheck.exe, wersja: 2.8.60.27, sygnatura czasowa: 0x55c116b1 Kod wyjątku: 0x40000015 Przesunięcie błędu: 0x00052d24 Identyfikator procesu powodującego błąd: 0x1590 Godzina uruchomienia aplikacji powodującej błąd: 0x01d1041b6ec16430 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe Identyfikator raportu: b01e434d-700e-11e5-a919-485ab66f4e04 Error - 2015-10-11 08:33:12 | Computer Name = Gościu | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: WebcamDell2.exe, wersja: 1.0.24.0, sygnatura czasowa: 0x4a41e20f Nazwa modułu powodującego błąd: CTViewCtrl.dll, wersja: 1.0.20.0, sygnatura czasowa: 0x4a42dd62 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00004080 Identyfikator procesu powodującego błąd: 0x114c Godzina uruchomienia aplikacji powodującej błąd: 0x01d10420d3c7a582 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\CTViewCtrl.dll Identyfikator raportu: 3c026d8f-7014-11e5-a919-485ab66f4e04 [ System Events ] Error - 2016-01-09 08:54:30 | Computer Name = Gościu | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR2. Error - 2016-01-09 08:54:30 | Computer Name = Gościu | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR2. Error - 2016-01-09 08:54:31 | Computer Name = Gościu | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR2. Error - 2016-01-09 08:54:31 | Computer Name = Gościu | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR2. Error - 2016-01-09 08:54:32 | Computer Name = Gościu | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR2. Error - 2016-01-09 16:49:24 | Computer Name = Gościu | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 18:25:52 na ?2016-?01-?09 było nieoczekiwane. Error - 2016-01-09 16:49:48 | Computer Name = Gościu | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = Wystąpił krytyczny błąd sprzętowy. Zgłoszone przez składnik: rdzeń procesora Źródło błędu: 3 Typ błędu: 9 Identyfikator procesora: 0 Widok szczegółów tego wpisu zawiera dodatkowe informacje. Error - 2016-01-09 16:49:48 | Computer Name = Gościu | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = Wystąpił krytyczny błąd sprzętowy. Zgłoszone przez składnik: rdzeń procesora Źródło błędu: 3 Typ błędu: 9 Identyfikator procesora: 0 Widok szczegółów tego wpisu zawiera dodatkowe informacje. Error - 2016-01-10 06:27:27 | Computer Name = Gościu | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = Wystąpił krytyczny błąd sprzętowy. Zgłoszone przez składnik: rdzeń procesora Źródło błędu: 3 Typ błędu: 9 Identyfikator procesora: 0 Widok szczegółów tego wpisu zawiera dodatkowe informacje. Error - 2016-01-10 06:27:27 | Computer Name = Gościu | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = Wystąpił krytyczny błąd sprzętowy. Zgłoszone przez składnik: rdzeń procesora Źródło błędu: 3 Typ błędu: 9 Identyfikator procesora: 0 Widok szczegółów tego wpisu zawiera dodatkowe informacje. < End of report > [/log] [log]Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:10-01-2015 01 Uruchomiony przez Krzysiek (administrator) GOŚCIU (10-01-2016 21:22:26) Uruchomiony z C:\Users\Krzysiek\Downloads Załadowane profile: Krzysiek (Dostępne profile: Krzysiek & Inni) Platform: Windows 7 Home Premium (X64) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Innova Co S.a r.l.) C:\Program Files (x86)\4game\3.5.8.180\4game-service.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-11] (Synaptics Incorporated) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1139112 2015-12-08] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-05] (Advanced Micro Devices, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-02] (Atheros Communications) HKU\S-1-5-21-1933921575-738410443-1074386466-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1933921575-738410443-1074386466-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1933921575-738410443-1074386466-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1933921575-738410443-1074386466-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1933921575-738410443-1074386466-1000\...\MountPoints2: {40757a69-966d-11e4-a193-485ab66f4e03} - G:\.\Driver\DriverInstaller.exe -eject ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku GroupPolicyUsers\S-1-5-21-1933921575-738410443-1074386466-1003\User: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{5EF1D79C-18CB-4ABD-984C-85E1D4DC479C}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-17] (Oracle Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-02] (Qualcomm®Atheros®) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-17] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-09] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-17] (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @4game.com/plugin -> C:\Program Files (x86)\4game\3.5.8.180\npplugin4game.dll [2015-12-25] (Innova Co S.a r.l.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-09] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin HKU\S-1-5-21-1933921575-738410443-1074386466-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Krzysiek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Extension: Flashlight - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977\Extensions\flashlight@stephennolan.com.au [2015-05-28] FF Extension: Magic Actions for YouTube™ - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2015-12-28] FF Extension: Adblock Plus - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15] Chrome: ======= CHR Profile: C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-01] CHR Extension: (Dysk Google) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Adblock Plus) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05] CHR Extension: (Google Search) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Arkusze Google) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-20] CHR Extension: (Dokumenty Google offline) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (AdBlock) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03] CHR Extension: (Gmail) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-01] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 4game-service; C:\Program Files (x86)\4game\3.5.8.180\4game-service.exe [1561312 2015-12-25] (Innova Co S.a r.l.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego] S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.) R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1587128 2015-11-20] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1049000 2015-12-08] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-27] (Electronic Arts) S3 PAExec; C:\Windows\PAExec.exe [189112 2015-12-27] (Power Admin LLC) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.) R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros) S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation) S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-21] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42224 2014-05-13] (Visicom Media Inc.) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-11] (Synaptics Incorporated) S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-06-17] (wisecleaner.com) S3 btmaux; system32\DRIVERS\btmaux.sys [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] U3 pfldqpog; \??\C:\Users\Krzysiek\AppData\Local\Temp\pfldqpog.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-10 21:22 - 2016-01-10 21:22 - 00017812 _____ C:\Users\Krzysiek\Downloads\FRST.txt 2016-01-10 21:21 - 2016-01-10 21:22 - 00000000 ____D C:\FRST 2016-01-10 21:19 - 2016-01-10 21:21 - 02370560 _____ (Farbar) C:\Users\Krzysiek\Downloads\FRST64.exe 2016-01-10 20:45 - 2016-01-10 20:45 - 00000000 ___RD C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-01-10 20:26 - 2016-01-10 20:49 - 00000000 ____D C:\Users\Krzysiek\Desktop\logi 2016-01-10 20:08 - 2016-01-10 20:08 - 00000000 ____D C:\AdwCleaner 2016-01-10 15:32 - 2016-01-10 15:32 - 00010050 _____ C:\Users\Krzysiek\Desktop\co muszę wiedzieć.odt 2016-01-10 14:25 - 2016-01-10 14:25 - 00029745 _____ C:\Users\Krzysiek\Desktop\bilet_KA02341179_2016-01-10.pdf 2016-01-09 13:00 - 2016-01-09 13:01 - 00282120 _____ C:\Windows\Minidump\010916-45177-01.dmp 2016-01-07 15:25 - 2016-01-09 13:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-06 17:34 - 2016-01-06 17:35 - 00282120 _____ C:\Windows\Minidump\010616-34538-01.dmp 2016-01-03 15:10 - 2016-01-03 15:10 - 00352198 _____ C:\Users\Krzysiek\Desktop\The distinction between personality disorder and mental illness.pdf 2016-01-02 17:06 - 2016-01-06 10:16 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Atheros 2016-01-02 17:06 - 2016-01-02 17:06 - 00000000 ____D C:\ProgramData\Atheros 2016-01-02 17:01 - 2016-01-02 17:03 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth 2016-01-02 17:01 - 2016-01-02 17:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program 2016-01-02 16:59 - 2013-06-21 04:07 - 00440320 _____ (Atheros) C:\Windows\system32\athihvs.dll 2016-01-02 16:49 - 2016-01-02 16:49 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\ElevatedDiagnostics 2015-12-30 17:04 - 2015-12-30 17:05 - 00135009 _____ C:\Users\Krzysiek\Desktop\diagnoza monika.pdf 2015-12-27 12:44 - 2015-12-27 12:44 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\ATI 2015-12-27 12:44 - 2015-12-27 12:44 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\ATI 2015-12-27 12:44 - 2015-12-27 12:44 - 00000000 ____D C:\ProgramData\ATI 2015-12-27 12:40 - 2015-12-27 12:40 - 00002178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przełączania Grafiki.lnk 2015-12-27 12:40 - 2015-12-27 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center 2015-12-27 12:40 - 2015-12-27 12:40 - 00000000 ____D C:\ProgramData\AMD 2015-12-27 12:40 - 2015-12-27 12:40 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2015-12-27 12:40 - 2015-12-27 12:40 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2015-12-27 12:39 - 2011-09-12 18:05 - 00003917 _____ C:\Windows\SysWOW64\atipblup.dat 2015-12-27 12:39 - 2011-09-12 18:05 - 00003917 _____ C:\Windows\system32\atipblup.dat 2015-12-27 12:38 - 2015-12-27 12:39 - 00000000 ____D C:\Program Files\ATI Technologies 2015-12-27 12:38 - 2015-12-27 12:39 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2015-12-27 12:38 - 2015-12-27 12:38 - 00000000 ____D C:\Program Files\ATI 2015-12-27 12:37 - 2013-04-10 12:19 - 00035936 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys 2015-12-27 12:21 - 2015-12-27 12:21 - 00000000 _____ C:\Windows\ativpsrm.bin 2015-12-27 12:13 - 2013-05-05 22:53 - 08272648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 07234360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 06985624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 05944264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 05001344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 04450776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 01155264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 00970912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 00139696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 00118584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 00112440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 00092304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2015-12-27 12:13 - 2013-05-05 22:53 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2015-12-27 12:13 - 2013-05-05 22:51 - 11661312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys 2015-12-27 12:13 - 2013-05-05 22:35 - 29157376 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll 2015-12-27 12:13 - 2013-05-05 22:35 - 01187342 _____ C:\Windows\system32\amdocl_as64.exe 2015-12-27 12:13 - 2013-05-05 22:35 - 01061902 _____ C:\Windows\system32\amdocl_ld64.exe 2015-12-27 12:13 - 2013-05-05 22:35 - 00995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe 2015-12-27 12:13 - 2013-05-05 22:35 - 00798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe 2015-12-27 12:13 - 2013-05-05 22:35 - 00222720 _____ C:\Windows\system32\clinfo.exe 2015-12-27 12:13 - 2013-05-05 22:35 - 00076288 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll 2015-12-27 12:13 - 2013-05-05 22:35 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll 2015-12-27 12:13 - 2013-05-05 22:35 - 00064000 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll 2015-12-27 12:13 - 2013-05-05 22:35 - 00056320 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll 2015-12-27 12:13 - 2013-05-05 22:33 - 23815168 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2015-12-27 12:13 - 2013-05-05 22:31 - 00054784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-12-27 12:13 - 2013-05-05 22:31 - 00050176 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-12-27 12:13 - 2013-05-05 22:27 - 24229376 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll 2015-12-27 12:13 - 2013-05-05 22:24 - 00524464 _____ C:\Windows\SysWOW64\atiapfxx.blb 2015-12-27 12:13 - 2013-05-05 22:24 - 00524464 _____ C:\Windows\system32\atiapfxx.blb 2015-12-27 12:13 - 2013-05-05 22:22 - 00163840 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe 2015-12-27 12:13 - 2013-05-05 22:19 - 16082944 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll 2015-12-27 12:13 - 2013-05-05 22:19 - 00051200 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll 2015-12-27 12:13 - 2013-05-05 22:19 - 00046080 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2015-12-27 12:13 - 2013-05-05 22:19 - 00044544 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll 2015-12-27 12:13 - 2013-05-05 22:19 - 00044032 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2015-12-27 12:13 - 2013-05-05 22:18 - 00076800 _____ (AMD) C:\Windows\system32\coinst_12.105.4.dll 2015-12-27 12:13 - 2013-05-05 22:15 - 13703168 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2015-12-27 12:13 - 2013-05-05 22:09 - 19870720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2015-12-27 12:13 - 2013-05-05 21:59 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2015-12-27 12:13 - 2013-05-05 21:58 - 03309936 _____ C:\Windows\system32\atiumd6a.cap 2015-12-27 12:13 - 2013-05-05 21:58 - 00562688 _____ (AMD) C:\Windows\system32\atieclxx.exe 2015-12-27 12:13 - 2013-05-05 21:58 - 00241152 _____ (AMD) C:\Windows\system32\atiesrxx.exe 2015-12-27 12:13 - 2013-05-05 21:58 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat 2015-12-27 12:13 - 2013-05-05 21:58 - 00204952 _____ C:\Windows\system32\ativvsvl.dat 2015-12-27 12:13 - 2013-05-05 21:58 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat 2015-12-27 12:13 - 2013-05-05 21:58 - 00157144 _____ C:\Windows\system32\ativvsva.dat 2015-12-27 12:13 - 2013-05-05 21:56 - 00120320 _____ (AMD) C:\Windows\system32\atitmm64.dll 2015-12-27 12:13 - 2013-05-05 21:56 - 00059392 _____ (ATI Technologies, Inc.) C:\Windows\system32\atiedu64.dll 2015-12-27 12:13 - 2013-05-05 21:56 - 00043520 _____ (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll 2015-12-27 12:13 - 2013-05-05 21:56 - 00026112 _____ (AMD) C:\Windows\system32\atimuixx.dll 2015-12-27 12:13 - 2013-05-05 21:45 - 03342768 _____ C:\Windows\SysWOW64\atiumdva.cap 2015-12-27 12:13 - 2013-05-05 21:33 - 00636416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2015-12-27 12:13 - 2013-05-05 21:33 - 00430080 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2015-12-27 12:13 - 2013-05-05 21:32 - 00581632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys 2015-12-27 12:13 - 2013-05-05 21:32 - 00079360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2015-12-27 12:13 - 2013-05-05 21:32 - 00078336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll 2015-12-27 12:13 - 2013-05-05 21:32 - 00074240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2015-12-27 12:13 - 2013-05-05 21:32 - 00071168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2015-12-27 12:13 - 2013-05-05 21:32 - 00044032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2015-12-27 12:13 - 2013-05-05 21:32 - 00034816 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2015-12-27 12:13 - 2013-05-05 21:32 - 00017920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll 2015-12-27 12:13 - 2013-05-05 21:32 - 00014848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2015-12-27 12:13 - 2013-05-05 21:32 - 00014848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll 2015-12-27 12:13 - 2013-05-05 21:28 - 00053248 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll 2015-12-27 12:13 - 2013-04-10 08:53 - 00231604 _____ C:\Windows\system32\ativvaxy_cik.dat 2015-12-27 12:13 - 2013-04-09 19:30 - 00695004 _____ C:\Windows\system32\atiicdxx.dat 2015-12-27 12:13 - 2013-02-28 08:08 - 00044066 _____ C:\Windows\atiogl.xml 2015-12-27 12:13 - 2013-02-01 14:14 - 00075600 _____ C:\Windows\system32\ativce02.dat 2015-12-27 12:13 - 2012-11-23 05:14 - 00230064 _____ C:\Windows\system32\ativvaxy_cik_nd.dat 2015-12-27 12:13 - 2011-09-13 12:06 - 00003917 _____ C:\Windows\SysWOW64\atipblag.dat 2015-12-27 12:13 - 2011-09-13 12:06 - 00003917 _____ C:\Windows\system32\atipblag.dat 2015-12-27 12:13 - 2010-08-28 08:33 - 00332800 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe 2015-12-27 12:13 - 2009-06-23 05:34 - 00051200 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe 2015-12-27 12:13 - 2009-05-12 11:35 - 00118784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atibtmon.exe 2015-12-27 12:04 - 2015-12-27 12:04 - 00189112 _____ (Power Admin LLC) C:\Windows\PAExec.exe 2015-12-27 11:48 - 2015-12-27 11:49 - 00282280 _____ C:\Windows\Minidump\122715-51449-01.dmp 2015-12-27 11:41 - 2015-12-27 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-12-27 11:41 - 2015-12-27 11:41 - 00000000 ____D C:\Program Files\7-Zip 2015-12-27 11:07 - 2015-12-27 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings 2015-12-26 15:49 - 2016-01-09 13:00 - 511548252 _____ C:\Windows\MEMORY.DMP 2015-12-26 15:49 - 2015-12-26 15:51 - 00282280 _____ C:\Windows\Minidump\122615-43836-01.dmp 2015-12-23 17:43 - 2015-12-23 17:43 - 00117528 _____ C:\Users\Krzysiek\AppData\Local\GDIPFONTCACHEV1.DAT 2015-12-23 07:44 - 2015-12-23 07:45 - 00469240 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-23 07:44 - 2015-12-23 07:44 - 00262144 ____N C:\Windows\Minidump\122315-44725-01.dmp 2015-12-21 15:50 - 2015-12-21 15:50 - 00000000 ____D C:\Program Files (x86)\Dell 2015-12-21 13:37 - 2015-12-22 13:56 - 00000000 ____D C:\Program Files\Dell 2015-12-19 23:02 - 2016-01-09 23:25 - 00000000 ____D C:\Users\Krzysiek\Desktop\badanie 2015-12-18 19:24 - 2015-12-18 19:25 - 00389379 _____ C:\Users\Krzysiek\Documents\raport i portfolio.pdf 2015-12-18 19:21 - 2015-12-18 19:21 - 00187454 _____ C:\Users\Krzysiek\Documents\raport i portfolio.odt 2015-12-18 19:09 - 2015-12-18 19:32 - 41471184 _____ C:\Users\Krzysiek\Documents\Psychopatologia procesow poznawczych.rar 2015-12-17 09:34 - 2015-12-17 09:33 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64664002.dll 2015-12-17 09:34 - 2015-12-17 09:33 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64625969.dll 2015-12-11 16:11 - 2016-01-08 15:50 - 00022778 _____ C:\Users\Krzysiek\Desktop\umowa.odt ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-10 21:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2016-01-10 21:18 - 2015-06-17 08:52 - 00000000 ____D C:\Users\Krzysiek\Documents\pliki 2016-01-10 21:11 - 2014-09-18 17:54 - 00000000 ____D C:\ProgramData\MFAData 2016-01-10 21:10 - 2015-07-10 12:50 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-10 20:53 - 2009-07-14 05:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-10 20:53 - 2009-07-14 05:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-10 20:51 - 2009-07-14 18:55 - 00739432 _____ C:\Windows\system32\perfh015.dat 2016-01-10 20:51 - 2009-07-14 18:55 - 00155510 _____ C:\Windows\system32\perfc015.dat 2016-01-10 20:51 - 2009-07-14 06:13 - 01666944 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-10 20:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-01-10 20:45 - 2015-08-30 15:42 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-10 20:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-10 20:43 - 2014-12-02 20:38 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000UA.job 2016-01-10 20:43 - 2014-12-02 20:38 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000Core.job 2016-01-10 20:43 - 2014-07-25 14:00 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\CrashDumps 2016-01-10 18:10 - 2014-09-06 18:04 - 00000000 ____D C:\Users\Krzysiek\Documents\Bluetooth Folder 2016-01-10 14:21 - 2015-11-29 12:04 - 00000000 ____D C:\Users\Krzysiek\Desktop\u2b 2016-01-10 14:05 - 2015-06-19 15:00 - 00007889 _____ C:\Windows\BRRBCOM.INI 2016-01-10 00:04 - 2015-01-29 20:38 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-01-09 13:43 - 2014-07-15 15:41 - 00000000 ____D C:\Users\Krzysiek\Documents\Camtasia Studio 2016-01-09 13:00 - 2014-08-01 16:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-09 13:00 - 2014-07-13 18:41 - 00000000 ____D C:\Windows\Minidump 2016-01-09 11:08 - 2014-10-25 15:13 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Adobe 2016-01-09 11:08 - 2014-07-13 23:09 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-01-09 11:08 - 2014-07-13 23:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-08 16:13 - 2015-06-30 13:20 - 00000000 ____D C:\Users\Krzysiek\Desktop\pen 2016-01-06 20:12 - 2015-11-05 17:19 - 00023319 _____ C:\Users\Krzysiek\Desktop\Nowy OpenDocument Dokument tekstowy (2).odt 2016-01-06 16:19 - 2014-09-13 14:48 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2016-01-06 11:13 - 2015-07-06 11:52 - 00000327 _____ C:\Users\Krzysiek\Desktop\lęk.txt 2016-01-02 17:05 - 2014-09-06 18:02 - 00000000 ____D C:\Program Files (x86)\Dell Wireless 2016-01-02 16:59 - 2014-09-06 18:02 - 00000000 ____D C:\Windows\system32\nn-NO 2016-01-02 16:54 - 2014-07-13 12:43 - 00000000 ____D C:\Users\Krzysiek\Desktop\dell 2015-12-31 13:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2015-12-31 10:16 - 2015-08-19 16:52 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Foxit Reader 2015-12-29 20:20 - 2015-06-30 13:04 - 00000000 ____D C:\Users\Krzysiek\Documents\obrazki 2015-12-27 12:36 - 2014-10-13 12:11 - 00000000 ____D C:\ProgramData\Origin 2015-12-27 12:35 - 2014-10-13 12:13 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Origin 2015-12-27 12:30 - 2015-02-17 18:44 - 00000000 ____D C:\Program Files (x86)\Origin 2015-12-27 12:12 - 2014-07-14 21:39 - 00015354 _____ C:\Windows\system32\results.xml 2015-12-27 12:09 - 2014-07-13 13:18 - 00000000 ____D C:\Program Files (x86)\Intel 2015-12-27 12:08 - 2015-02-07 12:31 - 00000000 ____D C:\Intel 2015-12-27 11:40 - 2014-08-09 13:12 - 00000000 ____D C:\Program Files\WinRAR 2015-12-25 13:08 - 2014-09-30 12:19 - 00001210 _____ C:\Users\Public\Desktop\Lineage 2 EU.lnk 2015-12-25 13:08 - 2014-07-13 15:12 - 00000000 ____D C:\Program Files (x86)\4game 2015-12-25 02:33 - 2014-08-17 13:39 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Skype 2015-12-23 07:16 - 2014-12-24 13:12 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-12-23 07:10 - 2014-07-13 14:46 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Deployment 2015-12-23 07:09 - 2015-09-13 18:10 - 00000000 ____D C:\Users\Krzysiek\Documents\Fiddler2 2015-12-23 07:09 - 2014-07-20 22:43 - 00000000 ____D C:\Program Files (x86)\Fiddler2 2015-12-23 07:08 - 2014-09-05 09:28 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\uTorrent 2015-12-21 15:51 - 2015-02-05 15:45 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell 2015-12-21 15:51 - 2014-07-13 14:14 - 00000000 ____D C:\ProgramData\Dell 2015-12-21 15:46 - 2015-02-05 15:58 - 00000000 ____D C:\ProgramData\PCDr 2015-12-21 15:46 - 2015-02-05 15:56 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\PCDr 2015-12-21 14:01 - 2015-02-05 15:56 - 00000000 ____D C:\temp 2015-12-17 09:49 - 2014-11-25 21:46 - 00000000 ____D C:\ProgramData\Oracle 2015-12-17 09:34 - 2015-08-27 07:21 - 00000000 ____D C:\Users\Krzysiek\.oracle_jre_usage 2015-12-17 09:34 - 2015-07-12 09:37 - 00000000 ____D C:\Program Files\Java 2015-12-17 09:34 - 2014-11-25 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-12-16 13:24 - 2015-10-06 06:42 - 00000172 _____ C:\Users\Krzysiek\Desktop\Nowy dokument tekstowy.txt ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-11-29 20:36 - 2014-11-29 20:57 - 6000640 _____ () C:\Program Files (x86)\GUT5C0B.tmp 2014-11-29 20:56 - 2014-11-29 20:57 - 46766080 _____ () C:\Program Files (x86)\GUT7BFA.tmp 2014-11-29 20:54 - 2014-11-29 20:57 - 46766080 _____ () C:\Program Files (x86)\GUTBE37.tmp 2014-11-29 20:36 - 2014-11-29 20:57 - 6000640 _____ () C:\Program Files (x86)\GUTE852.tmp 2014-11-29 13:11 - 2014-11-29 13:17 - 6000640 _____ () C:\Program Files (x86)\GUTF430.tmp 2015-11-08 16:07 - 2015-11-08 16:19 - 0006656 _____ () C:\Users\Krzysiek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-23 14:18 - 2014-12-23 14:18 - 0003054 _____ () C:\Users\Krzysiek\AppData\Local\recently-used.xbel 2014-07-23 14:20 - 2014-11-05 19:28 - 0007601 _____ () C:\Users\Krzysiek\AppData\Local\resmon.resmoncfg 2014-11-29 13:25 - 2014-11-29 13:25 - 0000000 _____ () C:\Users\Krzysiek\AppData\Local\{34531EFF-384C-4A24-9129-5B91D2A8D49B} 2014-12-20 13:25 - 2014-12-20 13:25 - 0000000 _____ () C:\Users\Krzysiek\AppData\Local\{65D6B3F2-BCA4-49AC-96B0-FCF99D026E9A} 2014-11-30 13:26 - 2014-11-30 13:26 - 0000000 _____ () C:\Users\Krzysiek\AppData\Local\{B05A239E-F9E7-415D-8CB5-FFDA6F034DB3} 2014-09-21 13:56 - 2014-09-21 13:56 - 0000000 _____ () C:\Users\Krzysiek\AppData\Local\{E5B06239-D04D-43E1-94CB-B945021675E4} 2015-09-05 16:35 - 2015-09-05 16:35 - 0000000 _____ () C:\Users\Krzysiek\AppData\Local\{E61E8544-9865-4BEE-ADFF-D6A5B0CD1207} 2014-07-13 13:38 - 2014-07-13 13:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Niektóre pliki w TEMP: ==================== C:\Users\Krzysiek\AppData\Local\Temp\4game_setup-pl.exe C:\Users\Krzysiek\AppData\Local\Temp\AMDCleanupUtility.exe C:\Users\Krzysiek\AppData\Local\Temp\avguirn_081315415763.exe C:\Users\Krzysiek\AppData\Local\Temp\Cleanup.dll C:\Users\Krzysiek\AppData\Local\Temp\ddu.exe C:\Users\Krzysiek\AppData\Local\Temp\difxapi.dll C:\Users\Krzysiek\AppData\Local\Temp\msvcm80.dll C:\Users\Krzysiek\AppData\Local\Temp\msvcp80.dll C:\Users\Krzysiek\AppData\Local\Temp\msvcr80.dll C:\Users\Krzysiek\AppData\Local\Temp\radeon-crimson-15.12-minimalsetup.exe C:\Users\Krzysiek\AppData\Local\Temp\raptrpatch.exe C:\Users\Krzysiek\AppData\Local\Temp\raptr_stub.exe C:\Users\Krzysiek\AppData\Local\Temp\sfamcc00001.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-01-09 14:41 ==================== Koniec FRST.txt ============================[/log] [log]GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-10 21:05:06 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10JPVX-75JC3T0 rev.01.01A01 931,51GB Running: gmer.exe; Driver: C:\Users\Krzysiek\AppData\Local\Temp\pfldqpog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000183d00 7 bytes [80, A6, F3, FF, 01, B0, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000183d08 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075b41465 2 bytes [B4, 75] .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075b414bb 2 bytes [B4, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007780f930 5 bytes JMP 00000001777b00a0 .text C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007780fa50 5 bytes JMP 00000001777b0018 .text C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007780fab0 5 bytes JMP 00000001777b03d0 .text C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007780fb30 5 bytes JMP 00000001777b01b0 .text C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007780fbd0 5 bytes JMP 00000001777b0128 .text C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077810080 5 bytes JMP 00000001777b0238 .text C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077810110 5 bytes JMP 00000001777b02c0 .text C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077810180 5 bytes JMP 00000001777b0348 .text C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077810640 5 bytes JMP 00000001777b0458 .text C:\Windows\system32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077810690 5 bytes JMP 00000001777b04e0 .text C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007780f930 5 bytes JMP 00000001777b00a0 .text C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007780fa50 5 bytes JMP 00000001777b0018 .text C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007780fab0 5 bytes JMP 00000001777b03d0 .text C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007780fb30 5 bytes JMP 00000001777b01b0 .text C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007780fbd0 5 bytes JMP 00000001777b0128 .text C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077810080 5 bytes JMP 00000001777b0238 .text C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077810110 5 bytes JMP 00000001777b02c0 .text C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077810180 5 bytes JMP 00000001777b0348 .text C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077810640 5 bytes JMP 00000001777b0458 .text C:\Windows\system32\svchost.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077810690 5 bytes JMP 00000001777b04e0 .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007780f930 5 bytes JMP 00000001777b00a0 .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007780fa50 5 bytes JMP 00000001777b0018 .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007780fab0 5 bytes JMP 00000001777b03d0 .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007780fb30 5 bytes JMP 00000001777b01b0 .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007780fbd0 5 bytes JMP 00000001777b0128 .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077810080 5 bytes JMP 00000001777b0238 .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077810110 5 bytes JMP 00000001777b02c0 .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077810180 5 bytes JMP 00000001777b0348 .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077810640 5 bytes JMP 00000001777b0458 .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077810690 5 bytes JMP 00000001777b04e0 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007780f930 5 bytes JMP 00000001777b00a0 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007780fa50 5 bytes JMP 00000001777b0018 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007780fab0 5 bytes JMP 00000001777b03d0 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007780fb30 5 bytes JMP 00000001777b01b0 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007780fbd0 5 bytes JMP 00000001777b0128 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077810080 5 bytes JMP 00000001777b0238 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077810110 5 bytes JMP 00000001777b02c0 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077810180 5 bytes JMP 00000001777b0348 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077810640 5 bytes JMP 00000001777b0458 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077810690 5 bytes JMP 00000001777b04e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007780f930 5 bytes JMP 00000001777b00a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007780fa50 5 bytes JMP 00000001777b0018 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007780fab0 5 bytes JMP 00000001777b03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007780fb30 5 bytes JMP 00000001777b01b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007780fbd0 5 bytes JMP 00000001777b0128 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077810080 5 bytes JMP 00000001777b0238 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077810110 5 bytes JMP 00000001777b02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077810180 5 bytes JMP 00000001777b0348 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077810640 5 bytes JMP 00000001777b0458 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077810690 5 bytes JMP 00000001777b04e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007780f930 5 bytes JMP 00000001777b00a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007780fa50 5 bytes JMP 00000001777b0018 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007780fab0 5 bytes JMP 00000001777b03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007780fb30 5 bytes JMP 00000001777b01b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007780fbd0 5 bytes JMP 00000001777b0128 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077810080 5 bytes JMP 00000001777b0238 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077810110 5 bytes JMP 00000001777b02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077810180 5 bytes JMP 00000001777b0348 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077810640 5 bytes JMP 00000001777b0458 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077810690 5 bytes JMP 00000001777b04e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007780f930 5 bytes JMP 00000001777b00a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007780fa50 5 bytes JMP 00000001777b0018 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007780fab0 5 bytes JMP 00000001777b03d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007780fb30 5 bytes JMP 00000001777b01b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007780fbd0 5 bytes JMP 00000001777b0128 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077810080 5 bytes JMP 00000001777b0238 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077810110 5 bytes JMP 00000001777b02c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077810180 5 bytes JMP 00000001777b0348 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077810640 5 bytes JMP 00000001777b0458 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077810690 5 bytes JMP 00000001777b04e0 .text C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007780f930 5 bytes JMP 00000001777b00a0 .text C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007780fa50 5 bytes JMP 00000001777b0018 .text C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007780fab0 5 bytes JMP 00000001777b03d0 .text C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007780fb30 5 bytes JMP 00000001777b01b0 .text C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007780fbd0 5 bytes JMP 00000001777b0128 .text C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077810080 5 bytes JMP 00000001777b0238 .text C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077810110 5 bytes JMP 00000001777b02c0 .text C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077810180 5 bytes JMP 00000001777b0348 .text C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077810640 5 bytes JMP 00000001777b0458 .text C:\Windows\System32\igfxtray.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077810690 5 bytes JMP 00000001777b04e0 .text C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007780f930 5 bytes JMP 00000001777b00a0 .text C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007780fa50 5 bytes JMP 00000001777b0018 .text C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007780fab0 5 bytes JMP 00000001777b03d0 .text C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007780fb30 5 bytes JMP 00000001777b01b0 .text C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007780fbd0 5 bytes JMP 00000001777b0128 .text C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077810080 5 bytes JMP 00000001777b0238 .text C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077810110 5 bytes JMP 00000001777b02c0 .text C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077810180 5 bytes JMP 00000001777b0348 .text C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077810640 5 bytes JMP 00000001777b0458 .text C:\Windows\System32\hkcmd.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077810690 5 bytes JMP 00000001777b04e0 .text C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007780f930 5 bytes JMP 00000001777b00a0 .text C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007780fa50 5 bytes JMP 00000001777b0018 .text C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007780fab0 5 bytes JMP 00000001777b03d0 .text C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007780fb30 5 bytes JMP 00000001777b01b0 .text C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007780fbd0 5 bytes JMP 00000001777b0128 .text C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077810080 5 bytes JMP 00000001777b0238 .text C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077810110 5 bytes JMP 00000001777b02c0 .text C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077810180 5 bytes JMP 00000001777b0348 .text C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077810640 5 bytes JMP 00000001777b0458 .text C:\Windows\System32\igfxpers.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077810690 5 bytes JMP 00000001777b04e0 .text C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007780f930 5 bytes JMP 00000001777b00a0 .text C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007780fa50 5 bytes JMP 00000001777b0018 .text C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007780fab0 5 bytes JMP 00000001777b03d0 .text C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007780fb30 5 bytes JMP 00000001777b01b0 .text C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007780fbd0 5 bytes JMP 00000001777b0128 .text C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077810080 5 bytes JMP 00000001777b0238 .text C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077810110 5 bytes JMP 00000001777b02c0 .text C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077810180 5 bytes JMP 00000001777b0348 .text C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077810640 5 bytes JMP 00000001777b0458 .text C:\Windows\system32\igfxsrvc.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077810690 5 bytes JMP 00000001777b04e0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000779bfbe0 5 bytes JMP 0000000170c622f0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000779bfda4 5 bytes JMP 0000000170c62180 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000779bfe38 5 bytes JMP 0000000170c625b0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779bff04 5 bytes JMP 0000000170c62590 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000779bfff8 5 bytes JMP 0000000170c624b0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779c072c 5 bytes JMP 0000000170c625d0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779c0804 5 bytes JMP 0000000170c62610 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779c08ac 5 bytes JMP 0000000170c62650 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000779c1008 5 bytes JMP 0000000170c625f0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000779c1080 5 bytes JMP 0000000170c62630 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000779bfbe0 5 bytes JMP 0000000170c622f0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000779bfda4 5 bytes JMP 0000000170c62180 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000779bfe38 5 bytes JMP 0000000170c625b0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779bff04 5 bytes JMP 0000000170c62590 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000779bfff8 5 bytes JMP 0000000170c624b0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779c072c 5 bytes JMP 0000000170c625d0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779c0804 5 bytes JMP 0000000170c62610 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779c08ac 5 bytes JMP 0000000170c62650 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000779c1008 5 bytes JMP 0000000170c625f0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000779c1080 5 bytes JMP 0000000170c62630 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b41465 2 bytes [B4, 75] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b414bb 2 bytes [B4, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000779bfbe0 5 bytes JMP 0000000170c622f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000779bfda4 5 bytes JMP 0000000170c62180 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000779bfe38 5 bytes JMP 0000000170c625b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779bff04 5 bytes JMP 0000000170c62590 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000779bfff8 5 bytes JMP 0000000170c624b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779c072c 5 bytes JMP 0000000170c625d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779c0804 5 bytes JMP 0000000170c62610 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779c08ac 5 bytes JMP 0000000170c62650 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000779c1008 5 bytes JMP 0000000170c625f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000779c1080 5 bytes JMP 0000000170c62630 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007780f930 5 bytes JMP 00000001777b00a0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007780fa50 5 bytes JMP 00000001777b0018 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007780fab0 5 bytes JMP 00000001777b03d0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007780fb30 5 bytes JMP 00000001777b01b0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007780fbd0 5 bytes JMP 00000001777b0128 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077810080 5 bytes JMP 00000001777b0238 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077810110 5 bytes JMP 00000001777b02c0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077810180 5 bytes JMP 00000001777b0348 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077810640 5 bytes JMP 00000001777b0458 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077810690 5 bytes JMP 00000001777b04e0 .text C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000779bfbe0 5 bytes JMP 0000000170c622f0 .text C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000779bfda4 5 bytes JMP 0000000170c62180 .text C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000779bfe38 5 bytes JMP 0000000170c625b0 .text C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779bff04 5 bytes JMP 0000000170c62590 .text C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000779bfff8 5 bytes JMP 0000000170c624b0 .text C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779c072c 5 bytes JMP 0000000170c625d0 .text C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779c0804 5 bytes JMP 0000000170c62610 .text C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779c08ac 5 bytes JMP 0000000170c62650 .text C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000779c1008 5 bytes JMP 0000000170c625f0 .text C:\Windows\SysWOW64\ctfmon.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000779c1080 5 bytes JMP 0000000170c62630 .text C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007780f930 5 bytes JMP 00000001777b00a0 .text C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007780fa50 5 bytes JMP 00000001777b0018 .text C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007780fab0 5 bytes JMP 00000001777b03d0 .text C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007780fb30 5 bytes JMP 00000001777b01b0 .text C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007780fbd0 5 bytes JMP 00000001777b0128 .text C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077810080 5 bytes JMP 00000001777b0238 .text C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077810110 5 bytes JMP 00000001777b02c0 .text C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077810180 5 bytes JMP 00000001777b0348 .text C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077810640 5 bytes JMP 00000001777b0458 .text C:\Windows\system32\svchost.exe[4420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077810690 5 bytes JMP 00000001777b04e0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\485ab66f4e04 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\485ab66f4e04@5001bb251086 0xE4 0x06 0x7A 0xDA ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\485ab66f4e04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\485ab66f4e04@5001bb251086 0xE4 0x06 0x7A 0xDA ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... ---- EOF - GMER 2.1 ---- [/log] [log]OTL logfile created on: 2016-01-10 20:17:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Krzysiek\Documents\pliki 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,89 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 21,45% Memory free 7,78 Gb Paging File | 4,45 Gb Available in Paging File | 57,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 721,52 Gb Free Space | 77,46% Space Free | Partition Type: NTFS Drive E: | 11,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: GOŚCIU | User Name: Krzysiek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2016-01-10 20:16:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Krzysiek\Moje dokumenty\pliki\OTL.exe PRC - [2016-01-09 11:08:01 | 003,442,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe PRC - [2016-01-07 15:25:46 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2015-12-25 09:40:04 | 001,561,312 | ---- | M] (Innova Co S.a r.l.) -- C:\Program Files (x86)\4game\3.5.8.180\4game-service.exe PRC - [2015-12-11 04:54:14 | 000,741,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2015-12-08 07:25:36 | 001,139,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Framework\Common\avguix.exe PRC - [2015-11-20 08:19:56 | 003,857,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Av\avgidsagent.exe PRC - [2015-11-20 08:16:04 | 001,587,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Av\avgfws.exe PRC - [2015-11-20 08:15:18 | 003,855,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Av\avgui.exe PRC - [2015-11-20 08:14:54 | 000,579,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe PRC - [2015-09-29 21:02:16 | 048,220,352 | ---- | M] (Foxit Software Inc.) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe PRC - [2014-04-22 15:17:00 | 009,837,056 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe PRC - [2014-04-22 15:17:00 | 009,828,864 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.bin PRC - [2014-04-22 15:17:00 | 000,103,936 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\swriter.exe PRC - [2013-06-21 03:53:16 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe PRC - [2010-09-01 05:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2016-01-09 11:08:01 | 017,882,304 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll MOD - [2015-12-24 07:46:02 | 016,792,256 | ---- | M] () -- C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll MOD - [2015-12-11 04:54:11 | 001,583,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll MOD - [2015-12-11 04:54:09 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll MOD - [2015-10-19 09:07:34 | 040,500,224 | ---- | M] () -- C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll MOD - [2015-09-21 17:21:00 | 003,426,496 | ---- | M] () -- C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\CommentsSummary.fpi MOD - [2014-04-22 12:00:08 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll MOD - [2014-04-15 15:23:14 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll MOD - [2014-04-15 15:23:12 | 000,303,616 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll MOD - [2014-04-15 15:23:12 | 000,136,192 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll MOD - [2012-10-01 19:37:48 | 006,522,480 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office15\1033\GrooveIntlResource.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013-06-18 18:18:38 | 000,246,488 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService) SRV:[b]64bit:[/b] - [2013-05-05 21:58:02 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009-11-17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2016-01-07 15:25:45 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2015-12-27 12:29:28 | 002,104,840 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service) SRV - [2015-12-27 12:04:37 | 000,189,112 | ---- | M] (Power Admin LLC) [On_Demand | Stopped] -- C:\Windows\PAExec.exe -- (PAExec) SRV - [2015-12-25 09:40:04 | 001,561,312 | ---- | M] (Innova Co S.a r.l.) [Auto | Running] -- C:\Program Files (x86)\4game\3.5.8.180\4game-service.exe -- (4game-service) SRV - [2015-12-08 07:25:24 | 001,049,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe -- (avgsvc) SRV - [2015-11-20 08:19:56 | 003,857,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Av\avgidsagent.exe -- (AVGIDSAgent) SRV - [2015-11-20 08:16:04 | 001,587,128 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Av\avgfws.exe -- (avgfws) SRV - [2015-11-20 08:14:54 | 000,579,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe -- (avgwd) SRV - [2015-11-20 08:13:38 | 000,615,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\Av\avgamps.exe -- (AvgAMPS) SRV - [2015-07-09 12:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-09-04 22:01:14 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2013-07-02 23:00:14 | 000,312,448 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2013-06-21 03:53:16 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent) SRV - [2012-10-26 09:40:10 | 000,282,112 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2012-07-09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2015-11-06 15:50:34 | 000,184,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska) DRV:[b]64bit:[/b] - [2015-11-06 15:49:38 | 000,313,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:[b]64bit:[/b] - [2015-11-06 15:49:38 | 000,256,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:[b]64bit:[/b] - [2015-10-21 16:16:48 | 000,284,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:[b]64bit:[/b] - [2015-10-08 07:46:44 | 000,302,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:[b]64bit:[/b] - [2015-09-11 16:53:23 | 000,032,464 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DDDriver64Dcsa.sys -- (DDDriver) DRV:[b]64bit:[/b] - [2015-09-11 16:53:23 | 000,024,240 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DellProf.sys -- (DellProf) DRV:[b]64bit:[/b] - [2015-08-29 14:31:02 | 000,097,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:[b]64bit:[/b] - [2015-08-20 12:58:04 | 000,298,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:[b]64bit:[/b] - [2015-08-14 13:24:40 | 000,398,256 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:[b]64bit:[/b] - [2015-08-10 14:25:40 | 000,042,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:[b]64bit:[/b] - [2014-12-21 12:10:55 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2014-05-13 14:21:18 | 000,035,440 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:[b]64bit:[/b] - [2014-05-13 14:06:08 | 000,042,224 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv.sys -- (ManyCam) DRV:[b]64bit:[/b] - [2013-12-20 15:38:04 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:[b]64bit:[/b] - [2013-12-20 15:38:02 | 000,790,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2013-12-20 15:38:02 | 000,369,648 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:[b]64bit:[/b] - [2013-08-11 21:54:36 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2013-08-11 21:54:36 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:[b]64bit:[/b] - [2013-08-01 00:15:08 | 000,452,088 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2013-07-09 10:03:44 | 004,445,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,589,000 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,347,336 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:[b]64bit:[/b] - [2013-07-02 22:34:54 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:[b]64bit:[/b] - [2013-06-24 21:56:16 | 003,979,776 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2013-06-18 15:22:36 | 000,872,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2013-05-05 22:51:16 | 011,661,312 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2013-05-05 21:32:30 | 000,581,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2013-04-10 12:19:40 | 000,035,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd) DRV:[b]64bit:[/b] - [2012-12-21 14:42:28 | 000,326,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV:[b]64bit:[/b] - [2012-03-01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:[b]64bit:[/b] - [2009-06-15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2015-06-17 10:45:08 | 000,014,800 | ---- | M] (wisecleaner.com) [Kernel | On_Demand | Stopped] -- C:\Windows\WiseHDInfo64.dll -- (WiseHDInfo) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl-PL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 60 94 1D C9 54 D0 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.countryCode: "PL" FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.region: "PL" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:43.0.4 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.66.2: C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2: C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@4game.com/plugin: C:\Program Files (x86)\4game\3.5.8.180\npplugin4game.dll (Innova Co S.a r.l.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Krzysiek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014-07-13 23:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Extensions [2016-01-09 17:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977\extensions [2015-05-28 21:39:44 | 000,000,000 | ---D | M] (Flashlight) -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977\extensions\flashlight@stephennolan.com.au [2015-12-28 14:00:58 | 000,411,147 | ---- | M] () (No name found) -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2015-12-15 16:21:31 | 000,989,188 | ---- | M] () (No name found) -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\gu99veuy.default-1417338051977\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-07 15:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2016-01-07 15:25:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.10_0\ CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\ CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\ CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.45_0\ CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\ CHR - Extension: No name found = C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AvgUi] C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Atheros Communications) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EF1D79C-18CB-4ABD-984C-85E1D4DC479C}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\ms-help - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{40757a69-966d-11e4-a193-485ab66f4e03}\Shell - "" = AutoRun O33 - MountPoints2\{40757a69-966d-11e4-a193-485ab66f4e03}\Shell\AutoRun\command - "" = G:\.\Driver\DriverInstaller.exe -eject O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2016-01-10 20:08:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2016-01-10 18:10:39 | 000,000,000 | R--D | C] -- C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2016-01-07 15:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2016-01-02 17:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2016-01-02 17:06:44 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Roaming\Atheros [2016-01-02 17:01:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program [2016-01-02 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\QCA_Bluetooth [2016-01-02 16:59:08 | 000,440,320 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll [2016-01-02 16:49:08 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Local\ElevatedDiagnostics [2015-12-27 12:44:50 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Roaming\ATI [2015-12-27 12:44:50 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Local\ATI [2015-12-27 12:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2015-12-27 12:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2015-12-27 12:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2015-12-27 12:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2015-12-27 12:40:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2015-12-27 12:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2015-12-27 12:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2015-12-27 12:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2015-12-27 12:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2015-12-27 12:37:40 | 000,035,936 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\amdkmpfd.sys [2015-12-27 12:13:34 | 006,985,624 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll [2015-12-27 12:13:34 | 005,944,264 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll [2015-12-27 12:13:34 | 005,001,344 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll [2015-12-27 12:13:34 | 004,450,776 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll [2015-12-27 12:13:34 | 000,139,696 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll [2015-12-27 12:13:34 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2015-12-27 12:13:34 | 000,118,584 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll [2015-12-27 12:13:34 | 000,112,440 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll [2015-12-27 12:13:34 | 000,092,304 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll [2015-12-27 12:13:34 | 000,076,800 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_12.105.4.dll [2015-12-27 12:13:34 | 000,076,288 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OpenVideo64.dll [2015-12-27 12:13:34 | 000,074,240 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atisamu64.dll [2015-12-27 12:13:34 | 000,071,168 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atisamu32.dll [2015-12-27 12:13:34 | 000,065,536 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OpenVideo.dll [2015-12-27 12:13:34 | 000,064,000 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OVDecode64.dll [2015-12-27 12:13:34 | 000,056,320 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OVDecode.dll [2015-12-27 12:13:33 | 024,229,376 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll [2015-12-27 12:13:33 | 019,870,720 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll [2015-12-27 12:13:33 | 016,082,944 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll [2015-12-27 12:13:33 | 013,703,168 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll [2015-12-27 12:13:33 | 011,661,312 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys [2015-12-27 12:13:33 | 008,272,648 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll [2015-12-27 12:13:33 | 007,234,360 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll [2015-12-27 12:13:33 | 001,155,264 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll [2015-12-27 12:13:33 | 000,970,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll [2015-12-27 12:13:33 | 000,636,416 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll [2015-12-27 12:13:33 | 000,581,632 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys [2015-12-27 12:13:33 | 000,562,688 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2015-12-27 12:13:33 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atidemgy.dll [2015-12-27 12:13:33 | 000,430,080 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll [2015-12-27 12:13:33 | 000,332,800 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODE.exe [2015-12-27 12:13:33 | 000,241,152 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2015-12-27 12:13:33 | 000,163,840 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe [2015-12-27 12:13:33 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe [2015-12-27 12:13:33 | 000,078,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll [2015-12-27 12:13:33 | 000,078,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll [2015-12-27 12:13:33 | 000,071,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll [2015-12-27 12:13:33 | 000,071,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll [2015-12-27 12:13:33 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll [2015-12-27 12:13:33 | 000,054,784 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2015-12-27 12:13:33 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll [2015-12-27 12:13:33 | 000,051,200 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODCLI.exe [2015-12-27 12:13:33 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll [2015-12-27 12:13:33 | 000,050,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2015-12-27 12:13:33 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll [2015-12-27 12:13:33 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll [2015-12-27 12:13:33 | 000,044,032 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll [2015-12-27 12:13:33 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll [2015-12-27 12:13:33 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll [2015-12-27 12:13:33 | 000,034,816 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll [2015-12-27 12:13:33 | 000,026,112 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2015-12-27 12:13:33 | 000,017,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll [2015-12-27 12:13:33 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll [2015-12-27 12:13:33 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll [2015-12-27 12:13:32 | 029,157,376 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll [2015-12-27 12:13:32 | 023,815,168 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll [2015-12-27 12:13:32 | 000,079,360 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdave64.dll [2015-12-27 12:13:32 | 000,078,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdave32.dll [2015-12-27 12:04:50 | 000,189,112 | ---- | C] (Power Admin LLC) -- C:\Windows\PAExec.exe [2015-12-27 11:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2015-12-27 11:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2015-12-27 11:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings [2015-12-21 15:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell [2015-12-21 13:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Dell [2015-12-19 23:02:03 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\Desktop\badanie [2015-12-17 09:34:40 | 000,110,176 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64664002.dll [2015-12-17 09:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2015-12-17 09:34:02 | 000,110,176 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64625969.dll [5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2016-01-10 20:10:03 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2016-01-10 18:11:53 | 001,666,944 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2016-01-10 18:11:53 | 000,739,432 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2016-01-10 18:11:53 | 000,653,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2016-01-10 18:11:53 | 000,155,510 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2016-01-10 18:11:53 | 000,121,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2016-01-10 18:07:05 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000UA.job [2016-01-10 18:06:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2016-01-10 15:32:47 | 000,010,050 | ---- | M] () -- C:\Users\Krzysiek\Desktop\co muszę wiedzieć.odt [2016-01-10 14:25:05 | 000,029,745 | ---- | M] () -- C:\Users\Krzysiek\Desktop\bilet_KA02341179_2016-01-10.pdf [2016-01-10 14:05:50 | 000,007,889 | ---- | M] () -- C:\Windows\BRRBCOM.INI [2016-01-10 11:34:32 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2016-01-10 11:34:32 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2016-01-10 11:28:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2016-01-10 11:27:07 | 3133,427,712 | -HS- | M] () -- C:\hiberfil.sys [2016-01-10 00:04:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job [2016-01-09 13:00:06 | 511,548,252 | ---- | M] () -- C:\Windows\MEMORY.DMP [2016-01-09 11:08:01 | 000,796,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2016-01-09 11:08:01 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2016-01-08 20:48:59 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1933921575-738410443-1074386466-1000Core.job [2016-01-08 15:50:33 | 000,022,778 | ---- | M] () -- C:\Users\Krzysiek\Desktop\umowa.odt [2016-01-06 20:12:26 | 000,023,319 | ---- | M] () -- C:\Users\Krzysiek\Desktop\Nowy OpenDocument Dokument tekstowy (2).odt [2016-01-03 15:10:07 | 000,352,198 | ---- | M] () -- C:\Users\Krzysiek\Desktop\The distinction between personality disorder and mental illness.pdf [2015-12-30 17:05:02 | 000,135,009 | ---- | M] () -- C:\Users\Krzysiek\Desktop\diagnoza monika.pdf [2015-12-27 12:21:51 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2015-12-27 12:12:29 | 000,015,354 | ---- | M] () -- C:\Windows\SysNative\results.xml [2015-12-27 12:04:37 | 000,189,112 | ---- | M] (Power Admin LLC) -- C:\Windows\PAExec.exe [2015-12-25 13:08:32 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Lineage 2 EU.lnk [2015-12-23 07:45:26 | 000,469,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015-12-19 01:40:48 | 000,019,924 | ---- | M] () -- C:\Users\Krzysiek\Documents\Obraz11.jpg [2015-12-18 19:32:10 | 041,471,184 | ---- | M] () -- C:\Users\Krzysiek\Documents\Psychopatologia procesow poznawczych.rar [2015-12-18 19:25:02 | 000,389,379 | ---- | M] () -- C:\Users\Krzysiek\Documents\raport i portfolio.pdf [2015-12-18 19:21:22 | 000,187,454 | ---- | M] () -- C:\Users\Krzysiek\Documents\raport i portfolio.odt [2015-12-17 09:33:56 | 000,110,176 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64664002.dll [2015-12-17 09:33:56 | 000,110,176 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64625969.dll [5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2016-01-10 15:32:11 | 000,010,050 | ---- | C] () -- C:\Users\Krzysiek\Desktop\co muszę wiedzieć.odt [2016-01-10 14:25:05 | 000,029,745 | ---- | C] () -- C:\Users\Krzysiek\Desktop\bilet_KA02341179_2016-01-10.pdf [2016-01-03 15:10:06 | 000,352,198 | ---- | C] () -- C:\Users\Krzysiek\Desktop\The distinction between personality disorder and mental illness.pdf [2015-12-30 17:04:57 | 000,135,009 | ---- | C] () -- C:\Users\Krzysiek\Desktop\diagnoza monika.pdf [2015-12-27 12:40:00 | 000,002,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przełączania Grafiki.lnk [2015-12-27 12:39:29 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2015-12-27 12:39:29 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblup.dat [2015-12-27 12:21:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2015-12-27 12:13:34 | 003,342,768 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2015-12-27 12:13:34 | 003,309,936 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2015-12-27 12:13:34 | 000,231,604 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik.dat [2015-12-27 12:13:34 | 000,230,064 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik_nd.dat [2015-12-27 12:13:34 | 000,222,720 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe [2015-12-27 12:13:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2015-12-27 12:13:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat [2015-12-27 12:13:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2015-12-27 12:13:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat [2015-12-27 12:13:34 | 000,075,600 | ---- | C] () -- C:\Windows\SysNative\ativce02.dat [2015-12-27 12:13:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2015-12-27 12:13:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat [2015-12-27 12:13:33 | 001,061,902 | ---- | C] () -- C:\Windows\SysNative\amdocl_ld64.exe [2015-12-27 12:13:33 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2015-12-27 12:13:33 | 000,695,004 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2015-12-27 12:13:33 | 000,524,464 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb [2015-12-27 12:13:33 | 000,524,464 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2015-12-27 12:13:33 | 000,044,066 | ---- | C] () -- C:\Windows\atiogl.xml [2015-12-27 12:13:32 | 001,187,342 | ---- | C] () -- C:\Windows\SysNative\amdocl_as64.exe [2015-12-27 12:13:32 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2015-12-26 15:49:42 | 511,548,252 | ---- | C] () -- C:\Windows\MEMORY.DMP [2015-12-23 07:44:49 | 000,469,240 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015-12-19 01:40:47 | 000,019,924 | ---- | C] () -- C:\Users\Krzysiek\Documents\Obraz11.jpg [2015-12-18 19:24:56 | 000,389,379 | ---- | C] () -- C:\Users\Krzysiek\Documents\raport i portfolio.pdf [2015-12-18 19:21:21 | 000,187,454 | ---- | C] () -- C:\Users\Krzysiek\Documents\raport i portfolio.odt [2015-12-18 19:09:39 | 041,471,184 | ---- | C] () -- C:\Users\Krzysiek\Documents\Psychopatologia procesow poznawczych.rar [2015-11-08 16:07:01 | 000,006,656 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2015-09-05 16:35:16 | 000,000,000 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\{E61E8544-9865-4BEE-ADFF-D6A5B0CD1207} [2015-06-20 21:50:28 | 000,000,640 | RHS- | C] () -- C:\Users\Krzysiek\ntuser.pol [2015-06-19 15:00:50 | 000,007,889 | ---- | C] () -- C:\Windows\BRRBCOM.INI [2015-06-19 15:00:50 | 000,007,818 | ---- | C] () -- C:\Windows\BROPJ152W.INI [2015-06-19 14:59:34 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2015-06-19 14:59:34 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2015-04-28 08:46:40 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2015-04-28 08:46:40 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2014-12-23 14:18:03 | 000,003,054 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\recently-used.xbel [2014-12-20 13:25:01 | 000,000,000 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\{65D6B3F2-BCA4-49AC-96B0-FCF99D026E9A} [2014-11-30 13:26:40 | 000,000,000 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\{B05A239E-F9E7-415D-8CB5-FFDA6F034DB3} [2014-11-29 13:25:00 | 000,000,000 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\{34531EFF-384C-4A24-9129-5B91D2A8D49B} [2014-09-28 14:02:18 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2014-09-21 13:56:20 | 000,000,000 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\{E5B06239-D04D-43E1-94CB-B945021675E4} [2014-08-07 11:35:15 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2014-07-23 14:20:58 | 000,007,601 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\resmon.resmoncfg [2014-07-13 14:07:21 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll [2014-07-13 14:07:21 | 000,241,152 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2014-07-13 14:07:21 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll [2014-07-13 14:04:53 | 001,639,550 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014-07-13 13:38:48 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2015-10-19 09:15:06 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\AVG [2015-08-09 18:28:06 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Awesomium [2015-06-19 15:04:52 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\ControlCenter4 [2014-12-21 12:12:47 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\DAEMON Tools Lite [2014-09-08 11:22:30 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Foxit Software [2015-08-24 11:09:07 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\GG [2014-10-03 13:43:44 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\IrfanView [2015-02-05 18:37:24 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\library_dir [2014-07-15 11:03:28 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\OpenOffice [2015-07-09 19:09:22 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Opera Software [2015-12-27 12:35:17 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Origin [2015-12-21 15:46:57 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\PCDr [2015-08-06 13:35:46 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\pxgclient [2014-07-15 15:42:10 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\TechSmith [2014-08-14 12:32:02 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\TS3Client [2014-09-18 17:57:04 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\TuneUp Software [2015-04-16 20:27:25 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Ubisoft [2015-12-23 07:08:56 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\uTorrent [2014-07-14 08:32:32 | 000,000,000 | -HSD | M] -- C:\Users\Krzysiek\AppData\Roaming\wyUpdate AU [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log]
Twój_Anioł_Stróż komentarz 10 stycznia 2016 komentarz 10 stycznia 2016 W logach nie widzę żadnej infekcji. Otwórz Notatnik i wklej w nim: ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku GroupPolicyUsers\S-1-5-21-1933921575-738410443-1074386466-1003\User: Ograniczenia <======= UWAGA S3 btmaux; system32\DRIVERS\btmaux.sys [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] C:\Users\Krzysiek\AppData\Roaming\wyUpdate AU EmptyTemp: Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW). ======================================== Error - 2016-01-10 06:27:27 | Computer Name = Gościu | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = Wystąpił krytyczny błąd sprzętowy. Zgłoszone przez składnik: rdzeń procesora Źródło błędu: 3 Typ błędu: 9 Identyfikator procesora: 0 Widok szczegółów tego wpisu zawiera dodatkowe informacje. to nie do tego działu forum . 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.