Azrei utworzono 28 grudnia 2016 utworzono 28 grudnia 2016 (edytowane) Witam, proszę o pomoc. Ściągnąłem niechcąco wirusa nie wiem jakiego, również jest Navsmart na przęglądarcę, którego bez panelu sterowania nie usunę, a nie mogę po prostu panelu odpalić tak samo nic przez "uruchom" itp. Wiele rzeczy jest zablokowane, aby to zwalczyć @Twój_Anioł_Stróż wiem, że jesteś w tym obeznany, bardzo proszę o pomoc. SKANOWAŁEM MALWAREBYTESEM ORAZ COMODO, usunęło 900 wirusów, ale nadal to jest. W razie pytań proszę pytać.
Twój_Anioł_Stróż komentarz 28 grudnia 2016 komentarz 28 grudnia 2016 Zrób logi z FRST > http://www.forumpc.pl/topic/277786-nieingerencyjne-narzędzia-do-tworzenia-logów-systemowych/?p=2010191 przed skanem zaznacz: Additional.txt Shortcut.txt, 1
Azrei komentarz 29 grudnia 2016 Autor komentarz 29 grudnia 2016 Dnia 28.12.2016 o 22:12, Twój_Anioł_Stróż napisał: Zrób logi z FRST > http://www.forumpc.pl/topic/277786-nieingerencyjne-narzędzia-do-tworzenia-logów-systemowych/?p=2010191 przed skanem zaznacz: Additional.txt Shortcut.txt, Nie wiem czy o to chodzi, ale Addition: Rezultaty skanu uzupeĹ‚niajÄ…cego Farbar Recovery Scan Tool (x64) Wersja: 21-12-2016 Uruchomiony przez Azrej (29-12-2016 22:27:57) Uruchomiony z C:\Users\Azrej\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2015-01-23 11:27:14) Tryb startu: Normal ========================================================== ==================== Konta uĹĽytkownikĂłw: ============================= Administrator (S-1-5-21-1949200310-4154890209-3102321400-500 - Administrator - Disabled) Azrej (S-1-5-21-1949200310-4154890209-3102321400-1010 - Administrator - Enabled) => C:\Users\Azrej Gość (S-1-5-21-1949200310-4154890209-3102321400-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1949200310-4154890209-3102321400-1007 - Limited - Enabled) ==================== Centrum zabezpieczeĹ„ ======================== (Załączenie wejĹ›cia w fixlist spowoduje jego usuniÄ™cie.) ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programĂłw adware z flagÄ… "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposĂłb odinstalowane.) Acoustic Bridge (HKLM-x32\...\Acoustic Bridge1.01) (Version: 1.01 - Stardock Corporation) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated) Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated) AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1465, 29.12.2014 - AIMP DevTeam) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Aurera-global (HKU\S-1-5-21-1949200310-4154890209-3102321400-1000\...\Aurera-global) (Version: - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Catalyst Control Center Next Localization BR (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) COMODO Antivirus (HKLM\...\{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}) (Version: 8.0.0.4337 - COMODO Security Solutions Inc.) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) Drakensang Online (HKLM-x32\...\Drakensang Online) (Version: - ) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version: - Daybreak Game Company) K-Lite Codec Pack 10.9.5 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden LibreOffice 4.3 Help Pack (Polish) (HKLM-x32\...\{04D908A5-3BED-4C1C-BD0E-E9FBB8710959}) (Version: 4.3.5.2 - The Document Foundation) LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation) Malwarebytes (wersja 3.0.5.1299) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Mozilla Firefox 45.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 pl)) (Version: 45.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla) MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team) Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon) ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) paint.net (HKLM\...\{DD393E4D-76FA-4CCD-84F3-CD9D75C14862}) (Version: 4.0.10 - dotPDN LLC) Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.) SHU (HKLM-x32\...\{DF11DD92-DBB8-4F3F-9564-A8BBDBE986F5}_is1) (Version: 1.0 - ScreenShu Software) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Tibia (HKLM-x32\...\Tibia_is1) (Version: 8.60 - CipSoft GmbH) Tibia (HKU\S-1-5-21-1949200310-4154890209-3102321400-1010\...\Tibia) (Version: - CipSoft GmbH) Tibiacast (HKLM-x32\...\{71A8F4EC-7D8D-4FBA-8AC4-CC5F4B8E9FDA}) (Version: 3.1.05800 - Silver Squirrel Software HB) WindBot version 2.8.3 (HKLM-x32\...\{93F2CDEB-F828-463F-9B69-2D8FB38BF089}_is1) (Version: 2.8.3 - Lucas Terra, WindBot) WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) WypasOTS 9.4 (HKLM-x32\...\{04BA9C0F-4169-4268-B049-A1DAE36A7FEC}_is1) (Version: 9.4 - ) XenoBot Binary (HKLM-x32\...\{82F4416B-8461-4817-A09D-BBBD7FC00DE6}) (Version: 15.11.28 - XenoBot) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejĹ›cia w fixlist spowoduje jego usuniÄ™cie z rejestru. PowiÄ…zany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejĹ›cia w fixlist spowoduje jego usuniÄ™cie z rejestru. PowiÄ…zany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {04E5510B-A6E0-4B1D-892C-4D3D0E2D2141} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe [2016-03-11] (Adobe Systems Incorporated) Task: {07698EB1-CB84-46CF-A7E2-AEB6612DC59E} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab10b4100f20 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.) Task: {0A705591-902E-42A3-8B53-F6CB5B6D930D} - System32\Tasks\MichaĹ‚MonocularlyCutpurseV2 => Rundll32.exe GunmanPretences.dll,main 7 1 <==== UWAGA Task: {0B8DC3AF-0DD0-4AAC-A8A7-E7F569879309} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe Task: {0C786062-0E64-43FA-9F60-0C7F25A0C555} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe Task: {1A3DEE4D-523C-4C76-87D7-0C420E224A4F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-10-23] (COMODO) Task: {1A7BBDEF-CF29-4C87-B116-75D8CEB4B351} - System32\Tasks\{0C570786-287D-4FA5-87D5-AA257FDC4294} => Chrome.exe hxxp://ui.skype.com/ui/0/7.17.0.105/pl/abandoninstall?source=lightinstaller&page=tsInstall Task: {1CC7F5AF-EB17-41FC-AF39-DB998737D82D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-10-23] (COMODO) Task: {270FCF3D-4BFF-4E75-898B-BE3C3B8F6654} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe Task: {28EF5153-A9FE-4086-B4BE-59FECADDEB80} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-10-23] (COMODO) Task: {2EE5D0CE-E0D9-4A81-A6F8-8E395400C0B1} - System32\Tasks\{1F64A6E6-7DBB-4F2C-8558-7E43905D0DDF} => D:\Riot Games\League of Legends\lol.launcher.exe [2016-03-19] () Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Brak pliku <==== UWAGA Task: {3318E7B1-2E15-4432-A823-B53533D34557} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => C:\Windows\system32\GWX\GWXConfigManager.exe Task: {4D9CAFAF-EB4C-45B5-A551-C694D9065862} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab10b3d80e5e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.) Task: {541AE9CA-DF1E-4B14-854E-F94AA25DC3FC} - System32\Tasks\{87E339C0-A7D2-47B1-9C21-5DF8AFCB9302} => pcalua.exe -a C:\Users\Azrej\Downloads\tibia860.exe -d C:\Users\Azrej\Downloads Task: {5B9C6C39-5F13-47D8-B6E2-8F993CA46EF2} - System32\Tasks\{6F8B304B-A9FD-4C47-FC8F-0C48D5D99500} => C:\Users\Azrej\AppData\Roaming\{6F8B3~1\PRICEF~1.EXE <==== UWAGA Task: {6B2E15EC-372E-436D-A540-138509C337F0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Brak pliku <==== UWAGA Task: {79DBB051-5171-47DA-9313-F171C655B93B} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-10-23] (COMODO) Task: {807F8A5F-69E1-439C-A25C-6CF4664DE3B9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe Task: {8365DEEA-0F15-4C35-9FD3-6FAB00A2421B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe Task: {882E2297-17E5-4D23-8D58-C8E083A1E4F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated) Task: {8A3E5241-272C-44B5-BBAF-3F048D932094} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.) Task: {91A0BF38-2BFB-4990-8987-2589E1F0F0AA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => C:\Windows\system32\GWX\GWXConfigManager.exe Task: {9669AB42-8A2A-45C5-9368-95CAD21C8438} - System32\Tasks\{863D38D4-4A6C-14D1-9BC6-94735C109C00} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\dc6a53e\7fce6dd7.dll" <==== UWAGA Task: {9678DF92-0FDF-43E1-97B0-283EBCDDEC74} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-10-23] (COMODO) Task: {9EB35A7B-9C5B-4A50-B8D5-B3CBD64BB727} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-12-05] (Advanced Micro Devices, Inc.) Task: {A3C42A7F-14E4-4FDE-B88F-D2D7B008154D} - \Bidaily Synchronize Task[pr] -> Brak pliku <==== UWAGA Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Brak pliku <==== UWAGA Task: {AE17F646-4464-45E3-9679-B83266049CEE} - \{A5B8CD4F-6620-28AA-073B-BCAC1372529A} -> Brak pliku <==== UWAGA Task: {C0CBA8BC-318C-4281-BBDD-C94287CA8433} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.) Task: {C3DC4AA1-0DC3-41A6-B7C2-F5089FFFB413} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-12] (Piriform Ltd) Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Brak pliku <==== UWAGA Task: {D9450371-A8E5-45B3-BBDE-12F6C5079634} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Brak pliku <==== UWAGA Task: {EDD4291F-5E0E-429B-B085-8F95B9E96C94} - System32\Tasks\{8D4A62A4-7B9A-467A-8531-1908738EAA4D} => C:\Users\Azrej\Downloads\MarinerMT2.pl-09.04.2016\MarinerMT2.pl-09.04.2016\MarinerMT2.exe Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Brak pliku <==== UWAGA (Załączenie wejĹ›cia w fixlist spowoduje przesuniÄ™cie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job => C:\Users\Azrej\AppData\Local\Temp\E9D5.exe <==== UWAGA Task: C:\Windows\Tasks\Coegerentguerly Helper.job => C:\Program Files (x86)\Jicadomnorese\beholy.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab10b3d80e5e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab10b4100f20.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\{6F8B304B-A9FD-4C47-FC8F-0C48D5D99500}.job => C:\Users\Azrej\AppData\Roaming\{6F8B3~1\PRICEF~1.EXE <==== UWAGA ==================== SkrĂłty ============================= (Wybrane wejĹ›cia mogÄ… zostać załączone w celu ich zresetowania lub usuniÄ™cia.) ShortcutWithArgument: C:\Users\Azrej\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e9e54e21acfd263e\NWJS Default.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=aafddpmiffkameplnjkglahmbnbgidce ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=dobbaijafcbikgimjpakclacfgeagffm ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" ==================== ZaĹ‚adowane moduĹ‚y (filtrowane) ============== 2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll 2016-10-31 20:45 - 2016-10-31 20:45 - 00592384 _____ () C:\Users\Azrej\AppData\Local\MEGAsync\ShellExtX64.dll 2016-12-28 02:30 - 2016-12-26 15:58 - 00965120 ___SH () C:\ProgramData\igfxDH.dll 2016-09-14 22:30 - 2016-09-14 22:30 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2016-09-14 22:30 - 2016-12-05 20:48 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2016-09-14 22:30 - 2016-09-14 22:30 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2016-09-14 22:30 - 2016-09-14 22:30 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2016-09-14 22:30 - 2016-09-14 22:30 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2016-09-14 22:30 - 2016-09-14 22:30 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2016-07-05 23:06 - 2016-07-05 23:06 - 00856744 _____ () D:\Program Files (x86)\SHU\SHU.exe 2016-07-05 23:06 - 2016-07-05 23:06 - 00021672 _____ () D:\Program Files (x86)\SHU\ScreenShu64.exe 2016-07-05 23:06 - 2016-07-05 23:06 - 00104616 _____ () D:\Program Files (x86)\SHU\screenshu_injected_dll_x64.dll 2016-12-28 03:23 - 2016-12-14 12:55 - 02259232 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2016-12-28 03:23 - 2016-12-28 03:23 - 02813904 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2016-12-28 03:23 - 2016-12-28 03:23 - 02247632 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2013-04-15 17:39 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2016-12-16 14:33 - 2016-12-14 13:46 - 04555256 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\LeagueClient.exe 2016-12-16 14:33 - 2016-12-14 13:46 - 03461112 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\LeagueClientUx.exe 2016-12-28 02:27 - 2016-12-28 02:27 - 00176128 _____ () c:\program files (x86)\jicadomnorese\hernentvozephcloud.dll 2016-04-13 09:38 - 2016-04-13 09:38 - 00482304 _____ () C:\Users\Azrej\AppData\Local\MEGAsync\libsodium.dll 2016-07-05 23:06 - 2016-07-05 23:06 - 00092328 _____ () D:\Program Files (x86)\SHU\screenshu_injected_dll.dll 2016-07-05 23:06 - 2016-07-05 23:06 - 00140800 _____ () D:\Program Files (x86)\SHU\quazip.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd 2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd 2015-10-21 21:29 - 2015-10-21 21:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll 2015-10-21 21:29 - 2015-10-21 21:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd 2015-06-27 00:09 - 2015-06-27 00:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd 2016-04-19 18:08 - 2016-04-19 18:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd 2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll 2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll 2016-10-31 20:43 - 2016-10-31 20:43 - 00564736 _____ () C:\Users\Azrej\AppData\Local\MEGAsync\ShellExtX32.dll 2016-12-15 07:15 - 2016-12-08 08:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll 2016-12-15 07:15 - 2016-12-08 08:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 03328512 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-patcher\rcp-be-patcher.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 01024000 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-rso-auth\rcp-be-rso-auth.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 02518016 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-login\rcp-be-lol-login.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 00583680 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-account-settings\rcp-be-lol-account-settings.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00582144 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-platform-config\rcp-be-lol-platform-config.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00719872 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-summoner\rcp-be-lol-summoner.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00632832 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-ranked-stats\rcp-be-lol-ranked-stats.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00563200 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-maps\rcp-be-lol-maps.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00696832 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-game-queues\rcp-be-lol-game-queues.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00859136 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-gameflow\rcp-be-lol-gameflow.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00938496 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-player-preferences\rcp-be-lol-player-preferences.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00683520 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-game-settings\rcp-be-lol-game-settings.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00628224 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-settings\rcp-be-lol-settings.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00631296 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-sanitizer\rcp-be-sanitizer.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 02468352 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-chat\rcp-be-lol-chat.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 00159224 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\libexpat.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 02014720 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-riot-messaging-service\rcp-be-lol-riot-messaging-service.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00561664 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-heartbeat\rcp-be-lol-heartbeat.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00582144 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-shutdown\rcp-be-lol-shutdown.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 00583168 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-acs\rcp-be-lol-acs.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00604160 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-player-notifications\rcp-be-player-notifications.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00564224 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-loyalty\rcp-be-lol-loyalty.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 01116160 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-collections\rcp-be-lol-collections.dll 2016-12-16 14:33 - 2016-12-16 14:33 - 00955904 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-loot\rcp-be-lol-loot.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00557056 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-kr-shutdown-law\rcp-be-lol-kr-shutdown-law.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 01041408 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-lobby-team-builder\rcp-be-lol-lobby-team-builder.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00684032 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-queue-eligibility\rcp-be-lol-queue-eligibility.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 01540096 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-lobby\rcp-be-lol-lobby.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00854016 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-license-agreement\rcp-be-lol-license-agreement.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 01166848 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-champ-select-legacy\rcp-be-lol-champ-select-legacy.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 00700416 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-champ-select\rcp-be-lol-champ-select.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00816640 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-matchmaking\rcp-be-lol-matchmaking.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00543744 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-kr-playtime-reminder\rcp-be-lol-kr-playtime-reminder.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 00552960 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-game-client-chat\rcp-be-lol-game-client-chat.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 00811520 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-end-of-game\rcp-be-lol-end-of-game.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 00585728 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-active-boosts\rcp-be-lol-active-boosts.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00594432 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-kudos\rcp-be-lol-kudos.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00667136 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-parties\rcp-be-lol-parties.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00900608 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-leagues\rcp-be-lol-leagues.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00675840 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-pft\rcp-be-lol-pft.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00681984 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-player-behavior\rcp-be-lol-player-behavior.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00668160 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-suggested-players\rcp-be-lol-suggested-players.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00594944 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-service-status\rcp-be-lol-service-status.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00611840 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-leaver-buster\rcp-be-lol-leaver-buster.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00739840 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-match-history\rcp-be-lol-match-history.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00620544 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-team-boosts\rcp-be-lol-team-boosts.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00712192 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-recofriender\rcp-be-recofriender.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 00857088 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-clubs\rcp-be-lol-clubs.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 01705472 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-clubs-public\rcp-be-lol-clubs-public.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 00637952 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-esport-stream-notifications\rcp-be-lol-esport-stream-notifications.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00779776 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-replays\rcp-be-lol-replays.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00579072 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-spectator\rcp-be-lol-spectator.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00700928 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-store\rcp-be-lol-store.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00571392 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-player-level-up\rcp-be-lol-player-level-up.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00547328 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-tencent-qt\rcp-be-lol-tencent-qt.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 00600064 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-beta-opt-in\rcp-be-lol-beta-opt-in.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00607744 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-player-messaging\rcp-be-lol-player-messaging.dll 2016-12-16 14:33 - 2016-12-14 15:08 - 00549888 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-network-testing\rcp-be-network-testing.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 55617504 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\libcef.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 01876448 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\libglesv2.dll 2016-12-16 14:33 - 2016-12-14 13:47 - 00021984 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\libegl.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejĹ›cia w fixlist spowoduje usuniÄ™cie strumienia ADS.) AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amdave64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amdgfxinfo64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amdhcp64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amdlvr64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amdmantle64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amdmcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amdmmcl6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amdocl12cl64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amdpcom64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amduve64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amdvlk64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amfrt64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atiadlxx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atiapfxx.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atibtmon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aticalcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aticaldd64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aticalrt64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aticfx64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atidemgy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atidxx64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atieah64.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atieclxx.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atiesrxx.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atig6pxx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atig6txx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atiglpxx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atimpc64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atimuixx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atio6axx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ATIODCLI.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ATIODE.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atisamu64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atitmm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atiu9p64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atiumd64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atiumd6a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atiuxp64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clinfo.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\coinst_16.40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DelayAPO.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\detoured.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dgtrayicon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\GameManager64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hsa-thunk64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieapfltr(37).dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieframe(38).dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iesetup(39).dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieUnatt(40).exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mantle64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mantleaxl64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msfeeds(41).dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtml(42).dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrating(43).dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OpenVideo64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OVDecode64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SET2302.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SET27DE.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SET3B8F.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SET3D45.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SET4333.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SET48FB.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SET4FD2.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SET6076.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SET7F81.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SET936F.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SETA85C.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SETCA0A.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SETCEF9.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SETE030.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SETE1A8.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SETE6F9.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SETFD80.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SETFF58.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webcheck(44).dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\amdave32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\amdgfxinfo32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\amdhcp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\amdlvr32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\amdmantle32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\amdmcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\amdmmcl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\amdocl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\amdocl12cl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\amdpcom32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\amduve32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\amdvlk32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\amfrt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atiadlxx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atiadlxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\aticalcl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\aticaldd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\aticalrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\aticfx32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atidxx32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atieah32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atigktxx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atiglpxx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atimpc32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\atioglxx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atisamu32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atiu9pag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atiumdag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atiumdva.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atiuxpag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\detoured.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\GameManager32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hsa-thunk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieframe(45).dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mantle32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mantleaxl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msfeeds(46).dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\OpenVideo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OVDecode.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET10C8.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET13B6.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET1619.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET174.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET1759.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET20C9.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET21D4.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET230E.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET23DB.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET3D50.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET42EE.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET473A.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET530F.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET635A.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET6529.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET6697.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET69A5.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET6A97.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET6BB3.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET6C07.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET71EB.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET73D1.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET76EF.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET7A2C.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SET7FF4.tmp:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\SET84A8.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETB96B.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETBFED.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETC684.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETCCCA.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETCF7D.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETD199.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETD1AC.tmp:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\SETD43A.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETD769.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETD86E.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETD9AC.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETDE8.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETE1DA.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETE620.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETE766.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETE8BE.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETE9AA.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETF0AC.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SETFFF6.tmp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\amdacpksd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ati2erec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\AtihdW76.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mbae64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tap0901.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usb2ser.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\etc\hosts.ics:$CmdZnID [26] AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B [0] AlternateDataStreams: C:\Users\Azrej\Desktop\uTorrent.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Azrej\Desktop\uTorrent.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Azrej\Downloads\FRST64.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Azrej\Downloads\FRST64.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Azrej\Downloads\MediaCreationTool.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Azrej\Downloads\MediaCreationTool.exe:$CmdZnID [26] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejĹ›cia w fixlist spowoduje jego usuniÄ™cie z rejestru. Wartość "AlternateShell" zostanie przywrĂłcona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== PowiÄ…zania plikĂłw (filtrowane) =============== (Załączenie wejĹ›cia w fixlist spowoduje usuniÄ™cie obiektu z rejestru lub przywrĂłcenie jego domyĹ›lnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejĹ›cia w fixlist spowoduje jego usuniÄ™cie z rejestru.) ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-1949200310-4154890209-3102321400-1010\Control Panel\Desktop\\Wallpaper -> C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) mpsdrv => UsĹ‚uga "Zapora systemu Windows" nie jest uruchomiona. MpsSvc => UsĹ‚uga "Zapora systemu Windows" nie jest uruchomiona. bfe => UsĹ‚uga "Zapora systemu Windows" nie jest uruchomiona. ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\startupfolder: C:^Users^MichaĹ‚^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7BFC.lnk => C:\Windows\pss\7BFC.lnk.Startup MSCONFIG\startupfolder: C:^Users^MichaĹ‚^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ertfgcxvv.eu.url => C:\Windows\pss\ertfgcxvv.eu.url.Startup MSCONFIG\startupfolder: C:^Users^MichaĹ‚^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^lsass.exe => C:\Windows\pss\lsass.exe.Startup MSCONFIG\startupfolder: C:^Users^MichaĹ‚^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^XenoSuite.lnk => C:\Windows\pss\XenoSuite.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\MichaĹ‚\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" MSCONFIG\startupreg: apphide => C:\Program Files (x86)\badu\uc.exe MSCONFIG\startupreg: BPOKPXeN3R3b0WAW => C:\Users\MichaĹ‚\AppData\Roaming\1073Zw8Gy7h7e7i8\OPd6FRhjYqTJ.exe MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Clownfish => "D:\Program Files (x86)\Clownfish\Clownfish.exe" MSCONFIG\startupreg: cpuminer => C:\Users\MichaĹ‚\AppData\Roaming\cpuminer\cpm.exe MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: Kepard => "C:\Program Files (x86)\Kepard\Kepard.exe" tray MSCONFIG\startupreg: MK LOL => "C:\Program Files (x86)\MKJogo\MK IM\Bin\MKIM.exe" -auto MSCONFIG\startupreg: pcmgr => C:\Program Files (x86)\badu\Uninst.exe MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SpaceSoundPro => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe" MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon MSCONFIG\startupreg: Steam => "D:\Program Files (x86)\Steam\steam.exe" -silent MSCONFIG\startupreg: uTorrent => "C:\Users\MichaĹ‚\AppData\Roaming\uTorrent\updates\3.4.5_41865.exe" /MINIMIZED ==================== ReguĹ‚y Zapory systemu Windows (filtrowane) =============== (Załączenie wejĹ›cia w fixlist spowoduje jego usuniÄ™cie z rejestru. PowiÄ…zany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{A44678DE-DA08-49FD-9E91-76FF43293067}] => D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{6F7F8872-AFA3-4A96-B3A9-2D5180E87C87}] => D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{34EA5996-D379-4EBB-91C0-4CEC59FB486A}] => C:\ProgramData\NexonEU\NGM\NGM.exe FirewallRules: [{5F866089-6C87-44BF-96AA-3B5DC31B81AA}] => C:\ProgramData\NexonEU\NGM\NGM.exe FirewallRules: [{FC13F423-DB3A-44D7-97C8-91343287C29B}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{1CDA0736-F1EC-4E6E-8AEE-D7D5D6789DCB}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C94E8DEF-5E65-4DC1-AFC8-8854694CF4DE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{252D3666-94D4-4DE9-94D9-7FCAC92C82F4}] => C:\Program Files (x86)\AIMP3\AIMP3.exe FirewallRules: [{82725F08-67A4-4250-8F01-6A10414654A2}] => C:\Program Files (x86)\AIMP3\AIMP3.exe FirewallRules: [{01A749F4-C0F4-4988-B69E-80AC9139ED20}] => C:\Program Files (x86)\AIMP3\AIMP3.exe FirewallRules: [{6C3A7A63-A480-44A8-9C5C-7A9303EB7B47}] => C:\Program Files (x86)\AIMP3\AIMP3.exe FirewallRules: [{5B3BD5EE-BE65-493B-9644-7D6B42114FFB}] => D:\Riot Games\League of Legends\lol.launcher.exe FirewallRules: [{50D39E69-8B77-488C-9DFD-E05B408D49FF}] => D:\Riot Games\League of Legends\lol.launcher.exe FirewallRules: [{64B1F85F-08F6-4849-B0BC-1E68B465DBBE}] => D:\Riot Games\League of Legends\lol.launcher.exe FirewallRules: [{ED8A618F-697C-4098-8F2F-F9F81103E6C0}] => D:\Riot Games\League of Legends\lol.launcher.exe FirewallRules: [{537EAE8B-8A97-45D1-8751-3E5122E161BF}] => D:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe FirewallRules: [{ADAE98A1-3E1A-43E4-A5BC-2F1F7E72CEBD}] => D:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe FirewallRules: [TCP Query User{83F45CCB-846D-47C5-B2EB-F83DBDB3C242}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe FirewallRules: [UDP Query User{7C11A48D-999E-4028-91D2-F9C422C5B0D0}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe FirewallRules: [TCP Query User{A9303FE8-DDC3-47BF-ABFF-CE914DD70BE4}D:\program files (x86)\elfbot\navserv.exe] => D:\program files (x86)\elfbot\navserv.exe FirewallRules: [UDP Query User{43636C88-A545-4ED3-B380-59F1F878AD88}D:\program files (x86)\elfbot\navserv.exe] => D:\program files (x86)\elfbot\navserv.exe FirewallRules: [{49989F64-093D-4FA8-B505-88231AA998F5}] => D:\Program Files (x86)\CA\combatarms\appdata\NMService.exe FirewallRules: [{FDE3F5D6-C03A-4773-8AC6-159045FAA83F}] => D:\Program Files (x86)\CA\combatarms\appdata\NMService.exe FirewallRules: [{F96EF229-3ABF-420F-AF74-B6464A783F1A}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArms.exe FirewallRules: [{C3805914-8223-43E3-B73B-68FB48261E69}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArms.exe FirewallRules: [{CDEE1137-8EFF-4D26-A677-9DF5143A4433}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArms.exe FirewallRules: [{DECD4136-B6E3-4354-8730-2F9343E12432}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArms.exe FirewallRules: [{BD84C3EE-C01B-4754-AAD8-1A5384CBA23D}] => D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe FirewallRules: [{68A619DF-3A54-414A-8166-E54E4A103835}] => D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe FirewallRules: [{26E3C0C3-BDBF-4193-98AD-056C17941B63}] => D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe FirewallRules: [{71D03F8B-9652-45ED-95EC-E3D93AE89D52}] => D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe FirewallRules: [{383D76F9-C0AD-4352-80E8-083F2FCF6283}] => D:\Program Files (x86)\CA\combatarms\appdata\Engine.exe FirewallRules: [{07F95398-7655-47D2-AD68-E7DB1B048723}] => D:\Program Files (x86)\CA\combatarms\appdata\Engine.exe FirewallRules: [{A0FEFF86-B5B2-42A0-B670-B3215C600DC5}] => D:\Program Files (x86)\CA\combatarms\appdata\Engine.exe FirewallRules: [{6033E762-D654-4B3B-A6F9-295D1DF6D6EB}] => D:\Program Files (x86)\CA\combatarms\appdata\Engine.exe FirewallRules: [{5C594DAF-17E2-4E0F-89A5-41F18AC1582E}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArmsLauncher.exe FirewallRules: [{7A1FD3E8-9FDA-423C-8ED6-53F0C727C5C9}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArmsLauncher.exe FirewallRules: [{CD1E1FAC-9855-4182-A470-962DD4EAAF11}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArmsLauncher.exe FirewallRules: [{9EF47518-6BC9-4377-ADD0-D1522F5035FD}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArmsLauncher.exe FirewallRules: [{3E027E28-F805-4DA5-BC87-E8AA20351B1D}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{5266793F-6BB6-4ED7-AE42-ACF98948840D}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{F08CF8D6-536A-4BDA-B23B-38DF0199D970}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{2AF74619-4DF7-4DE3-BA4E-6C11177BE504}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{68501B32-69CF-4FAA-9FE7-2CA3F60D0854}] => D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{3A8BC30D-82A3-4375-8DE0-3092A8B058F3}] => D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{45298026-E04A-4389-8C61-E016093C4BB4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{4EC30C30-2959-46B0-B254-93A06BD519D5}] => D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{725956A4-CEC2-4C91-A321-D53665A8096C}] => D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{B82B8DBC-B2D1-479B-8F82-3F4C8BC375B2}] => C:\Users\Azrej\AppData\Local\Temp\00002570\inst_buychannel_37.exe FirewallRules: [{7845CBC6-2D56-4FC3-9D71-5D685471B06F}] => C:\Users\Azrej\AppData\Local\Temp\00002570\inst_buychannel_37.exe ==================== Punkty Przywracania systemu ========================= Niepowodzenie przy listowaniu punktĂłw przywracania SprawdĹş usĹ‚ugÄ™ "winmgmt" lub napraw WMI. ==================== Wadliwe urzÄ…dzenia w MenedĹĽerze urzÄ…dzeĹ„ ============= Niepowodzenie przy listowaniu urzÄ…dzeĹ„. SprawdĹş usĹ‚ugÄ™ "winmgmt" lub napraw WMI. ==================== Błędy w Dzienniku zdarzeĹ„: ========================= Niepowodzenie przy uruchamianiu usĹ‚ugi "eventlog", nie moĹĽna odczytać zdarzeĹ„. WystĄpi bĄd systemu 123. Nazwa pliku, nazwa katalogu lub skadnia etykiety woluminu jest niepoprawna. ==================== Statystyki pamiÄ™ci =========================== Procesor: AMD FX(tm)-8320 Eight-Core Processor Procent pamiÄ™ci w uĹĽyciu: 76% CaĹ‚kowita pamięć fizyczna: 4060.63 MB DostÄ™pna pamięć fizyczna: 955.64 MB CaĹ‚kowita pamięć wirtualna: 8119.45 MB DostÄ™pna pamięć wirtualna: 3706.01 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:244.04 GB) (Free:183.53 GB) NTFS Drive d: (Dane) (Fixed) (Total:687.37 GB) (Free:623.28 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B3B75500) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================ Shortcut: Rezultat skanowania skrótów użytkowników (x64) Wersja: 21-12-2016 Uruchomiony przez Azrej (29-12-2016 22:29:09) Uruchomiony z C:\Users\Azrej\Downloads Tryb startu: Normal ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WypasOTS 9.4\Deinstalacja programu WypasOTS.lnk -> D:\Program Files (x86)\WypasOTS\unins000.exe (Brak pliku) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WypasOTS 9.4\WypasOTS Cast.lnk -> D:\Program Files (x86)\WypasOTS\Player.exe (Brak pliku) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WypasOTS 9.4\WypasOTS.lnk -> D:\Program Files (x86)\WypasOTS\Launcher.exe (Brak pliku) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock\Acoustic Bridge.lnk -> D:\Program Files (x86)\Stardock\AcousticBridge\AcousticBridgeConfig.exe (Brak pliku) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Co nowego w ostatniej wersji.lnk -> D:\Pliki programów (x86)\Winrar\CoNowego.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Podręcznik RARa dla konsoli.lnk -> D:\Pliki programów (x86)\Winrar\Rar.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Pomoc WinRARa.lnk -> D:\Pliki programów (x86)\Winrar\WinRAR.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> D:\Pliki programów (x86)\Winrar\WinRAR.exe (Alexander Roshal) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WindBot\WindBot.lnk -> D:\Program Files (x86)\WindBot\bwazxfro.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibiacast\Readme.lnk -> C:\Windows\Installer\{71A8F4EC-7D8D-4FBA-8AC4-CC5F4B8E9FDA}\_129EB6C2D174E65FC6852F.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibiacast\Tibiacast.lnk -> C:\Windows\Installer\{71A8F4EC-7D8D-4FBA-8AC4-CC5F4B8E9FDA}\_BC504B5FA40D40C153CB0E.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia Website.lnk -> D:\Program Files (x86)\Tibia86\Tibia.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia.lnk -> D:\Program Files (x86)\Tibia86\Tibia.exe (CipSoft GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Uninstall Tibia.lnk -> D:\Program Files (x86)\Tibia86\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHU\SHU.lnk -> D:\Program Files (x86)\SHU\SHU.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHU\Uninstall SHU.lnk -> D:\Program Files (x86)\SHU\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr\Raptr.lnk -> C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe (Raptr, Inc) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\Changelog.lnk -> C:\Program Files\MPC-HC\Changelog.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\Deinstalacja programu MPC-HC.lnk -> C:\Program Files\MPC-HC\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\MPC-HC x64.lnk -> C:\Program Files\MPC-HC\mpc-hc64.exe (MPC-HC Team) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> D:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> D:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Base.lnk -> C:\Program Files (x86)\LibreOffice 4\program\sbase.exe (The Document Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Calc.lnk -> C:\Program Files (x86)\LibreOffice 4\program\scalc.exe (The Document Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Draw.lnk -> C:\Program Files (x86)\LibreOffice 4\program\sdraw.exe (The Document Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Impress.lnk -> C:\Program Files (x86)\LibreOffice 4\program\simpress.exe (The Document Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Math.lnk -> C:\Program Files (x86)\LibreOffice 4\program\smath.exe (The Document Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Writer.lnk -> C:\Program Files (x86)\LibreOffice 4\program\swriter.exe (The Document Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice.lnk -> C:\Program Files (x86)\LibreOffice 4\program\soffice.exe (The Document Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk -> D:\Riot Games\League of Legends\LeagueClient.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Info\faq.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FIFA 14.lnk -> 0x4C0000000114020000000000C0000000000000468500000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000360014001F80DF8F22EDA89E704883B196B02CFE0D5220000000474653497A7BFCA626B2E74981C2053891F721F9000000000000000000000700460049004600410020003100340028000000090000A01C00000031535053E28A5846BC4C3843BBFC139326986DCE000000000000000000000000 Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings\AMD Radeon Settings.lnk -> C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Advanced Tag Editor.lnk -> C:\Program Files (x86)\AIMP3\AIMP3ate.exe (AIMP DevTeam) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Audio Converter.lnk -> C:\Program Files (x86)\AIMP3\AIMP3ac.exe (AIMP DevTeam) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Audio Library.lnk -> C:\Program Files (x86)\AIMP3\AIMP3lib.exe (AIMP DevTeam) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Home Page.lnk -> C:\Program Files (x86)\AIMP3\AIMP3.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3.lnk -> C:\Program Files (x86)\AIMP3\AIMP3.exe (AIMP DevTeam) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\History.lnk -> C:\Program Files (x86)\AIMP3\history.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\License.lnk -> C:\Program Files (x86)\AIMP3\license.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\Uninstall.lnk -> C:\Program Files (x86)\AIMP3\Uninstall.exe (AIMP DevTeam) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\Users\Azrej\Pobrane.lnk -> C:\Users\Azrej\Downloads () Shortcut: C:\Users\Azrej\Music\Downloads.lnk -> C:\Users\Azrej\Downloads () Shortcut: C:\Users\Azrej\Links\Desktop.lnk -> C:\Users\Azrej\Desktop () Shortcut: C:\Users\Azrej\Links\Downloads.lnk -> C:\Users\Azrej\Downloads () Shortcut: C:\Users\Azrej\Links\RecentPlaces.lnk -> System Folder Shortcut: C:\Users\Azrej\Desktop\Drakensang Online.lnk -> C:\Program Files (x86)\Drakensang Online\thinclient.exe (Bigpoint GmbH) Shortcut: C:\Users\Azrej\Desktop\lol.launcher — skrót.lnk -> D:\Riot Games\League of Legends\LeagueClient.exe () Shortcut: C:\Users\Azrej\Desktop\MEGAsync.lnk -> C:\Users\Azrej\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) Shortcut: C:\Users\Azrej\Desktop\Nexon Launcher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe () Shortcut: C:\Users\Azrej\Desktop\Pobrane.lnk -> C:\Users\Azrej\Downloads () Shortcut: C:\Users\Azrej\Desktop\Tibia.lnk -> C:\Users\Azrej\AppData\Local\Tibia\Tibia.exe () Shortcut: C:\Users\Azrej\Desktop\tibia86.lnk -> D:\Program Files (x86)\Tibia86\Tibia.exe (CipSoft GmbH) Shortcut: C:\Users\Azrej\Desktop\ts3client_win64 — skrót.lnk -> D:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH) Shortcut: C:\Users\Azrej\Desktop\Do tibioszki rozne\Hexerka\Tibia.lnk -> D:\Program Files (x86)\Tibia\Tibia.exe (CipSoft GmbH) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia 10.lnk -> D:\Program Files (x86)\Tibia86\Tibia.exe (CipSoft GmbH) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia Website.lnk -> C:\Users\Azrej\AppData\Local\Tibia\Tibia.url () Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia.lnk -> C:\Users\Azrej\AppData\Local\Tibia\Tibia.exe () Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia\Uninstall Tibia 10.lnk -> D:\Program Files (x86)\Tibia86\unins000.exe () Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia\Uninstall Tibia.lnk -> C:\Users\Azrej\AppData\Local\Tibia\uninst.exe () Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk -> C:\Users\Azrej\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe () Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SHU.lnk -> D:\Program Files (x86)\SHU\SHU.exe () Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Nexon Launcher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe () Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGA Website.lnk -> C:\Users\Azrej\AppData\Local\MEGAsync\MEGA Website.url () Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGAsync.lnk -> C:\Users\Azrej\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\Uninstall.lnk -> C:\Users\Azrej\AppData\Local\MEGAsync\uninst.exe (MEGA Limited) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online\Drakensang Online.lnk -> C:\Program Files (x86)\Drakensang Online\thinclient.exe (Bigpoint GmbH) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online\Uninstall.lnk -> C:\Program Files (x86)\Drakensang Online\Uninstall.exe () Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SHU.lnk -> D:\Program Files (x86)\SHU\SHU.exe () Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\lol.launcher — skrót.lnk -> D:\Riot Games\League of Legends\LeagueClient.exe () Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\ts3client_win64 — skrót.lnk -> D:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\724e6c6e1aea27c4\COMODO Antivirus.lnk -> C:\Program Files\COMODO\COMODO Internet Security\cis.exe (COMODO) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> D:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\Users\Public\Desktop\WypasOTS 9.4 Cast.lnk -> D:\Program Files (x86)\WypasOTS\Player.exe (Brak pliku) Shortcut: C:\Users\Public\Desktop\WypasOTS 9.4.lnk -> D:\Program Files (x86)\WypasOTS\Launcher.exe (Brak pliku) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavaudio.ax",OpenConfiguration ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavaudio.ax",OpenConfiguration ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavsplitter.ax",OpenConfiguration ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavsplitter.ax",OpenConfiguration ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavvideo.ax",OpenConfiguration ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavvideo.ax",OpenConfiguration ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe () -> /resetsettings ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO\COMODO Antivirus\COMODO Antivirus.lnk -> C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) -> --shortcut ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO\COMODO Antivirus\Dodaj lub usuń komponenty.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /I{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Azrej\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto: ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e9e54e21acfd263e\NWJS Default.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=aafddpmiffkameplnjkglahmbnbgidce ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=dobbaijafcbikgimjpakclacfgeagffm ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\Strona WWW programu MPC-HC.url -> URL: hxxp://mpc-hc.org/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Strona WWW programu AION Free-to-Play.url -> URL: hxxp://aionfreetoplay.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.piriform.com/ccleaner InternetURL: C:\Users\Azrej\Favorites\Links for Polska\Bezpieczeństwo w trybie online.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=142211 InternetURL: C:\Users\Azrej\Favorites\Links for Polska\Bezpieczny Internet.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129626 InternetURL: C:\Users\Azrej\Favorites\Links for Polska\Kultura.pl.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129625 InternetURL: C:\Users\Azrej\Favorites\Links for Polska\Pogodynka.pl — oficjalny serwis pogodowy IMGW.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129624 InternetURL: C:\Users\Azrej\Favorites\Links for Polska\Polska.pl.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129622 InternetURL: C:\Users\Azrej\Desktop\Counter-Strike Global Offensive.url -> URL: steam://rungameid/730 InternetURL: C:\Users\Azrej\Desktop\H1Z1 King of the Kill.url -> URL: steam://rungameid/433850 InternetURL: C:\Users\Azrej\Desktop\Do tibioszki rozne\SkinPreview_Full_Version\Watch the Review on Youtube.url -> URL: hxxps://www.youtube.com/watch?v=MvWaTIwiEwc InternetURL: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Counter-Strike Global Offensive.url -> URL: steam://rungameid/730 InternetURL: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\H1Z1 King of the Kill.url -> URL: steam://rungameid/433850 InternetURL: C:\Users\Azrej\AppData\Local\Tibia\Tibia.url -> URL: hxxp://www.tibia.com InternetURL: C:\Users\Azrej\AppData\Local\MEGAsync\MEGA Website.url -> URL: hxxp://www.mega.nz ==================== Koniec Shortcut.txt ============================= i nie wiem, bo to skanuje cały czas, jakby się powtarza @Twój_Anioł_Stróż
Twój_Anioł_Stróż komentarz 29 grudnia 2016 komentarz 29 grudnia 2016 (edytowane) 1) Na czas wykonywania wszystkich operacji wyłącz COMODO. 2) Otwórz Notatnik i wklej w nim: Cytuj RemoveDirectory: c:\program files (x86)\jicadomnorese RemoveDirectory: C:\Users\Azrej\AppData\Roaming\{6F8B3~1 C:\Users\Public\Desktop\WypasOTS 9.4 Cast.lnk C:\Users\Public\Desktop\WypasOTS 9.4.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WypasOTS 9.4\WypasOTS.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WypasOTS 9.4\WypasOTS Cast.lnk FirewallRules: [{B82B8DBC-B2D1-479B-8F82-3F4C8BC375B2}] => C:\Users\Azrej\AppData\Local\Temp\00002570\inst_buychannel_37.exe FirewallRules: [{7845CBC6-2D56-4FC3-9D71-5D685471B06F}] => C:\Users\Azrej\AppData\Local\Temp\00002570\inst_buychannel_37.exe C:\Program Files\SpaceSoundPro DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpaceSoundPro DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\pcmgr DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kepard DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cpuminer DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\apphide C:\Program Files (x86)\badu C:\Program Files (x86)\Kepard C:\Users\MichaĹ‚\AppData\Roaming\cpuminer C:\Users\MichaĹ‚\AppData\Local\Akamai\netsession_win.exe DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface C:\ProgramData\igfxDH.dll ShortcutWithArgument: C:\Users\Azrej\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e9e54e21acfd263e\NWJS Default.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=aafddpmiffkameplnjkglahmbnbgidce ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=dobbaijafcbikgimjpakclacfgeagffm ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" Task: C:\Windows\Tasks\{6F8B304B-A9FD-4C47-FC8F-0C48D5D99500}.job => C:\Users\Azrej\AppData\Roaming\{6F8B3~1\PRICEF~1.EXE <==== UWAGA Task: C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job => C:\Users\Azrej\AppData\Local\Temp\E9D5.exe <==== UWAGA Task: C:\Windows\Tasks\Coegerentguerly Helper.job => C:\Program Files (x86)\Jicadomnorese\beholy.exe Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Brak pliku <==== UWAGA Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Brak pliku <==== UWAGA Task: {D9450371-A8E5-45B3-BBDE-12F6C5079634} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Brak pliku <==== UWAGA Task: {A3C42A7F-14E4-4FDE-B88F-D2D7B008154D} - \Bidaily Synchronize Task[pr] -> Brak pliku <==== UWAGA Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Brak pliku <==== UWAGA Task: {AE17F646-4464-45E3-9679-B83266049CEE} - \{A5B8CD4F-6620-28AA-073B-BCAC1372529A} -> Brak pliku <==== UWAGA Task: {9669AB42-8A2A-45C5-9368-95CAD21C8438} - System32\Tasks\{863D38D4-4A6C-14D1-9BC6-94735C109C00} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\dc6a53e\7fce6dd7.dll" <==== UWAGA Task: {5B9C6C39-5F13-47D8-B6E2-8F993CA46EF2} - System32\Tasks\{6F8B304B-A9FD-4C47-FC8F-0C48D5D99500} => C:\Users\Azrej\AppData\Roaming\{6F8B3~1\PRICEF~1.EXE <==== UWAGA Task: {6B2E15EC-372E-436D-A540-138509C337F0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Brak pliku <==== UWAGA Task: {541AE9CA-DF1E-4B14-854E-F94AA25DC3FC} - System32\Tasks\{87E339C0-A7D2-47B1-9C21-5DF8AFCB9302} => pcalua.exe -a C:\Users\Azrej\Downloads\tibia860.exe -d C:\Users\Azrej\Downloads Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Brak pliku <==== UWAGA Task: {0A705591-902E-42A3-8B53-F6CB5B6D930D} - System32\Tasks\MichaĹ‚MonocularlyCutpurseV2 => Rundll32.exe GunmanPretences.dll,main 7 1 <==== UWAGA HOSTS: EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe Uruchom FRST i kliknij przycisk Fix (NAPRAW). 3) Zrób nowe logi FRST mają być 3 logi: FRST.txt, Addition.txt, Shortcut.txt. Logi (tekst) wklejaj na http://wklejto.pl/, a w poście daj tylko linki.(czyli skopiuj adres z paska adresów) albo na http://wklej.org/ . 1
Azrei komentarz 29 grudnia 2016 Autor komentarz 29 grudnia 2016 (edytowane) Godzinę temu, Twój_Anioł_Stróż napisał: 1) Na czas wykonywania wszystkich operacji wyłącz COMODO. 2) Otwórz Notatnik i wklej w nim: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe Uruchom FRST i kliknij przycisk Fix (NAPRAW). 3) Zrób nowe logi FRST mają być 3 logi: FRST.txt, Addition.txt, Shortcut.txt. Logi (tekst) wklejaj na http://wklejto.pl/, a w poście daj tylko linki.(czyli skopiuj adres z paska adresów) albo na http://wklej.org/ . Dobra, wszystko zrobione dałem ten fixlist, naprawiało, zresetowało komputer, ale nadal to samo. Tu masz logi Addition http://wklejto.pl/268267 Shortcut http://wklejto.pl/268269 FRST http://wklejto.pl/268270 Nie chciałeś chyba fix logów, ale dorzucam http://wklejto.pl/268271 PS. Logi robione po naprawianiu
Twój_Anioł_Stróż komentarz 29 grudnia 2016 komentarz 29 grudnia 2016 Cytuj ale nadal to samo uścislij, co jest tak samo. Logi są zniekształcone - na "wklejto" trzeba wklejać tekst, a nie plik. Popraw to. Poza tym COMODO dalej blokuje wiele "rzeczy", więc nie da się nawet poznać, jaka jest rzeczywista sytuacja. 1
Azrei komentarz 29 grudnia 2016 Autor komentarz 29 grudnia 2016 To samo np. nie mogę wejść w panel sterowania, ccleaner, nie mogę wejść np. w centrum sieci i udostępniania, nie mogę również automatycznej piaskownicyw COMODO wyłączyć. Jakie COMODO blokuje rzeczy? Poprawione linki Addition http://wklejto.pl/268273 FRST http://wklejto.pl/268274 Shortcut http://wklejto.pl/268275 Fixlog http://wklejto.pl/268276
Twój_Anioł_Stróż komentarz 29 grudnia 2016 komentarz 29 grudnia 2016 (edytowane) Cytuj Jakie COMODO blokuje rzeczy? mpsdrv => UsĹ‚uga "Zapora systemu Windows" nie jest uruchomiona. MpsSvc => UsĹ‚uga "Zapora systemu Windows" nie jest uruchomiona. bfe => UsĹ‚uga "Zapora systemu Windows" nie jest uruchomiona. "BFE" => serwis nie został odblokowany. <===== UWAGA U2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) U1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] () U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO) U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO) U1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO) U1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-28] () U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [109568 2013-01-25] (Huawei Technologies Co., Ltd.) U3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [124672 2014-04-16] (Huawei Technologies Co., Ltd.) U3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [379392 2014-04-16] (Huawei Technologies Co., Ltd.) U1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO) U1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-28] (Malwarebytes) U3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-30] (Malwarebytes) U3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-30] (Malwarebytes) U0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-30] (Malwarebytes) U3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-30] (Malwarebytes) U1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] () U3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-09-11] (MBB) U0 aswVmm; Brak ImagePath U5 BFE; <===== UWAGA: Zablokowana usługa U2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-01-24] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] U3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () U3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2016-11-03] () U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-10-23] (COMODO) U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-10-23] (COMODO) U2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] () U2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-28] (Malwarebytes) U2 Atqerkkuhaph; C:\Program Files (x86)\Jicadomnorese\HernentvozephCloud.dll [X] U2 d057f194; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BorderlineFunc\BorderlineFunc.dll",serv U2 PLAY ONLINE. RunOuc; D:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [X] Literka "U" na początku linijki oznacza, że dany sterownik, usługa jest zablokowane, najprawdopodobniej przez COMODO. Są też zablokowane wszelkie operacje w Rejestrze, więc nic się nie da naprawić. 1
Azrei komentarz 29 grudnia 2016 Autor komentarz 29 grudnia 2016 7 minut temu, Twój_Anioł_Stróż napisał: mpsdrv => UsĹ‚uga "Zapora systemu Windows" nie jest uruchomiona. MpsSvc => UsĹ‚uga "Zapora systemu Windows" nie jest uruchomiona. bfe => UsĹ‚uga "Zapora systemu Windows" nie jest uruchomiona. "BFE" => serwis nie został odblokowany. <===== UWAGA U2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) U1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] () U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO) U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO) U1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO) U1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-28] () U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [109568 2013-01-25] (Huawei Technologies Co., Ltd.) U3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [124672 2014-04-16] (Huawei Technologies Co., Ltd.) U3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [379392 2014-04-16] (Huawei Technologies Co., Ltd.) U1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO) U1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-28] (Malwarebytes) U3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-30] (Malwarebytes) U3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-30] (Malwarebytes) U0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-30] (Malwarebytes) U3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-30] (Malwarebytes) U1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] () U3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-09-11] (MBB) U0 aswVmm; Brak ImagePath U5 BFE; <===== UWAGA: Zablokowana usługa U2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-01-24] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] U3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () U3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2016-11-03] () U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-10-23] (COMODO) U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-10-23] (COMODO) U2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] () U2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-28] (Malwarebytes) U2 Atqerkkuhaph; C:\Program Files (x86)\Jicadomnorese\HernentvozephCloud.dll [X] U2 d057f194; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BorderlineFunc\BorderlineFunc.dll",serv U2 PLAY ONLINE. RunOuc; D:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [X] Literka "U" na początku linijki oznacza, że dany sterownik, usługa jest zablokowane, najprawdopodobniej przez COMODO. Są też zablokowane wszelkie operacje w Rejestrze, więc nic się nie da naprawić. Czyli co mam zrobić? Usunąć COMODO? Jak zwalczyć tego wirusa
Twój_Anioł_Stróż komentarz 30 grudnia 2016 komentarz 30 grudnia 2016 1) Wejdź w Tryb Awaryjny (F8 przed startem Systemu) 2) Otwórz Notatnik i wklej w nim: Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpsdrv Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmderd Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdHlp 2016-09-19 18:24 - 2016-09-19 18:24 - 0000016 _____ () C:\ProgramData\mntemp 2016-12-28 02:33 - 2016-12-28 02:33 - 00000000 ____D C:\Users\Azrej\AppData\Roaming\Softlink 2016-12-28 02:33 - 2016-12-28 02:33 - 00000000 ____D C:\Users\Azrej\AppData\Roaming\KuaiZip 2016-12-28 02:30 - 2016-12-28 02:31 - 00000000 __SHD C:\Users\Azrej\AppData\Local\svchost 2016-12-28 02:28 - 2016-12-28 02:28 - 00000000 ____D C:\Program Files (x86)\Aserrystofusy Mapper 2016-12-28 02:27 - 2016-12-28 04:46 - 00000000 ____D C:\Users\Azrej\AppData\Roaming\Preptainkowack 2016-12-28 02:27 - 2016-12-28 02:28 - 00000000 ____D C:\Users\Azrej\AppData\Local\Dalayberfer 2016-12-23 15:24 - 2016-12-23 15:24 - 00000000 ____D C:\Users\Azrej\AppData\Local\Chromium U3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] U3 gdrv; \??\C:\Windows\gdrv.sys [X] U3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] U3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] U3 VUSB3HUB; system32\DRIVERS\ViaHub3.sys [X] U3 xhcdrv; system32\DRIVERS\xhcdrv.sys [X] U3 xhunter1; \??\C:\Windows\xhunter1.sys [X] U2 Atqerkkuhaph; C:\Program Files (x86)\Jicadomnorese\HernentvozephCloud.dll [X] U2 d057f194; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BorderlineFunc\BorderlineFunc.dll",serv RemoveDirectory: C:\Program Files (x86)\Jicadomnorese RemoveDirectory: c:\Program Files (x86)\BorderlineFunc FF DefaultSearchEngine: Mozilla\Firefox\Profiles\p15wvnz5.default -> youndoo FF SelectedSearchEngine: Mozilla\Firefox\Profiles\p15wvnz5.default -> youndoo CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> Brak pliku ShellExecuteHooks: Brak nazwy - {CE50D974-CA9B-11E6-849D-64006A5CFC23} - -> Brak pliku ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll -> Brak pliku HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1949200310-4154890209-3102321400-1000\...\Run: [vxn32.exe] => C:\Users\Michał\AppData\Roaming\vxn32\IleUviAnd6rK.exe HKU\S-1-5-21-1949200310-4154890209-3102321400-1000\...\RunOnce: [Mecrosoft Corporateon IMbgFEHMLigAKaGg] => C:\Users\Michał\AppData\Roaming\IMbgFEHMLigAKaGg.exe HKU\S-1-5-21-1949200310-4154890209-3102321400-1000\...\RunOnce: [Microsoft Corporation ERgJgMHdQHXfcVbL] => C:\Users\Michał\AppData\Roaming\ERgJgMHdQHXfcVbL.exe [0 ] () HKU\S-1-5-21-1949200310-4154890209-3102321400-1000\...\Winlogon: [Shell] "C:\Users\Michał\AppData\Roaming\ipchanger\s30IOHuLO4sp.exe",explorer.exe <==== UWAGA C:\Users\Michał\AppData\Roaming\ERgJgMHdQHXfcVbL.exe C:\Users\Michał\AppData\Roaming\IMbgFEHMLigAKaGg.exe C:\Users\Michał\AppData\Roaming\vxn32 HOSTS: EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe Uruchom FRST i kliknij przycisk Fix (NAPRAW). 3) Zrób log z Farbar Service Scanner >http://download.bleepingcomputer.com/farbar/FSS.exe (do skanowania zaznacz wszystko). 4) Zrób nowe logi FRST. . 1
Azrei komentarz 30 grudnia 2016 Autor komentarz 30 grudnia 2016 @Twój_Anioł_Stróż witam, pisze z telefonu. Wlasnie sie naprawia w tym tryboe awaryjnym juz dobre 15 minut nie wiem czy tak powinno byc, ale zauwazylem, ze moge sie dostac do panelu sterowania w tym trybie awaryjnym, wczesniej nie moglem. Otworzylem fixlog z ciekawosci i jest naposane, ze cos odblokowalo. PS. Prosze o odzew, czy to powinno tak dlugo sie naprawiac Witam, już piszę z komputera, wszystko się naprawiło, navsmarta usunęło. DZIĘKUJĘ BARDZO. WKLEJAM LOGI, BO PAN PROSIŁ Addition http://wklejto.pl/268326 FRST http://wklejto.pl/268327 Shortcut http://wklejto.pl/268329 FSS http://wklejto.pl/268330 Witam, teraz się pojawił problem, mniej znaczący, otóż wyłączyła się zapora systemu windows i nie mogę jej włączyć. Jak próbuję to jest komunikat "Zapora systemu Windows nie może zmienić niektórych ustawień Kod błędu: 0x8007042c
Twój_Anioł_Stróż komentarz 31 grudnia 2016 komentarz 31 grudnia 2016 (edytowane) 1) Pobierz >>ESET ServicesRepair Kliknij prawym na pliku ServicesRepair i wybierz Uruchom jako administrator. 2) Otwórz Notatnik i wklej w nim: Cytuj WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA Task: C:\Windows\Tasks\{6F8B304B-A9FD-4C47-FC8F-0C48D5D99500}.job => C:\Users\Azrej\AppData\Roaming\{6F8B3~1\PRICEF~1.EXE <==== UWAGA RemoveDirectory: C:\Users\Michał\AppData\Roaming\1073Zw8Gy7h7e7i8 RemoveDirectory: C:\Program Files (x86)\badu RemoveDirectory: C:\Program Files (x86)\AskPartnerNetwork RemoveDirectory: C:\Users\Michał\AppData\Roaming\cpuminer RemoveDirectory: C:\Program Files (x86)\Kepard RemoveDirectory: C:\Program Files\SpaceSoundPro RemoveDirectory: C:\Users\Azrej\AppData\Roaming\{6F8B3~1 RemoveDirectory: C:\Program Files (x86)\Jicadomnorese RemoveDirectory: C:\PROGRA~3\dc6a53e 2016-12-28 02:30 - 2016-12-26 15:58 - 00965120 ___SH () C:\ProgramData\igfxDH.dll Task: C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job => C:\Users\Azrej\AppData\Local\Temp\E9D5.exe <==== UWAGA Task: C:\Windows\Tasks\Coegerentguerly Helper.job => C:\Program Files (x86)\Jicadomnorese\beholy.exe Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Brak pliku <==== UWAGA Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Brak pliku <==== UWAGA Task: {D9450371-A8E5-45B3-BBDE-12F6C5079634} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Brak pliku <==== UWAGA Task: {A3C42A7F-14E4-4FDE-B88F-D2D7B008154D} - \Bidaily Synchronize Task[pr] -> Brak pliku <==== UWAGA Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Brak pliku <==== UWAGA Task: {AE17F646-4464-45E3-9679-B83266049CEE} - \{A5B8CD4F-6620-28AA-073B-BCAC1372529A} -> Brak pliku <==== UWAGA Task: {9669AB42-8A2A-45C5-9368-95CAD21C8438} - System32\Tasks\{863D38D4-4A6C-14D1-9BC6-94735C109C00} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\dc6a53e\7fce6dd7.dll" <==== UWAGA Task: {5B9C6C39-5F13-47D8-B6E2-8F993CA46EF2} - System32\Tasks\{6F8B304B-A9FD-4C47-FC8F-0C48D5D99500} => C:\Users\Azrej\AppData\Roaming\{6F8B3~1\PRICEF~1.EXE <==== UWAGA Task: {6B2E15EC-372E-436D-A540-138509C337F0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Brak pliku <==== UWAGA Task: {541AE9CA-DF1E-4B14-854E-F94AA25DC3FC} - System32\Tasks\{87E339C0-A7D2-47B1-9C21-5DF8AFCB9302} => pcalua.exe -a C:\Users\Azrej\Downloads\tibia860.exe -d C:\Users\Azrej\Downloads Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Brak pliku <==== UWAGA Task: {0A705591-902E-42A3-8B53-F6CB5B6D930D} - System32\Tasks\MichałMonocularlyCutpurseV2 => Rundll32.exe GunmanPretences.dll,main 7 1 <==== UWAGA 2016-12-28 04:59 - 2015-02-22 16:28 - 00000000 ____D C:\ProgramData\APN MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Michał\AppData\Local\Akamai\netsession_win.exe" C:\Users\Michał\AppData\Local\Akamai\netsession_win.exe MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" MSCONFIG\startupreg: apphide => C:\Program Files (x86)\badu\uc.exe MSCONFIG\startupreg: BPOKPXeN3R3b0WAW => C:\Users\Michał\AppData\Roaming\1073Zw8Gy7h7e7i8\OPd6FRhjYqTJ.exe MSCONFIG\startupreg: cpuminer => C:\Users\Michał\AppData\Roaming\cpuminer\cpm.exe MSCONFIG\startupreg: Kepard => "C:\Program Files (x86)\Kepard\Kepard.exe" tray MSCONFIG\startupreg: pcmgr => C:\Program Files (x86)\badu\Uninst.exe MSCONFIG\startupreg: SpaceSoundPro => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe" EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe Uruchom FRST i kliknij przycisk Fix (NAPRAW). Daj raport z tego. 3) Zrób log z FSS. 4) Zrób logi z FRST - bez Shortcut. . 1
Azrei komentarz 2 stycznia 2017 Autor komentarz 2 stycznia 2017 (edytowane) Zrobione co Pan kazał Logi FSS http://wklejto.pl/268416 Addition http://wklejto.pl/268417 FRST http://wklejto.pl/268418 Fixlog http://wklejto.pl/268419 //edit już działa, naprawione. Reputek parę dam. Pozdrawiam i dziękuję za pomoc. Temat do zamknięcia, powinien zostać przypięty ten post, bo to częsty problem, ponieważ ten wirus jest spowodowany popularnymi torrentami
Twój_Anioł_Stróż komentarz 2 stycznia 2017 komentarz 2 stycznia 2017 (edytowane) 1) Do Notatnika wklej: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=dword:00000000 Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >> plik uruchom (dwuklik i OK). 2) Cytuj BFE Service is not running. >>START >>URUCHOM >>wybierz (lub wpisz): services.msc >>OK Znajdź (zaznacz): Podstawowy aparat filtrowania Po lewej stronie kliknij na: Uruchom ponownie usługę. 3) Otwórz Notatnik i wklej w nim: Cytuj ShortcutWithArgument: C:\Users\Azrej\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://kipuu.cn/ ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://kipuu.cn/ ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e9e54e21acfd263e\NWJS Default.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=aafddpmiffkameplnjkglahmbnbgidce ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=dobbaijafcbikgimjpakclacfgeagffm ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://kipuu.cn/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://kipuu.cn/ EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe Uruchom FRST i kliknij przycisk Fix (NAPRAW). . Jeśli będzie OK, to będziemy kończyć: Otwórz Notatnik i wklej w nim: Cytuj DeleteQuarantine: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW). przez SHIFT+DEL usuń pozostały folder C:\FRST. FSS - usuń ręcznie C:\Users\Azrej\Downloads\FRST-OlderVersion - usuń poprzez SHIFT+DEL . 1
Azrei komentarz 2 stycznia 2017 Autor komentarz 2 stycznia 2017 Wszystko cacy, dziękuję bardzo za pomoc. Temat do zamknięcia.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.