x-kom hosting

Wirus opanował komputer

Azrei
utworzono
utworzono (edytowane)

Witam, proszę o pomoc. Ściągnąłem niechcąco wirusa nie wiem jakiego, również jest Navsmart na przęglądarcę, którego bez panelu sterowania nie usunę, a nie mogę po prostu panelu odpalić tak samo nic przez "uruchom" itp. Wiele rzeczy jest zablokowane, aby to zwalczyć @Twój_Anioł_Stróż wiem, że jesteś w tym obeznany, bardzo proszę o pomoc. SKANOWAŁEM MALWAREBYTESEM ORAZ COMODO, usunęło 900 wirusów, ale nadal to jest. W razie pytań proszę pytać.

Azrei
komentarz
komentarz
Dnia 28.12.2016 o 22:12, Twój_Anioł_Stróż napisał:

Zrób logi z FRST > http://www.forumpc.pl/topic/277786-nieingerencyjne-narzędzia-do-tworzenia-logów-systemowych/?p=2010191
przed skanem zaznacz: Additional.txt Shortcut.txt,

Nie wiem czy o to chodzi, ale

Addition:

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 21-12-2016
Uruchomiony przez Azrej (29-12-2016 22:27:57)
Uruchomiony z C:\Users\Azrej\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-01-23 11:27:14)
Tryb startu: Normal
==========================================================


==================== Konta uĹĽytkownikĂłw: =============================

Administrator (S-1-5-21-1949200310-4154890209-3102321400-500 - Administrator - Disabled)
Azrej (S-1-5-21-1949200310-4154890209-3102321400-1010 - Administrator - Enabled) => C:\Users\Azrej
Gość (S-1-5-21-1949200310-4154890209-3102321400-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1949200310-4154890209-3102321400-1007 - Limited - Enabled)

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)


==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

Acoustic Bridge (HKLM-x32\...\Acoustic Bridge1.01) (Version: 1.01 - Stardock Corporation)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1465, 29.12.2014 - AIMP DevTeam)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Aurera-global (HKU\S-1-5-21-1949200310-4154890209-3102321400-1000\...\Aurera-global) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
COMODO Antivirus (HKLM\...\{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}) (Version: 8.0.0.4337 - COMODO Security Solutions Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
K-Lite Codec Pack 10.9.5 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LibreOffice 4.3 Help Pack (Polish) (HKLM-x32\...\{04D908A5-3BED-4C1C-BD0E-E9FBB8710959}) (Version: 4.3.5.2 - The Document Foundation)
LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
Malwarebytes (wersja 3.0.5.1299) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 pl)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
paint.net (HKLM\...\{DD393E4D-76FA-4CCD-84F3-CD9D75C14862}) (Version: 4.0.10 - dotPDN LLC)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
SHU (HKLM-x32\...\{DF11DD92-DBB8-4F3F-9564-A8BBDBE986F5}_is1) (Version: 1.0 - ScreenShu Software)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tibia (HKLM-x32\...\Tibia_is1) (Version: 8.60 - CipSoft GmbH)
Tibia (HKU\S-1-5-21-1949200310-4154890209-3102321400-1010\...\Tibia) (Version:  - CipSoft GmbH)
Tibiacast (HKLM-x32\...\{71A8F4EC-7D8D-4FBA-8AC4-CC5F4B8E9FDA}) (Version: 3.1.05800 - Silver Squirrel Software HB)
WindBot version 2.8.3 (HKLM-x32\...\{93F2CDEB-F828-463F-9B69-2D8FB38BF089}_is1) (Version: 2.8.3 - Lucas Terra, WindBot)
WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WypasOTS 9.4 (HKLM-x32\...\{04BA9C0F-4169-4268-B049-A1DAE36A7FEC}_is1) (Version: 9.4 - )
XenoBot Binary (HKLM-x32\...\{82F4416B-8461-4817-A09D-BBBD7FC00DE6}) (Version: 15.11.28 - XenoBot)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {04E5510B-A6E0-4B1D-892C-4D3D0E2D2141} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {07698EB1-CB84-46CF-A7E2-AEB6612DC59E} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab10b4100f20 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)
Task: {0A705591-902E-42A3-8B53-F6CB5B6D930D} - System32\Tasks\MichałMonocularlyCutpurseV2 => Rundll32.exe GunmanPretences.dll,main 7 1 <==== UWAGA
Task: {0B8DC3AF-0DD0-4AAC-A8A7-E7F569879309} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {0C786062-0E64-43FA-9F60-0C7F25A0C555} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {1A3DEE4D-523C-4C76-87D7-0C420E224A4F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-10-23] (COMODO)
Task: {1A7BBDEF-CF29-4C87-B116-75D8CEB4B351} - System32\Tasks\{0C570786-287D-4FA5-87D5-AA257FDC4294} => Chrome.exe hxxp://ui.skype.com/ui/0/7.17.0.105/pl/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {1CC7F5AF-EB17-41FC-AF39-DB998737D82D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-10-23] (COMODO)
Task: {270FCF3D-4BFF-4E75-898B-BE3C3B8F6654} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe
Task: {28EF5153-A9FE-4086-B4BE-59FECADDEB80} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-10-23] (COMODO)
Task: {2EE5D0CE-E0D9-4A81-A6F8-8E395400C0B1} - System32\Tasks\{1F64A6E6-7DBB-4F2C-8558-7E43905D0DDF} => D:\Riot Games\League of Legends\lol.launcher.exe [2016-03-19] ()
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Brak pliku <==== UWAGA
Task: {3318E7B1-2E15-4432-A823-B53533D34557} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {4D9CAFAF-EB4C-45B5-A551-C694D9065862} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab10b3d80e5e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)
Task: {541AE9CA-DF1E-4B14-854E-F94AA25DC3FC} - System32\Tasks\{87E339C0-A7D2-47B1-9C21-5DF8AFCB9302} => pcalua.exe -a C:\Users\Azrej\Downloads\tibia860.exe -d C:\Users\Azrej\Downloads
Task: {5B9C6C39-5F13-47D8-B6E2-8F993CA46EF2} - System32\Tasks\{6F8B304B-A9FD-4C47-FC8F-0C48D5D99500} => C:\Users\Azrej\AppData\Roaming\{6F8B3~1\PRICEF~1.EXE <==== UWAGA
Task: {6B2E15EC-372E-436D-A540-138509C337F0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Brak pliku <==== UWAGA
Task: {79DBB051-5171-47DA-9313-F171C655B93B} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-10-23] (COMODO)
Task: {807F8A5F-69E1-439C-A25C-6CF4664DE3B9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
Task: {8365DEEA-0F15-4C35-9FD3-6FAB00A2421B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe
Task: {882E2297-17E5-4D23-8D58-C8E083A1E4F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {8A3E5241-272C-44B5-BBAF-3F048D932094} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)
Task: {91A0BF38-2BFB-4990-8987-2589E1F0F0AA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {9669AB42-8A2A-45C5-9368-95CAD21C8438} - System32\Tasks\{863D38D4-4A6C-14D1-9BC6-94735C109C00} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\dc6a53e\7fce6dd7.dll" <==== UWAGA
Task: {9678DF92-0FDF-43E1-97B0-283EBCDDEC74} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-10-23] (COMODO)
Task: {9EB35A7B-9C5B-4A50-B8D5-B3CBD64BB727} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-12-05] (Advanced Micro Devices, Inc.)
Task: {A3C42A7F-14E4-4FDE-B88F-D2D7B008154D} - \Bidaily Synchronize Task[pr] -> Brak pliku <==== UWAGA
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Brak pliku <==== UWAGA
Task: {AE17F646-4464-45E3-9679-B83266049CEE} - \{A5B8CD4F-6620-28AA-073B-BCAC1372529A} -> Brak pliku <==== UWAGA
Task: {C0CBA8BC-318C-4281-BBDD-C94287CA8433} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)
Task: {C3DC4AA1-0DC3-41A6-B7C2-F5089FFFB413} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-12] (Piriform Ltd)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Brak pliku <==== UWAGA
Task: {D9450371-A8E5-45B3-BBDE-12F6C5079634} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Brak pliku <==== UWAGA
Task: {EDD4291F-5E0E-429B-B085-8F95B9E96C94} - System32\Tasks\{8D4A62A4-7B9A-467A-8531-1908738EAA4D} => C:\Users\Azrej\Downloads\MarinerMT2.pl-09.04.2016\MarinerMT2.pl-09.04.2016\MarinerMT2.exe
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Brak pliku <==== UWAGA

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job => C:\Users\Azrej\AppData\Local\Temp\E9D5.exe <==== UWAGA
Task: C:\Windows\Tasks\Coegerentguerly Helper.job => C:\Program Files (x86)\Jicadomnorese\beholy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab10b3d80e5e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab10b4100f20.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{6F8B304B-A9FD-4C47-FC8F-0C48D5D99500}.job => C:\Users\Azrej\AppData\Roaming\{6F8B3~1\PRICEF~1.EXE <==== UWAGA

==================== SkrĂłty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

ShortcutWithArgument: C:\Users\Azrej\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" 
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" 
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e9e54e21acfd263e\NWJS Default.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=aafddpmiffkameplnjkglahmbnbgidce
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=dobbaijafcbikgimjpakclacfgeagffm
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" 

==================== Załadowane moduły (filtrowane) ==============

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2016-10-31 20:45 - 2016-10-31 20:45 - 00592384 _____ () C:\Users\Azrej\AppData\Local\MEGAsync\ShellExtX64.dll
2016-12-28 02:30 - 2016-12-26 15:58 - 00965120 ___SH () C:\ProgramData\igfxDH.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 22:30 - 2016-12-05 20:48 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-07-05 23:06 - 2016-07-05 23:06 - 00856744 _____ () D:\Program Files (x86)\SHU\SHU.exe
2016-07-05 23:06 - 2016-07-05 23:06 - 00021672 _____ () D:\Program Files (x86)\SHU\ScreenShu64.exe
2016-07-05 23:06 - 2016-07-05 23:06 - 00104616 _____ () D:\Program Files (x86)\SHU\screenshu_injected_dll_x64.dll
2016-12-28 03:23 - 2016-12-14 12:55 - 02259232 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-28 03:23 - 2016-12-28 03:23 - 02813904 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-12-28 03:23 - 2016-12-28 03:23 - 02247632 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2013-04-15 17:39 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2016-12-16 14:33 - 2016-12-14 13:46 - 04555256 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\LeagueClient.exe
2016-12-16 14:33 - 2016-12-14 13:46 - 03461112 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\LeagueClientUx.exe
2016-12-28 02:27 - 2016-12-28 02:27 - 00176128 _____ () c:\program files (x86)\jicadomnorese\hernentvozephcloud.dll
2016-04-13 09:38 - 2016-04-13 09:38 - 00482304 _____ () C:\Users\Azrej\AppData\Local\MEGAsync\libsodium.dll
2016-07-05 23:06 - 2016-07-05 23:06 - 00092328 _____ () D:\Program Files (x86)\SHU\screenshu_injected_dll.dll
2016-07-05 23:06 - 2016-07-05 23:06 - 00140800 _____ () D:\Program Files (x86)\SHU\quazip.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-10-21 21:29 - 2015-10-21 21:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-10-21 21:29 - 2015-10-21 21:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd
2015-06-27 00:09 - 2015-06-27 00:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-19 18:08 - 2016-04-19 18:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2016-10-31 20:43 - 2016-10-31 20:43 - 00564736 _____ () C:\Users\Azrej\AppData\Local\MEGAsync\ShellExtX32.dll
2016-12-15 07:15 - 2016-12-08 08:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 07:15 - 2016-12-08 08:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 03328512 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-patcher\rcp-be-patcher.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 01024000 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-rso-auth\rcp-be-rso-auth.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 02518016 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-login\rcp-be-lol-login.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 00583680 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-account-settings\rcp-be-lol-account-settings.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00582144 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-platform-config\rcp-be-lol-platform-config.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00719872 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-summoner\rcp-be-lol-summoner.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00632832 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-ranked-stats\rcp-be-lol-ranked-stats.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00563200 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-maps\rcp-be-lol-maps.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00696832 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-game-queues\rcp-be-lol-game-queues.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00859136 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-gameflow\rcp-be-lol-gameflow.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00938496 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-player-preferences\rcp-be-lol-player-preferences.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00683520 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-game-settings\rcp-be-lol-game-settings.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00628224 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-settings\rcp-be-lol-settings.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00631296 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-sanitizer\rcp-be-sanitizer.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 02468352 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-chat\rcp-be-lol-chat.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 00159224 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\libexpat.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 02014720 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-riot-messaging-service\rcp-be-lol-riot-messaging-service.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00561664 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-heartbeat\rcp-be-lol-heartbeat.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00582144 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-shutdown\rcp-be-lol-shutdown.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 00583168 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-acs\rcp-be-lol-acs.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00604160 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-player-notifications\rcp-be-player-notifications.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00564224 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-loyalty\rcp-be-lol-loyalty.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 01116160 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-collections\rcp-be-lol-collections.dll
2016-12-16 14:33 - 2016-12-16 14:33 - 00955904 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-loot\rcp-be-lol-loot.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00557056 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-kr-shutdown-law\rcp-be-lol-kr-shutdown-law.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 01041408 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-lobby-team-builder\rcp-be-lol-lobby-team-builder.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00684032 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-queue-eligibility\rcp-be-lol-queue-eligibility.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 01540096 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-lobby\rcp-be-lol-lobby.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00854016 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-license-agreement\rcp-be-lol-license-agreement.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 01166848 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-champ-select-legacy\rcp-be-lol-champ-select-legacy.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 00700416 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-champ-select\rcp-be-lol-champ-select.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00816640 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-matchmaking\rcp-be-lol-matchmaking.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00543744 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-kr-playtime-reminder\rcp-be-lol-kr-playtime-reminder.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 00552960 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-game-client-chat\rcp-be-lol-game-client-chat.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 00811520 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-end-of-game\rcp-be-lol-end-of-game.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 00585728 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-active-boosts\rcp-be-lol-active-boosts.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00594432 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-kudos\rcp-be-lol-kudos.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00667136 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-parties\rcp-be-lol-parties.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00900608 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-leagues\rcp-be-lol-leagues.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00675840 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-pft\rcp-be-lol-pft.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00681984 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-player-behavior\rcp-be-lol-player-behavior.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00668160 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-suggested-players\rcp-be-lol-suggested-players.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00594944 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-service-status\rcp-be-lol-service-status.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00611840 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-leaver-buster\rcp-be-lol-leaver-buster.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00739840 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-match-history\rcp-be-lol-match-history.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00620544 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-team-boosts\rcp-be-lol-team-boosts.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00712192 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-recofriender\rcp-be-recofriender.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 00857088 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-clubs\rcp-be-lol-clubs.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 01705472 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-clubs-public\rcp-be-lol-clubs-public.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 00637952 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-esport-stream-notifications\rcp-be-lol-esport-stream-notifications.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00779776 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-replays\rcp-be-lol-replays.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00579072 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-spectator\rcp-be-lol-spectator.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00700928 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-store\rcp-be-lol-store.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00571392 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-player-level-up\rcp-be-lol-player-level-up.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00547328 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-tencent-qt\rcp-be-lol-tencent-qt.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 00600064 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-beta-opt-in\rcp-be-lol-beta-opt-in.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00607744 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-lol-player-messaging\rcp-be-lol-player-messaging.dll
2016-12-16 14:33 - 2016-12-14 15:08 - 00549888 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\Plugins\rcp-be-network-testing\rcp-be-network-testing.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 55617504 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\libcef.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 01876448 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\libglesv2.dll
2016-12-16 14:33 - 2016-12-14 13:47 - 00021984 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.42\deploy\libegl.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)

AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdave64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdgfxinfo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdhcp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdlvr64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdmantle64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdmcl64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdmmcl6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdocl12cl64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdpcom64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amduve64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdvlk64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amfrt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiadlxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiapfxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atibtmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticalcl64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticaldd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticalrt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticfx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atidemgy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atidxx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atieah64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atieclxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiesrxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atig6pxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atig6txx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiglpxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atimpc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atimuixx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atio6axx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ATIODCLI.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ATIODE.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atisamu64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atitmm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiu9p64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiumd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiumd6a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiuxp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clinfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\coinst_16.40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DelayAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\detoured.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dgtrayicon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GameManager64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hsa-thunk64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr(37).dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe(38).dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup(39).dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt(40).exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mantle64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mantleaxl64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds(41).dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtml(42).dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating(43).dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OpenVideo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OVDecode64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SET2302.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SET27DE.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SET3B8F.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SET3D45.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SET4333.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SET48FB.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SET4FD2.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SET6076.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SET7F81.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SET936F.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SETA85C.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SETCA0A.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SETCEF9.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SETE030.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SETE1A8.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SETE6F9.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SETFD80.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SETFF58.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck(44).dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdave32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdgfxinfo32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdhcp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdlvr32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\amdmantle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdmcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdmmcl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdocl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdocl12cl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\amdpcom32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\amduve32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdvlk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amfrt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiadlxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiadlxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticalcl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticaldd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticalrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticfx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atidxx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atieah32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atigktxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiglpxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atimpc32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\atioglxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atisamu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiu9pag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiumdag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiumdva.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiuxpag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\detoured.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\GameManager32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hsa-thunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe(45).dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mantle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mantleaxl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds(46).dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\OpenVideo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OVDecode.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET10C8.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET13B6.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET1619.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET174.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET1759.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET20C9.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET21D4.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET230E.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET23DB.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET3D50.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET42EE.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET473A.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET530F.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET635A.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET6529.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET6697.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET69A5.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET6A97.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET6BB3.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET6C07.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET71EB.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET73D1.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET76EF.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET7A2C.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SET7FF4.tmp:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\SET84A8.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETB96B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETBFED.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETC684.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETCCCA.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETCF7D.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETD199.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETD1AC.tmp:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\SETD43A.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETD769.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETD86E.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETD9AC.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETDE8.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETE1DA.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETE620.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETE766.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETE8BE.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETE9AA.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETF0AC.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SETFFF6.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\amdacpksd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ati2erec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\AtihdW76.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbae64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tap0901.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usb2ser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\etc\hosts.ics:$CmdZnID [26]
AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B [0]
AlternateDataStreams: C:\Users\Azrej\Desktop\uTorrent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Azrej\Desktop\uTorrent.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Azrej\Downloads\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Azrej\Downloads\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Azrej\Downloads\MediaCreationTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Azrej\Downloads\MediaCreationTool.exe:$CmdZnID [26]

==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== PowiÄ…zania plikĂłw (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-1949200310-4154890209-3102321400-1010\Control Panel\Desktop\\Wallpaper -> C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Usługa "Zapora systemu Windows" nie jest uruchomiona.
MpsSvc => Usługa "Zapora systemu Windows" nie jest uruchomiona.
bfe => Usługa "Zapora systemu Windows" nie jest uruchomiona.

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

MSCONFIG\startupfolder: C:^Users^Michał^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7BFC.lnk => C:\Windows\pss\7BFC.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Michał^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ertfgcxvv.eu.url => C:\Windows\pss\ertfgcxvv.eu.url.Startup
MSCONFIG\startupfolder: C:^Users^Michał^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^lsass.exe => C:\Windows\pss\lsass.exe.Startup
MSCONFIG\startupfolder: C:^Users^Michał^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^XenoSuite.lnk => C:\Windows\pss\XenoSuite.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Michał\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: apphide => C:\Program Files (x86)\badu\uc.exe
MSCONFIG\startupreg: BPOKPXeN3R3b0WAW => C:\Users\Michał\AppData\Roaming\1073Zw8Gy7h7e7i8\OPd6FRhjYqTJ.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Clownfish => "D:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: cpuminer => C:\Users\Michał\AppData\Roaming\cpuminer\cpm.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Kepard => "C:\Program Files (x86)\Kepard\Kepard.exe" tray
MSCONFIG\startupreg: MK LOL => "C:\Program Files (x86)\MKJogo\MK IM\Bin\MKIM.exe" -auto
MSCONFIG\startupreg: pcmgr => C:\Program Files (x86)\badu\Uninst.exe
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpaceSoundPro => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
MSCONFIG\startupreg: Steam => "D:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: uTorrent => "C:\Users\MichaĹ‚\AppData\Roaming\uTorrent\updates\3.4.5_41865.exe"  /MINIMIZED

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [{A44678DE-DA08-49FD-9E91-76FF43293067}] => D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6F7F8872-AFA3-4A96-B3A9-2D5180E87C87}] => D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{34EA5996-D379-4EBB-91C0-4CEC59FB486A}] => C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{5F866089-6C87-44BF-96AA-3B5DC31B81AA}] => C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{FC13F423-DB3A-44D7-97C8-91343287C29B}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1CDA0736-F1EC-4E6E-8AEE-D7D5D6789DCB}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C94E8DEF-5E65-4DC1-AFC8-8854694CF4DE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{252D3666-94D4-4DE9-94D9-7FCAC92C82F4}] => C:\Program Files (x86)\AIMP3\AIMP3.exe
FirewallRules: [{82725F08-67A4-4250-8F01-6A10414654A2}] => C:\Program Files (x86)\AIMP3\AIMP3.exe
FirewallRules: [{01A749F4-C0F4-4988-B69E-80AC9139ED20}] => C:\Program Files (x86)\AIMP3\AIMP3.exe
FirewallRules: [{6C3A7A63-A480-44A8-9C5C-7A9303EB7B47}] => C:\Program Files (x86)\AIMP3\AIMP3.exe
FirewallRules: [{5B3BD5EE-BE65-493B-9644-7D6B42114FFB}] => D:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{50D39E69-8B77-488C-9DFD-E05B408D49FF}] => D:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{64B1F85F-08F6-4849-B0BC-1E68B465DBBE}] => D:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{ED8A618F-697C-4098-8F2F-F9F81103E6C0}] => D:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{537EAE8B-8A97-45D1-8751-3E5122E161BF}] => D:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{ADAE98A1-3E1A-43E4-A5BC-2F1F7E72CEBD}] => D:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [TCP Query User{83F45CCB-846D-47C5-B2EB-F83DBDB3C242}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{7C11A48D-999E-4028-91D2-F9C422C5B0D0}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{A9303FE8-DDC3-47BF-ABFF-CE914DD70BE4}D:\program files (x86)\elfbot\navserv.exe] => D:\program files (x86)\elfbot\navserv.exe
FirewallRules: [UDP Query User{43636C88-A545-4ED3-B380-59F1F878AD88}D:\program files (x86)\elfbot\navserv.exe] => D:\program files (x86)\elfbot\navserv.exe
FirewallRules: [{49989F64-093D-4FA8-B505-88231AA998F5}] => D:\Program Files (x86)\CA\combatarms\appdata\NMService.exe
FirewallRules: [{FDE3F5D6-C03A-4773-8AC6-159045FAA83F}] => D:\Program Files (x86)\CA\combatarms\appdata\NMService.exe
FirewallRules: [{F96EF229-3ABF-420F-AF74-B6464A783F1A}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArms.exe
FirewallRules: [{C3805914-8223-43E3-B73B-68FB48261E69}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArms.exe
FirewallRules: [{CDEE1137-8EFF-4D26-A677-9DF5143A4433}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArms.exe
FirewallRules: [{DECD4136-B6E3-4354-8730-2F9343E12432}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArms.exe
FirewallRules: [{BD84C3EE-C01B-4754-AAD8-1A5384CBA23D}] => D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe
FirewallRules: [{68A619DF-3A54-414A-8166-E54E4A103835}] => D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe
FirewallRules: [{26E3C0C3-BDBF-4193-98AD-056C17941B63}] => D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe
FirewallRules: [{71D03F8B-9652-45ED-95EC-E3D93AE89D52}] => D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe
FirewallRules: [{383D76F9-C0AD-4352-80E8-083F2FCF6283}] => D:\Program Files (x86)\CA\combatarms\appdata\Engine.exe
FirewallRules: [{07F95398-7655-47D2-AD68-E7DB1B048723}] => D:\Program Files (x86)\CA\combatarms\appdata\Engine.exe
FirewallRules: [{A0FEFF86-B5B2-42A0-B670-B3215C600DC5}] => D:\Program Files (x86)\CA\combatarms\appdata\Engine.exe
FirewallRules: [{6033E762-D654-4B3B-A6F9-295D1DF6D6EB}] => D:\Program Files (x86)\CA\combatarms\appdata\Engine.exe
FirewallRules: [{5C594DAF-17E2-4E0F-89A5-41F18AC1582E}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArmsLauncher.exe
FirewallRules: [{7A1FD3E8-9FDA-423C-8ED6-53F0C727C5C9}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArmsLauncher.exe
FirewallRules: [{CD1E1FAC-9855-4182-A470-962DD4EAAF11}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArmsLauncher.exe
FirewallRules: [{9EF47518-6BC9-4377-ADD0-D1522F5035FD}] => D:\Program Files (x86)\CA\combatarms\appdata\CombatArmsLauncher.exe
FirewallRules: [{3E027E28-F805-4DA5-BC87-E8AA20351B1D}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{5266793F-6BB6-4ED7-AE42-ACF98948840D}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{F08CF8D6-536A-4BDA-B23B-38DF0199D970}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{2AF74619-4DF7-4DE3-BA4E-6C11177BE504}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{68501B32-69CF-4FAA-9FE7-2CA3F60D0854}] => D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3A8BC30D-82A3-4375-8DE0-3092A8B058F3}] => D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{45298026-E04A-4389-8C61-E016093C4BB4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4EC30C30-2959-46B0-B254-93A06BD519D5}] => D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{725956A4-CEC2-4C91-A321-D53665A8096C}] => D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B82B8DBC-B2D1-479B-8F82-3F4C8BC375B2}] => C:\Users\Azrej\AppData\Local\Temp\00002570\inst_buychannel_37.exe
FirewallRules: [{7845CBC6-2D56-4FC3-9D71-5D685471B06F}] => C:\Users\Azrej\AppData\Local\Temp\00002570\inst_buychannel_37.exe

==================== Punkty Przywracania systemu =========================

Niepowodzenie przy listowaniu punktĂłw przywracania
Sprawdź usługę "winmgmt" lub napraw WMI.


==================== Wadliwe urządzenia w Menedżerze urządzeń =============

Niepowodzenie przy listowaniu urządzeń. Sprawdź usługę "winmgmt" lub napraw WMI.


==================== Błędy w Dzienniku zdarzeń: =========================

Niepowodzenie przy uruchamianiu usługi "eventlog", nie można odczytać zdarzeń.

WystĄpi bĄd systemu 123.

Nazwa pliku, nazwa katalogu lub skadnia etykiety woluminu jest niepoprawna.


==================== Statystyki pamiÄ™ci =========================== 

Procesor: AMD FX(tm)-8320 Eight-Core Processor 
Procent pamięci w użyciu: 76%
Całkowita pamięć fizyczna: 4060.63 MB
Dostępna pamięć fizyczna: 955.64 MB
Całkowita pamięć wirtualna: 8119.45 MB
Dostępna pamięć wirtualna: 3706.01 MB

==================== Dyski ================================

Drive c: () (Fixed) (Total:244.04 GB) (Free:183.53 GB) NTFS
Drive d: (Dane) (Fixed) (Total:687.37 GB) (Free:623.28 GB) NTFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B3B75500)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)

==================== Koniec  Addition.txt ============================

Shortcut:

Rezultat skanowania skrótów użytkowników (x64) Wersja: 21-12-2016
Uruchomiony przez Azrej (29-12-2016 22:29:09)
Uruchomiony z C:\Users\Azrej\Downloads
Tryb startu: Normal

==================== Skróty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WypasOTS 9.4\Deinstalacja programu WypasOTS.lnk -> D:\Program Files (x86)\WypasOTS\unins000.exe (Brak pliku)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WypasOTS 9.4\WypasOTS Cast.lnk -> D:\Program Files (x86)\WypasOTS\Player.exe (Brak pliku)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WypasOTS 9.4\WypasOTS.lnk -> D:\Program Files (x86)\WypasOTS\Launcher.exe (Brak pliku)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock\Acoustic Bridge.lnk -> D:\Program Files (x86)\Stardock\AcousticBridge\AcousticBridgeConfig.exe (Brak pliku)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Co nowego w ostatniej wersji.lnk -> D:\Pliki programów (x86)\Winrar\CoNowego.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Podręcznik RARa dla konsoli.lnk -> D:\Pliki programów (x86)\Winrar\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Pomoc WinRARa.lnk -> D:\Pliki programów (x86)\Winrar\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> D:\Pliki programów (x86)\Winrar\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WindBot\WindBot.lnk -> D:\Program Files (x86)\WindBot\bwazxfro.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibiacast\Readme.lnk -> C:\Windows\Installer\{71A8F4EC-7D8D-4FBA-8AC4-CC5F4B8E9FDA}\_129EB6C2D174E65FC6852F.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibiacast\Tibiacast.lnk -> C:\Windows\Installer\{71A8F4EC-7D8D-4FBA-8AC4-CC5F4B8E9FDA}\_BC504B5FA40D40C153CB0E.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia Website.lnk -> D:\Program Files (x86)\Tibia86\Tibia.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia.lnk -> D:\Program Files (x86)\Tibia86\Tibia.exe (CipSoft GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Uninstall Tibia.lnk -> D:\Program Files (x86)\Tibia86\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHU\SHU.lnk -> D:\Program Files (x86)\SHU\SHU.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHU\Uninstall SHU.lnk -> D:\Program Files (x86)\SHU\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr\Raptr.lnk -> C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe (Raptr, Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\Changelog.lnk -> C:\Program Files\MPC-HC\Changelog.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\Deinstalacja programu MPC-HC.lnk -> C:\Program Files\MPC-HC\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\MPC-HC x64.lnk -> C:\Program Files\MPC-HC\mpc-hc64.exe (MPC-HC Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> D:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> D:\Program Files\Malwarebytes\Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Base.lnk -> C:\Program Files (x86)\LibreOffice 4\program\sbase.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Calc.lnk -> C:\Program Files (x86)\LibreOffice 4\program\scalc.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Draw.lnk -> C:\Program Files (x86)\LibreOffice 4\program\sdraw.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Impress.lnk -> C:\Program Files (x86)\LibreOffice 4\program\simpress.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Math.lnk -> C:\Program Files (x86)\LibreOffice 4\program\smath.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Writer.lnk -> C:\Program Files (x86)\LibreOffice 4\program\swriter.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice.lnk -> C:\Program Files (x86)\LibreOffice 4\program\soffice.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk -> D:\Riot Games\League of Legends\LeagueClient.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Info\faq.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FIFA 14.lnk -> 0x4C0000000114020000000000C0000000000000468500000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000360014001F80DF8F22EDA89E704883B196B02CFE0D5220000000474653497A7BFCA626B2E74981C2053891F721F9000000000000000000000700460049004600410020003100340028000000090000A01C00000031535053E28A5846BC4C3843BBFC139326986DCE000000000000000000000000
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings\AMD Radeon Settings.lnk -> C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Advanced Tag Editor.lnk -> C:\Program Files (x86)\AIMP3\AIMP3ate.exe (AIMP DevTeam)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Audio Converter.lnk -> C:\Program Files (x86)\AIMP3\AIMP3ac.exe (AIMP DevTeam)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Audio Library.lnk -> C:\Program Files (x86)\AIMP3\AIMP3lib.exe (AIMP DevTeam)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Home Page.lnk -> C:\Program Files (x86)\AIMP3\AIMP3.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3.lnk -> C:\Program Files (x86)\AIMP3\AIMP3.exe (AIMP DevTeam)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\History.lnk -> C:\Program Files (x86)\AIMP3\history.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\License.lnk -> C:\Program Files (x86)\AIMP3\license.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\Uninstall.lnk -> C:\Program Files (x86)\AIMP3\Uninstall.exe (AIMP DevTeam)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Azrej\Pobrane.lnk -> C:\Users\Azrej\Downloads ()
Shortcut: C:\Users\Azrej\Music\Downloads.lnk -> C:\Users\Azrej\Downloads ()
Shortcut: C:\Users\Azrej\Links\Desktop.lnk -> C:\Users\Azrej\Desktop ()
Shortcut: C:\Users\Azrej\Links\Downloads.lnk -> C:\Users\Azrej\Downloads ()
Shortcut: C:\Users\Azrej\Links\RecentPlaces.lnk -> System Folder
Shortcut: C:\Users\Azrej\Desktop\Drakensang Online.lnk -> C:\Program Files (x86)\Drakensang Online\thinclient.exe (Bigpoint GmbH)
Shortcut: C:\Users\Azrej\Desktop\lol.launcher — skrót.lnk -> D:\Riot Games\League of Legends\LeagueClient.exe ()
Shortcut: C:\Users\Azrej\Desktop\MEGAsync.lnk -> C:\Users\Azrej\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Shortcut: C:\Users\Azrej\Desktop\Nexon Launcher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
Shortcut: C:\Users\Azrej\Desktop\Pobrane.lnk -> C:\Users\Azrej\Downloads ()
Shortcut: C:\Users\Azrej\Desktop\Tibia.lnk -> C:\Users\Azrej\AppData\Local\Tibia\Tibia.exe ()
Shortcut: C:\Users\Azrej\Desktop\tibia86.lnk -> D:\Program Files (x86)\Tibia86\Tibia.exe (CipSoft GmbH)
Shortcut: C:\Users\Azrej\Desktop\ts3client_win64 — skrót.lnk -> D:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\Azrej\Desktop\Do tibioszki rozne\Hexerka\Tibia.lnk -> D:\Program Files (x86)\Tibia\Tibia.exe (CipSoft GmbH)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia 10.lnk -> D:\Program Files (x86)\Tibia86\Tibia.exe (CipSoft GmbH)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia Website.lnk -> C:\Users\Azrej\AppData\Local\Tibia\Tibia.url ()
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia.lnk -> C:\Users\Azrej\AppData\Local\Tibia\Tibia.exe ()
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia\Uninstall Tibia 10.lnk -> D:\Program Files (x86)\Tibia86\unins000.exe ()
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia\Uninstall Tibia.lnk -> C:\Users\Azrej\AppData\Local\Tibia\uninst.exe ()
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk -> C:\Users\Azrej\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SHU.lnk -> D:\Program Files (x86)\SHU\SHU.exe ()
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Nexon Launcher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGA Website.lnk -> C:\Users\Azrej\AppData\Local\MEGAsync\MEGA Website.url ()
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGAsync.lnk -> C:\Users\Azrej\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\Uninstall.lnk -> C:\Users\Azrej\AppData\Local\MEGAsync\uninst.exe (MEGA Limited)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online\Drakensang Online.lnk -> C:\Program Files (x86)\Drakensang Online\thinclient.exe (Bigpoint GmbH)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online\Uninstall.lnk -> C:\Program Files (x86)\Drakensang Online\Uninstall.exe ()
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SHU.lnk -> D:\Program Files (x86)\SHU\SHU.exe ()
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\lol.launcher — skrót.lnk -> D:\Riot Games\League of Legends\LeagueClient.exe ()
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\ts3client_win64 — skrót.lnk -> D:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\724e6c6e1aea27c4\COMODO Antivirus.lnk -> C:\Program Files\COMODO\COMODO Internet Security\cis.exe (COMODO)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> D:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\WypasOTS 9.4 Cast.lnk -> D:\Program Files (x86)\WypasOTS\Player.exe (Brak pliku)
Shortcut: C:\Users\Public\Desktop\WypasOTS 9.4.lnk -> D:\Program Files (x86)\WypasOTS\Launcher.exe (Brak pliku)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavaudio.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavaudio.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavsplitter.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavsplitter.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavvideo.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavvideo.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe () -> /resetsettings
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO\COMODO Antivirus\COMODO Antivirus.lnk -> C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) -> --shortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO\COMODO Antivirus\Dodaj lub usuń komponenty.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /I{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Azrej\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" 
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" 
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e9e54e21acfd263e\NWJS Default.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=aafddpmiffkameplnjkglahmbnbgidce
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=dobbaijafcbikgimjpakclacfgeagffm
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\Strona WWW programu MPC-HC.url -> URL: hxxp://mpc-hc.org/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Strona WWW programu AION Free-to-Play.url -> URL: hxxp://aionfreetoplay.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\Azrej\Favorites\Links for Polska\Bezpieczeństwo w trybie online.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=142211
InternetURL: C:\Users\Azrej\Favorites\Links for Polska\Bezpieczny Internet.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129626
InternetURL: C:\Users\Azrej\Favorites\Links for Polska\Kultura.pl.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129625
InternetURL: C:\Users\Azrej\Favorites\Links for Polska\Pogodynka.pl — oficjalny serwis pogodowy IMGW.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129624
InternetURL: C:\Users\Azrej\Favorites\Links for Polska\Polska.pl.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129622
InternetURL: C:\Users\Azrej\Desktop\Counter-Strike Global Offensive.url -> URL: steam://rungameid/730
InternetURL: C:\Users\Azrej\Desktop\H1Z1 King of the Kill.url -> URL: steam://rungameid/433850
InternetURL: C:\Users\Azrej\Desktop\Do tibioszki rozne\SkinPreview_Full_Version\Watch the Review on Youtube.url -> URL: hxxps://www.youtube.com/watch?v=MvWaTIwiEwc
InternetURL: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Counter-Strike Global Offensive.url -> URL: steam://rungameid/730
InternetURL: C:\Users\Azrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\H1Z1 King of the Kill.url -> URL: steam://rungameid/433850
InternetURL: C:\Users\Azrej\AppData\Local\Tibia\Tibia.url -> URL: hxxp://www.tibia.com
InternetURL: C:\Users\Azrej\AppData\Local\MEGAsync\MEGA Website.url -> URL: hxxp://www.mega.nz

==================== Koniec  Shortcut.txt =============================

 

i nie wiem, bo to skanuje cały czas, jakby się powtarza @Twój_Anioł_Stróż
 

 

 

Twój_Anioł_Stróż
komentarz
komentarz (edytowane)

1)  Na czas wykonywania wszystkich operacji wyłącz COMODO.

 

2) Otwórz Notatnik i wklej w nim:

Cytuj

RemoveDirectory: c:\program files (x86)\jicadomnorese


RemoveDirectory: C:\Users\Azrej\AppData\Roaming\{6F8B3~1
C:\Users\Public\Desktop\WypasOTS 9.4 Cast.lnk
C:\Users\Public\Desktop\WypasOTS 9.4.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WypasOTS 9.4\WypasOTS.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WypasOTS 9.4\WypasOTS Cast.lnk
FirewallRules: [{B82B8DBC-B2D1-479B-8F82-3F4C8BC375B2}] => C:\Users\Azrej\AppData\Local\Temp\00002570\inst_buychannel_37.exe
FirewallRules: [{7845CBC6-2D56-4FC3-9D71-5D685471B06F}] => C:\Users\Azrej\AppData\Local\Temp\00002570\inst_buychannel_37.exe
C:\Program Files\SpaceSoundPro
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpaceSoundPro
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\pcmgr
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kepard
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cpuminer
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\apphide
C:\Program Files (x86)\badu
C:\Program Files (x86)\Kepard
C:\Users\Michał\AppData\Roaming\cpuminer
C:\Users\Michał\AppData\Local\Akamai\netsession_win.exe
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface
C:\ProgramData\igfxDH.dll
ShortcutWithArgument: C:\Users\Azrej\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk"
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk"
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e9e54e21acfd263e\NWJS Default.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=aafddpmiffkameplnjkglahmbnbgidce
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=dobbaijafcbikgimjpakclacfgeagffm
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk"
Task: C:\Windows\Tasks\{6F8B304B-A9FD-4C47-FC8F-0C48D5D99500}.job => C:\Users\Azrej\AppData\Roaming\{6F8B3~1\PRICEF~1.EXE <==== UWAGA
Task: C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job => C:\Users\Azrej\AppData\Local\Temp\E9D5.exe <==== UWAGA
Task: C:\Windows\Tasks\Coegerentguerly Helper.job => C:\Program Files (x86)\Jicadomnorese\beholy.exe
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Brak pliku <==== UWAGA
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Brak pliku <==== UWAGA
Task: {D9450371-A8E5-45B3-BBDE-12F6C5079634} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Brak pliku <==== UWAGA
Task: {A3C42A7F-14E4-4FDE-B88F-D2D7B008154D} - \Bidaily Synchronize Task[pr] -> Brak pliku <==== UWAGA
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Brak pliku <==== UWAGA
Task: {AE17F646-4464-45E3-9679-B83266049CEE} - \{A5B8CD4F-6620-28AA-073B-BCAC1372529A} -> Brak pliku <==== UWAGA
Task: {9669AB42-8A2A-45C5-9368-95CAD21C8438} - System32\Tasks\{863D38D4-4A6C-14D1-9BC6-94735C109C00} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\dc6a53e\7fce6dd7.dll" <==== UWAGA
Task: {5B9C6C39-5F13-47D8-B6E2-8F993CA46EF2} - System32\Tasks\{6F8B304B-A9FD-4C47-FC8F-0C48D5D99500} => C:\Users\Azrej\AppData\Roaming\{6F8B3~1\PRICEF~1.EXE <==== UWAGA
Task: {6B2E15EC-372E-436D-A540-138509C337F0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Brak pliku <==== UWAGA
Task: {541AE9CA-DF1E-4B14-854E-F94AA25DC3FC} - System32\Tasks\{87E339C0-A7D2-47B1-9C21-5DF8AFCB9302} => pcalua.exe -a C:\Users\Azrej\Downloads\tibia860.exe -d C:\Users\Azrej\Downloads
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Brak pliku <==== UWAGA
Task: {0A705591-902E-42A3-8B53-F6CB5B6D930D} - System32\Tasks\MichałMonocularlyCutpurseV2 => Rundll32.exe GunmanPretences.dll,main 7 1 <==== UWAGA
HOSTS:
EmptyTemp:


Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

 

3) Zrób nowe logi FRST mają być 3 logi: FRST.txt, Addition.txt, Shortcut.txt.

Logi (tekst) wklejaj na http://wklejto.pl/, a w poście daj tylko linki.(czyli skopiuj adres z paska adresów)

albo na http://wklej.org/

.

  • Dobra wypowiedź 1
Azrei
komentarz
komentarz (edytowane)
Godzinę temu, Twój_Anioł_Stróż napisał:

1)  Na czas wykonywania wszystkich operacji wyłącz COMODO.

 

2) Otwórz Notatnik i wklej w nim:


Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

 

3) Zrób nowe logi FRST mają być 3 logi: FRST.txt, Addition.txt, Shortcut.txt.

Logi (tekst) wklejaj na http://wklejto.pl/, a w poście daj tylko linki.(czyli skopiuj adres z paska adresów)

albo na http://wklej.org/

.

Dobra, wszystko zrobione dałem ten fixlist, naprawiało, zresetowało komputer, ale nadal to samo. Tu masz logi

Addition http://wklejto.pl/268267

Shortcut http://wklejto.pl/268269

FRST http://wklejto.pl/268270

Nie chciałeś chyba fix logów, ale dorzucam http://wklejto.pl/268271

PS. Logi robione po naprawianiu

Twój_Anioł_Stróż
komentarz
komentarz
Cytuj

ale nadal to samo

uścislij, co jest tak samo.

 

Logi są zniekształcone - na "wklejto" trzeba wklejać tekst, a nie plik.

Popraw to.

 

Poza tym COMODO dalej blokuje wiele "rzeczy", więc nie da się nawet poznać, jaka jest rzeczywista sytuacja.

 

  • Dobra wypowiedź 1
Azrei
komentarz
komentarz

To samo np. nie mogę wejść w panel sterowania, ccleaner, nie mogę wejść np. w centrum sieci i udostępniania, nie mogę również automatycznej piaskownicyw COMODO wyłączyć. Jakie COMODO blokuje rzeczy?

Poprawione linki

Addition http://wklejto.pl/268273

FRST http://wklejto.pl/268274

Shortcut http://wklejto.pl/268275

Fixlog http://wklejto.pl/268276

 

 

Twój_Anioł_Stróż
komentarz
komentarz (edytowane)
Cytuj

Jakie COMODO blokuje rzeczy?

mpsdrv => Usługa "Zapora systemu Windows" nie jest uruchomiona.
MpsSvc => Usługa "Zapora systemu Windows" nie jest uruchomiona.
bfe => Usługa "Zapora systemu Windows" nie jest uruchomiona.

"BFE" => serwis nie został odblokowany. <===== UWAGA
 
U2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
U1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
U1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-28] ()
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [109568 2013-01-25] (Huawei Technologies Co., Ltd.)
U3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [124672 2014-04-16] (Huawei Technologies Co., Ltd.)
U3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [379392 2014-04-16] (Huawei Technologies Co., Ltd.)
U1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
U1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-28] (Malwarebytes)
U3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-30] (Malwarebytes)
U3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-30] (Malwarebytes)
U0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-30] (Malwarebytes)
U3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-30] (Malwarebytes)
U1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
U3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-09-11] (MBB)
U0 aswVmm; Brak ImagePath
U5 BFE;  <===== UWAGA: Zablokowana usługa
U2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-01-24] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego]
U3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
U3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2016-11-03] ()
U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-10-23] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-10-23] (COMODO)
U2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
U2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-28] (Malwarebytes)
U2 Atqerkkuhaph; C:\Program Files (x86)\Jicadomnorese\HernentvozephCloud.dll [X]
U2 d057f194; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BorderlineFunc\BorderlineFunc.dll",serv
U2 PLAY ONLINE. RunOuc; D:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [X]

Literka "U" na początku linijki oznacza, że dany sterownik, usługa jest zablokowane, najprawdopodobniej przez COMODO.

Są też zablokowane wszelkie operacje w Rejestrze, więc nic się nie da naprawić.

 

  • Dobra wypowiedź 1
Azrei
komentarz
komentarz
7 minut temu, Twój_Anioł_Stróż napisał:

mpsdrv => Usługa "Zapora systemu Windows" nie jest uruchomiona.
MpsSvc => Usługa "Zapora systemu Windows" nie jest uruchomiona.
bfe => Usługa "Zapora systemu Windows" nie jest uruchomiona.


"BFE" => serwis nie został odblokowany. <===== UWAGA
 

U2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
U1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
U1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-28] ()
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [109568 2013-01-25] (Huawei Technologies Co., Ltd.)
U3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [124672 2014-04-16] (Huawei Technologies Co., Ltd.)
U3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [379392 2014-04-16] (Huawei Technologies Co., Ltd.)
U1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
U1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-28] (Malwarebytes)
U3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-30] (Malwarebytes)
U3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-30] (Malwarebytes)
U0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-30] (Malwarebytes)
U3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-30] (Malwarebytes)
U1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
U3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-09-11] (MBB)
U0 aswVmm; Brak ImagePath
U5 BFE;  <===== UWAGA: Zablokowana usługa

U2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-01-24] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego]
U3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
U3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2016-11-03] ()
U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-10-23] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-10-23] (COMODO)
U2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
U2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-28] (Malwarebytes)
U2 Atqerkkuhaph; C:\Program Files (x86)\Jicadomnorese\HernentvozephCloud.dll [X]
U2 d057f194; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BorderlineFunc\BorderlineFunc.dll",serv
U2 PLAY ONLINE. RunOuc; D:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [X]

Literka "U" na początku linijki oznacza, że dany sterownik, usługa jest zablokowane, najprawdopodobniej przez COMODO.

Są też zablokowane wszelkie operacje w Rejestrze, więc nic się nie da naprawić.

 

Czyli co mam zrobić? Usunąć COMODO? Jak zwalczyć tego wirusa

Twój_Anioł_Stróż
komentarz
komentarz

1) Wejdź w Tryb Awaryjny (F8 przed startem Systemu)

 

2) Otwórz Notatnik i wklej w nim:

Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE


Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpsdrv
Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc
Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmderd
Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdHlp
2016-09-19 18:24 - 2016-09-19 18:24 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-28 02:33 - 2016-12-28 02:33 - 00000000 ____D C:\Users\Azrej\AppData\Roaming\Softlink
2016-12-28 02:33 - 2016-12-28 02:33 - 00000000 ____D C:\Users\Azrej\AppData\Roaming\KuaiZip
2016-12-28 02:30 - 2016-12-28 02:31 - 00000000 __SHD C:\Users\Azrej\AppData\Local\svchost
2016-12-28 02:28 - 2016-12-28 02:28 - 00000000 ____D C:\Program Files (x86)\Aserrystofusy Mapper
2016-12-28 02:27 - 2016-12-28 04:46 - 00000000 ____D C:\Users\Azrej\AppData\Roaming\Preptainkowack
2016-12-28 02:27 - 2016-12-28 02:28 - 00000000 ____D C:\Users\Azrej\AppData\Local\Dalayberfer
2016-12-23 15:24 - 2016-12-23 15:24 - 00000000 ____D C:\Users\Azrej\AppData\Local\Chromium
U3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U3 gdrv; \??\C:\Windows\gdrv.sys [X]
U3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
U3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
U3 VUSB3HUB; system32\DRIVERS\ViaHub3.sys [X]
U3 xhcdrv; system32\DRIVERS\xhcdrv.sys [X]
U3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
U2 Atqerkkuhaph; C:\Program Files (x86)\Jicadomnorese\HernentvozephCloud.dll [X]
U2 d057f194; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BorderlineFunc\BorderlineFunc.dll",serv
RemoveDirectory: C:\Program Files (x86)\Jicadomnorese
RemoveDirectory: c:\Program Files (x86)\BorderlineFunc
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\p15wvnz5.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\p15wvnz5.default -> youndoo
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> Brak pliku
ShellExecuteHooks: Brak nazwy - {CE50D974-CA9B-11E6-849D-64006A5CFC23} -  -> Brak pliku
ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll -> Brak pliku
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1949200310-4154890209-3102321400-1000\...\Run: [vxn32.exe] => C:\Users\Michał\AppData\Roaming\vxn32\IleUviAnd6rK.exe
HKU\S-1-5-21-1949200310-4154890209-3102321400-1000\...\RunOnce: [Mecrosoft Corporateon IMbgFEHMLigAKaGg] => C:\Users\Michał\AppData\Roaming\IMbgFEHMLigAKaGg.exe
HKU\S-1-5-21-1949200310-4154890209-3102321400-1000\...\RunOnce: [Microsoft Corporation  ERgJgMHdQHXfcVbL] => C:\Users\Michał\AppData\Roaming\ERgJgMHdQHXfcVbL.exe [0 ] ()
HKU\S-1-5-21-1949200310-4154890209-3102321400-1000\...\Winlogon: [Shell] "C:\Users\Michał\AppData\Roaming\ipchanger\s30IOHuLO4sp.exe",explorer.exe <==== UWAGA
C:\Users\Michał\AppData\Roaming\ERgJgMHdQHXfcVbL.exe
C:\Users\Michał\AppData\Roaming\IMbgFEHMLigAKaGg.exe
C:\Users\Michał\AppData\Roaming\vxn32
HOSTS:
EmptyTemp:


Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

 

3) Zrób log z Farbar Service Scanner >http://download.bleepingcomputer.com/farbar/FSS.exe (do skanowania zaznacz wszystko).

 

4) Zrób nowe logi FRST.

.

 

  • Dobra wypowiedź 1
Azrei
komentarz
komentarz

@Twój_Anioł_Stróż witam, pisze z telefonu. Wlasnie sie naprawia w tym tryboe awaryjnym juz dobre 15 minut nie wiem czy tak powinno byc, ale zauwazylem, ze moge sie dostac do panelu sterowania w tym trybie awaryjnym, wczesniej nie moglem. Otworzylem fixlog z ciekawosci i jest naposane, ze cos odblokowalo. PS. Prosze o odzew, czy to powinno tak dlugo sie naprawiac

Witam, już piszę z komputera, wszystko się naprawiło, navsmarta usunęło. DZIĘKUJĘ BARDZO. WKLEJAM LOGI, BO PAN PROSIŁ

Addition http://wklejto.pl/268326

FRST http://wklejto.pl/268327

Shortcut http://wklejto.pl/268329

FSS http://wklejto.pl/268330

 

Witam, teraz się pojawił problem, mniej znaczący, otóż wyłączyła się zapora systemu windows i nie mogę jej włączyć. Jak próbuję to jest komunikat "Zapora systemu Windows nie może zmienić niektórych ustawień Kod błędu: 0x8007042c

Twój_Anioł_Stróż
komentarz
komentarz (edytowane)

1) Pobierz >>ESET ServicesRepair
Kliknij prawym na pliku ServicesRepair i wybierz Uruchom jako administrator.

 

2) Otwórz Notatnik i wklej w nim:

Cytuj

WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA


Task: C:\Windows\Tasks\{6F8B304B-A9FD-4C47-FC8F-0C48D5D99500}.job => C:\Users\Azrej\AppData\Roaming\{6F8B3~1\PRICEF~1.EXE <==== UWAGA
RemoveDirectory: C:\Users\Michał\AppData\Roaming\1073Zw8Gy7h7e7i8
RemoveDirectory: C:\Program Files (x86)\badu
RemoveDirectory: C:\Program Files (x86)\AskPartnerNetwork
RemoveDirectory: C:\Users\Michał\AppData\Roaming\cpuminer
RemoveDirectory: C:\Program Files (x86)\Kepard
RemoveDirectory: C:\Program Files\SpaceSoundPro
RemoveDirectory: C:\Users\Azrej\AppData\Roaming\{6F8B3~1
RemoveDirectory: C:\Program Files (x86)\Jicadomnorese
RemoveDirectory: C:\PROGRA~3\dc6a53e
2016-12-28 02:30 - 2016-12-26 15:58 - 00965120 ___SH () C:\ProgramData\igfxDH.dll
Task: C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job => C:\Users\Azrej\AppData\Local\Temp\E9D5.exe <==== UWAGA
Task: C:\Windows\Tasks\Coegerentguerly Helper.job => C:\Program Files (x86)\Jicadomnorese\beholy.exe
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Brak pliku <==== UWAGA
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Brak pliku <==== UWAGA
Task: {D9450371-A8E5-45B3-BBDE-12F6C5079634} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Brak pliku <==== UWAGA
Task: {A3C42A7F-14E4-4FDE-B88F-D2D7B008154D} - \Bidaily Synchronize Task[pr] -> Brak pliku <==== UWAGA
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Brak pliku <==== UWAGA
Task: {AE17F646-4464-45E3-9679-B83266049CEE} - \{A5B8CD4F-6620-28AA-073B-BCAC1372529A} -> Brak pliku <==== UWAGA
Task: {9669AB42-8A2A-45C5-9368-95CAD21C8438} - System32\Tasks\{863D38D4-4A6C-14D1-9BC6-94735C109C00} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\dc6a53e\7fce6dd7.dll" <==== UWAGA
Task: {5B9C6C39-5F13-47D8-B6E2-8F993CA46EF2} - System32\Tasks\{6F8B304B-A9FD-4C47-FC8F-0C48D5D99500} => C:\Users\Azrej\AppData\Roaming\{6F8B3~1\PRICEF~1.EXE <==== UWAGA
Task: {6B2E15EC-372E-436D-A540-138509C337F0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Brak pliku <==== UWAGA
Task: {541AE9CA-DF1E-4B14-854E-F94AA25DC3FC} - System32\Tasks\{87E339C0-A7D2-47B1-9C21-5DF8AFCB9302} => pcalua.exe -a C:\Users\Azrej\Downloads\tibia860.exe -d C:\Users\Azrej\Downloads
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Brak pliku <==== UWAGA
Task: {0A705591-902E-42A3-8B53-F6CB5B6D930D} - System32\Tasks\MichałMonocularlyCutpurseV2 => Rundll32.exe GunmanPretences.dll,main 7 1 <==== UWAGA
2016-12-28 04:59 - 2015-02-22 16:28 - 00000000 ____D C:\ProgramData\APN
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Michał\AppData\Local\Akamai\netsession_win.exe"
C:\Users\Michał\AppData\Local\Akamai\netsession_win.exe
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: apphide => C:\Program Files (x86)\badu\uc.exe
MSCONFIG\startupreg: BPOKPXeN3R3b0WAW => C:\Users\Michał\AppData\Roaming\1073Zw8Gy7h7e7i8\OPd6FRhjYqTJ.exe
MSCONFIG\startupreg: cpuminer => C:\Users\Michał\AppData\Roaming\cpuminer\cpm.exe
MSCONFIG\startupreg: Kepard => "C:\Program Files (x86)\Kepard\Kepard.exe" tray
MSCONFIG\startupreg: pcmgr => C:\Program Files (x86)\badu\Uninst.exe
MSCONFIG\startupreg: SpaceSoundPro => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
EmptyTemp:


Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

Daj raport z tego.

 

3) Zrób log z FSS.

 

4) Zrób logi z FRST - bez Shortcut.

.

  • Dobra wypowiedź 1
Azrei
komentarz
komentarz (edytowane)

Zrobione co Pan kazał

Logi

FSS http://wklejto.pl/268416

Addition http://wklejto.pl/268417

FRST http://wklejto.pl/268418

Fixlog http://wklejto.pl/268419

//edit już działa, naprawione. Reputek parę dam. Pozdrawiam i dziękuję za pomoc. Temat do zamknięcia, powinien zostać przypięty ten post, bo to częsty problem, ponieważ ten wirus jest spowodowany popularnymi torrentami

 

 

Twój_Anioł_Stróż
komentarz
komentarz (edytowane)

1) Do Notatnika wklej:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000000


Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).

 

2) 

Cytuj

BFE Service is not running.

>>START >>URUCHOM >>wybierz (lub wpisz): services.msc >>OK

Znajdź (zaznacz): Podstawowy aparat filtrowania

Po lewej stronie kliknij na: Uruchom ponownie usługę.

 

3) Otwórz Notatnik i wklej w nim:

Cytuj

ShortcutWithArgument: C:\Users\Azrej\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://kipuu.cn/


ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://kipuu.cn/
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e9e54e21acfd263e\NWJS Default.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=aafddpmiffkameplnjkglahmbnbgidce
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Azrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Azrej\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=dobbaijafcbikgimjpakclacfgeagffm
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Azrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://kipuu.cn/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://kipuu.cn/
EmptyTemp:


Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

.

Jeśli będzie OK, to będziemy kończyć:

Otwórz Notatnik i wklej w nim:

Cytuj

DeleteQuarantine:


Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.

 

FSS - usuń ręcznie

 

C:\Users\Azrej\Downloads\FRST-OlderVersion - usuń poprzez SHIFT+DEL

.

 

  • Dobra wypowiedź 1
Azrei
komentarz
komentarz

Wszystko cacy, dziękuję bardzo za pomoc. Temat do zamknięcia.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.