Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hydra? Trojan or what?


  • Please log in to reply
1 reply to this topic

#1 marokin

marokin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 04 May 2015 - 07:16 AM

Recently i found weird files on my PC. Folder is named "HydraLogs", inside is bunch of logs. I have opened log with oldest date and found this inside:

[24/04/2015    09:36:57:0001]    DllRegisterServer called
[24/04/2015    09:36:57:0174]    Initializing environment, hInstance = f9730000
[24/04/2015    09:36:57:0208]    Checking manual start, command line: ' /s \"c:\users\kondzio\appdata\local\temp\tmp9c7e.tmp\"', self path: 'c:\windows\system32\regsvr32.exe'
[24/04/2015    09:36:57:0255]    Is instance running: 0
[24/04/2015    09:36:57:0298]    HydraCurrentPath: C:\Users\Kondzio\AppData\Local\Temp\tmp9C7E.tmp
[24/04/2015    09:36:57:0325]    HydraCurrentDir: C:\Users\Kondzio\AppData\Local\Temp\
[24/04/2015    09:36:57:0364]    Command line: ' /s \"C:\Users\Kondzio\AppData\Local\Temp\tmp9C7E.tmp\"'
[24/04/2015    09:36:57:0400]    Startup options detected. Installed: 0. Forced: 0. Manual: 0. InExplorer: 0
[24/04/2015    09:36:57:0422]    Installing hydra
[24/04/2015    09:36:57:0442]    Disabling security
[24/04/2015    09:36:59:0255]    Readed 2475520 bytes
[24/04/2015    09:36:59:0275]    Hydra dir: C:\ProgramData\Microsoft\Performance\Monitor
[24/04/2015    09:36:59:0296]    Hydra path: C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll
[24/04/2015    09:36:59:0360]    Manual start (rundll32.exe). Path: 'C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll'. Params: '"C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll",DllInstall'
[24/04/2015    09:36:59:0407]    Process executed. Result: 1
[24/04/2015    09:36:59:0430]    After detect sandbox

Some of them, but there are more on my PC

Attached File  hydra_011688.log   448.17KB   4 downloads

Attached File  hydra_006692.log   7.71KB   1 downloads

Attached File  hydra_006880.log   3KB   3 downloads

Attached File  hydra_006880.log   3KB   3 downloads

Attached File  hydra_007528.log   35.39KB   0 downloads

Attached File  hydra_008056.log   2.72KB   1 downloads

 

I also remember that couple days ago I had a antivirus alert but i didn't bothered to pay attention to what it was saying. I've checked what was in that alert, and it was that:

The item c:/programdata/microsoft/performance/monitor/temp/tmpa787.tmp was deleted at user request

I think something is wrong, can you help me, please. Sorry for my english, it's not my primary language.
 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by Kondzio (administrator) on BESTIA-KONDZIA on 04-05-2015 15:13:40
Running from C:\Users\Kondzio\Downloads
Loaded Profiles: Kondzio (Available profiles: Kondzio)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
() C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(PC Remote) C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Piotr Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(BitTorrent Inc.) C:\Users\Kondzio\AppData\Roaming\uTorrent\uTorrent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-03-17] (Bitdefender)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-12-12] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3443664 2015-01-30] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\Run: [Spotify Web Helper] => C:\Users\Kondzio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-27] (Spotify Ltd)
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-11] (Bitdefender)
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\Run: [PC Remote Server] => C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe [1190648 2014-10-12] (PC Remote)
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\Run: [DVSSkypeRecorder] => C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\skyui.exe [1055400 2015-03-01] (DVDVideoSoft Ltd.)
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\Run: [uTorrent] => C:\Users\Kondzio\AppData\Roaming\uTorrent\uTorrent.exe [1677904 2015-01-22] (BitTorrent Inc.)
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\MountPoints2: D - "D:\setup.exe"
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\MountPoints2: {7313570e-672a-11e4-8254-806e6f6e6963} - "G:\Autorun.exe"
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2015-04-24] ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-04] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-11] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-11] (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Kondzio\AppData\Roaming\Mozilla\Firefox\Profiles\4h6xbq3s.default
FF Homepage: www.google.pl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-22] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1123315417-4117993512-3971456346-1001: ubisoft.com/uplaypc -> E:\gry\The Settlers 7 - Droga do królestwa\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll No File
FF Extension: Battlefield Heroes Updater - C:\Users\Kondzio\AppData\Roaming\Mozilla\Firefox\Profiles\4h6xbq3s.default\Extensions\battlefieldheroespatcher@ea.com [2014-11-08]
FF Extension: Flash and Video Download - C:\Users\Kondzio\AppData\Roaming\Mozilla\Firefox\Profiles\4h6xbq3s.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-04-22]
FF Extension: Video Downloader Professional - C:\Users\Kondzio\AppData\Roaming\Mozilla\Firefox\Profiles\4h6xbq3s.default\Extensions\ffext_basicvideoext@startpage24.xpi [2015-04-27]
FF Extension: TabRenamizer-Babar - C:\Users\Kondzio\AppData\Roaming\Mozilla\Firefox\Profiles\4h6xbq3s.default\Extensions\{4BB0BA88-4D16-11E3-91BA-62226288709B}.xpi [2014-11-09]
FF Extension: Procon Latte Content Filter - C:\Users\Kondzio\AppData\Roaming\Mozilla\Firefox\Profiles\4h6xbq3s.default\Extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi [2015-01-17]
FF Extension: Adblock Plus - C:\Users\Kondzio\AppData\Roaming\Mozilla\Firefox\Profiles\4h6xbq3s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-01]
FF Extension: Always on Top - C:\Users\Kondzio\AppData\Roaming\Mozilla\Firefox\Profiles\4h6xbq3s.default\Extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi [2014-11-14]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-11-10]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR HomePage: Default -> hxxp://google.pl/
CHR Profile: C:\Users\Kondzio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kondzio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-13]
CHR Extension: (Google Docs) - C:\Users\Kondzio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Google Drive) - C:\Users\Kondzio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-13]
CHR Extension: (YouTube) - C:\Users\Kondzio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-13]
CHR Extension: (Google Search) - C:\Users\Kondzio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-13]
CHR Extension: (Bitdefender Wallet) - C:\Users\Kondzio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-02-13]
CHR Extension: (Google Sheets) - C:\Users\Kondzio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-13]
CHR Extension: (Google Wallet) - C:\Users\Kondzio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-13]
CHR Extension: (Gmail) - C:\Users\Kondzio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-13]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [112640 2014-09-15] () [File not signed]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-17] (Bitdefender)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393728 2014-12-25] (BlueStack Systems, Inc.) [File not signed]
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-12-12] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [786136 2014-12-12] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
S3 intelsba; C:\Program Files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-03-27] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1733072 2015-01-27] (Micro-Star INT'L CO., LTD.)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-08] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [965776 2014-10-26] (@ByELDI) [File not signed]
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-05-04] (Enigma Software Group USA, LLC.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-12] (Bitdefender)
R2 vmms; C:\Windows\system32\vmms.exe [13784576 2014-10-08] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-03-17] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [293088 2014-09-16] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-11] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-02-11] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-11] (BitDefender)
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2014-11-08] (Alcohol Soft Development Team)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-11] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-11] (BitDefender SRL)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-12-12] (BlueStack Systems)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-04] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-03-17] (BitDefender LLC)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2014-11-17] (Microsoft Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2014-11-17] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2014-11-17] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2014-11-17] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-11-07] (Duplex Secure Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-12] (BitDefender S.R.L.)
R3 V0420VID; C:\Windows\system32\DRIVERS\V0420Vid.sys [107072 2007-05-31] (Creative Technology Ltd.)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2014-11-17] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-04 15:13 - 2015-05-04 15:14 - 00024465 _____ () C:\Users\Kondzio\Downloads\FRST.txt
2015-05-04 15:11 - 2015-05-04 15:13 - 00000000 ____D () C:\FRST
2015-05-04 15:08 - 2015-05-04 15:08 - 02101248 _____ (Farbar) C:\Users\Kondzio\Downloads\FRST64.exe
2015-05-04 14:26 - 2015-05-04 14:26 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-05-04 14:26 - 2015-05-04 14:26 - 00003346 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-05-04 14:26 - 2015-05-04 14:26 - 00001121 _____ () C:\Users\Kondzio\Desktop\SpyHunter.lnk
2015-05-04 14:26 - 2015-05-04 14:26 - 00000000 ____D () C:\Users\Kondzio\AppData\Roaming\Enigma Software Group
2015-05-04 14:26 - 2015-05-04 14:26 - 00000000 ____D () C:\sh4ldr
2015-05-04 14:26 - 2015-05-04 14:26 - 00000000 _____ () C:\autoexec.bat
2015-05-04 14:25 - 2015-05-04 14:25 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-04 14:24 - 2015-05-04 14:24 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-04 14:24 - 2015-05-04 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-04 14:23 - 2015-05-04 14:23 - 00561248 _____ (Oracle Corporation) C:\Users\Kondzio\Downloads\jxpiinstall(1).exe
2015-05-04 14:20 - 2015-05-04 14:20 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Kondzio\Downloads\SpyHunter-Installer.exe
2015-05-04 13:43 - 2015-05-04 13:43 - 27590656 _____ () C:\Windows\system32\vmguest.iso
2015-05-03 23:12 - 2015-05-03 23:12 - 00000000 ____D () C:\Windows\pss
2015-05-03 22:58 - 2015-05-03 22:58 - 00561248 _____ (Oracle Corporation) C:\Users\Kondzio\Downloads\jxpiinstall.exe
2015-05-03 22:56 - 2015-05-03 22:56 - 00000719 _____ () C:\Users\Kondzio\Desktop\RegDllView.cfg
2015-05-03 22:55 - 2015-05-03 22:55 - 00562784 _____ (Oracle Corporation) C:\Users\Kondzio\Downloads\jre-8u45-windows-i586-iftw.exe
2015-05-03 22:42 - 2015-05-03 22:42 - 00070588 _____ () C:\Users\Kondzio\Downloads\regdllview-x64.zip
2015-05-03 22:42 - 2014-09-13 10:58 - 00116832 _____ (NirSoft) C:\Users\Kondzio\Desktop\RegDllView.exe
2015-05-03 22:42 - 2014-09-13 10:58 - 00015982 _____ () C:\Users\Kondzio\Desktop\RegDllView.chm
2015-05-03 22:42 - 2014-09-13 10:58 - 00010077 _____ () C:\Users\Kondzio\Desktop\readme.txt
2015-05-03 19:36 - 2015-05-03 20:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-03 19:36 - 2015-05-03 19:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-03 19:36 - 2015-05-03 19:36 - 00001435 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-03 19:36 - 2015-05-03 19:36 - 00001423 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-05-03 19:36 - 2015-05-03 19:36 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-05-03 19:36 - 2015-05-03 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-03 19:36 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-05-03 19:31 - 2015-05-03 23:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-03 19:30 - 2015-05-03 19:30 - 00001144 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-03 19:30 - 2015-05-03 19:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-03 19:30 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-03 19:30 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-03 19:30 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-03 19:29 - 2015-05-03 19:30 - 00000000 ____D () C:\Users\Kondzio\AppData\Roaming\Malwarebytes
2015-05-03 19:29 - 2015-05-03 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-03 19:29 - 2015-05-03 19:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-05-03 19:29 - 2015-05-03 19:29 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Kondzio\Downloads\spybot-2.4.exe
2015-05-03 19:28 - 2015-05-03 19:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kondzio\Downloads\mbam-setup.exe
2015-04-30 14:29 - 2015-04-30 14:29 - 00000000 ____D () C:\Users\Kondzio\AppData\Roaming\MK10
2015-04-30 11:04 - 2015-04-30 11:04 - 00000885 _____ () C:\Users\Kondzio\Desktop\Mortal Kombat X.lnk
2015-04-30 11:04 - 2015-04-30 11:04 - 00000000 ____D () C:\Users\Kondzio\AppData\Roaming\Mortal Kombat X
2015-04-30 10:42 - 2015-04-30 10:42 - 00188883 _____ () C:\Users\Kondzio\Downloads\Legendary Drop Rates & BloodShard Prices 2.2.xlsx
2015-04-30 00:32 - 2015-04-30 00:32 - 02319694 _____ () C:\Users\Kondzio\Downloads\48190_FI-XIV-MWM551_(with_updated_stats_6-3-15) Nerdoholic.com.rar
2015-04-29 23:25 - 2015-04-29 23:25 - 12611297 _____ () C:\Users\Kondzio\Downloads\WP_20141125_20_05_24_Pro and others.zip
2015-04-29 23:24 - 2015-04-29 23:25 - 07032131 _____ () C:\Users\Kondzio\Downloads\WP_20150424_08_25_35_Pro and others.zip
2015-04-29 15:47 - 2015-04-29 15:47 - 01457477 _____ () C:\Users\Kondzio\Downloads\Oficjalna aktualizacja składów FIFA 14! - by cross16(1).rar
2015-04-28 17:17 - 2015-04-28 17:17 - 00000944 _____ () C:\Users\Public\Desktop\FIFA 14.lnk
2015-04-28 17:17 - 2015-04-28 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 14
2015-04-28 16:39 - 2015-04-28 16:39 - 00000000 ____D () C:\Users\Kondzio\Desktop\pity
2015-04-25 13:00 - 2015-04-25 13:00 - 00000000 ____D () C:\Users\Kondzio\Documents\Diablo III
2015-04-25 11:50 - 2015-04-25 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-04-21 21:32 - 2015-04-21 21:32 - 10242451 _____ () C:\Users\Kondzio\Downloads\enes_k15.rar
2015-04-21 11:05 - 2015-04-21 11:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-17 11:58 - 2015-04-17 11:58 - 00000000 ____D () C:\Users\Kondzio\Documents\Heroes of the Storm
2015-04-17 11:56 - 2015-04-17 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-04-15 22:40 - 2015-04-15 22:40 - 00000953 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Deklaracje.lnk
2015-04-15 22:40 - 2015-04-15 22:40 - 00000941 _____ () C:\Users\Public\Desktop\e-Deklaracje.lnk
2015-04-15 22:40 - 2015-04-15 22:40 - 00000000 ____D () C:\Users\Kondzio\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1
2015-04-15 22:40 - 2015-04-15 22:40 - 00000000 ____D () C:\Users\Kondzio\AppData\Roaming\e-Deklaracje
2015-04-15 22:40 - 2015-04-15 22:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-04-15 22:40 - 2015-04-15 22:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-04-15 22:40 - 2015-04-15 22:40 - 00000000 ____D () C:\Program Files (x86)\e-Deklaracje
2015-04-15 15:50 - 2015-04-15 15:50 - 00001618 _____ () C:\Users\Public\Desktop\Path of Exile.lnk
2015-04-15 15:50 - 2015-04-15 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
2015-04-15 15:47 - 2015-04-15 15:47 - 07831552 _____ () C:\Users\Kondzio\Downloads\PathOfExileInstaller.msi
2015-04-15 12:55 - 2009-04-06 09:08 - 00005174 _____ () C:\Windows\SysWOW64\nppt9x.vxd
2015-04-15 12:55 - 2009-04-06 09:08 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2015-04-12 20:38 - 2015-04-19 12:10 - 00000000 ____D () C:\Users\Kondzio\Desktop\dyplomowka
2015-04-12 18:06 - 2015-04-12 23:20 - 00000000 ____D () C:\Users\Kondzio\AppData\Local\The Spatials
2015-04-12 17:24 - 2015-04-12 17:28 - 00000000 ____D () C:\Users\Kondzio\AppData\Roaming\Running with rifles
2015-04-12 17:21 - 2015-04-12 17:21 - 00001229 _____ () C:\Users\Kondzio\Desktop\Offworld.exe — skrót.lnk
2015-04-12 17:21 - 2015-04-12 17:21 - 00001040 _____ () C:\Users\Kondzio\Desktop\The Spatials.exe — skrót.lnk
2015-04-12 17:17 - 2015-04-12 17:17 - 00000843 _____ () C:\Users\Kondzio\Desktop\Running With Rifles v1.01.lnk
2015-04-12 15:06 - 2015-04-12 15:06 - 00000000 ___SH () C:\Users\Kondzio\AppData\Local\LumaEmu
2015-04-12 14:46 - 2015-04-12 14:56 - 00000000 ____D () C:\Users\Kondzio\AppData\Local\FF3_Win32
2015-04-12 14:46 - 2015-04-12 14:46 - 00000000 ____D () C:\Users\Kondzio\Documents\Square Enix
2015-04-12 14:31 - 2015-04-12 14:35 - 00000000 ____D () C:\Users\Kondzio\Documents\Unclaimed World
2015-04-11 17:31 - 2015-04-11 17:31 - 00212651 _____ () C:\Users\Kondzio\Downloads\repository.sd-xbmc.org-2.0.0.zip
2015-04-11 17:27 - 2015-04-11 17:54 - 00000000 ____D () C:\Users\Kondzio\AppData\Roaming\Kodi
2015-04-11 17:26 - 2015-04-11 17:26 - 00538834 _____ () C:\Users\Kondzio\Downloads\plugin.video.goldvodtv.zip
2015-04-11 17:25 - 2015-04-11 17:25 - 00458846 _____ () C:\Users\Kondzio\Downloads\repository.smuto-1.2.1.zip
2015-04-11 17:23 - 2015-04-11 17:23 - 71111070 _____ () C:\Users\Kondzio\Downloads\kodi-14.2-Helix.exe
2015-04-08 12:05 - 2015-04-08 12:05 - 00000000 ____D () C:\Users\Kondzio\Desktop\Tor Browser
2015-04-08 12:04 - 2015-04-08 12:05 - 34719900 _____ () C:\Users\Kondzio\Downloads\torbrowser-install-4.0.6_pl.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-04 15:10 - 2014-11-07 23:45 - 00000000 ____D () C:\Users\Kondzio\AppData\Roaming\uTorrent
2015-05-04 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-04 14:56 - 2014-11-07 23:47 - 00000000 ____D () C:\Users\Kondzio\AppData\Roaming\Skype
2015-05-04 14:31 - 2015-02-13 01:26 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-04 14:28 - 2014-11-07 20:55 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1123315417-4117993512-3971456346-1001
2015-05-04 14:26 - 2014-11-07 20:49 - 00000000 ____D () C:\Users\Kondzio
2015-05-04 14:24 - 2014-11-08 18:09 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-04 14:24 - 2014-11-08 18:09 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-04 14:18 - 2014-11-12 22:08 - 00000000 ____D () C:\Users\Kondzio\AppData\Roaming\foobar2000
2015-05-04 13:52 - 2014-11-07 21:44 - 00000000 ____D () C:\Windows\Minidump
2015-05-04 13:52 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\Offline Web Pages
2015-05-04 13:46 - 2014-11-07 20:47 - 01197633 _____ () C:\Windows\WindowsUpdate.log
2015-05-04 13:44 - 2014-11-07 21:43 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-05-04 13:44 - 2014-03-18 11:56 - 01825078 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-04 13:44 - 2014-03-18 11:28 - 00806086 _____ () C:\Windows\system32\perfh015.dat
2015-05-04 13:44 - 2014-03-18 11:28 - 00163440 _____ () C:\Windows\system32\perfc015.dat
2015-05-04 13:40 - 2015-02-13 01:26 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-04 13:40 - 2014-11-07 20:58 - 00062178 _____ () C:\Windows\SysWOW64\Gms.log
2015-05-03 23:21 - 2013-08-22 16:46 - 00059932 _____ () C:\Windows\setupact.log
2015-05-03 23:20 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 23:13 - 2014-11-07 21:26 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-05-03 23:13 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-03 23:06 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-03 23:05 - 2014-11-11 11:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-03 23:05 - 2014-03-18 03:46 - 00065988 _____ () C:\Windows\PFRO.log
2015-05-03 22:57 - 2014-11-18 22:47 - 00000000 ____D () C:\Program Files\Java
2015-05-03 21:19 - 2014-11-09 23:41 - 00007600 _____ () C:\Users\Kondzio\AppData\Local\Resmon.ResmonCfg
2015-05-03 21:04 - 2014-11-07 22:57 - 00000000 ____D () C:\Users\Kondzio\AppData\Local\Battle.net
2015-05-03 20:23 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-03 18:26 - 2014-11-08 01:21 - 00000000 ____D () C:\Users\Kondzio\AppData\Roaming\Spotify
2015-05-03 18:10 - 2014-11-07 21:12 - 00004016 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{41568D9F-B7F9-4CC4-B86E-1C58AB8608AF}
2015-05-03 12:31 - 2014-11-08 01:28 - 00000000 ____D () C:\Users\Kondzio\AppData\Local\Spotify
2015-05-03 10:58 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-01 16:44 - 2015-01-27 16:58 - 00000000 ____D () C:\Users\Kondzio\Documents\FIFA 14
2015-04-30 11:04 - 2014-11-07 20:54 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-26 21:11 - 2014-11-29 18:50 - 00000000 ____D () C:\ProgramData\GalaxyClient
2015-04-26 21:11 - 2014-11-29 18:50 - 00000000 ____D () C:\Program Files (x86)\GalaxyClient
2015-04-26 10:38 - 2014-11-07 23:47 - 00000000 ____D () C:\ProgramData\Skype
2015-04-19 11:14 - 2015-01-29 22:46 - 00000000 ____D () C:\ProgramData\Origin
2015-04-19 11:14 - 2015-01-27 17:00 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-04-17 11:58 - 2014-11-07 22:57 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-04-15 22:40 - 2015-01-19 19:55 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-15 22:40 - 2015-01-19 19:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-15 22:35 - 2014-11-07 21:29 - 00000000 ____D () C:\Users\Kondzio\AppData\Local\Adobe
2015-04-15 22:35 - 2014-11-07 20:50 - 00000000 ____D () C:\Users\Kondzio\AppData\Roaming\Adobe
2015-04-15 15:50 - 2014-11-08 13:05 - 00000000 ____D () C:\Users\Kondzio\Documents\My Games
2015-04-15 12:49 - 2014-11-07 20:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-11 13:15 - 2014-12-22 13:06 - 00000000 ____D () C:\Users\Kondzio\AppData\Roaming\Kalypso Media
2015-04-08 23:53 - 2014-11-08 22:16 - 00000766 _____ () C:\Users\Kondzio\Documents\ax_files.xml

==================== Files in the root of some directories =======

2015-04-12 15:06 - 2015-04-12 15:06 - 0000000 ___SH () C:\Users\Kondzio\AppData\Local\LumaEmu
2014-11-09 23:41 - 2015-05-03 21:19 - 0007600 _____ () C:\Users\Kondzio\AppData\Local\Resmon.ResmonCfg
2014-11-10 00:33 - 2014-11-10 00:33 - 0450707 _____ () C:\ProgramData\1415572246.bdinstall.bin
2014-12-27 11:54 - 2014-12-27 11:54 - 0003072 _____ () C:\ProgramData\wtwLicensing.db

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-30 13:31

==================== End Of Log ============================

 

 

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by Kondzio at 2015-05-04 15:14:32
Running from C:\Users\Kondzio\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1123315417-4117993512-3971456346-500 - Administrator - Disabled)
Gość (S-1-5-21-1123315417-4117993512-3971456346-501 - Limited - Disabled)
Kondzio (S-1-5-21-1123315417-4117993512-3971456346-1001 - Administrator - Enabled) => C:\Users\Kondzio

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"FIFA 14" (HKLM-x32\...\{6049054B-DB11-48E1-A583-9A565D5C8856}_is1) (Version: 1.4.0.0 - )
«Euro Truck Simulator 2 - Gold Edition» v.1.8.2.5s (HKLM-x32\...\«Euro Truck Simulator 2 - Gold Edition»_is1) (Version:  - SCS Software)
µTorrent (HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Application Insights Tools for Visual Studio Express 2013 for Windows (x32 Version: 2.4 - Microsoft Corporation) Hidden
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.00 - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield Heroes (HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.17.0.1227 - Bitdefender)
Biznes Filmowy 2 (Movie Business 2) 0.8.7 (HKLM-x32\...\Biznes Filmowy 2 (Movie Business 2) 0.8.7) (Version:  0.8.7 - Tomiga)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden
BlueStacks App Player 0.9.7.4101 SuperSu BSEasy (HKLM-x32\...\{FDB8F715-FC8D-4C20-B614-E0361BB69A17}) (Version: 0.9.7.4101 - BlueStack Systems, Inc.)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cities Skylines - Deluxe Edition v.1.0.5 (HKLM-x32\...\Cities Skylines - Deluxe Edition_is1) (Version:  - )
Creative Live! Cam Vista IM (VF0420) Driver (1.01.01.00) (HKLM\...\Creative VF0420) (Version:  - )
Crusader Kings II Way of Life (HKLM-x32\...\Crusader Kings II Way of Life_is1) (Version:  - )
Defiance (HKLM-x32\...\Glyph Defiance) (Version:  - Trion Worlds, Inc.)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.9.2 - Bloodshed Software)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Divinity - Original Sin (HKLM-x32\...\Divinity - Original Sin_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 7.0.3 - Ministerstwo Finansow)
e-Deklaracje Desktop (x32 Version: 7.0.3 - Ministerstwo Finansow) Hidden
Emergency Download Driver (HKLM-x32\...\{9ED72246-E35D-4B03-8369-605E82465A29}) (Version: 1.1.5.1416 - Nokia)
Enterprise Architect 11 (HKLM-x32\...\{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}) (Version: 11.10.1106.5 - Sparx Systems)
ETS2 - Project Realism (HKLM-x32\...\ETS2 - Project Realism) (Version: 2013-10-25 - Atak_Snajpera)
FM Genie Scout 15 version 1.0 15.2.1 beta 9 (HKLM-x32\...\FM Genie Scout 15_is1) (Version: 1.0 15.2.1 beta 9 - )
FMRTE 15.1.3.6 (HKLM\...\{6D986DE6-CA9D-4E83-B49C-18C0BFEB6AD6}_is1) (Version: 15.1.3.6 - FMRTE)
foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version:  - Sports Interactive)
Football Manager 2015 Editor (HKLM-x32\...\Steam App 295350) (Version:  - )
Free Video Call Recorder for Skype version 1.2.28.301 (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.2.28.301 - DVDVideoSoft Ltd.)
Fuse Drivers x64 (HKLM-x32\...\{06904B2B-5000-4C58-9471-256BA1A303BE}) (Version: 11.34.1 - Nokia)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GRID Autosport (HKLM-x32\...\R1JJREF1dG9zcG9ydA==_is1) (Version: 1 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel® Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.51.8439 - Intel® Corporation)
Intel® Smart Connect Technology (HKLM\...\{4188E70A-4D3B-447C-B366-963C9E8B4538}) (Version: 5.0.10.2907 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
KeyShot 5 64 bit (HKLM-x32\...\KeyShot 5_64) (Version: 5.0 64 bit - Luxion ApS)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Komunikator WTW 1.2.0.4424 (HKLM\...\{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}) (Version: 1.2.0.4424 - K2T.eu)
Lineage® II: Freya (High Five) (HKLM-x32\...\{21040472-F8DF-48A9-A093-2986C1495670}) (Version: 198 - NCsoft)
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.29989 - Microsoft) Hidden
Lumia UEFI Blue Driver (HKLM-x32\...\{5E80E23F-3BB2-4827-A703-EA7E180AA6A9}) (Version: 1.1.5.1416 - Nokia)
MailShare (HKLM\...\{5846E720-C188-478F-B501-45EA1ACC44D1}_is1) (Version: 2.1.5 - MailShare.pl)
Malwarebytes Anti-Malware wersja 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows - ENU with Update 4 (HKLM-x32\...\{7a8831a7-3674-49db-a962-24a53355a1a5}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mortal Kombat X (HKLM-x32\...\Mortal Kombat X_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Mozilla Firefox 37.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 pl)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.5 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.013 - MSI)
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
NetBeans IDE 8.0.1 (HKLM\...\nbi-nb-base-8.0.1.0.201408251540) (Version: 8.0.1 - NetBeans.org)
NOKIA 3806 USB DRIVER Ver:1.5 (HKLM-x32\...\{6AE35C55-F02A-41EE-B694-8F2706FE4819}) (Version: 2.00.0000 - NOKIA)
Nokia Care Suite PST 5 (HKLM-x32\...\{6DD01BF0-18A3-4608-BBB1-AE6C956EDCC2}) (Version: 5.4.119.1432 - Nokia)
Nokia Connectivity Cable Driver (HKLM-x32\...\{D4BF151C-70A8-4CE2-906F-4173A575BAD9}) (Version: 7.1.182.0 - Nokia)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Oprogramowanie mikroukładu Intel® (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Pakiet sterowników systemu Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.1.40986 - Grinding Gear Games)
PC Connectivity Solution (HKLM-x32\...\{9590C850-8A55-43DB-A413-DFF6E5636570}) (Version: 10.30.0.0 - Nokia)
PC Remote (HKLM-x32\...\{C934DF74-D0D9-445C-90AA-34012A04E11D}) (Version: 3.51 - PC Remote)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
Pro Evolution Soccer 2015 Update v1.01.01 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Smooth Operators - Indie Gala Edition (HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\6b0b0d2561055daf) (Version: 1.0.0.14 - Heydeck Games)
Solid Edge ST7 (HKLM\...\{AB0F3228-D90C-4574-8A28-589483A68C93}) (Version: 107.00.00104 - Siemens)
Spotify (HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Torchlight II version 1.25.5.2 (HKLM-x32\...\Torchlight II_is1) (Version: 1.25.5.2 - )
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
USB Serial Port Driver (x64) (HKLM-x32\...\{53012BD2-D1A3-4530-9AE2-B0C503B5C1C2}) (Version: 2013.30.0.313 - Nokia)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WATCH_DOGS Hotfix (HKLM-x32\...\V0FUQ0hfRE9HUw==_is1) (Version: 1 - )
Windows Phone 8.1 Emulators - ENU (HKLM-x32\...\{166a69f6-6512-47ea-a342-17d954fc059a}) (Version: 12.0.31010.0 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{99759E36-8961-43DC-A7E6-4601D6AEF166}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinRAR 5.11 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM-x32\...\{C97989C1-551F-4F41-A069-2A49567FD36B}) (Version: 1.1.6.1416 - Nokia)
WinUSB Drivers ext (HKLM-x32\...\{A0B1E1BF-BEF5-4748-800B-E54ED9CDF8CE}) (Version: 1.1.10.1426 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-04-2015 15:49:58 Installed Path of Exile
23-04-2015 19:18:07 Zaplanowany punkt kontrolny
28-04-2015 17:17:45 Zainstalowany program DirectX
30-04-2015 11:03:31 Zainstalowany program DirectX
03-05-2015 22:58:16 Removed Java 8 Update 45

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4460AC5D-5337-4D08-9DC4-32A88521BD61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-13] (Google Inc.)
Task: {65A1A7C9-7C1F-4CFB-A0DE-F96286000B01} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-11-07] ()
Task: {87895FCD-56D4-4ABC-8485-42C6E8E92E51} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {94B2DC1A-8F4F-4FE3-B55B-4CF3934B9DB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-13] (Google Inc.)
Task: {B474DD1F-C73E-41B9-95E1-03D5F08C253C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {BCB46233-45D4-4193-B00D-FD8F2F4EF873} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {DEF19B65-8FD0-41B3-9792-8BD50FA281EF} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-10-26] (@ByELDI)
Task: {E3FBE38E-E794-401B-AC59-E15AEE96AE60} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E50E3BB5-5959-4329-A40D-13AB679E4A33} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-05-04] (Enigma Software Group USA, LLC.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-10 00:33 - 2014-08-27 17:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-11-10 00:33 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-11-10 00:33 - 2014-10-02 16:19 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-11-10 00:33 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-04-21 13:08 - 2015-04-21 13:08 - 00789856 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpbr.mdl
2015-04-21 13:08 - 2015-04-21 13:08 - 00710016 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpdsp.mdl
2015-04-21 13:08 - 2015-04-21 13:08 - 02683008 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpph.mdl
2015-04-21 13:08 - 2015-04-21 13:08 - 01325480 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttprbl.mdl
2014-09-15 19:09 - 2014-09-15 19:09 - 00112640 _____ () C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
2014-08-25 17:01 - 2014-08-25 17:01 - 00209712 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2014-08-25 17:01 - 2014-08-25 17:01 - 00057648 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-25 17:01 - 2014-08-25 17:01 - 00057648 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-08-25 17:01 - 2014-08-25 17:01 - 00037168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2014-11-08 02:16 - 2014-11-08 02:32 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-04-24 11:36 - 2015-04-24 11:36 - 02475520 _____ () C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-19 12:45 - 2005-07-18 14:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2015-05-03 19:36 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-03 19:36 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-05-03 19:36 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-05-03 19:36 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-05-03 19:36 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-04-03 17:48 - 2014-04-03 17:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-05-04 13:57 - 2013-05-04 13:57 - 00095712 _____ () C:\Program Files (x86)\foobar2000\zlib1.dll
2015-01-14 12:28 - 2015-01-14 12:28 - 00160720 _____ () C:\Program Files (x86)\foobar2000\shared.dll
2015-02-10 20:14 - 2015-02-10 20:14 - 00239104 _____ () C:\Program Files (x86)\foobar2000\components\foo_channel_mixer.dll
2015-01-14 12:20 - 2015-01-14 12:20 - 00532480 _____ () C:\Program Files (x86)\foobar2000\components\foo_converter.dll
2015-01-14 12:21 - 2015-01-14 12:21 - 00303104 _____ () C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
2015-01-14 12:28 - 2015-01-14 12:28 - 01398248 _____ () C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
2015-01-14 12:20 - 2015-01-14 12:20 - 00306176 _____ () C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
2015-01-14 12:28 - 2015-01-14 12:28 - 01084392 _____ () C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
2015-01-14 12:26 - 2015-01-14 12:26 - 00364544 _____ () C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
2015-01-14 12:22 - 2015-01-14 12:22 - 00352768 _____ () C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
2015-01-14 12:21 - 2015-01-14 12:21 - 00201216 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
2015-01-14 12:21 - 2015-01-14 12:21 - 00290816 _____ () C:\Program Files (x86)\foobar2000\components\foo_fileops.dll
2015-01-14 12:22 - 2015-01-14 12:22 - 00200192 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_eq.dll
2015-01-14 12:21 - 2015-01-14 12:21 - 00258560 _____ () C:\Program Files (x86)\foobar2000\components\foo_unpack.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Kondzio\Downloads\BF2Setup(1).exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\BF2Setup.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\ChromeSetup.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\Dev-Cpp 5.9.2 TDM-GCC 4.8.1 Setup.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\EASPORTSFIFAWorld.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\eMule0.50a-Installer.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\FMRTE-15.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\foobar2000_v1.3.7.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\FreeVideoCallRecorder(1).exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\jre-8u45-windows-i586-iftw.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\jxpiinstall(1).exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\jxpiinstall.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\kodi-14.2-Helix.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\mbam-setup.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\npp.6.7.5.Installer.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\rcsetup151.exe:AGC
AlternateDataStreams: C:\Users\Kondzio\Downloads\rcsetup151.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\spybot-2.4.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\SpyHunter-Installer.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\torbrowser-install-4.0.6_pl.exe:BDU
AlternateDataStreams: C:\Users\Kondzio\Downloads\wakfu.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img6.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "ISCT Tray"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Fast Boot"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\StartupApproved\Run: => "AlcoholAutomount"
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1123315417-4117993512-3971456346-1001\...\StartupApproved\Run: => "DVSSkypeRecorder"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [{32ED6F92-80A1-413A-ADED-85225F45B7BF}] => (Allow) E:\gry\Steam\Steam.exe
FirewallRules: [{66E04C8E-8F9C-4974-8A6D-5E5891E4CB39}] => (Allow) E:\gry\Steam\Steam.exe
FirewallRules: [{54D61A74-BFB2-4C82-9F00-47FD40D73653}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{E395BA38-BA28-4C30-BF23-A846457DE42E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{7A47B7CD-4168-4CA1-9860-A8CA50C3E914}] => (Allow) E:\gry\Battle.net\Battle.net.exe
FirewallRules: [{7399E40D-A686-49E7-9FAC-517249D30E27}] => (Allow) E:\gry\Battle.net\Battle.net.exe
FirewallRules: [{62141698-2C59-4137-B9DC-934C8EF84897}] => (Allow) E:\gry\Steam\bin\steamwebhelper.exe
FirewallRules: [{C6F49AEB-934A-43DE-A879-13905F4C4192}] => (Allow) E:\gry\Steam\bin\steamwebhelper.exe
FirewallRules: [{790606BE-16F7-4991-B9AE-886FA4979E0C}] => (Allow) E:\gry\Hearthstone\Hearthstone.exe
FirewallRules: [{F981B344-FA29-4DD4-837C-91A03757EE8D}] => (Allow) E:\gry\Hearthstone\Hearthstone.exe
FirewallRules: [{7CE5D6B3-F461-4764-9413-49E732328666}] => (Allow) C:\Users\Kondzio\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E6F9A957-C24E-4CE4-992E-BDA939D621F0}] => (Allow) C:\Users\Kondzio\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{78877725-D19B-4FEB-9096-B4EDEEF085AD}] => (Allow) E:\gry\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{39BEAD44-C87D-4756-9787-AE10EA96DDEA}] => (Allow) E:\gry\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{B6DF926E-3119-4F10-9206-2E27FD46C3C0}] => (Allow) C:\Users\Kondzio\Downloads\Microsoft Toolkit.exe
FirewallRules: [{794662C2-F26D-4A3F-9AA0-193F171951F4}] => (Allow) C:\Users\Kondzio\Downloads\Microsoft Toolkit.exe
FirewallRules: [TCP Query User{39F8B753-D91E-49F1-BF9D-E1C678844B46}C:\users\kondzio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kondzio\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B9250509-595D-4918-931F-D9BF706B6683}C:\users\kondzio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kondzio\appdata\roaming\spotify\spotify.exe
FirewallRules: [{50C0FD53-E317-46D6-A3DF-942C1124D73F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E2854378-25F3-43D5-BB40-E9097C363512}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{482AEA35-4DB0-4F98-B3B3-33406811F4C9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8B931062-CA22-40A6-977F-098B62761367}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{241A1A9D-F7AC-4D00-8DA1-67C142048DD3}E:\gry\bfh\bfheroes.exe] => (Allow) E:\gry\bfh\bfheroes.exe
FirewallRules: [UDP Query User{568962E1-A3F9-441F-82DA-05F954066366}E:\gry\bfh\bfheroes.exe] => (Allow) E:\gry\bfh\bfheroes.exe
FirewallRules: [{6CAAC3D4-3736-407B-837B-A6654A512010}] => (Allow) E:\gry\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{012AC585-47D3-4146-8715-3C8631961811}] => (Allow) E:\gry\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{17104C7E-A6D5-4517-82E2-FCE9715BB183}E:\gry\steam\steamapps\common\war thunder\aces.exe] => (Allow) E:\gry\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{3BDC77FE-45CB-4CB8-8446-48F575822D6E}E:\gry\steam\steamapps\common\war thunder\aces.exe] => (Allow) E:\gry\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{8523E30A-BBFC-4AD8-BFC9-9718F8F54DB0}] => (Allow) E:\gry\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{C5038EFC-9090-4306-A633-DC01E0F64760}] => (Allow) E:\gry\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{5350C5D2-0FB3-4AB6-B611-9FCAF802A20C}] => (Allow) E:\gry\SimCity\SimCity\SimCity\SimCity.exe
FirewallRules: [{1DFC957F-BA85-4B52-8B91-2A4A9FEF4E8C}] => (Allow) E:\gry\SimCity\SimCity\SimCity\SimCity.exe
FirewallRules: [{5B4B1052-5D7B-463A-8B76-75F88DB9B19C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\X64\VsGraphicsRemoteEngine.exe
FirewallRules: [{A3529A7F-20E9-4F42-AAE9-1F6FFB98DF62}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\VSWinExpress.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{5F33E40B-8392-4696-9193-863AE5122F4B}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe
FirewallRules: [{09447975-893C-40E8-BE6E-D1BFDB1957E3}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe
FirewallRules: [{05F25931-2317-4DD2-9833-42C3B9F2E117}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{958E0420-7E24-4533-A823-6EA5B128B288}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{9F95D396-5558-484E-AD81-19062A01F6D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{17D4F4BE-502D-421A-AE10-B7ED0A3C4C74}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{454B10A4-D96C-400B-B3EE-CB9BB43CC7B9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{FF702E52-41DE-462B-9649-3C73F480F18E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{8E459996-ED97-410D-B390-14A7CF4A04CC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\outlook.exe
FirewallRules: [TCP Query User{51CE0D2C-9EB2-4CA5-A52E-DE90AF8D1A55}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{02E7F79A-FF13-4792-AFE4-BF224F098F77}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8095A456-5BE2-46A0-A6B0-E9A6E748B828}C:\program files\java\jdk1.8.0_25\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_25\bin\java.exe
FirewallRules: [UDP Query User{DFDE850A-A862-4E17-A1D3-B34B0FD12E42}C:\program files\java\jdk1.8.0_25\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_25\bin\java.exe
FirewallRules: [TCP Query User{FB7B2785-6D05-4A03-A0F1-01F929F86BCE}C:\users\kondzio\appdata\roaming\.wtw\profiles\kondzio21\plugindata\skype-proxy.exe] => (Allow) C:\users\kondzio\appdata\roaming\.wtw\profiles\kondzio21\plugindata\skype-proxy.exe
FirewallRules: [UDP Query User{DBA77E81-427C-444E-BB43-36E007FF56C0}C:\users\kondzio\appdata\roaming\.wtw\profiles\kondzio21\plugindata\skype-proxy.exe] => (Allow) C:\users\kondzio\appdata\roaming\.wtw\profiles\kondzio21\plugindata\skype-proxy.exe
FirewallRules: [TCP Query User{8F942550-C1CD-4AC9-A3A6-291AB9AEAE42}E:\gry\pro evolution soccer 2015\pes2015.exe] => (Allow) E:\gry\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{B7C81ED1-CA69-464E-AD86-193DC9A266CC}E:\gry\pro evolution soccer 2015\pes2015.exe] => (Allow) E:\gry\pro evolution soccer 2015\pes2015.exe
FirewallRules: [TCP Query User{56953F95-8215-4761-9761-AA274791F251}E:\torrent\zakonczone zadania\ubisoft\related designs\anno 1404\tools\anno4web.exe] => (Allow) E:\torrent\zakonczone zadania\ubisoft\related designs\anno 1404\tools\anno4web.exe
FirewallRules: [UDP Query User{0E9F2416-CAD5-4C03-8D25-000CA8DC0A08}E:\torrent\zakonczone zadania\ubisoft\related designs\anno 1404\tools\anno4web.exe] => (Allow) E:\torrent\zakonczone zadania\ubisoft\related designs\anno 1404\tools\anno4web.exe
FirewallRules: [TCP Query User{DFD58BC3-E1BF-44BD-971F-48804A5A1D5D}E:\gry\ubisoft\related designs\anno 1404\tools\addonweb.exe] => (Allow) E:\gry\ubisoft\related designs\anno 1404\tools\addonweb.exe
FirewallRules: [UDP Query User{A4A01023-1602-4871-B9FA-1EFCDF14E72B}E:\gry\ubisoft\related designs\anno 1404\tools\addonweb.exe] => (Allow) E:\gry\ubisoft\related designs\anno 1404\tools\addonweb.exe
FirewallRules: [TCP Query User{BB2E4882-757F-44E9-BC0F-982F5E337FD3}E:\gry\ubisoft\related designs\anno 1404\tools\anno4web.exe] => (Allow) E:\gry\ubisoft\related designs\anno 1404\tools\anno4web.exe
FirewallRules: [UDP Query User{240201AE-9C06-4627-9F21-0119FE5B9CD5}E:\gry\ubisoft\related designs\anno 1404\tools\anno4web.exe] => (Allow) E:\gry\ubisoft\related designs\anno 1404\tools\anno4web.exe
FirewallRules: [{A66B386B-A0BA-4225-AD57-83E196F7281C}] => (Allow) E:\gry\Steam\SteamApps\common\Football Manager 2015\fm.exe
FirewallRules: [{0E8F4417-842A-46E8-A2DB-D68FB948B4CD}] => (Allow) E:\gry\Steam\SteamApps\common\Football Manager 2015\fm.exe
FirewallRules: [{62F9A253-2E54-4F83-9DAC-C23827078ED9}] => (Allow) E:\gry\Steam\SteamApps\common\Football Manager 2015 Editor\editor.exe
FirewallRules: [{261B2335-827D-49C3-9A63-07991A029947}] => (Allow) E:\gry\Steam\SteamApps\common\Football Manager 2015 Editor\editor.exe
FirewallRules: [{901E9779-A08A-4ABE-A20F-C94BB53CB1F5}] => (Allow) E:\gry\RUSE\Steam.exe
FirewallRules: [{BE398AE6-56D6-4E27-BCBD-7FF70DA10027}] => (Allow) E:\gry\RUSE\Steam.exe
FirewallRules: [TCP Query User{FC8C4437-9F29-4BCC-866B-42F27BE3DFAD}E:\gry\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe] => (Block) E:\gry\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe
FirewallRules: [UDP Query User{19EE12C4-B499-42EB-B9B1-3D2613627FCF}E:\gry\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe] => (Block) E:\gry\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe
FirewallRules: [{9DB299EF-EC68-4572-A655-5B6803B7C90A}] => (Allow) C:\Program Files\KeyShot5\bin\keyshot5.exe
FirewallRules: [{9562564C-3793-4535-A909-21EE6CF337A6}] => (Allow) C:\Program Files\KeyShot5\bin\keyshot_daemon.exe
FirewallRules: [{C8ADF1FF-7B80-4F69-BC90-69A92D633818}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD4BD5D4-2439-457F-9C7B-CE150554AE1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B73D68E9-5289-425D-9374-E69430D23EDF}] => (Allow) LPort=1688
FirewallRules: [{DD590A8C-E8AA-4850-B028-ABC12FA91D88}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{F449BFD8-201B-4A0B-AAED-CEAA6BFEC761}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{88A46849-34CC-4133-9130-063C70331D6F}] => (Allow) E:\gry\Farming Giant\iupdate.dll
FirewallRules: [{6804DB87-1F07-4361-8E92-11254192AD02}] => (Allow) E:\gry\Farming Giant\iupdate.dll
FirewallRules: [{DB8E7C19-8EED-4151-9C20-F9EDF97DFACA}] => (Allow) E:\gry\Farming Giant\farminggiant.dll
FirewallRules: [{3E49FE50-6083-42F5-B77D-2E5271B7E6A3}] => (Allow) E:\gry\Farming Giant\farminggiant.dll
FirewallRules: [{C4C63244-48AA-4896-83C9-D4216590F723}] => (Allow) E:\gry\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{76D3EE16-82F5-4FDD-8972-0BD316C15177}] => (Allow) E:\gry\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{8ED8C7D6-C068-4C0D-83E1-77411FE0B4AF}] => (Allow) E:\gry\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{517ADD51-1D18-4032-AF91-F9D4E492F5B5}] => (Allow) E:\gry\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{1A3D7910-C3E2-4B56-94FE-42676F066009}] => (Allow) E:\gry\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{4F038751-7486-4351-A52A-55BF8315D77D}] => (Allow) E:\gry\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{DE99B0DE-EA72-4A24-9997-62D68EA7E92E}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe
FirewallRules: [{03BD81F6-D2A8-4DBB-9385-00E9CEA75024}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe
FirewallRules: [TCP Query User{244165EF-ABE0-42E3-8C22-C6354496D460}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{509E4974-E85D-4FD9-B5F2-B6C155DD4322}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FD04AC53-600E-4F60-8833-5A044EDEE73F}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{D769E35D-522E-4E80-B99D-E4601943CD79}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{A4F7EF21-276B-4277-9668-33977997EA7F}] => (Allow) E:\gry\FIFA 14\Game\fifa14.exe
FirewallRules: [{AD30582E-BABB-4407-9F83-A739A32C9E91}] => (Allow) E:\gry\FIFA 14\Game\fifa14.exe
FirewallRules: [{A5E197AD-2015-4E7E-A91B-878BD252632D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2015 11:21:34 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Nie można uruchomić usługi. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   w BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   w System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/03/2015 11:06:55 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Nie można uruchomić usługi. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   w BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   w System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/03/2015 11:04:49 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (05/03/2015 10:58:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokół LLDP (Link-Layer Discovery Protocol) firmy Microsoft.

System Error:
Odmowa dostępu.
.

Error: (05/03/2015 10:39:13 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: ZARZĄDZANIE NT)
Description: There was an error with the Windows Location Provider database

Error: (05/03/2015 09:26:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SDLogReport.exe w wersji 2.4.40.107 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania.

Identyfikator procesu: 26b8

Godzina rozpoczęcia: 01d085d6e5094207

Godzina zakończenia: 4

Ścieżka aplikacji: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe

Identyfikator raportu: 3daa2886-f1ca-11e4-8323-448a5bd32a31

Pełna nazwa pakietu powodującego błąd:

Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (05/03/2015 10:48:24 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (05/03/2015 06:14:59 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (05/03/2015 06:14:59 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (05/03/2015 06:14:59 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed


System errors:
=============
Error: (05/03/2015 11:21:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Usługa BlueStacks Android Service zakończyła działanie; wystąpił następujący błąd:
%%1064

Error: (05/03/2015 11:19:36 PM) (Source: DCOM) (EventID: 10005) (User: bestia-kondzia)
Description: 1084WSearchNiedostępny{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (05/03/2015 11:19:36 PM) (Source: DCOM) (EventID: 10005) (User: bestia-kondzia)
Description: 1084ShellHWDetectionNiedostępny{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/03/2015 11:19:27 PM) (Source: DCOM) (EventID: 10005) (User: bestia-kondzia)
Description: 1084ShellHWDetectionNiedostępny{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/03/2015 11:19:10 PM) (Source: DCOM) (EventID: 10005) (User: bestia-kondzia)
Description: 1084dpsNiedostępny{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (05/03/2015 11:19:10 PM) (Source: DCOM) (EventID: 10005) (User: bestia-kondzia)
Description: 1084dpsNiedostępny{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (05/03/2015 11:19:10 PM) (Source: DCOM) (EventID: 10005) (User: bestia-kondzia)
Description: 1084dpsNiedostępny{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (05/03/2015 11:17:46 PM) (Source: DCOM) (EventID: 10005) (User: bestia-kondzia)
Description: 1084ShellHWDetectionNiedostępny{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/03/2015 11:17:27 PM) (Source: DCOM) (EventID: 10005) (User: bestia-kondzia)
Description: 1084dpsNiedostępny{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (05/03/2015 11:17:14 PM) (Source: DCOM) (EventID: 10005) (User: bestia-kondzia)
Description: 1084ShellHWDetectionNiedostępny{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================
Error: (05/03/2015 11:21:34 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Nie można uruchomić usługi. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   w BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   w System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/03/2015 11:06:55 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Nie można uruchomić usługi. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   w BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   w System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/03/2015 11:04:49 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description:

Error: (05/03/2015 10:58:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokół LLDP (Link-Layer Discovery Protocol) firmy Microsoft.

System Error:
Odmowa dostępu.

Error: (05/03/2015 10:39:13 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: ZARZĄDZANIE NT)
Description: -2147024883

Error: (05/03/2015 09:26:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDLogReport.exe2.4.40.10726b801d085d6e50942074C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe3daa2886-f1ca-11e4-8323-448a5bd32a31

Error: (05/03/2015 10:48:24 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description:

Error: (05/03/2015 06:14:59 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description:

Error: (05/03/2015 06:14:59 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description:

Error: (05/03/2015 06:14:59 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description:


CodeIntegrity Errors:
===================================
  Date: 2014-11-09 23:26:12.583
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 22:30:34.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 10:11:31.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 09:43:45.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 09:32:30.343
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 09:25:55.811
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 00:09:40.801
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-08 13:30:24.470
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-08 13:20:19.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-08 13:06:10.034
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 42%
Total physical RAM: 8120 MB
Available physical RAM: 4703.96 MB
Total Pagefile: 9400 MB
Available Pagefile: 5642.98 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.14 GB) (Free:34.34 GB) NTFS
Drive e: () (Fixed) (Total:415.04 GB) (Free:100.19 GB) NTFS
Drive f: () (Fixed) (Total:418.82 GB) (Free:357.63 GB) NTFS
Drive g: (Port Royale 3) (CDROM) (Total:4.05 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 80A9DA25)

Partition: GPT Partition Type.

==================== End Of Log ============================


Edited by marokin, 04 May 2015 - 08:22 AM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:19 PM

Posted 07 May 2015 - 04:43 PM

hi marokin,

 

Iam shelf life and will try to help you. Iam usually only on line once or twice per day, more on the weekends. Dont expect a flurry of posts from me.

 

You can navigate to the .dll in question: 

 

C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll

Are there any other files in the folder other than the .dll?

 

Then visit each of these sites below. upload the.dll and have it checked. A starting point anyway.

Does a updated Malwarebytes come up clean after a scan?

 

How often does it make a log?  I see in one log it calls Explorer.exe. which does not need a internet connection, but malware usually dosnt leave a trail of logs behind either.

In task manager do you see a hydra.exe running?

 

http://virusscan.jotti.org/en

https://www.virustotal.com/

 

On a side note looks like you have a copy of Windows with a tool to pass activation------> (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe

Just mentioning it in case you dont know.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users