Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem with re-occuring trojan in pcds32 and 64 file


  • This topic is locked This topic is locked
20 replies to this topic

#1 Wilczur2142

Wilczur2142

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 04 February 2016 - 05:12 PM

Hello!

 

Few days ago I have noticed that I have a re-occuring virus in temporary files, virus is hiding as a pcds32 and pcds64 files. Malwarebytes sometimes is detecting that virus as a Trojan.Injector.VB, Trojan.FakeSig, Trojan.Agent, Ransom.CryptoWall etc.

 

I've tried to delete that virus by Malwarebytes, Comodo, Malwarebytes anti-rootkit, Rkill but Trojan is still there.

 

Few days ago I've noticed that my google chrome is broken, I can't open any site I have only a grey screen and my add-ons are not working, I've tried to reinstall google chrome but nothing happened :/

 

I'am using a Windows 7 Home Premium

 

There are screenshots of my temp files folder and google chrome.

 

1QY80i1.png

 

F3ORBQw.png

 

 

And there is a log from FRST

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:27-01-2016
Uruchomiony przez Wilczur (administrator)  WILCZUR-KOMP (04-02-2016 23:11:22)
Uruchomiony z C:\Users\Wilczur\Downloads
Załadowane profile: Wilczur (Dostępne profile: Wilczur)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Valve Corporation) E:\Steam\Steam.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() E:\RocketDock\RocketDock.exe
(Flux Software LLC) C:\Users\Wilczur\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(LogMeIn Inc.) E:\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) E:\LogMeIn Hamachi\LMIGuardianSvc.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Piriform Ltd) C:\CCleaner\CCleaner64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(EFD Software) E:\HD Tune\HDTune.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Wilczur\Downloads\FRST64(1).exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [495616 2012-07-27] (MSI)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [74752 2015-09-23] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2015-10-03] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2015-10-16] (Logitech Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-10-28] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => E:\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-17] (LogMeIn Inc.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2015-12-16] ()
HKLM-x32\...\Run: [HD Tune] => E:\HD Tune\HDTune.exe [401408 2015-09-19] (EFD Software)
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Run: [CCleaner Monitoring] => C:\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Run: [Steam] => E:\Steam\steam.exe [3013712 2015-12-15] (Valve Corporation)
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Run: [RocketDock] => E:\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Run: [f.lux] => C:\Users\Wilczur\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2015-09-14] (Flux Software LLC)
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50385536 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\MountPoints2: G - G:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2015-09-12]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\..\Interfaces\{F882D9DB-39E2-454E-BACB-8AC261C8CD94}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{FA710472-4C18-49B5-9F71-D87471A0C5BB}: [DhcpNameServer] 7.254.254.254

Internet Explorer:
==================
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.pl/?gws_rd=ssl
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-09] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-09] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Wilczur\AppData\Roaming\Mozilla\Firefox\Profiles\od7hrnj2.default
FF Session Restore: -> [funkcja włączona]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-30] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-2051811701-3595625153-149968726-1000: @nsroblox.roblox.com/launcher -> C:\Users\Wilczur\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2051811701-3595625153-149968726-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Wilczur\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2051811701-3595625153-149968726-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Extension: Adblock Plus - C:\Users\Wilczur\AppData\Roaming\Mozilla\Firefox\Profiles\od7hrnj2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-26]

Chrome:
=======
CHR Profile: C:\Users\Wilczur\AppData\Local\Google\Chrome\User Data\Default

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1300512 2016-01-23] ()
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-10-28] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-10-28] (Comodo Security Solutions, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-13] (NVIDIA Corporation)
R2 Hamachi2Svc; E:\LogMeIn Hamachi\hamachi-2.exe [2546184 2015-11-17] (LogMeIn Inc.)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [146984 2012-07-24] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [136704 2012-06-29] (MSI) [Brak podpisu cyfrowego]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-13] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-13] (NVIDIA Corporation)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2104840 2016-02-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-01-04] ()
R2 SamsungUPDUtilSvc; C:\Windows\SysWOW64\SecUPDUtilSvc.exe [118576 2015-09-23] ()
S3 TunngleService; E:\Tunngle\TnglCtrl.exe [814064 2016-01-04] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-09-12] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2015-12-16] (Wacom Technology, Corp.)

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2015-10-20] (Windows ® Win 7 DDK provider) [Brak podpisu cyfrowego]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-11-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-11-18] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-07-24] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-07-24] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-04] (Malwarebytes)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 Phosgene; C:\Windows\System32\DRIVERS\Phosgene.sys [33672 2015-12-03] (Adoriasoft LLC)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2016-01-04] (Tunngle.net)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2016-02-04] ()
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-02-04 22:50 - 2016-02-04 22:51 - 02370560 _____ (Farbar) C:\Users\Wilczur\Downloads\FRST64(1).exe
2016-02-01 22:26 - 2016-02-01 22:26 - 00129930 _____ C:\Users\Wilczur\Downloads\Addition.txt
2016-02-01 22:25 - 2016-02-04 23:11 - 00018139 _____ C:\Users\Wilczur\Downloads\FRST.txt
2016-02-01 21:36 - 2016-02-04 23:11 - 00000000 ____D C:\FRST
2016-02-01 21:36 - 2016-02-01 21:36 - 02370560 _____ (Farbar) C:\Users\Wilczur\Downloads\FRST64.exe
2016-02-01 14:06 - 2016-02-01 14:06 - 00000520 _____ C:\Users\Public\Desktop\Fraps.lnk
2016-02-01 14:06 - 2016-02-01 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2016-02-01 13:58 - 2016-02-01 13:58 - 02496800 _____ (Beepa Pty Ltd) C:\Users\Wilczur\Downloads\setup.exe
2016-01-31 15:23 - 2016-01-31 15:23 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\11bitstudios
2016-01-30 13:25 - 2016-01-30 13:25 - 00002290 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-30 13:25 - 2016-01-30 13:25 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-30 13:16 - 2016-02-04 22:21 - 00001050 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-30 13:16 - 2016-02-04 17:22 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-30 13:16 - 2016-01-30 13:16 - 00004046 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-30 13:16 - 2016-01-30 13:16 - 00003794 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-30 12:54 - 2016-01-30 12:54 - 00987728 _____ (Google Inc.) C:\Users\Wilczur\Downloads\ChromeSetup.exe
2016-01-30 11:40 - 2016-01-30 11:40 - 00001252 _____ C:\Users\Public\Desktop\Style Builder 2016.lnk
2016-01-30 11:40 - 2016-01-30 11:40 - 00001164 _____ C:\Users\Public\Desktop\LayOut 2016.lnk
2016-01-30 11:40 - 2016-01-30 11:40 - 00001061 _____ C:\Users\Public\Desktop\SketchUp 2016.lnk
2016-01-30 11:40 - 2016-01-30 11:40 - 00000000 ____D C:\Program Files\SketchUp
2016-01-30 11:39 - 2016-01-30 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SketchUp 2016
2016-01-30 11:28 - 2016-01-30 11:36 - 160377811 _____ (Trimble Navigation Limited) C:\Users\Wilczur\Downloads\SketchUpMake-pl-x64.exe
2016-01-30 11:26 - 2016-01-30 11:26 - 00000000 ____D C:\ProgramData\Reprise
2016-01-30 11:25 - 2016-01-30 11:25 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\SketchUp
2016-01-30 11:25 - 2016-01-30 11:25 - 00000000 ____D C:\ProgramData\Caphyon
2016-01-30 11:24 - 2016-01-30 11:24 - 00000000 ____D C:\ProgramData\SketchUp
2016-01-30 11:23 - 2016-01-30 11:38 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\Trimble Navigation Limited
2016-01-30 11:13 - 2016-01-30 11:23 - 160371488 _____ (Trimble Navigation Limited) C:\Users\Wilczur\Downloads\SketchUpPro-pl-x64.exe
2016-01-30 11:08 - 2016-01-30 11:08 - 03687434 _____ C:\Users\Wilczur\Downloads\3DCreator_v.3.1.3.14.zip
2016-01-29 00:56 - 2016-01-29 00:56 - 00001358 _____ C:\Users\Wilczur\Desktop\Play Wolfenstein.The.New.Order.lnk
2016-01-25 22:34 - 2016-01-25 22:34 - 00054190 _____ C:\Users\Wilczur\Documents\Esu.xps
2016-01-25 20:28 - 2016-01-25 20:29 - 15179458 _____ C:\Users\Wilczur\Downloads\Esmotki.rar
2016-01-25 19:03 - 2016-01-25 19:03 - 00075044 _____ C:\Users\Wilczur\Downloads\Referat #1.odt
2016-01-24 21:25 - 2016-01-24 21:25 - 01593490 _____ C:\Users\Wilczur\Downloads\rhs_afrf_updater.zip
2016-01-24 21:25 - 2016-01-24 21:25 - 01593488 _____ C:\Users\Wilczur\Downloads\rhs_usaf_updater.zip
2016-01-23 22:46 - 2016-01-12 05:40 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-01-23 22:45 - 2015-12-18 07:11 - 00047760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-01-23 22:45 - 2015-12-18 07:10 - 00099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-01-23 22:45 - 2015-12-18 07:10 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-01-23 20:40 - 2016-01-23 20:40 - 00013240 _____ C:\Users\Wilczur\Downloads\GL5.zip
2016-01-23 14:12 - 2016-01-23 14:22 - 76153715 _____ C:\Users\Wilczur\Downloads\Advanced-Combat-Environment3-ACE3-version-3.4.2.zip
2016-01-23 14:10 - 2016-01-23 15:16 - 962898936 _____ C:\Users\Wilczur\Downloads\NATO-SF-Russian-Spetsnaz-Weapons-version-111.zip
2016-01-23 12:12 - 2016-01-23 12:14 - 36442680 _____ C:\Users\Wilczur\Downloads\Blastcore-A3-Phoenix-Phoenix-Update-12.rar
2016-01-23 11:39 - 2016-01-23 12:05 - 494545127 _____ C:\Users\Wilczur\Downloads\EricJ-Weapons-Pack-version-RC-75.7z
2016-01-23 01:16 - 2016-01-23 01:19 - 3978309036 _____ C:\Users\Wilczur\Downloads\@CUP_Terrains_Complete_v1.0.1.zip
2016-01-22 14:28 - 2016-01-22 14:31 - 53507158 _____ C:\Users\Wilczur\Downloads\@GL5v1.zip
2016-01-22 13:19 - 2016-01-22 13:19 - 02738587 _____ C:\Users\Wilczur\Downloads\18035_Realistic_Fireball_Settings.zip
2016-01-19 18:55 - 2016-01-19 18:55 - 00000000 ____D C:\Users\Wilczur\Documents\Deluxe Ski Jump 4
2016-01-19 18:55 - 2016-01-19 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
2016-01-19 18:51 - 2016-01-19 18:52 - 15930210 _____ (Mediamond Tmi ) C:\Users\Wilczur\Downloads\dsj4v161.exe
2016-01-18 20:54 - 2016-01-19 23:03 - 00002438 _____ C:\Users\Wilczur\Desktop\Rkill.txt
2016-01-18 20:54 - 2016-01-19 20:05 - 00000000 ____D C:\Users\Wilczur\Desktop\rkill
2016-01-18 20:54 - 2016-01-18 20:54 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Wilczur\Downloads\rkill.exe
2016-01-18 20:44 - 2016-01-21 23:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-18 20:42 - 2016-01-18 20:42 - 00000000 ____D C:\Program Files\MBAM AR
2016-01-18 20:39 - 2016-01-18 20:41 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Wilczur\Downloads\mbar-1.09.3.1001.exe
2016-01-18 20:39 - 2016-01-18 20:39 - 00040456 _____ C:\Users\Wilczur\Downloads\MTB.txt
2016-01-18 20:38 - 2016-01-18 20:38 - 00891392 _____ (Farbar) C:\Users\Wilczur\Downloads\MiniToolBox.exe
2016-01-18 20:34 - 2016-01-18 20:35 - 00002798 _____ C:\Users\Wilczur\Downloads\FSS.txt
2016-01-18 20:34 - 2016-01-18 20:34 - 00899584 _____ (Farbar) C:\Users\Wilczur\Downloads\FSS.exe
2016-01-18 20:30 - 2016-01-18 20:30 - 00852720 _____ C:\Users\Wilczur\Downloads\SecurityCheck.exe
2016-01-17 00:04 - 2016-01-17 00:04 - 00000514 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
2016-01-17 00:04 - 2016-01-17 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2016-01-17 00:00 - 2016-01-17 05:55 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\Guild Wars 2
2016-01-16 23:56 - 2016-01-17 00:00 - 26068984 _____ (ArenaNet) C:\Users\Wilczur\Downloads\Gw2Setup.exe
2016-01-16 17:41 - 2016-01-16 17:41 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Blizzard
2016-01-16 16:04 - 2016-01-16 16:09 - 17483188 _____ C:\Users\Wilczur\Downloads\Emily_2_1_OBJ.rar
2016-01-16 13:07 - 2016-01-17 05:52 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Battle.net
2016-01-16 13:07 - 2016-01-16 13:52 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\Battle.net
2016-01-16 13:07 - 2016-01-16 13:07 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Blizzard Entertainment
2016-01-16 13:07 - 2016-01-16 13:07 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-01-16 12:40 - 2016-01-16 12:40 - 00000000 ____D C:\ProgramData\Battle.net
2016-01-16 12:36 - 2016-01-16 12:39 - 03142712 _____ (Blizzard Entertainment) C:\Users\Wilczur\Downloads\Hearthstone-Setup.exe
2016-01-15 20:26 - 2016-01-16 18:12 - 00000000 ____D C:\CCE_Quarantine
2016-01-14 17:05 - 2016-01-14 17:06 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\Comodo
2016-01-14 16:52 - 2016-01-14 16:52 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Mixamo
2016-01-14 16:04 - 2016-01-14 16:04 - 00000000 ____D C:\Users\Wilczur\Documents\makehuman
2016-01-14 15:01 - 2016-01-14 15:49 - 189334024 _____ C:\Users\Wilczur\Downloads\makehuman-1.0.2-win32.zip
2016-01-14 14:29 - 2016-01-14 14:29 - 00136224 _____ C:\Users\Wilczur\Downloads\caviar_dreams.zip
2016-01-14 00:59 - 2016-01-14 00:59 - 00448512 _____ (OldTimer Tools) C:\Users\Wilczur\Downloads\TFC.exe
2016-01-13 19:20 - 2016-01-13 19:20 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 19:20 - 2016-01-13 19:20 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 19:20 - 2016-01-13 19:20 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 19:20 - 2016-01-13 19:20 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 19:20 - 2016-01-13 19:20 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 19:20 - 2016-01-13 19:20 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 19:20 - 2016-01-13 19:20 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 19:20 - 2016-01-13 19:20 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 19:20 - 2016-01-13 19:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 19:20 - 2016-01-13 19:20 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 19:20 - 2016-01-13 19:20 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 19:20 - 2016-01-13 19:20 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 19:20 - 2016-01-13 19:20 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 19:20 - 2016-01-13 19:20 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 19:20 - 2016-01-13 19:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 19:20 - 2016-01-13 19:20 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 19:20 - 2016-01-13 19:20 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 19:20 - 2016-01-13 19:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 19:20 - 2016-01-13 19:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 19:20 - 2015-12-12 19:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 19:20 - 2015-12-12 19:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 19:20 - 2015-12-12 18:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 19:20 - 2015-12-12 18:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 19:18 - 2016-01-13 19:18 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 19:18 - 2016-01-13 19:18 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 19:18 - 2016-01-13 19:18 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 19:18 - 2016-01-13 19:18 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 19:18 - 2016-01-13 19:18 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 19:18 - 2016-01-13 19:18 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 19:18 - 2016-01-13 19:18 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 19:18 - 2016-01-13 19:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 19:18 - 2016-01-13 19:18 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 19:18 - 2016-01-13 19:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 19:18 - 2016-01-13 19:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 19:18 - 2016-01-13 19:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 19:18 - 2016-01-13 19:18 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 19:18 - 2016-01-13 19:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 19:18 - 2016-01-13 19:18 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 19:18 - 2016-01-13 19:18 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 19:18 - 2016-01-13 19:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 19:18 - 2016-01-13 19:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 19:18 - 2016-01-13 19:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 19:18 - 2016-01-13 19:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 19:18 - 2016-01-13 19:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-12 22:20 - 2016-01-12 22:20 - 03137489 _____ C:\Users\Wilczur\Downloads\System Plików.zip
2016-01-12 22:19 - 2016-01-12 22:20 - 00586781 _____ C:\Users\Wilczur\Downloads\download.zip
2016-01-12 16:28 - 2016-01-12 16:28 - 00702915 _____ C:\Users\Wilczur\Downloads\IOGraph_v1_0_1.exe
2016-01-11 01:05 - 2016-01-11 01:05 - 747596691 _____ C:\Users\Wilczur\Downloads\css_content_addon_dec2015.zip
2016-01-10 19:36 - 2016-01-10 19:37 - 09133524 _____ C:\Users\Wilczur\Downloads\0001-0130.avi
2016-01-10 16:36 - 2016-01-10 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-01-10 16:36 - 2016-01-10 16:36 - 00000000 ____D C:\ProgramData\Apple Computer
2016-01-10 16:36 - 2016-01-10 16:36 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-01-09 14:12 - 2016-01-09 14:12 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\.mono
2016-01-09 14:12 - 2016-01-09 14:12 - 00000000 ____D C:\Users\Wilczur\AppData\LocalLow\PlayfulCorp
2016-01-09 14:12 - 2016-01-09 14:12 - 00000000 ____D C:\ProgramData\.mono
2016-01-09 14:03 - 2016-01-09 14:04 - 01501372 _____ C:\Users\Wilczur\Downloads\roboto.zip
2016-01-09 13:45 - 2016-01-09 13:48 - 04638666 _____ C:\Users\Wilczur\Downloads\marker_pen_strokes_ai_brushes_by_fudgegraphics-d2yqams.zip
2016-01-09 13:13 - 2016-01-09 13:15 - 00000000 ____D C:\Users\Wilczur\AppData\LocalLow\Daybreak Game Company
2016-01-09 13:13 - 2016-01-09 13:13 - 00000000 ____D C:\Users\Wilczur\AppData\Local\SCE
2016-01-09 13:13 - 2016-01-09 13:13 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Daybreak Game Company
2016-01-08 00:19 - 2016-01-15 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-06 15:58 - 2016-01-06 15:58 - 00000000 ____D C:\Users\Wilczur\AppData\Local\My Games
2016-01-06 15:56 - 2016-01-06 15:56 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\Sid Meier's Civilization 5
2016-01-06 15:56 - 2016-01-06 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-01-06 14:10 - 2016-01-06 14:10 - 00011264 ___SH C:\Users\Wilczur\Thumbs.db
2016-01-05 16:30 - 2016-01-09 01:30 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Ikqqsoft
2016-01-05 16:26 - 2016-01-14 16:42 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\ProxyGate
2016-01-05 00:50 - 2016-01-06 00:05 - 00281032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2016-01-05 00:50 - 2016-01-05 00:50 - 00000000 ____D C:\Users\Wilczur\AppData\Local\PunkBuster

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-02-04 23:11 - 2015-09-12 19:58 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\Skype
2016-02-04 23:02 - 2015-09-12 19:06 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2016-02-04 23:01 - 2015-09-12 17:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-04 22:47 - 2015-10-24 13:56 - 00000000 ____D C:\Users\Wilczur\AppData\Local\LogMeIn Hamachi
2016-02-04 22:02 - 2015-09-18 18:31 - 00000000 ____D C:\Users\Wilczur\AppData\Local\CrashDumps
2016-02-04 17:32 - 2015-09-13 12:58 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Adobe
2016-02-04 17:30 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-04 17:30 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-04 17:28 - 2011-04-12 14:21 - 00889174 _____ C:\Windows\system32\perfh015.dat
2016-02-04 17:28 - 2011-04-12 14:21 - 00202734 _____ C:\Windows\system32\perfc015.dat
2016-02-04 17:28 - 2009-07-14 06:13 - 01868442 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-04 17:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-02-04 17:24 - 2015-09-19 15:12 - 00000000 ____D C:\Users\Wilczur\SSDToolbox
2016-02-04 17:24 - 2015-09-19 15:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-02-04 17:24 - 2015-09-19 15:12 - 00000000 _____ C:\Users\Wilczur\.ktcssd
2016-02-04 17:22 - 2015-12-09 14:14 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2016-02-04 17:22 - 2015-10-17 16:41 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-04 17:22 - 2015-09-12 17:08 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2016-02-04 17:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-02 22:14 - 2015-09-13 14:33 - 00000000 ____D C:\ProgramData\Origin
2016-02-01 21:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Vss
2016-02-01 16:33 - 2015-09-12 16:45 - 00000000 ____D C:\Users\Wilczur
2016-02-01 01:34 - 2015-09-12 19:51 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\TS3Client
2016-01-31 20:31 - 2015-10-03 17:30 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Arma 3
2016-01-31 13:06 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-30 14:45 - 2015-09-14 22:43 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\vlc
2016-01-30 13:25 - 2015-09-12 19:27 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Google
2016-01-30 13:25 - 2015-09-12 19:27 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-30 11:38 - 2015-09-18 22:20 - 00007592 _____ C:\Users\Wilczur\AppData\Local\resmon.resmoncfg
2016-01-30 05:17 - 2009-07-14 05:45 - 05058912 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-29 00:59 - 2015-11-16 17:20 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\OBS
2016-01-29 00:57 - 2015-09-12 19:38 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\uTorrent
2016-01-28 22:55 - 2015-09-19 00:45 - 00000034 _____ C:\Users\Wilczur\AppData\Roaming\AdobeWLCMCache.dat
2016-01-28 22:53 - 2015-09-12 18:48 - 00096128 _____ C:\Users\Wilczur\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-27 13:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Web
2016-01-24 21:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Globalization
2016-01-24 18:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-24 01:50 - 2015-11-14 15:34 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\Audacity
2016-01-23 22:57 - 2015-09-12 17:36 - 00000000 ____D C:\Users\Wilczur\AppData\Local\NVIDIA Corporation
2016-01-23 22:46 - 2015-09-12 17:36 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-01-23 22:46 - 2015-09-12 17:36 - 00000000 ____D C:\Users\Wilczur\AppData\Local\NVIDIA
2016-01-23 22:46 - 2015-09-12 17:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-23 22:42 - 2015-09-15 15:39 - 00000000 ____D C:\Users\Wilczur\Documents\Action!
2016-01-23 10:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Registration
2016-01-22 13:20 - 2015-12-31 20:00 - 00000000 ____D C:\tmp
2016-01-19 19:47 - 2015-09-12 17:49 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-17 23:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-01-16 17:42 - 2015-09-26 21:46 - 00000000 ____D C:\Users\Wilczur\Documents\My Games
2016-01-15 20:27 - 2015-09-14 19:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-15 19:08 - 2015-09-22 18:36 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-15 19:08 - 2015-09-22 18:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-15 18:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\L2Schemas
2016-01-14 17:05 - 2015-09-12 18:42 - 00000000 ____D C:\ProgramData\Comodo
2016-01-14 01:32 - 2015-09-13 11:42 - 00000000 ____D C:\Windows\system32\MRT
2016-01-14 01:28 - 2015-09-13 11:42 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-12 05:41 - 2015-09-12 17:34 - 01542600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-01-12 05:41 - 2015-09-12 17:34 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-01-12 05:40 - 2015-09-12 17:34 - 01860120 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-01-12 05:40 - 2015-09-12 17:34 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-01-09 14:59 - 2015-11-16 17:19 - 00000000 ____D C:\Program Files (x86)\OBS
2016-01-09 12:44 - 2015-09-12 19:58 - 00000000 ____D C:\ProgramData\Skype
2016-01-06 21:12 - 2016-01-04 16:39 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\Tunngle
2016-01-06 15:58 - 2015-12-15 18:23 - 00000000 ____D C:\ProgramData\Steam
2016-01-06 15:04 - 2016-01-04 16:39 - 00000000 ____D C:\ProgramData\Tunngle
2016-01-06 12:21 - 2015-09-12 21:56 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\AIMP3
2016-01-06 00:05 - 2016-01-04 22:51 - 00281032 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-01-05 16:03 - 2016-01-02 19:44 - 00000000 ____D C:\Users\Wilczur\Documents\Euro Truck Simulator 2
2016-01-05 15:09 - 2016-01-04 22:51 - 00281032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0

==================== Pliki w katalogu głównym wybranych folderów =======

2015-09-19 00:45 - 2016-01-28 22:55 - 0000034 _____ () C:\Users\Wilczur\AppData\Roaming\AdobeWLCMCache.dat
2015-08-13 14:41 - 2015-08-13 14:47 - 0047462 ___SH () C:\Users\Wilczur\AppData\Roaming\d3dx10.exe
2015-10-03 11:36 - 2015-10-03 17:06 - 0002155 _____ () C:\Users\Wilczur\AppData\Roaming\SpeedRunnersLog.txt
2015-12-16 18:34 - 2015-12-16 18:34 - 0001768 _____ () C:\Users\Wilczur\AppData\Local\recently-used.xbel
2015-09-18 22:20 - 2016-01-30 11:38 - 0007592 _____ () C:\Users\Wilczur\AppData\Local\resmon.resmoncfg
2015-09-19 14:55 - 2015-09-19 14:55 - 0002637 _____ () C:\ProgramData\regid.2014-05.com.kingston,KDI_de542a20-1f17-11b2-8fa3-9b5486234594.swidtag

Pliki do przeniesienia lub usunięcia:
====================
C:\Users\Wilczur\update-Fallout4.bat


==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


LastRegBack: 2016-01-30 21:37

==================== Koniec  FRST.txt ============================

 

 

I hope that polish language isn't a problem, if it is tell me what to do ;)

 

And thank you for all of your help.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 AM

Posted 07 February 2016 - 09:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

To complete my review of your problem I need to see the Addition.txt file that was created by the Farbar tool.

Please post it for my review.

Wait for further instructions.

#3 Wilczur2142

Wilczur2142
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 07 February 2016 - 02:05 PM

Hello!

 

There is a addition log

 

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:27-01-2016
Uruchomiony przez Wilczur (2016-02-01 22:26:18)
Uruchomiony z C:\Users\Wilczur\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-09-12 15:45:32)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Administrator (S-1-5-21-2051811701-3595625153-149968726-500 - Administrator - Disabled)
Gość (S-1-5-21-2051811701-3595625153-149968726-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2051811701-3595625153-149968726-1002 - Limited - Enabled)
Wilczur (S-1-5-21-2051811701-3595625153-149968726-1000 - Administrator - Enabled) => C:\Users\Wilczur

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

µTorrent (HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Action! (HKLM-x32\...\{7A9DEE45-1F8D-4D1A-A9EA-F0108DAE6FEC}) (Version: 1.9.0 - Mirillis)
Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1500, 31.08.2015 - AIMP DevTeam)
Aktualizacje NVIDIA 2.9.1.22 (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ArmA3Sync 1.5.69 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.5.69 - The [S.o.E] team)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blender (HKLM\...\{D593042C-8739-488D-93B8-E6B202013E57}) (Version: 2.76.1 - Blender Foundation)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Close Your Eyes (HKLM-x32\...\Steam App 377330) (Version:  - Yai Gameworks)
COMODO Internet Security Pro (HKLM\...\{38F898C8-272F-455F-9BD6-71FEBA3E4AF5}) (Version: 8.2.0.4703 - COMODO Security Solutions Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.74 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creativerse (HKLM-x32\...\Steam App 280790) (Version:  - Playful Corporation)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DCS World (HKLM-x32\...\Steam App 223750) (Version:  - Eagle Dynamics)
Deluxe Ski Jump 4 (HKLM-x32\...\Deluxe Ski Jump 4_is1) (Version: 1.6.1 - Mediamond Tmi)
Dr. Langeskov, The Tiger, and The Terribly Cursed Emerald: A Whirlwind Heist (HKLM-x32\...\Steam App 409160) (Version:  - Crows Crows Crows)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.2.0.5.1 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.0.5.1 Alpha - ETS2MP Team)
f.lux (HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Flux) (Version:  - )
FaceRig (HKLM-x32\...\Steam App 274920) (Version:  - Holotech Studios)
FaceRig Virtual Video driver version 1.0.1.1000 (HKLM-x32\...\{7D6A1A0F-F57E-4C6B-9331-86CBC7D5C787}_is1) (Version: 1.0.1.1000 - Adoriasoft LLC)
FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Converter wersja 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Fuse (HKLM-x32\...\Steam App 257400) (Version:  - Mixamo)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeekBuddy (HKLM\...\{A115A872-91C6-477C-8CA7-9F2973437EAF}) (Version: 4.23.152 - Comodo Security Solutions Inc)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - Crackshell)
Happy Wars (HKLM-x32\...\Steam App 246280) (Version:  - Toylogic inc.)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL MiniHost (HKLM-x32\...\IL MiniHost) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Smart Connect Technology 3.0 x64 (HKLM\...\{EE21578E-DE14-46D5-83D7-EA4D347B2F9A}) (Version: 3.0.30.1526 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Kingston SSD Toolbox (C:\Program Files (x86)\Kingston SSD Toolbox) (HKLM-x32\...\Kingston SSD Toolbox) (Version: 1.0.0.0 - Kingston)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LibreOffice 5.0.1.2 (HKLM-x32\...\{927AE35D-72BC-437D-BAC7-EE47D03DEE54}) (Version: 5.0.1.2 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
Lost Planet 3 (HKLM-x32\...\Steam App 226720) (Version:  - Spark Unlimited)
Malwarebytes Anti-Malware wersja 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Speech SDK 5.1 (HKLM-x32\...\{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}) (Version: 5.1.4324.0 - Microsoft)
Microsoft Speech SDK 5.1 Language Pack (HKLM-x32\...\{BFF0C845-DFF9-425A-9093-D86C4EE00EE1}) (Version: 5.1 - Microsoft)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mozilla Firefox 43.0.4 (x86 pl) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 pl)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MyPaint 1.0.0 (HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\MyPaint) (Version: 1.0.0 - Martin Renold & MyPaint Development Team)
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.2 - Black Tree Gaming)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Sterownik 3D Vision 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
NVIDIA Sterownik kontrolera 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
Obsługa programów Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
PAMM (HKLM-x32\...\{D1A5AE66-BD56-495E-A2FD-12732DBFDFAA}) (Version: 1.7.0.0 - The PA Community)
Panel sterowania NVIDIA 358.50 (Version: 358.50 - NVIDIA Corporation) Hidden
Papo & Yo (HKLM-x32\...\Steam App 227080) (Version: 2.0 - Minority Media Inc.)
Penumbra: Necrologue (HKLM-x32\...\Steam App 346290) (Version:  - CounterCurrent Games)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Daybreak Games)
PlanetSide 2 (HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
Pool Nation FX (HKLM-x32\...\Steam App 314000) (Version:  - Cherry Pop Games)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
ProxyGate version 3.0.0.1161 (HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\{3544F3ED-42DD-4FF9-8E1B-C9AB61F5CA8A}}_is1) (Version: 3.0.0.1161 - Gold Click Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rayman Origins (HKLM-x32\...\{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}) (Version: 1.00 - Ubisoft)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Resident Evil Revelations 2 / Biohazard Revelations 2 (HKLM-x32\...\Steam App 287290) (Version:  - CAPCOM Co., Ltd.)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
ROBLOX Player for Wilczur (HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROCCAT Power-Grid version 0.461 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.461 - ROCCAT GmbH)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
SketchUp 2016 PL (HKLM-x32\...\SketchUp Make 2016 PL (64-bit) 16.0.19912) (Version: 16.0.19912 - Trimble Navigation Limited)
SketchUp Make 2016 PL (64-bit) (Version: 16.0.19912 - Trimble Navigation Limited) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - Keen Software House)
SpaceEngine wersja 0.9.7.2 (HKLM-x32\...\{E65FD500-9218-44EC-9586-D39FAB4DFDAF}_is1) (Version: 0.9.7.2 - SpaceEngine)
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version:  - Cryptic Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.012 - MSI)
Talisman: Prologue (HKLM-x32\...\Steam App 258200) (Version:  - Nomad Games)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
The Universim - Mother Planet Demo (HKLM-x32\...\Steam App 401980) (Version:  - Crytivo Games)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version:  - 11 bit studios)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
Unepic (HKLM-x32\...\Steam App 233980) (Version:  - Francisco Téllez de Meneses)
Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
Vertiginous Golf (HKLM-x32\...\Steam App 272890) (Version:  - Kinelco & Lone Elk Creative)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoiceAttack (HKLM-x32\...\{54955A16-EE50-44DA-97BE-64FD379145E7}) (Version: 1.5.8.7 - VoiceAttack.com)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebM Project Directshow Filters (HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\webmdshow) (Version:  - )
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.125 - MSI)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

CustomCLSID: HKU\S-1-5-21-2051811701-3595625153-149968726-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Wilczur\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\RobloxProxy64.dll (ROBLOX Corporation)

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {05A91122-2074-448B-AE83-15D541AA7A57} - System32\Tasks\IntelMemoryDiagnostic => C:\Users\Wilczur\AppData\Roaming\d3dx10.exe [2015-08-13] ()
Task: {1B4E4A0A-27EA-4DE4-A225-5BAE131BF3AE} - System32\Tasks\AdobeAAMUpdater-1.0-Wilczur-komp-Wilczur => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {1E9399CD-ED8F-48B2-A7BE-A7F974C6C94C} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {28268D20-13A4-497A-8825-E92A407DC39E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-01-15] (Adobe Systems Incorporated)
Task: {2894E24F-93D1-43EB-A2D1-B4637E649954} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-30] (Google Inc.)
Task: {33BED31A-8EAD-4A81-9999-0A26B33E3628} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-30] (Google Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5BE57D73-E499-40F2-B7E2-0F5B27AACFC3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-10-03] (Apple Inc.)
Task: {61B531EC-0DE6-4433-9931-72261F88B035} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis85F1.exe <==== UWAGA
Task: {6E781C58-EC78-4B63-A5B1-7492087B0311} - System32\Tasks\Kingston SSD Toolbox => C:\Program Files (x86)\Kingston SSD Toolbox\Kingston SSD Toolbox.exe [2015-09-19] (Flexera Software)
Task: {92CCB18B-8A8D-4FE2-A768-F349B72E879A} - System32\Tasks\CCleanerSkipUAC => C:\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {C2636702-2BAA-4DCA-AB85-A62CBA736CBC} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E3433BC8-7D61-4F5C-87B9-E60485C413AB} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {EBB4568E-124C-42C7-A822-42CBBD81C0E6} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {F3033EB3-57DD-40BC-B079-B1747EC11BEA} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Skróty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

==================== Załadowane moduły (filtrowane) ==============

2015-10-17 16:41 - 2015-10-03 03:49 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-23 15:15 - 2015-09-23 15:15 - 00029184 _____ () C:\Windows\System32\usp02l.dll
2012-07-24 09:43 - 2012-07-24 09:43 - 00146984 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2012-07-24 09:43 - 2012-07-24 09:43 - 00058920 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2016-01-23 22:45 - 2016-01-12 05:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-01-04 22:51 - 2016-01-04 22:51 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-09-23 15:30 - 2015-09-23 15:30 - 00118576 _____ () C:\Windows\SysWOW64\SecUPDUtilSvc.exe
2015-01-08 22:02 - 2015-01-08 22:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-09-12 21:38 - 2007-09-02 12:58 - 00495616 _____ () E:\RocketDock\RocketDock.exe
2012-10-16 10:39 - 2015-12-16 14:09 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2015-12-15 18:59 - 2014-08-19 20:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-09-12 17:34 - 2016-01-12 05:43 - 00715712 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2015-09-12 17:34 - 2016-01-12 05:43 - 00861120 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2015-08-24 19:28 - 2015-08-24 19:28 - 00061440 _____ () C:\CCleaner\lang\lang-1045.dll
2015-09-12 17:34 - 2016-01-12 05:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-09-12 21:38 - 2015-09-12 21:38 - 00069632 _____ () E:\RocketDock\RocketDock.dll
2015-09-12 19:45 - 2015-12-11 14:13 - 00778752 _____ () E:\Steam\SDL2.dll
2015-09-12 19:45 - 2015-09-12 19:45 - 04962816 _____ () E:\Steam\v8.dll
2015-09-12 19:45 - 2015-09-12 19:45 - 01556992 _____ () E:\Steam\icui18n.dll
2015-09-12 19:45 - 2015-09-12 19:45 - 01187840 _____ () E:\Steam\icuuc.dll
2015-09-12 19:45 - 2015-12-15 07:19 - 02547280 _____ () E:\Steam\video.dll
2015-09-12 19:45 - 2015-10-08 16:52 - 02549248 _____ () E:\Steam\libavcodec-56.dll
2015-09-12 19:45 - 2015-10-08 16:52 - 00442880 _____ () E:\Steam\libavutil-54.dll
2015-09-12 19:45 - 2015-10-08 16:52 - 00491008 _____ () E:\Steam\libavformat-56.dll
2015-09-12 19:45 - 2015-10-08 16:52 - 00332800 _____ () E:\Steam\libavresample-2.dll
2015-09-12 19:45 - 2015-10-08 16:52 - 00485888 _____ () E:\Steam\libswscale-3.dll
2015-09-12 19:45 - 2015-12-15 07:19 - 00804432 _____ () E:\Steam\bin\chromehtml.DLL
2015-09-12 19:45 - 2015-11-05 18:35 - 00201728 _____ () E:\Steam\bin\openvr_api.dll
2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2015-09-12 19:45 - 2015-11-17 01:31 - 47846176 _____ () E:\Steam\bin\libcef.dll
2015-09-12 19:45 - 2015-10-08 16:52 - 00119208 _____ () E:\Steam\winh264.dll
2015-09-12 17:06 - 2012-06-25 03:41 - 01198912 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)

AlternateDataStreams: C:\Windows\delttsul.exe:$CmdTcID
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\TotalUninstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\unins000.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevManagerCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hpotscl1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hpowiav1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hpzllw71.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kd1394.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LogiDPP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LogiDPPApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lvco1351823.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lvcod64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LVUI64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LVUIRC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6435850.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6435850.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvEncodeAPI64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdagenco6420103.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdap64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFROpenGL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglshim64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvumdshimx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenAL32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp02ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp02ci.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp02l.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wrap_oal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevManagerCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LogiDPP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LogiDPPApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lvcodec2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LVUI2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LVUI2RC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvEncodeAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvIFROpenGL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglshim32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvumdshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenAL32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrA.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.ex0:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.xtr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SecUPDUtilSvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wrap_oal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\CFRMD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hamachi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidkmdf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\lvrs64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\lvuvc64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvhda64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Phosgene.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tap0901t.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdtcp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wachidrouter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wacomrouterfilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wdfcoinstaller01009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\update-Fallout4.bat:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Desktop\blender.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Desktop\uTorrent.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Desktop\uTorrent.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Desktop\wallhaven-160131.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\0001-0130.avi:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\12548932_412695358929144_7278402757297849046_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\18035_Realistic_Fireball_Settings.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\3DCreator_v.3.1.3.14.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\@CUP_Terrains_Complete_v1.0.1.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\@GL5v1.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Advanced-Combat-Environment3-ACE3-version-3.4.2.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Blastcore-A3-Phoenix-Phoenix-Update-12.rar:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\caviar_dreams.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\ChromeSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\ChromeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\css_content_addon_dec2015.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\download.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\dsj4v161.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\dsj4v161.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Emily_2_1_OBJ.rar:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\EricJ-Weapons-Pack-version-RC-75.7z:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Esmotki.rar:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\FSS.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\FSS.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\GL5.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Gw2Setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Hearthstone-Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Hearthstone-Setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\images.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\IOGraph_v1_0_1.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\IOGraph_v1_0_1.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\makehuman-1.0.2-win32.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\marker_pen_strokes_ai_brushes_by_fudgegraphics-d2yqams.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\mbar-1.09.3.1001.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\mbar-1.09.3.1001.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\MiniToolBox.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\MiniToolBox.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\NATO-SF-Russian-Spetsnaz-Weapons-version-111.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Referat #1.odt:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\rhs_afrf_updater.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\rhs_usaf_updater.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\rkill.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\rkill.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\roboto.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\SecurityCheck.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\SecurityCheck.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\SketchUpMake-pl-x64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\SketchUpMake-pl-x64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\SketchUpPro-pl-x64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\SketchUpPro-pl-x64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\soisk_35_profilaktyka_antywirusowa.doc:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\System Plików.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\TFC.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Umowa_o_Dzielo_2016.doc:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\AppData\Roaming\d3dx10.exe:$CmdTcID

==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE - Powiązania (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-2051811701-3595625153-149968726-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Wilczur\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.88.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

(Obecnie brak automatycznej naprawy dla tej sekcji.)


==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [{55D34A60-2791-4664-B0F4-3F82A021C578}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{310E9F2F-B0C1-4969-965B-EB414A2DD829}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7ECE42A5-9D84-4353-AC85-3D0EBD69E007}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{10E75C44-F93A-4197-A57E-2B2473F164F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D49033E2-BE5C-4AEC-8C6F-8BA6B57A5F6B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1939DF32-4F91-40E9-8931-E532023999CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F5EC70CD-5F26-43AC-A924-EAE730A69E9C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EAE85892-7F94-449B-AF68-A8738FAE314F}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{3EDEB4CF-3FE8-4BB3-8558-357EE3A706E3}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{CCB62D7D-63F4-474B-BD51-89F6397DDAF5}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{B04ACC77-30A3-41FC-84C3-7A18D6721C61}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{C93C44C6-70C3-43B3-97EA-050908A613CF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1B9F402D-947A-4886-BA90-5C64645C7305}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{22D662E4-A1C2-477A-A85E-5CA0A3FD365B}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{FA9120E8-26B5-4353-BD0A-1821CB676874}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{2CD3064C-27B6-47FF-8824-4307E22D37CF}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [TCP Query User{F25C0648-C748-4670-9693-023B78E830F2}C:\users\wilczur\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\wilczur\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{72C6B7A4-E348-49DF-B49B-F2317667797C}C:\users\wilczur\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\wilczur\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{DBAD6E40-0778-4F1B-9FB3-9D2734303BA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6FDD814D-8BAB-409E-BFD6-9401A1F5A5F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2DB991AA-3F46-485F-A01D-EE382D4A02B2}] => (Allow) D:\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{85E50E19-13DC-4336-AF09-F0C5074DA6E5}] => (Allow) D:\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{2C517E9B-E0DB-43D2-B904-1531BF6997CF}] => (Allow) D:\Risen 2\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B94F6919-B7A2-4A3D-8A40-C2E76F06F73F}] => (Allow) D:\Risen 2\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3F2BC941-DF20-45E8-B3F9-251F577B7166}] => (Allow) D:\Risen 2\steamapps\common\Close Your Eyes\game.exe
FirewallRules: [{EACA38FD-C1CA-4A53-B0C2-CA6468A56437}] => (Allow) D:\Risen 2\steamapps\common\Close Your Eyes\game.exe
FirewallRules: [{FD03F0D5-1B20-44F2-9F84-61698606B578}] => (Allow) D:\Risen 2\steamapps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{EF185A6D-CF53-46BC-9934-3597FF2DD2D0}] => (Allow) D:\Risen 2\steamapps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{9D897FDA-2971-4F8C-9F38-DA5088AF8278}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
FirewallRules: [{57FC57B2-1E7E-4F81-90F0-93C8C0F32266}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
FirewallRules: [{4CA2C3F8-80B4-4B41-B884-E76999044CC2}] => (Block) %ProgramFiles%\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{E1084D99-652F-4A00-B843-26F44543965A}] => (Block) %ProgramFiles%\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{CC1F2CB4-C790-480B-B09A-5990D4C3C700}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
FirewallRules: [{DA56106A-ED23-4B1D-A164-CDD4A1E27368}] => (Block) %ProgramFiles%\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{078904D7-157A-4E06-BEF2-3E730C6CEDC5}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe
FirewallRules: [{489BE704-EFD5-4A9F-947D-2CC2CA5E0366}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe
FirewallRules: [{AD86DF98-445E-4676-A611-66BDDEA11581}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe
FirewallRules: [{647E43E8-5F3F-411E-83A4-4410F8B609BC}] => (Allow) D:\Risen 2\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{0DB62526-6608-49BF-86AC-A20DD7DC7A02}] => (Allow) D:\Risen 2\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{2E2CE219-4ABE-4CB6-912A-89F10606E8F4}] => (Allow) D:\Risen 2\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{64E4BE4C-A243-417E-B7AC-248220A09915}] => (Allow) D:\Risen 2\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{0E66AB04-0E1C-49AD-949F-4B931AD200C1}] => (Allow) D:\Risen 2\steamapps\common\Unepic\unepic.exe
FirewallRules: [{2422BA33-05B0-41C1-BCA1-5F79AE56CE3B}] => (Allow) D:\Risen 2\steamapps\common\Unepic\unepic.exe
FirewallRules: [{7F6A4DC7-73BE-43BA-9E06-9C08FA26A422}] => (Allow) D:\Risen 2\steamapps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{80F0F16A-944C-4E30-A112-A447CEDB4D9C}] => (Allow) D:\Risen 2\steamapps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{65ED103D-25B1-4FB6-B30C-BE27259497D5}] => (Allow) D:\Risen 2\steamapps\common\Monaco\MONACO.exe
FirewallRules: [{EA24156E-E4CB-42D4-8422-42AEFA03BFE2}] => (Allow) D:\Risen 2\steamapps\common\Monaco\MONACO.exe
FirewallRules: [{B3EAA96C-B4A6-4B71-8937-A9ADF60E4BB2}] => (Allow) D:\Risen 2\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{5C230875-8661-4A8C-8A33-6ED9BD162DAD}] => (Allow) D:\Risen 2\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{C3847866-7717-4173-93FF-575C6196F400}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{8D058E8F-EA5D-4CF1-A69B-17A457C3D6AA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{3A7722D8-48AA-4DA7-96A4-BFE30E4BA268}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC\Adobe Audition CC.exe
FirewallRules: [{947468B8-EEDF-43A6-BB6C-CDFE28856565}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC\Adobe Audition CC.exe
FirewallRules: [{3BC939F6-E6FC-4005-B5F0-0E7679AAD028}] => (Allow) D:\Risen 2\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{5B0F1E73-A027-45D0-9184-4B6D144C4044}] => (Allow) D:\Risen 2\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{FDB08A23-9BE6-450F-B139-A0BF45B87C61}] => (Allow) D:\Risen 2\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{DA76634F-6A0F-41DC-9A96-C222AEEB9BAF}] => (Allow) D:\Risen 2\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{D134BB5B-750D-49F4-9B9C-AADE505EC7E7}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{65AE3988-E9B3-49AB-82C9-3A5C311AACE3}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{2B079AB5-F478-4DD4-A40C-0B9BC3AD9D89}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{554278AA-4208-4F02-B304-DD37F1694830}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{7D25C1D5-76C1-4E44-96D1-444D40329855}] => (Allow) D:\Risen 2\steamapps\common\PapoYo\Binaries\Win32\PYGame-Win32-Shipping.exe
FirewallRules: [{0EB6E8DD-E87A-46B0-8847-951830A04DB0}] => (Allow) D:\Risen 2\steamapps\common\PapoYo\Binaries\Win32\PYGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{AD4C51E3-62ED-4532-820B-84D97AE9D682}D:\risen 2\steamapps\common\arma 3\arma3.exe] => (Block) D:\risen 2\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{542B62FD-7E9C-47DA-B729-7A079CAFB37F}D:\risen 2\steamapps\common\arma 3\arma3.exe] => (Block) D:\risen 2\steamapps\common\arma 3\arma3.exe
FirewallRules: [{0956F11B-52FC-4C50-8500-C699A3FEF9C9}] => (Block) E:\FL Studio 11\FL.exe
FirewallRules: [{DA39E250-E256-40E4-B731-A4D3ADC36838}] => (Block) E:\FL Studio 11\FL.exe
FirewallRules: [TCP Query User{810257B5-233E-400C-9EFF-5D071FC22DA8}D:\risen 2\steamapps\common\happywars\happywars.exe] => (Block) D:\risen 2\steamapps\common\happywars\happywars.exe
FirewallRules: [UDP Query User{A22D1624-AEB2-4460-B536-2A30D1EF7007}D:\risen 2\steamapps\common\happywars\happywars.exe] => (Block) D:\risen 2\steamapps\common\happywars\happywars.exe
FirewallRules: [{39BC496F-C39E-4CBF-B180-03C131EA123B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F0C7B042-D104-4237-A35F-D4417EE5C10A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6C3DD4A5-567E-4F0E-A53A-2B5A2F153B9F}] => (Allow) D:\Risen 2\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{280AC81B-D538-4B7A-9080-A1AD1E9BDC51}] => (Allow) D:\Risen 2\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [TCP Query User{78BBB809-F8A2-44EF-B0D5-AA3F0139B8FF}D:\fallout 4 gra\fallout 4\fallout4.exe] => (Block) D:\fallout 4 gra\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{8F19B64A-56F8-4FC6-9248-05A1081C41D2}D:\fallout 4 gra\fallout 4\fallout4.exe] => (Block) D:\fallout 4 gra\fallout 4\fallout4.exe
FirewallRules: [{C706D21B-9DEA-4753-9135-8FD23266CF45}] => (Allow) D:\Risen 2\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{3A0B4E50-F029-4FC5-B493-B8957AACDE4B}] => (Allow) D:\Risen 2\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [TCP Query User{F98EE2E6-1AEB-4988-B5C6-4AA579BCEDD8}E:\power-grid\roccatpowergrid.exe] => (Allow) E:\power-grid\roccatpowergrid.exe
FirewallRules: [UDP Query User{A41B4713-E45B-43AB-A3D8-BB764E6D073B}E:\power-grid\roccatpowergrid.exe] => (Allow) E:\power-grid\roccatpowergrid.exe
FirewallRules: [{BF47E34F-FEE3-433E-AE5B-FDB2694BF3A5}] => (Allow) E:\Power-Grid\ROCCATPowerGrid.exe
FirewallRules: [{848209C3-898E-4775-AD25-6C91CB5F01D8}] => (Allow) E:\Power-Grid\ROCCATPowerGrid.exe
FirewallRules: [{4E05DEE9-7803-4AB5-9B27-1C65BE1B7CB4}] => (Allow) D:\Risen 2\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{30370AF9-71A6-4A06-BB5B-FFD1A0ECF6AD}] => (Allow) D:\Risen 2\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [TCP Query User{22700EEA-5B3F-466A-A55E-7B9B601E0453}D:\risen 2\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\risen 2\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [UDP Query User{DD8D0D17-F16F-4EB2-BEEA-CF53E6FBFB67}D:\risen 2\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\risen 2\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [{A67412F7-4167-4D97-8216-9D7E188F9090}] => (Allow) D:\Risen 2\steamapps\common\FaceRig\Bin\Launcher.exe
FirewallRules: [{E67801A6-0ED3-477E-A1A9-639DC58EA9EF}] => (Allow) D:\Risen 2\steamapps\common\FaceRig\Bin\Launcher.exe
FirewallRules: [{6F179649-DB95-4065-A66B-3B68D7DF4F46}] => (Allow) D:\Risen 2\steamapps\common\FaceRig\Bin\FaceRig.exe
FirewallRules: [{4390FBAA-67CD-476C-9670-47E13A3F65F3}] => (Allow) D:\Risen 2\steamapps\common\FaceRig\Bin\FaceRig.exe
FirewallRules: [{F8B206B0-574B-41F0-BA2D-71499981949F}] => (Allow) D:\Risen 2\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{9202CCBC-BC6B-465F-946C-6D81F70173A4}] => (Allow) D:\Risen 2\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{61640212-611B-4EAB-B937-699CF638E6C6}] => (Allow) D:\Rayman Origins\Rayman Origins.exe
FirewallRules: [{3068BEA9-452F-4C2E-8C27-585ED671F9C5}] => (Allow) D:\Rayman Origins\Rayman Origins.exe
FirewallRules: [{21DF14E1-1CDB-4EC0-9EDA-7D246C8BA224}] => (Allow) D:\Rayman Origins\gu.exe
FirewallRules: [{A7BEEFBD-BD99-4CC3-879D-1785403AF6EA}] => (Allow) D:\Rayman Origins\gu.exe
FirewallRules: [TCP Query User{5AD5EFC7-FBB7-4543-A57E-7ECF92555C0A}D:\don't starve together\don't starve together beta\don't starve together\bin\dontstarve_steam.exe] => (Allow) D:\don't starve together\don't starve together beta\don't starve together\bin\dontstarve_steam.exe
FirewallRules: [UDP Query User{70910B60-801B-4256-867E-813E2F862A3B}D:\don't starve together\don't starve together beta\don't starve together\bin\dontstarve_steam.exe] => (Allow) D:\don't starve together\don't starve together beta\don't starve together\bin\dontstarve_steam.exe
FirewallRules: [{F419A831-22D6-4FD5-A461-69AC2F236380}] => (Block) D:\don't starve together\don't starve together beta\don't starve together\bin\dontstarve_steam.exe
FirewallRules: [{6E3708AD-AC23-4080-A839-B4567B018BFC}] => (Block) D:\don't starve together\don't starve together beta\don't starve together\bin\dontstarve_steam.exe
FirewallRules: [{449B6BF9-FEB1-4427-9585-FE48AA4CC0E5}] => (Allow) D:\Risen 2\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{5D9BB601-05BF-4CAA-9606-11B1AD4963D3}] => (Allow) D:\Risen 2\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [TCP Query User{51EBB725-1BA1-436E-88A3-4C6D9A0EEEA2}D:\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) D:\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{78A39CDC-6E9F-48A6-A725-46BA8DA0140D}D:\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) D:\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{127C9E07-D50C-4B95-BE4C-C4D7969E006B}] => (Allow) D:\Risen 2\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{E7FA56C8-BF82-455B-B874-8F0D048949EC}] => (Allow) D:\Risen 2\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{41CFC122-ADAC-467A-BB2F-1C0657F686D4}] => (Allow) D:\Risen 2\steamapps\common\Talisman Prologue\Talisman.exe
FirewallRules: [{32ACCCDF-EA88-4C30-AA7B-C37E6DF20ADC}] => (Allow) D:\Risen 2\steamapps\common\Talisman Prologue\Talisman.exe
FirewallRules: [{2BD62EF8-1283-414A-95E5-D8EC16BBFA89}] => (Allow) D:\Risen 2\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{8450BACF-674C-4362-AE2F-CFB5E8DD0A79}] => (Allow) D:\Risen 2\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{F3975519-726C-4624-B6A8-A6CF826B9055}D:\risen 2\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Block) D:\risen 2\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [UDP Query User{3EEE47AA-CC70-4A53-902D-ABBC4468BBAF}D:\risen 2\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Block) D:\risen 2\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [{16E09615-A5F5-439F-8474-934D944B29E5}] => (Allow) D:\Risen 2\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{0FA00D06-43FD-45A7-90E7-014A5DF5774E}] => (Allow) D:\Risen 2\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{C891F9CE-579F-4D68-A512-48DD49D52065}D:\risen 2\steamapps\common\dayz\dayz.exe] => (Block) D:\risen 2\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{79A383B3-4136-4F7C-9C25-45D1CB39D4C6}D:\risen 2\steamapps\common\dayz\dayz.exe] => (Block) D:\risen 2\steamapps\common\dayz\dayz.exe
FirewallRules: [{71956D71-E24B-4168-88C8-9AB37BB5C265}] => (Allow) D:\Risen 2\steamapps\common\Lost Planet 3\Binaries\Win32\LP3Launcher.exe
FirewallRules: [{0EDAE5F2-0229-43BB-8F4B-ECCECD07F567}] => (Allow) D:\Risen 2\steamapps\common\Lost Planet 3\Binaries\Win32\LP3Launcher.exe
FirewallRules: [{CCBF7729-018F-4674-8298-B813C34302D6}] => (Allow) D:\Risen 2\steamapps\common\Pool Nation FX\PoolNationFX\Binaries\Win64\PoolNationFX.exe
FirewallRules: [{7E586E29-9EB5-47CC-ADE1-6833D8F43D65}] => (Allow) D:\Risen 2\steamapps\common\Pool Nation FX\PoolNationFX\Binaries\Win64\PoolNationFX.exe
FirewallRules: [{5714D1EA-9ED5-402F-8DE4-806097051988}] => (Allow) D:\Risen 2\steamapps\common\DCSWorld\Run.exe
FirewallRules: [{B0D7C9EF-D5BF-4A1B-9F7A-538D9129A70F}] => (Allow) D:\Risen 2\steamapps\common\DCSWorld\Run.exe
FirewallRules: [{03AB176D-249A-44D9-86EE-873512F32165}] => (Allow) E:\Tunngle\TnglCtrl.exe
FirewallRules: [{EF6E0619-27F6-49DC-AB12-B29E20E1CEC6}] => (Allow) E:\Tunngle\TnglCtrl.exe
FirewallRules: [{1938E287-EE0A-4342-8B1C-A85F0BADFE9F}] => (Allow) E:\Tunngle\TnglCtrl.exe
FirewallRules: [{762B442F-6CAB-474E-A561-E8E9480B49F4}] => (Allow) E:\Tunngle\TnglCtrl.exe
FirewallRules: [{C3664A2C-5D65-430F-A7D7-3430440E342B}] => (Allow) E:\Tunngle\Tunngle.exe
FirewallRules: [{AFFBD68C-C699-4825-86AE-52B9A74D5910}] => (Allow) E:\Tunngle\Tunngle.exe
FirewallRules: [{23B4898E-93AA-4A10-AA79-1BDA2210EB7A}] => (Allow) E:\Tunngle\Tunngle.exe
FirewallRules: [{3F9F358F-D4F8-4233-B3D2-15A4D3232C58}] => (Allow) E:\Tunngle\Tunngle.exe
FirewallRules: [{6320CC4C-A657-45F9-A287-8426FC4A0CAD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E9D0DA86-4A5E-4C24-8DE3-B51EFBD1B19A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2783DCA1-C316-4BA9-877E-A15FB12967DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A18EC798-EC06-44F7-896F-E9DC5F05C3E1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{54157826-9133-424B-8C56-9CA3A289A3BA}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{3B7B8D8E-7D56-4EF4-866D-3E3B8A58ACC3}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{2C434F29-2509-4A44-9C23-90F61A15417E}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x86\PA.exe
FirewallRules: [{F60C0439-3C84-4F3E-8F96-339AA0F966C7}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x86\PA.exe
FirewallRules: [{091A5BC0-7C69-4058-A157-E794D25DF4F7}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe
FirewallRules: [{A3908D5F-0BD5-497B-82B1-6EF35D11E502}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe
FirewallRules: [{E3B36493-FA14-4DB9-B76F-979DBAC3D1DD}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{D59FEAE8-AD20-42D5-8D77-F141C5D39682}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{3ACBC4FB-909E-4BD2-ABAC-C818F8B7F784}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe
FirewallRules: [{098AA81A-7FCB-4D9A-A300-877E6901E040}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe
FirewallRules: [{6CE7E9A8-E84D-4D6C-A39C-93DC9BC9DF3A}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{C3178F59-7CB7-4A32-B01E-CCF9C1FA37B5}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{5D5EFE85-BFC6-456C-9872-CE04F21268D8}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\server.exe
FirewallRules: [{16FDB5DB-4E6C-4F0D-827F-D6C563265894}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\server.exe
FirewallRules: [{52D70E32-8153-420C-9C4A-B6442A14EB4C}] => (Allow) D:\Risen 2\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{9A33ABE0-8431-47E9-91AA-75192BCC57EF}] => (Allow) D:\Risen 2\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{490951D2-145C-41FC-A959-CD251DCC68E1}] => (Allow) D:\Risen 2\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{DD39D434-CBA8-41EC-AFB6-87C26D61ED66}] => (Allow) D:\Risen 2\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{B437CD2A-157A-4041-8D8A-CAD61BEE2C9A}] => (Allow) D:\Risen 2\steamapps\common\The Universim Demo\The Universim Mother Planet Demo.exe
FirewallRules: [{29691847-1F36-4E62-8D49-E5FB65C20EF2}] => (Allow) D:\Risen 2\steamapps\common\The Universim Demo\The Universim Mother Planet Demo.exe
FirewallRules: [{75C9D895-4603-4D3E-9FDF-C9CC9222F529}] => (Allow) D:\Risen 2\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{EA452BEA-FA1E-4C3A-B72C-2752842DA12B}] => (Allow) D:\Risen 2\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [TCP Query User{8610FB10-CA4A-4E16-ACAB-F11A825C31C9}D:\risen 2\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\risen 2\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{D3C35DA8-0F8C-48DA-A6F7-DD16B44031FC}D:\risen 2\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\risen 2\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{8DCE5ED5-9629-4B31-8A31-350C714F2C18}] => (Allow) D:\Risen 2\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
FirewallRules: [{63CB0948-7770-4FCE-8ACC-B209753C6EF6}] => (Allow) D:\Risen 2\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
FirewallRules: [{0B1EC5BE-4C1A-449D-8370-F9F84D62976A}] => (Allow) D:\Risen 2\steamapps\common\Vertiginous Golf\vgolf.exe
FirewallRules: [{71336EAC-DD63-4009-96B4-497032FE81D4}] => (Allow) D:\Risen 2\steamapps\common\Vertiginous Golf\vgolf.exe
FirewallRules: [{5E6A6F7E-056A-4505-B194-97DA39DC05A1}] => (Allow) D:\Risen 2\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{6C2EEB4B-8BD0-4805-A5C3-993C8408C62B}] => (Allow) D:\Risen 2\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [TCP Query User{5E80F3E6-74D4-41EF-A05A-AB50A5B1409B}D:\hearthstone\hearthstone.exe] => (Block) D:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{8157B330-25C7-471E-A641-D93B06277BF9}D:\hearthstone\hearthstone.exe] => (Block) D:\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{4B61161A-91AC-4EDD-9DBD-C3FDCB675DDD}D:\risen 2\steamapps\common\consortium\consortium.exe] => (Allow) D:\risen 2\steamapps\common\consortium\consortium.exe
FirewallRules: [UDP Query User{4673ECA3-5FBF-431A-92E7-62D6B72C4FEB}D:\risen 2\steamapps\common\consortium\consortium.exe] => (Allow) D:\risen 2\steamapps\common\consortium\consortium.exe
FirewallRules: [{ECF17267-B048-40EA-BD29-6790809501B7}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{2E17FD0D-FA81-412C-8472-83652B7745D7}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{63F8903D-D070-418A-AB3C-BE70A366AF81}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{BBB23C90-9662-47D4-BF73-A0BC014EAFF9}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [TCP Query User{3E4BDC55-F8CB-44A0-92F8-849BAA21A37E}D:\wolfenstain the new order\wolfenstein_the_new_order-gameworks\wolfenstein.the.new.order\wolfneworder_x64.exe] => (Block) D:\wolfenstain the new order\wolfenstein_the_new_order-gameworks\wolfenstein.the.new.order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{D1AE40C1-F353-4CDF-86A1-FA1D5AFEDAA0}D:\wolfenstain the new order\wolfenstein_the_new_order-gameworks\wolfenstein.the.new.order\wolfneworder_x64.exe] => (Block) D:\wolfenstain the new order\wolfenstein_the_new_order-gameworks\wolfenstein.the.new.order\wolfneworder_x64.exe
FirewallRules: [{55632AB4-D22E-4CAE-80D1-B398EC28BFB3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F9F8F43D-0777-4D5C-A1DC-89B2702AC8CF}] => (Allow) D:\Risen 2\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{F971D15C-593C-4FC0-A8FD-E2CF4E94EE5E}] => (Allow) D:\Risen 2\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{206AA8B4-2E9E-4CA2-B5D1-28F09CC466B6}] => (Allow) D:\Risen 2\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{3357C81D-4C07-4A82-BF27-B92C41996B3F}] => (Allow) D:\Risen 2\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [TCP Query User{F612A646-29FD-4A1F-9696-3182853C09BE}D:\risen 2\steamapps\common\this war of mine\modtools.exe] => (Allow) D:\risen 2\steamapps\common\this war of mine\modtools.exe
FirewallRules: [UDP Query User{D2B814F8-1341-4961-A473-19C31845F4D1}D:\risen 2\steamapps\common\this war of mine\modtools.exe] => (Allow) D:\risen 2\steamapps\common\this war of mine\modtools.exe

==================== Punkty Przywracania systemu =========================

25-01-2016 13:34:52 Zaplanowany punkt kontrolny
30-01-2016 11:24:26 Zainstalowano SketchUp Pro 2016 PL (64-bit)
30-01-2016 11:37:58 Usunięto SketchUp Pro 2016 PL (64-bit)
30-01-2016 11:39:48 Zainstalowano SketchUp Make 2016 PL (64-bit)

==================== Wadliwe urządzenia w Menedżerze urządzeń =============


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (02/01/2016 09:32:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: ProductUpdater.exe, wersja: 1.0.1.0, sygnatura czasowa: 0x55e6175b
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.19110, sygnatura czasowa: 0x56842600
Kod wyjątku: 0xe0434352
Przesunięcie błędu: 0x0000c42d
Identyfikator procesu powodującego błąd: 0x109c
Godzina uruchomienia aplikacji powodującej błąd: 0xProductUpdater.exe0
Ścieżka aplikacji powodującej błąd: ProductUpdater.exe1
Ścieżka modułu powodującego błąd: ProductUpdater.exe2
Identyfikator raportu: ProductUpdater.exe3

Error: (02/01/2016 09:32:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikacja: ProductUpdater.exe
Wersja architektury: v4.0.30319
Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
Informacje o wyjątku: System.OutOfMemoryException
Stos:
   w MS.Win32.Penimc.IPimcManager.GetTabletCount(UInt32 ByRef)
   w System.Windows.Input.PenThreadWorker+WorkerOperationGetTabletsInfo.OnDoWork()
   w System.Windows.Input.PenThreadWorker+WorkerOperation.DoWork()
   w System.Windows.Input.PenThreadWorker.ThreadProc()
   w System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   w System.Threading.ThreadHelper.ThreadStart()

Error: (02/01/2016 09:32:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2016 09:30:23 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize   Net Detect:  Error Loading PROSet Library Error=0x2\n

Error: (02/01/2016 01:52:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2016 01:51:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: ProductUpdater.exe, wersja: 1.0.1.0, sygnatura czasowa: 0x55e6175b
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.19110, sygnatura czasowa: 0x56842600
Kod wyjątku: 0xe0434352
Przesunięcie błędu: 0x0000c42d
Identyfikator procesu powodującego błąd: 0xc5c
Godzina uruchomienia aplikacji powodującej błąd: 0xProductUpdater.exe0
Ścieżka aplikacji powodującej błąd: ProductUpdater.exe1
Ścieżka modułu powodującego błąd: ProductUpdater.exe2
Identyfikator raportu: ProductUpdater.exe3

Error: (02/01/2016 01:51:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikacja: ProductUpdater.exe
Wersja architektury: v4.0.30319
Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
Informacje o wyjątku: System.OutOfMemoryException
Stos:
   w MS.Win32.Penimc.IPimcManager.GetTabletCount(UInt32 ByRef)
   w System.Windows.Input.PenThreadWorker+WorkerOperationGetTabletsInfo.OnDoWork()
   w System.Windows.Input.PenThreadWorker+WorkerOperation.DoWork()
   w System.Windows.Input.PenThreadWorker.ThreadProc()
   w System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   w System.Threading.ThreadHelper.ThreadStart()

Error: (02/01/2016 01:51:08 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize   Net Detect:  Error Loading PROSet Library Error=0x2\n

Error: (01/31/2016 01:08:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2016 01:06:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: ProductUpdater.exe, wersja: 1.0.1.0, sygnatura czasowa: 0x55e6175b
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.19110, sygnatura czasowa: 0x56842600
Kod wyjątku: 0xe0434352
Przesunięcie błędu: 0x0000c42d
Identyfikator procesu powodującego błąd: 0xc0c
Godzina uruchomienia aplikacji powodującej błąd: 0xProductUpdater.exe0
Ścieżka aplikacji powodującej błąd: ProductUpdater.exe1
Ścieżka modułu powodującego błąd: ProductUpdater.exe2
Identyfikator raportu: ProductUpdater.exe3


Dziennik System:
=============
Error: (02/01/2016 09:30:44 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/01/2016 09:30:44 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/01/2016 09:06:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/01/2016 09:06:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/01/2016 09:06:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/01/2016 09:06:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/01/2016 09:06:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/01/2016 06:51:42 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/01/2016 06:51:42 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/01/2016 06:51:42 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.


CodeIntegrity:
===================================
  Date: 2015-09-14 23:34:57.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:33:35.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:26:04.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:25:50.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:25:40.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:10:02.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:09:22.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:08:09.844
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:07:56.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:05:02.680
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.


==================== Statystyki pamięci ===========================

Procesor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Procent pamięci w użyciu: 45%
Całkowita pamięć fizyczna: 8136.55 MB
Dostępna pamięć fizyczna: 4443.72 MB
Całkowita pamięć wirtualna: 16271.3 MB
Dostępna pamięć wirtualna: 11685.22 MB

==================== Dyski ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:39.11 GB) NTFS
Drive d: (Gry) (Fixed) (Total:465.69 GB) (Free:5.57 GB) NTFS
Drive e: (Programy) (Fixed) (Total:465.82 GB) (Free:341.28 GB) NTFS

==================== MBR & Tablica partycji ==================

==================== Koniec  Addition.txt ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 AM

Posted 08 February 2016 - 08:46 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
Task: {61B531EC-0DE6-4433-9931-72261F88B035} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis85F1.exe <==== UWAGA
C:\ProgramData\cis85F1.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)

Please post the logs and let me know what problem persists.

#5 Wilczur2142

Wilczur2142
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 13 February 2016 - 04:35 AM

Hello!

 

There is a Fixlog.txt file

 

Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:27-01-2016
Uruchomiony przez Wilczur (2016-02-13 10:25:47) Run:1
Uruchomiony z C:\Users\Wilczur\Downloads
Załadowane profile: Wilczur (Dostępne profile: Wilczur)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
Task: {61B531EC-0DE6-4433-9931-72261F88B035} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis85F1.exe <==== UWAGA
C:\ProgramData\cis85F1.exe

End
*****************

Punkt przywracania został pomyślnie utworzony.
Procesy zostały pomyślnie zamknięte.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => klucz pomyślnie usunięto
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => klucz pomyślnie usunięto
MSICDSetup => serwis pomyślnie usunięto
NTIOLib_1_0_C => serwis pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61B531EC-0DE6-4433-9931-72261F88B035}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61B531EC-0DE6-4433-9931-72261F88B035}" => klucz pomyślnie usunięto
C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}" => klucz pomyślnie usunięto
"C:\ProgramData\cis85F1.exe" => nie znaleziono.
EmptyTemp: => 1 GB danych tymczasowych Usunięto.


System wymagał restartu.

==== Koniec  Fixlog 10:26:00 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 AM

Posted 13 February 2016 - 09:57 AM

Is the problem solved?

#7 Wilczur2142

Wilczur2142
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 17 February 2016 - 05:53 PM

Hello!

 

I waited a few days and I can say Yeah, the problem is solved but... not excatly, I have noticed that there are three more files in the same temp folder that Comodo is detecting them as a malware and they are re-occuring :/

 

Files are named: cdwin32.exe, dot3api.exe and iscsiwm.exe

 

Here is a FRST log which I made today.

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:17-02-2016
Uruchomiony przez Wilczur (administrator)  WILCZUR-KOMP (17-02-2016 23:46:59)
Uruchomiony z E:\FRST
Załadowane profile: Wilczur (Dostępne profile: Wilczur)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Valve Corporation) E:\Steam\Steam.exe
() E:\RocketDock\RocketDock.exe
(Flux Software LLC) C:\Users\Wilczur\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Windows\System32\PnkBstrA.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Electronic Arts) E:\Origin\Origin.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(LogMeIn Inc.) E:\LogMeIn Hamachi\hamachi-2.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(LogMeIn, Inc.) E:\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) E:\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(LogMeIn, Inc.) E:\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Piriform Ltd) C:\CCleaner\CCleaner64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Electronic Arts) E:\Origin\OriginClientService.exe
(EFD Software) E:\HD Tune\HDTune.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [495616 2012-07-27] (MSI)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [74752 2015-09-23] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2015-10-03] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2015-10-16] (Logitech Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-10-28] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => E:\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-17] (LogMeIn Inc.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2015-12-16] ()
HKLM-x32\...\Run: [HD Tune] => E:\HD Tune\HDTune.exe [401408 2015-09-19] (EFD Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-02-13] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-14] (Malwarebytes)
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Run: [CCleaner Monitoring] => C:\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Run: [Steam] => E:\Steam\steam.exe [3014224 2016-02-06] (Valve Corporation)
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Run: [RocketDock] => E:\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Run: [f.lux] => C:\Users\Wilczur\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2015-09-14] (Flux Software LLC)
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Run: [EADM] => E:\Origin\Origin.exe [3639280 2016-02-02] (Electronic Arts)
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\MountPoints2: G - G:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2015-09-12]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\..\Interfaces\{F882D9DB-39E2-454E-BACB-8AC261C8CD94}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{FA710472-4C18-49B5-9F71-D87471A0C5BB}: [DhcpNameServer] 7.254.254.254

Internet Explorer:
==================
HKU\S-1-5-21-2051811701-3595625153-149968726-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.pl/?gws_rd=ssl
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-13] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Wilczur\AppData\Roaming\Mozilla\Firefox\Profiles\od7hrnj2.default
FF Session Restore: -> [funkcja włączona]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-13] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-13] (Oracle Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-30] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-2051811701-3595625153-149968726-1000: @nsroblox.roblox.com/launcher -> C:\Users\Wilczur\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2051811701-3595625153-149968726-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Wilczur\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2051811701-3595625153-149968726-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Extension: Adblock Plus - C:\Users\Wilczur\AppData\Roaming\Mozilla\Firefox\Profiles\od7hrnj2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-26]

Chrome:
=======
CHR Profile: C:\Users\Wilczur\AppData\Local\Google\Chrome\User Data\Default

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1300512 2016-01-23] ()
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-10-28] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-10-28] (Comodo Security Solutions, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-13] (NVIDIA Corporation)
R2 Hamachi2Svc; E:\LogMeIn Hamachi\hamachi-2.exe [2546184 2015-11-17] (LogMeIn Inc.)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [146984 2012-07-24] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [136704 2012-06-29] (MSI) [Brak podpisu cyfrowego]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-13] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-13] (NVIDIA Corporation)
R3 Origin Client Service; E:\Origin\OriginClientService.exe [2104840 2016-02-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-02-16] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-02-16] ()
R2 SamsungUPDUtilSvc; C:\Windows\SysWOW64\SecUPDUtilSvc.exe [118576 2015-09-23] ()
S3 TunngleService; E:\Tunngle\TnglCtrl.exe [814064 2016-01-04] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-09-12] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2015-12-16] (Wacom Technology, Corp.)

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2015-10-20] (Windows ® Win 7 DDK provider) [Brak podpisu cyfrowego]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-11-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-11-18] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U0 hvoeaprd; C:\Windows\System32\drivers\hjyd.sys [79064 2016-02-17] (Malwarebytes)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-07-24] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-07-24] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 Phosgene; C:\Windows\System32\DRIVERS\Phosgene.sys [33672 2015-12-03] (Adoriasoft LLC)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2016-01-04] (Tunngle.net)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2016-02-17] ()

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-02-17 23:35 - 2016-02-17 23:36 - 02371072 _____ (Farbar) C:\Users\Wilczur\Downloads\FRST64(2).exe
2016-02-17 22:16 - 2016-02-17 22:16 - 00000000 ____D C:\Users\Wilczur\AppData\Local\NBGI
2016-02-17 22:11 - 2016-02-17 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAMCO BANDAI Games Europe S.A.S
2016-02-17 22:04 - 2016-02-17 22:04 - 00001338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2016-02-17 22:04 - 2016-02-17 22:04 - 00000000 ____D C:\Windows\SysWOW64\xlive
2016-02-17 22:04 - 2016-02-17 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2016-02-17 22:04 - 2016-02-17 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2016-02-17 21:53 - 2016-02-17 21:53 - 00000218 _____ C:\Users\Wilczur\AppData\Local\recently-used.xbel
2016-02-17 18:13 - 2016-02-17 18:13 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\hjyd.sys
2016-02-17 13:08 - 2016-02-17 13:08 - 00747675 _____ C:\Users\Wilczur\Downloads\northwood_high.zip
2016-02-16 22:05 - 2016-02-16 22:05 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2016-02-16 21:44 - 2016-02-16 21:47 - 00000000 ____D C:\Users\Wilczur\Documents\Battlefield 4
2016-02-16 21:43 - 2016-02-16 21:43 - 00000000 ____D C:\Users\Wilczur\AppData\Local\ESN
2016-02-16 21:42 - 2016-02-16 21:42 - 01640768 _____ C:\Users\Wilczur\Downloads\battlelog-web-plugins_2.7.1_162.exe
2016-02-16 21:16 - 2016-02-17 12:11 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2016-02-16 15:21 - 2016-02-16 15:22 - 05477803 _____ C:\Users\Wilczur\Downloads\free_wolf_head_lineart_by_blue_rakuen-d8ft7bx.zip
2016-02-15 13:16 - 2016-02-15 13:16 - 00007405 _____ C:\Users\Wilczur\Desktop\Nowy OpenDocument Dokument tekstowy (2).odt
2016-02-15 13:02 - 2016-02-15 13:16 - 07696648 _____ C:\Users\Wilczur\Desktop\Nowy OpenDocument Dokument tekstowy.odt
2016-02-14 16:12 - 2016-02-17 23:01 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\Talisman
2016-02-14 14:06 - 2016-02-14 14:06 - 00013361 _____ C:\Users\Wilczur\Downloads\[kat.cr]talisman.digital.edition.multi.5.v.7.03.crack.torrent
2016-02-14 13:49 - 2016-02-14 13:49 - 00000000 ____D C:\Users\Wilczur\Documents\PCSX2
2016-02-14 13:44 - 2016-02-14 13:44 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-02-14 13:44 - 2016-02-14 13:44 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-02-14 13:41 - 2016-02-14 13:42 - 17837152 _____ C:\Users\Wilczur\Downloads\pcsx2-1.4.0-setup.exe
2016-02-13 10:32 - 2016-02-13 10:32 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-13 10:32 - 2016-02-13 10:32 - 00000000 ____D C:\Program Files\Java
2016-02-13 10:29 - 2016-02-13 10:32 - 57099360 _____ (Oracle Corporation) C:\Users\Wilczur\Downloads\jre-8u73-windows-x64.exe
2016-02-13 10:25 - 2016-02-13 10:26 - 00001886 _____ C:\Users\Wilczur\Downloads\Fixlog.txt
2016-02-12 22:16 - 2016-02-13 10:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-11 13:08 - 2016-02-11 13:08 - 00008368 _____ C:\Users\Wilczur\Desktop\Nowy OpenDocument Rysunek.odg
2016-02-11 13:07 - 2016-02-11 13:07 - 00008893 _____ C:\Users\Wilczur\Desktop\Nowy OpenDocument Prezentacja.odp
2016-02-11 13:07 - 2016-02-11 13:07 - 00008893 _____ C:\Users\Wilczur\Desktop\Nowy OpenDocument Prezentacja (2).odp
2016-02-11 12:53 - 2016-02-17 12:11 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2016-02-10 19:20 - 2016-02-10 19:20 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 19:20 - 2016-02-10 19:20 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 19:20 - 2016-02-10 19:20 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 19:20 - 2016-02-10 19:20 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 19:20 - 2016-02-10 19:20 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 19:20 - 2016-02-10 19:20 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-10 19:20 - 2016-02-10 19:20 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 19:20 - 2016-02-10 19:20 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 19:20 - 2016-02-10 19:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 19:20 - 2016-02-10 19:20 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-10 19:20 - 2016-02-10 19:20 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-10 19:20 - 2016-02-10 19:20 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-10 19:20 - 2016-02-10 19:20 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-10 19:20 - 2016-02-10 19:20 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-10 19:20 - 2016-02-10 19:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-10 19:20 - 2016-02-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-10 19:20 - 2016-02-06 10:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-10 19:19 - 2016-02-10 19:19 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 19:19 - 2016-02-10 19:19 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 19:19 - 2016-02-10 19:19 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-10 19:19 - 2016-02-10 19:19 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 19:19 - 2016-02-10 19:19 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-10 19:19 - 2016-02-10 19:19 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-10 19:19 - 2016-02-10 19:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-10 19:19 - 2016-01-22 07:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-10 19:19 - 2016-01-22 07:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-10 19:17 - 2016-02-10 19:17 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 19:17 - 2016-02-10 19:17 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-10 19:17 - 2016-02-10 19:17 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-10 19:17 - 2016-02-10 19:17 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 19:17 - 2016-02-10 19:17 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-10 19:17 - 2016-02-10 19:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-10 19:17 - 2016-02-10 19:17 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-10 19:17 - 2016-02-10 19:17 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 19:17 - 2016-02-10 19:17 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 19:17 - 2016-02-10 19:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 19:17 - 2016-02-10 19:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 19:17 - 2016-02-10 19:17 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 19:17 - 2016-02-10 19:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-10 19:17 - 2016-02-10 19:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-10 19:17 - 2016-02-10 19:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-10 19:17 - 2016-02-10 19:17 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-10 19:17 - 2016-02-10 19:17 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-10 19:17 - 2016-02-10 19:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-10 19:17 - 2016-02-10 19:17 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 19:17 - 2016-02-10 19:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-09 20:27 - 2016-02-09 20:27 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\Greyfirst
2016-02-09 20:27 - 2016-02-09 20:27 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Greyfirst
2016-02-09 20:27 - 2016-02-09 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celtx
2016-02-09 20:24 - 2016-02-09 20:26 - 13968337 _____ (Greyfirst) C:\Users\Wilczur\Downloads\CeltxSetup-2.9.7.exe
2016-02-07 16:17 - 2016-02-07 16:17 - 00026851 _____ C:\Users\Wilczur\Downloads\mokrsko.odt
2016-02-07 13:30 - 2016-02-07 14:03 - 00000000 ____D C:\Users\Wilczur\Documents\EDFX
2016-02-07 13:30 - 2016-02-07 13:30 - 00001197 _____ C:\Users\Wilczur\Desktop\EDFX 64 bits.lnk
2016-02-07 13:27 - 2016-02-07 13:28 - 06665450 _____ C:\Users\Wilczur\Downloads\EDFX2403.zip
2016-02-07 13:13 - 2016-02-07 13:13 - 00006045 _____ C:\Users\Wilczur\Downloads\EliteG19s.Windows.application
2016-02-07 01:33 - 2016-02-07 01:33 - 00000000 ____D C:\Users\Wilczur\Documents\Electronic Arts
2016-02-06 21:22 - 2015-04-14 16:09 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2016-02-06 16:14 - 2016-02-06 16:14 - 00000000 ____D C:\Users\Wilczur\Documents\Criterion Games
2016-02-04 22:50 - 2016-02-04 22:51 - 02370560 _____ (Farbar) C:\Users\Wilczur\Downloads\FRST64(1).exe
2016-02-01 22:26 - 2016-02-01 22:26 - 00129930 _____ C:\Users\Wilczur\Downloads\Addition.txt
2016-02-01 22:25 - 2016-02-17 23:38 - 00069477 _____ C:\Users\Wilczur\Downloads\FRST.txt
2016-02-01 21:36 - 2016-02-17 23:46 - 00000000 ____D C:\FRST
2016-02-01 14:06 - 2016-02-01 14:06 - 00000520 _____ C:\Users\Public\Desktop\Fraps.lnk
2016-02-01 14:06 - 2016-02-01 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2016-02-01 13:58 - 2016-02-01 13:58 - 02496800 _____ (Beepa Pty Ltd) C:\Users\Wilczur\Downloads\setup.exe
2016-01-31 15:23 - 2016-01-31 15:23 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\11bitstudios
2016-01-30 13:25 - 2016-02-10 19:24 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-30 13:25 - 2016-02-10 19:24 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-30 13:16 - 2016-02-17 23:21 - 00001050 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-30 13:16 - 2016-02-17 13:28 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-30 13:16 - 2016-01-30 13:16 - 00004046 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-30 13:16 - 2016-01-30 13:16 - 00003794 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-30 12:54 - 2016-01-30 12:54 - 00987728 _____ (Google Inc.) C:\Users\Wilczur\Downloads\ChromeSetup.exe
2016-01-30 11:40 - 2016-01-30 11:40 - 00001252 _____ C:\Users\Public\Desktop\Style Builder 2016.lnk
2016-01-30 11:40 - 2016-01-30 11:40 - 00001164 _____ C:\Users\Public\Desktop\LayOut 2016.lnk
2016-01-30 11:40 - 2016-01-30 11:40 - 00001061 _____ C:\Users\Public\Desktop\SketchUp 2016.lnk
2016-01-30 11:40 - 2016-01-30 11:40 - 00000000 ____D C:\Program Files\SketchUp
2016-01-30 11:39 - 2016-01-30 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SketchUp 2016
2016-01-30 11:28 - 2016-01-30 11:36 - 160377811 _____ (Trimble Navigation Limited) C:\Users\Wilczur\Downloads\SketchUpMake-pl-x64.exe
2016-01-30 11:26 - 2016-01-30 11:26 - 00000000 ____D C:\ProgramData\Reprise
2016-01-30 11:25 - 2016-01-30 11:25 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\SketchUp
2016-01-30 11:25 - 2016-01-30 11:25 - 00000000 ____D C:\ProgramData\Caphyon
2016-01-30 11:24 - 2016-01-30 11:24 - 00000000 ____D C:\ProgramData\SketchUp
2016-01-30 11:23 - 2016-01-30 11:38 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\Trimble Navigation Limited
2016-01-30 11:13 - 2016-01-30 11:23 - 160371488 _____ (Trimble Navigation Limited) C:\Users\Wilczur\Downloads\SketchUpPro-pl-x64.exe
2016-01-30 11:08 - 2016-01-30 11:08 - 03687434 _____ C:\Users\Wilczur\Downloads\3DCreator_v.3.1.3.14.zip
2016-01-29 00:56 - 2016-01-29 00:56 - 00001358 _____ C:\Users\Wilczur\Desktop\Play Wolfenstein.The.New.Order.lnk
2016-01-25 22:34 - 2016-02-08 20:29 - 00070303 _____ C:\Users\Wilczur\Documents\Esu.xps
2016-01-25 20:28 - 2016-01-25 20:29 - 15179458 _____ C:\Users\Wilczur\Downloads\Esmotki.rar
2016-01-25 19:03 - 2016-01-25 19:03 - 00075044 _____ C:\Users\Wilczur\Downloads\Referat #1.odt
2016-01-24 21:25 - 2016-01-24 21:25 - 01593490 _____ C:\Users\Wilczur\Downloads\rhs_afrf_updater.zip
2016-01-24 21:25 - 2016-01-24 21:25 - 01593488 _____ C:\Users\Wilczur\Downloads\rhs_usaf_updater.zip
2016-01-23 22:46 - 2016-01-12 05:40 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-01-23 22:45 - 2015-12-18 07:11 - 00047760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-01-23 22:45 - 2015-12-18 07:10 - 00099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-01-23 22:45 - 2015-12-18 07:10 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-01-23 20:40 - 2016-01-23 20:40 - 00013240 _____ C:\Users\Wilczur\Downloads\GL5.zip
2016-01-23 14:12 - 2016-01-23 14:22 - 76153715 _____ C:\Users\Wilczur\Downloads\Advanced-Combat-Environment3-ACE3-version-3.4.2.zip
2016-01-23 14:10 - 2016-01-23 15:16 - 962898936 _____ C:\Users\Wilczur\Downloads\NATO-SF-Russian-Spetsnaz-Weapons-version-111.zip
2016-01-23 12:12 - 2016-01-23 12:14 - 36442680 _____ C:\Users\Wilczur\Downloads\Blastcore-A3-Phoenix-Phoenix-Update-12.rar
2016-01-23 11:39 - 2016-01-23 12:05 - 494545127 _____ C:\Users\Wilczur\Downloads\EricJ-Weapons-Pack-version-RC-75.7z
2016-01-23 01:16 - 2016-01-23 01:19 - 3978309036 _____ C:\Users\Wilczur\Downloads\@CUP_Terrains_Complete_v1.0.1.zip
2016-01-22 14:28 - 2016-01-22 14:31 - 53507158 _____ C:\Users\Wilczur\Downloads\@GL5v1.zip
2016-01-22 13:19 - 2016-01-22 13:19 - 02738587 _____ C:\Users\Wilczur\Downloads\18035_Realistic_Fireball_Settings.zip
2016-01-19 18:55 - 2016-01-19 18:55 - 00000000 ____D C:\Users\Wilczur\Documents\Deluxe Ski Jump 4
2016-01-19 18:55 - 2016-01-19 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
2016-01-19 18:51 - 2016-01-19 18:52 - 15930210 _____ (Mediamond Tmi ) C:\Users\Wilczur\Downloads\dsj4v161.exe
2016-01-18 20:54 - 2016-01-19 23:03 - 00002438 _____ C:\Users\Wilczur\Desktop\Rkill.txt
2016-01-18 20:54 - 2016-01-19 20:05 - 00000000 ____D C:\Users\Wilczur\Desktop\rkill
2016-01-18 20:54 - 2016-01-18 20:54 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Wilczur\Downloads\rkill.exe
2016-01-18 20:44 - 2016-01-21 23:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-18 20:42 - 2016-01-18 20:42 - 00000000 ____D C:\Program Files\MBAM AR
2016-01-18 20:39 - 2016-01-18 20:41 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Wilczur\Downloads\mbar-1.09.3.1001.exe
2016-01-18 20:39 - 2016-01-18 20:39 - 00040456 _____ C:\Users\Wilczur\Downloads\MTB.txt
2016-01-18 20:38 - 2016-01-18 20:38 - 00891392 _____ (Farbar) C:\Users\Wilczur\Downloads\MiniToolBox.exe
2016-01-18 20:34 - 2016-01-18 20:35 - 00002798 _____ C:\Users\Wilczur\Downloads\FSS.txt
2016-01-18 20:34 - 2016-01-18 20:34 - 00899584 _____ (Farbar) C:\Users\Wilczur\Downloads\FSS.exe
2016-01-18 20:30 - 2016-01-18 20:30 - 00852720 _____ C:\Users\Wilczur\Downloads\SecurityCheck.exe

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-02-17 23:41 - 2015-09-12 19:06 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2016-02-17 23:34 - 2015-09-12 19:51 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\TS3Client
2016-02-17 23:18 - 2015-09-12 19:58 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\Skype
2016-02-17 22:22 - 2015-09-12 17:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-17 22:11 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-17 22:04 - 2010-04-27 14:45 - 00072856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xliveinstallhost.exe
2016-02-17 22:04 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-02-17 22:02 - 2015-09-12 19:38 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\uTorrent
2016-02-17 21:14 - 2015-10-14 19:19 - 00000000 ____D C:\Users\Wilczur\.gimp-2.8
2016-02-17 20:22 - 2015-09-18 22:20 - 00007592 _____ C:\Users\Wilczur\AppData\Local\resmon.resmoncfg
2016-02-17 20:01 - 2015-10-24 13:56 - 00000000 ____D C:\Users\Wilczur\AppData\Local\LogMeIn Hamachi
2016-02-17 18:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Vss
2016-02-17 15:17 - 2015-09-14 22:43 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\vlc
2016-02-17 13:16 - 2015-09-12 18:48 - 00096528 _____ C:\Users\Wilczur\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-17 12:43 - 2015-09-19 00:45 - 00000034 _____ C:\Users\Wilczur\AppData\Roaming\AdobeWLCMCache.dat
2016-02-17 12:19 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-17 12:19 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-17 12:17 - 2011-04-12 14:21 - 00889174 _____ C:\Windows\system32\perfh015.dat
2016-02-17 12:17 - 2011-04-12 14:21 - 00202734 _____ C:\Windows\system32\perfc015.dat
2016-02-17 12:17 - 2009-07-14 06:13 - 01868442 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-17 12:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-02-17 12:14 - 2015-09-19 15:12 - 00000000 ____D C:\Users\Wilczur\SSDToolbox
2016-02-17 12:14 - 2015-09-13 14:33 - 00000000 ____D C:\ProgramData\Origin
2016-02-17 12:13 - 2015-09-19 15:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-02-17 12:13 - 2015-09-19 15:12 - 00000000 _____ C:\Users\Wilczur\.ktcssd
2016-02-17 12:11 - 2015-10-17 16:41 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-17 12:11 - 2015-09-12 17:08 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2016-02-17 12:11 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-17 02:00 - 2015-09-13 12:58 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Adobe
2016-02-17 00:30 - 2015-09-22 18:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-17 00:07 - 2015-09-12 16:45 - 00000000 ____D C:\Users\Wilczur
2016-02-16 23:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-02-16 22:15 - 2016-01-05 00:50 - 00280856 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2016-02-16 22:15 - 2016-01-04 22:51 - 00280856 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-02-16 22:04 - 2016-01-04 22:51 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-02-16 21:47 - 2016-01-05 00:50 - 00000000 ____D C:\Users\Wilczur\AppData\Local\PunkBuster
2016-02-16 21:16 - 2016-01-04 22:51 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2016-02-16 21:16 - 2015-09-13 13:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-16 15:20 - 2015-09-18 18:31 - 00000000 ____D C:\Users\Wilczur\AppData\Local\CrashDumps
2016-02-15 13:09 - 2015-09-23 16:17 - 00000000 ____D C:\Users\Wilczur\AppData\LocalLow\Temp
2016-02-14 17:20 - 2015-11-16 17:20 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\OBS
2016-02-14 16:12 - 2015-12-15 18:32 - 00000000 ____D C:\Users\Wilczur\AppData\Local\SKIDROW
2016-02-14 01:41 - 2015-09-12 21:56 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\AIMP3
2016-02-13 15:21 - 2015-11-28 18:56 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Frontier_Developments
2016-02-13 10:34 - 2015-11-09 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-13 10:32 - 2015-11-09 17:43 - 00000000 ____D C:\Users\Wilczur\.oracle_jre_usage
2016-02-13 10:26 - 2015-09-14 19:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-13 10:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\L2Schemas
2016-02-11 16:01 - 2015-12-31 20:00 - 00000000 ____D C:\tmp
2016-02-11 12:53 - 2011-04-12 14:32 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 12:53 - 2009-07-14 05:45 - 05058912 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-11 01:06 - 2015-09-13 11:42 - 00000000 ____D C:\Windows\system32\MRT
2016-02-11 01:03 - 2015-09-13 11:42 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-10 19:03 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-02-08 16:59 - 2015-09-12 19:58 - 00000000 ____D C:\ProgramData\Skype
2016-02-08 16:58 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2016-02-07 13:47 - 2016-01-06 14:10 - 00011264 ___SH C:\Users\Wilczur\Thumbs.db
2016-02-07 13:13 - 2015-09-12 19:26 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Deployment
2016-02-06 16:14 - 2015-09-13 14:39 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Origin
2016-01-31 20:31 - 2015-10-03 17:30 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Arma 3
2016-01-31 13:06 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-30 13:25 - 2015-09-12 19:27 - 00000000 ____D C:\Users\Wilczur\AppData\Local\Google
2016-01-30 13:25 - 2015-09-12 19:27 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-27 13:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Web
2016-01-24 21:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Globalization
2016-01-24 18:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-24 01:50 - 2015-11-14 15:34 - 00000000 ____D C:\Users\Wilczur\AppData\Roaming\Audacity
2016-01-23 22:57 - 2015-09-12 17:36 - 00000000 ____D C:\Users\Wilczur\AppData\Local\NVIDIA Corporation
2016-01-23 22:46 - 2015-09-12 17:36 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-01-23 22:46 - 2015-09-12 17:36 - 00000000 ____D C:\Users\Wilczur\AppData\Local\NVIDIA
2016-01-23 22:46 - 2015-09-12 17:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-23 22:42 - 2015-09-15 15:39 - 00000000 ____D C:\Users\Wilczur\Documents\Action!
2016-01-23 10:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Registration
2016-01-19 19:47 - 2015-09-12 17:49 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

==================== Pliki w katalogu głównym wybranych folderów =======

2015-09-19 00:45 - 2016-02-17 12:43 - 0000034 _____ () C:\Users\Wilczur\AppData\Roaming\AdobeWLCMCache.dat
2015-08-13 14:41 - 2015-08-13 14:47 - 0047462 ___SH () C:\Users\Wilczur\AppData\Roaming\d3dx10.exe
2015-10-03 11:36 - 2015-10-03 17:06 - 0002155 _____ () C:\Users\Wilczur\AppData\Roaming\SpeedRunnersLog.txt
2016-02-17 21:53 - 2016-02-17 21:53 - 0000218 _____ () C:\Users\Wilczur\AppData\Local\recently-used.xbel
2015-09-18 22:20 - 2016-02-17 20:22 - 0007592 _____ () C:\Users\Wilczur\AppData\Local\resmon.resmoncfg
2015-09-19 14:55 - 2015-09-19 14:55 - 0002637 _____ () C:\ProgramData\regid.2014-05.com.kingston,KDI_de542a20-1f17-11b2-8fa3-9b5486234594.swidtag

Pliki do przeniesienia lub usunięcia:
====================
C:\Users\Wilczur\update-Fallout4.bat


Niektóre pliki w TEMP:
====================
C:\Users\Wilczur\AppData\Local\Temp\sonarinst.exe
C:\Users\Wilczur\AppData\Local\Temp\vcredist_2015_Update_1_x86.exe


==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


LastRegBack: 2016-02-16 23:51

==================== Koniec  FRST.txt ============================


And addition log separately because post was too long.

 

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:17-02-2016
Uruchomiony przez Wilczur (2016-02-17 23:47:20)
Uruchomiony z E:\FRST
Windows 7 Home Premium Service Pack 1 (X64) (2015-09-12 15:45:32)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Administrator (S-1-5-21-2051811701-3595625153-149968726-500 - Administrator - Disabled)
Gość (S-1-5-21-2051811701-3595625153-149968726-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2051811701-3595625153-149968726-1002 - Limited - Enabled)
Wilczur (S-1-5-21-2051811701-3595625153-149968726-1000 - Administrator - Enabled) => C:\Users\Wilczur

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

µTorrent (HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
Action! (HKLM-x32\...\{7A9DEE45-1F8D-4D1A-A9EA-F0108DAE6FEC}) (Version: 1.9.0 - Mirillis)
Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1500, 31.08.2015 - AIMP DevTeam)
Aktualizacje NVIDIA 2.9.1.22 (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ArmA3Sync 1.5.69 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.5.69 - The [S.o.E] team)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blender (HKLM\...\{D593042C-8739-488D-93B8-E6B202013E57}) (Version: 2.76.1 - Blender Foundation)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
Close Your Eyes (HKLM-x32\...\Steam App 377330) (Version:  - Yai Gameworks)
COMODO Internet Security Pro (HKLM\...\{38F898C8-272F-455F-9BD6-71FEBA3E4AF5}) (Version: 8.2.0.4703 - COMODO Security Solutions Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.74 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creativerse (HKLM-x32\...\Steam App 280790) (Version:  - Playful Corporation)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
Dark Souls Prepare to Die Edition (HKLM-x32\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DCS World (HKLM-x32\...\Steam App 223750) (Version:  - Eagle Dynamics)
Deluxe Ski Jump 4 (HKLM-x32\...\Deluxe Ski Jump 4_is1) (Version: 1.6.1 - Mediamond Tmi)
Dr. Langeskov, The Tiger, and The Terribly Cursed Emerald: A Whirlwind Heist (HKLM-x32\...\Steam App 409160) (Version:  - Crows Crows Crows)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.2.0.5.1 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.0.5.1 Alpha - ETS2MP Team)
f.lux (HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\Flux) (Version:  - )
FaceRig (HKLM-x32\...\Steam App 274920) (Version:  - Holotech Studios)
FaceRig Virtual Video driver version 1.0.1.1000 (HKLM-x32\...\{7D6A1A0F-F57E-4C6B-9331-86CBC7D5C787}_is1) (Version: 1.0.1.1000 - Adoriasoft LLC)
FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Converter wersja 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Fuse (HKLM-x32\...\Steam App 257400) (Version:  - Mixamo)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeekBuddy (HKLM\...\{A115A872-91C6-477C-8CA7-9F2973437EAF}) (Version: 4.23.152 - Comodo Security Solutions Inc)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - Crackshell)
Happy Wars (HKLM-x32\...\Steam App 246280) (Version:  - Toylogic inc.)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL MiniHost (HKLM-x32\...\IL MiniHost) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Smart Connect Technology 3.0 x64 (HKLM\...\{EE21578E-DE14-46D5-83D7-EA4D347B2F9A}) (Version: 3.0.30.1526 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Kingston SSD Toolbox (C:\Program Files (x86)\Kingston SSD Toolbox) (HKLM-x32\...\Kingston SSD Toolbox) (Version: 1.0.0.0 - Kingston)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LibreOffice 5.0.1.2 (HKLM-x32\...\{927AE35D-72BC-437D-BAC7-EE47D03DEE54}) (Version: 5.0.1.2 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware wersja 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Speech SDK 5.1 (HKLM-x32\...\{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}) (Version: 5.1.4324.0 - Microsoft)
Microsoft Speech SDK 5.1 Language Pack (HKLM-x32\...\{BFF0C845-DFF9-425A-9093-D86C4EE00EE1}) (Version: 5.1 - Microsoft)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mozilla Firefox 44.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 pl)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MyPaint 1.0.0 (HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\MyPaint) (Version: 1.0.0 - Martin Renold & MyPaint Development Team)
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.2 - Black Tree Gaming)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Sterownik 3D Vision 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
NVIDIA Sterownik kontrolera 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
Obsługa programów Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
PAMM (HKLM-x32\...\{D1A5AE66-BD56-495E-A2FD-12732DBFDFAA}) (Version: 1.7.0.0 - The PA Community)
Panel sterowania NVIDIA 358.50 (Version: 358.50 - NVIDIA Corporation) Hidden
Papo & Yo (HKLM-x32\...\Steam App 227080) (Version: 2.0 - Minority Media Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Penumbra: Necrologue (HKLM-x32\...\Steam App 346290) (Version:  - CounterCurrent Games)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
PlanetSide 2 (HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
Pool Nation FX (HKLM-x32\...\Steam App 314000) (Version:  - Cherry Pop Games)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
ProxyGate version 3.0.0.1161 (HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\{3544F3ED-42DD-4FF9-8E1B-C9AB61F5CA8A}}_is1) (Version: 3.0.0.1161 - Gold Click Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rayman Origins (HKLM-x32\...\{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}) (Version: 1.00 - Ubisoft)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Resident Evil Revelations 2 / Biohazard Revelations 2 (HKLM-x32\...\Steam App 287290) (Version:  - CAPCOM Co., Ltd.)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
ROBLOX Player for Wilczur (HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROCCAT Power-Grid version 0.461 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.461 - ROCCAT GmbH)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
SketchUp 2016 PL (HKLM-x32\...\SketchUp Make 2016 PL (64-bit) 16.0.19912) (Version: 16.0.19912 - Trimble Navigation Limited)
SketchUp Make 2016 PL (64-bit) (Version: 16.0.19912 - Trimble Navigation Limited) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - Keen Software House)
SpaceEngine wersja 0.9.7.2 (HKLM-x32\...\{E65FD500-9218-44EC-9586-D39FAB4DFDAF}_is1) (Version: 0.9.7.2 - SpaceEngine)
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version:  - Cryptic Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.012 - MSI)
Talisman: Prologue (HKLM-x32\...\Steam App 258200) (Version:  - Nomad Games)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
The Sims™ 3 Cztery pory roku (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Seasons) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Studenckie życie (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 University Life) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Zwierzaki (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Pets) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Universim - Mother Planet Demo (HKLM-x32\...\Steam App 401980) (Version:  - Crytivo Games)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version:  - 11 bit studios)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
Unepic (HKLM-x32\...\Steam App 233980) (Version:  - Francisco Téllez de Meneses)
Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
Vertiginous Golf (HKLM-x32\...\Steam App 272890) (Version:  - Kinelco &amp; Lone Elk Creative)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoiceAttack (HKLM-x32\...\{54955A16-EE50-44DA-97BE-64FD379145E7}) (Version: 1.5.8.7 - VoiceAttack.com)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebM Project Directshow Filters (HKU\S-1-5-21-2051811701-3595625153-149968726-1000\...\webmdshow) (Version:  - )
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.125 - MSI)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

CustomCLSID: HKU\S-1-5-21-2051811701-3595625153-149968726-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Wilczur\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\RobloxProxy64.dll (ROBLOX Corporation)

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {05A91122-2074-448B-AE83-15D541AA7A57} - System32\Tasks\IntelMemoryDiagnostic => C:\Users\Wilczur\AppData\Roaming\d3dx10.exe [2015-08-13] ()
Task: {1B4E4A0A-27EA-4DE4-A225-5BAE131BF3AE} - System32\Tasks\AdobeAAMUpdater-1.0-Wilczur-komp-Wilczur => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {1E9399CD-ED8F-48B2-A7BE-A7F974C6C94C} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {28268D20-13A4-497A-8825-E92A407DC39E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-01-15] (Adobe Systems Incorporated)
Task: {2894E24F-93D1-43EB-A2D1-B4637E649954} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-30] (Google Inc.)
Task: {33BED31A-8EAD-4A81-9999-0A26B33E3628} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-30] (Google Inc.)
Task: {5BE57D73-E499-40F2-B7E2-0F5B27AACFC3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-10-03] (Apple Inc.)
Task: {6E781C58-EC78-4B63-A5B1-7492087B0311} - System32\Tasks\Kingston SSD Toolbox => C:\Program Files (x86)\Kingston SSD Toolbox\Kingston SSD Toolbox.exe [2015-09-19] (Flexera Software)
Task: {92CCB18B-8A8D-4FE2-A768-F349B72E879A} - System32\Tasks\CCleanerSkipUAC => C:\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {C2636702-2BAA-4DCA-AB85-A62CBA736CBC} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {E3433BC8-7D61-4F5C-87B9-E60485C413AB} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {EBB4568E-124C-42C7-A822-42CBBD81C0E6} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {F3033EB3-57DD-40BC-B079-B1747EC11BEA} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Skróty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

==================== Załadowane moduły (filtrowane) ==============

2015-10-17 16:41 - 2015-10-03 03:49 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-23 15:15 - 2015-09-23 15:15 - 00029184 _____ () C:\Windows\System32\usp02l.dll
2012-07-24 09:43 - 2012-07-24 09:43 - 00146984 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2012-07-24 09:43 - 2012-07-24 09:43 - 00058920 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2016-01-23 22:45 - 2016-01-12 05:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-09-12 21:38 - 2007-09-02 12:58 - 00495616 _____ () E:\RocketDock\RocketDock.exe
2016-02-16 22:05 - 2016-02-16 22:05 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-09-23 15:30 - 2015-09-23 15:30 - 00118576 _____ () C:\Windows\SysWOW64\SecUPDUtilSvc.exe
2015-09-23 19:54 - 2015-09-23 19:54 - 00074752 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2012-10-16 10:39 - 2015-12-16 14:09 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2015-12-15 18:59 - 2014-08-19 20:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-08-24 19:28 - 2015-08-24 19:28 - 00061440 _____ () C:\CCleaner\lang\lang-1045.dll
2015-01-08 22:02 - 2015-01-08 22:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-09-12 17:34 - 2016-01-12 05:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-09-12 21:38 - 2015-09-12 21:38 - 00069632 _____ () E:\RocketDock\RocketDock.dll
2015-09-12 19:45 - 2016-02-06 10:38 - 00782336 _____ () E:\Steam\SDL2.dll
2015-09-12 19:45 - 2015-07-03 17:12 - 04962816 _____ () E:\Steam\v8.dll
2015-09-12 19:45 - 2016-02-06 10:38 - 01556992 _____ () E:\Steam\icui18n.dll
2015-09-12 19:45 - 2016-02-06 10:38 - 01187840 _____ () E:\Steam\icuuc.dll
2015-09-12 19:45 - 2016-02-04 22:02 - 02546768 _____ () E:\Steam\video.dll
2015-09-12 19:45 - 2016-02-06 10:38 - 02549248 _____ () E:\Steam\libavcodec-56.dll
2015-09-12 19:45 - 2016-02-06 10:38 - 00442880 _____ () E:\Steam\libavutil-54.dll
2015-09-12 19:45 - 2016-02-06 10:38 - 00491008 _____ () E:\Steam\libavformat-56.dll
2015-09-12 19:45 - 2016-02-06 10:38 - 00332800 _____ () E:\Steam\libavresample-2.dll
2015-09-12 19:45 - 2016-02-06 10:38 - 00485888 _____ () E:\Steam\libswscale-3.dll
2015-09-12 19:45 - 2016-02-04 22:01 - 00802896 _____ () E:\Steam\bin\chromehtml.DLL
2015-09-12 19:45 - 2016-02-06 10:38 - 00208896 _____ () E:\Steam\bin\openvr_api.dll
2016-01-11 10:36 - 2016-01-11 10:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2015-09-13 14:39 - 2016-02-02 22:13 - 01016832 _____ () E:\Origin\platforms\qwindows.dll
2015-09-13 14:39 - 2016-02-02 22:13 - 00028160 _____ () E:\Origin\imageformats\qgif.dll
2015-09-13 14:39 - 2016-02-02 22:13 - 00029696 _____ () E:\Origin\imageformats\qico.dll
2015-09-13 14:39 - 2016-02-02 22:13 - 00256000 _____ () E:\Origin\imageformats\qjpeg.dll
2015-09-13 14:39 - 2016-02-02 22:13 - 00266240 _____ () E:\Origin\imageformats\qmng.dll
2015-09-13 14:39 - 2016-02-02 22:13 - 00023552 _____ () E:\Origin\imageformats\qtga.dll
2015-09-13 14:39 - 2016-02-02 22:13 - 00346112 _____ () E:\Origin\imageformats\qtiff.dll
2015-09-13 14:39 - 2016-02-02 22:13 - 00023552 _____ () E:\Origin\imageformats\qwbmp.dll
2015-09-13 14:39 - 2016-02-02 22:13 - 00243200 _____ () E:\Origin\mediaservice\wmfengine.dll
2015-09-13 14:39 - 2016-02-02 22:13 - 01086976 _____ () E:\Origin\twitchsdk_32_release.dll
2015-09-13 14:39 - 2016-02-02 22:13 - 00394810 _____ () E:\Origin\libmp3lame-ttv.dll
2015-09-13 14:39 - 2016-02-02 22:13 - 00113171 _____ () E:\Origin\swresample-ttv-0.dll
2015-09-13 14:39 - 2016-02-02 22:13 - 00246332 _____ () E:\Origin\avutil-ttv-51.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2015-09-12 19:45 - 2016-01-06 02:52 - 48387872 _____ () E:\Steam\bin\libcef.dll
2015-09-12 17:06 - 2012-06-25 03:41 - 01198912 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-09-12 19:45 - 2015-09-25 00:56 - 00119208 _____ () E:\Steam\winh264.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)

AlternateDataStreams: C:\Windows\delttsul.exe:$CmdTcID
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\TotalUninstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\unins000.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevManagerCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hpotscl1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hpowiav1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hpzllw71.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kd1394.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LogiDPP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LogiDPPApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lvco1351823.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lvcod64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LVUI64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LVUIRC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6435850.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6435850.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvEncodeAPI64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdagenco6420103.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdap64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFROpenGL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglshim64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvumdshimx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenAL32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnkBstrA.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp02ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp02ci.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp02l.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wrap_oal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevManagerCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LogiDPP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LogiDPPApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lvcodec2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LVUI2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LVUI2RC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvEncodeAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvIFROpenGL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglshim32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvumdshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenAL32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.ex0:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.xtr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SecUPDUtilSvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wrap_oal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xliveinstallhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\CFRMD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hamachi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidkmdf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\lvrs64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\lvuvc64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvhda64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Phosgene.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tap0901t.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdtcp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wachidrouter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wacomrouterfilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wdfcoinstaller01009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\update-Fallout4.bat:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Desktop\blender.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Desktop\uTorrent.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Desktop\uTorrent.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Desktop\wallhaven-160131.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\0001-0130.avi:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\12548932_412695358929144_7278402757297849046_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\18035_Realistic_Fireball_Settings.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\3DCreator_v.3.1.3.14.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\@CUP_Terrains_Complete_v1.0.1.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\@GL5v1.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Advanced-Combat-Environment3-ACE3-version-3.4.2.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\battlelog-web-plugins_2.7.1_162.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\battlelog-web-plugins_2.7.1_162.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Blastcore-A3-Phoenix-Phoenix-Update-12.rar:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\caviar_dreams.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\CeltxSetup-2.9.7.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\CeltxSetup-2.9.7.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\ChromeSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\ChromeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\css_content_addon_dec2015.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\download.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\dsj4v161.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\dsj4v161.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\EDFX2403.zip:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\EDFX2403.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\EliteG19s.Windows.application:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\EliteG19s.Windows.application:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Emily_2_1_OBJ.rar:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\EricJ-Weapons-Pack-version-RC-75.7z:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Esmotki.rar:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\free_wolf_head_lineart_by_blue_rakuen-d8ft7bx.zip:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\free_wolf_head_lineart_by_blue_rakuen-d8ft7bx.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\FRST64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\FRST64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\FRST64(2).exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\FRST64(2).exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\FSS.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\FSS.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\GL5.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Gw2Setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Hearthstone-Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Hearthstone-Setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\images.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\IOGraph_v1_0_1.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\IOGraph_v1_0_1.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\John Williams - Rey's Theme (Audio Only).mp3:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\John Williams - Rey's Theme (Audio Only).mp3:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\jre-8u73-windows-x64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\jre-8u73-windows-x64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\makehuman-1.0.2-win32.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\marker_pen_strokes_ai_brushes_by_fudgegraphics-d2yqams.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\mbar-1.09.3.1001.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\mbar-1.09.3.1001.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\MiniToolBox.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\MiniToolBox.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\mokrsko.odt:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\mokrsko.odt:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\NATO-SF-Russian-Spetsnaz-Weapons-version-111.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\northwood_high.zip:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\northwood_high.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\pcsx2-1.4.0-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\pcsx2-1.4.0-setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Referat #1.odt:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\rhs_afrf_updater.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\rhs_usaf_updater.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\rkill.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\rkill.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\roboto.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\SecurityCheck.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\SecurityCheck.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\SketchUpMake-pl-x64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\SketchUpMake-pl-x64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\SketchUpPro-pl-x64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\SketchUpPro-pl-x64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\soisk_35_profilaktyka_antywirusowa.doc:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\System Plików.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\TFC.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\Umowa_o_Dzielo_2016.doc:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\Downloads\[kat.cr]talisman.digital.edition.multi.5.v.7.03.crack.torrent:$CmdTcID
AlternateDataStreams: C:\Users\Wilczur\Downloads\[kat.cr]talisman.digital.edition.multi.5.v.7.03.crack.torrent:$CmdZnID
AlternateDataStreams: C:\Users\Wilczur\AppData\Roaming\d3dx10.exe:$CmdTcID

==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE - Powiązania (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-2051811701-3595625153-149968726-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Wilczur\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.88.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

(Obecnie brak automatycznej naprawy dla tej sekcji.)


==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [{55D34A60-2791-4664-B0F4-3F82A021C578}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{310E9F2F-B0C1-4969-965B-EB414A2DD829}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7ECE42A5-9D84-4353-AC85-3D0EBD69E007}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{10E75C44-F93A-4197-A57E-2B2473F164F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D49033E2-BE5C-4AEC-8C6F-8BA6B57A5F6B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1939DF32-4F91-40E9-8931-E532023999CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F5EC70CD-5F26-43AC-A924-EAE730A69E9C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EAE85892-7F94-449B-AF68-A8738FAE314F}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{3EDEB4CF-3FE8-4BB3-8558-357EE3A706E3}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{CCB62D7D-63F4-474B-BD51-89F6397DDAF5}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{B04ACC77-30A3-41FC-84C3-7A18D6721C61}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{C93C44C6-70C3-43B3-97EA-050908A613CF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1B9F402D-947A-4886-BA90-5C64645C7305}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{22D662E4-A1C2-477A-A85E-5CA0A3FD365B}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{FA9120E8-26B5-4353-BD0A-1821CB676874}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{2CD3064C-27B6-47FF-8824-4307E22D37CF}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [TCP Query User{F25C0648-C748-4670-9693-023B78E830F2}C:\users\wilczur\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\wilczur\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{72C6B7A4-E348-49DF-B49B-F2317667797C}C:\users\wilczur\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\wilczur\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{DBAD6E40-0778-4F1B-9FB3-9D2734303BA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6FDD814D-8BAB-409E-BFD6-9401A1F5A5F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2DB991AA-3F46-485F-A01D-EE382D4A02B2}] => (Allow) D:\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{85E50E19-13DC-4336-AF09-F0C5074DA6E5}] => (Allow) D:\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{2C517E9B-E0DB-43D2-B904-1531BF6997CF}] => (Allow) D:\Risen 2\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B94F6919-B7A2-4A3D-8A40-C2E76F06F73F}] => (Allow) D:\Risen 2\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3F2BC941-DF20-45E8-B3F9-251F577B7166}] => (Allow) D:\Risen 2\steamapps\common\Close Your Eyes\game.exe
FirewallRules: [{EACA38FD-C1CA-4A53-B0C2-CA6468A56437}] => (Allow) D:\Risen 2\steamapps\common\Close Your Eyes\game.exe
FirewallRules: [{FD03F0D5-1B20-44F2-9F84-61698606B578}] => (Allow) D:\Risen 2\steamapps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{EF185A6D-CF53-46BC-9934-3597FF2DD2D0}] => (Allow) D:\Risen 2\steamapps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{9D897FDA-2971-4F8C-9F38-DA5088AF8278}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
FirewallRules: [{57FC57B2-1E7E-4F81-90F0-93C8C0F32266}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
FirewallRules: [{4CA2C3F8-80B4-4B41-B884-E76999044CC2}] => (Block) %ProgramFiles%\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{E1084D99-652F-4A00-B843-26F44543965A}] => (Block) %ProgramFiles%\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{CC1F2CB4-C790-480B-B09A-5990D4C3C700}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
FirewallRules: [{DA56106A-ED23-4B1D-A164-CDD4A1E27368}] => (Block) %ProgramFiles%\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{078904D7-157A-4E06-BEF2-3E730C6CEDC5}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe
FirewallRules: [{489BE704-EFD5-4A9F-947D-2CC2CA5E0366}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe
FirewallRules: [{AD86DF98-445E-4676-A611-66BDDEA11581}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe
FirewallRules: [{647E43E8-5F3F-411E-83A4-4410F8B609BC}] => (Allow) D:\Risen 2\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{0DB62526-6608-49BF-86AC-A20DD7DC7A02}] => (Allow) D:\Risen 2\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{2E2CE219-4ABE-4CB6-912A-89F10606E8F4}] => (Allow) D:\Risen 2\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{64E4BE4C-A243-417E-B7AC-248220A09915}] => (Allow) D:\Risen 2\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{0E66AB04-0E1C-49AD-949F-4B931AD200C1}] => (Allow) D:\Risen 2\steamapps\common\Unepic\unepic.exe
FirewallRules: [{2422BA33-05B0-41C1-BCA1-5F79AE56CE3B}] => (Allow) D:\Risen 2\steamapps\common\Unepic\unepic.exe
FirewallRules: [{7F6A4DC7-73BE-43BA-9E06-9C08FA26A422}] => (Allow) D:\Risen 2\steamapps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{80F0F16A-944C-4E30-A112-A447CEDB4D9C}] => (Allow) D:\Risen 2\steamapps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{65ED103D-25B1-4FB6-B30C-BE27259497D5}] => (Allow) D:\Risen 2\steamapps\common\Monaco\MONACO.exe
FirewallRules: [{EA24156E-E4CB-42D4-8422-42AEFA03BFE2}] => (Allow) D:\Risen 2\steamapps\common\Monaco\MONACO.exe
FirewallRules: [{B3EAA96C-B4A6-4B71-8937-A9ADF60E4BB2}] => (Allow) D:\Risen 2\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{5C230875-8661-4A8C-8A33-6ED9BD162DAD}] => (Allow) D:\Risen 2\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{C3847866-7717-4173-93FF-575C6196F400}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{8D058E8F-EA5D-4CF1-A69B-17A457C3D6AA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{3A7722D8-48AA-4DA7-96A4-BFE30E4BA268}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC\Adobe Audition CC.exe
FirewallRules: [{947468B8-EEDF-43A6-BB6C-CDFE28856565}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC\Adobe Audition CC.exe
FirewallRules: [{3BC939F6-E6FC-4005-B5F0-0E7679AAD028}] => (Allow) D:\Risen 2\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{5B0F1E73-A027-45D0-9184-4B6D144C4044}] => (Allow) D:\Risen 2\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{FDB08A23-9BE6-450F-B139-A0BF45B87C61}] => (Allow) D:\Risen 2\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{DA76634F-6A0F-41DC-9A96-C222AEEB9BAF}] => (Allow) D:\Risen 2\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{D134BB5B-750D-49F4-9B9C-AADE505EC7E7}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{65AE3988-E9B3-49AB-82C9-3A5C311AACE3}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{2B079AB5-F478-4DD4-A40C-0B9BC3AD9D89}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{554278AA-4208-4F02-B304-DD37F1694830}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{7D25C1D5-76C1-4E44-96D1-444D40329855}] => (Allow) D:\Risen 2\steamapps\common\PapoYo\Binaries\Win32\PYGame-Win32-Shipping.exe
FirewallRules: [{0EB6E8DD-E87A-46B0-8847-951830A04DB0}] => (Allow) D:\Risen 2\steamapps\common\PapoYo\Binaries\Win32\PYGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{AD4C51E3-62ED-4532-820B-84D97AE9D682}D:\risen 2\steamapps\common\arma 3\arma3.exe] => (Block) D:\risen 2\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{542B62FD-7E9C-47DA-B729-7A079CAFB37F}D:\risen 2\steamapps\common\arma 3\arma3.exe] => (Block) D:\risen 2\steamapps\common\arma 3\arma3.exe
FirewallRules: [{0956F11B-52FC-4C50-8500-C699A3FEF9C9}] => (Block) E:\FL Studio 11\FL.exe
FirewallRules: [{DA39E250-E256-40E4-B731-A4D3ADC36838}] => (Block) E:\FL Studio 11\FL.exe
FirewallRules: [TCP Query User{810257B5-233E-400C-9EFF-5D071FC22DA8}D:\risen 2\steamapps\common\happywars\happywars.exe] => (Block) D:\risen 2\steamapps\common\happywars\happywars.exe
FirewallRules: [UDP Query User{A22D1624-AEB2-4460-B536-2A30D1EF7007}D:\risen 2\steamapps\common\happywars\happywars.exe] => (Block) D:\risen 2\steamapps\common\happywars\happywars.exe
FirewallRules: [{39BC496F-C39E-4CBF-B180-03C131EA123B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F0C7B042-D104-4237-A35F-D4417EE5C10A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6C3DD4A5-567E-4F0E-A53A-2B5A2F153B9F}] => (Allow) D:\Risen 2\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{280AC81B-D538-4B7A-9080-A1AD1E9BDC51}] => (Allow) D:\Risen 2\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [TCP Query User{78BBB809-F8A2-44EF-B0D5-AA3F0139B8FF}D:\fallout 4 gra\fallout 4\fallout4.exe] => (Block) D:\fallout 4 gra\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{8F19B64A-56F8-4FC6-9248-05A1081C41D2}D:\fallout 4 gra\fallout 4\fallout4.exe] => (Block) D:\fallout 4 gra\fallout 4\fallout4.exe
FirewallRules: [{C706D21B-9DEA-4753-9135-8FD23266CF45}] => (Allow) D:\Risen 2\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{3A0B4E50-F029-4FC5-B493-B8957AACDE4B}] => (Allow) D:\Risen 2\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [TCP Query User{F98EE2E6-1AEB-4988-B5C6-4AA579BCEDD8}E:\power-grid\roccatpowergrid.exe] => (Allow) E:\power-grid\roccatpowergrid.exe
FirewallRules: [UDP Query User{A41B4713-E45B-43AB-A3D8-BB764E6D073B}E:\power-grid\roccatpowergrid.exe] => (Allow) E:\power-grid\roccatpowergrid.exe
FirewallRules: [{BF47E34F-FEE3-433E-AE5B-FDB2694BF3A5}] => (Allow) E:\Power-Grid\ROCCATPowerGrid.exe
FirewallRules: [{848209C3-898E-4775-AD25-6C91CB5F01D8}] => (Allow) E:\Power-Grid\ROCCATPowerGrid.exe
FirewallRules: [{4E05DEE9-7803-4AB5-9B27-1C65BE1B7CB4}] => (Allow) D:\Risen 2\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{30370AF9-71A6-4A06-BB5B-FFD1A0ECF6AD}] => (Allow) D:\Risen 2\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [TCP Query User{22700EEA-5B3F-466A-A55E-7B9B601E0453}D:\risen 2\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\risen 2\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [UDP Query User{DD8D0D17-F16F-4EB2-BEEA-CF53E6FBFB67}D:\risen 2\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\risen 2\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [{A67412F7-4167-4D97-8216-9D7E188F9090}] => (Allow) D:\Risen 2\steamapps\common\FaceRig\Bin\Launcher.exe
FirewallRules: [{E67801A6-0ED3-477E-A1A9-639DC58EA9EF}] => (Allow) D:\Risen 2\steamapps\common\FaceRig\Bin\Launcher.exe
FirewallRules: [{6F179649-DB95-4065-A66B-3B68D7DF4F46}] => (Allow) D:\Risen 2\steamapps\common\FaceRig\Bin\FaceRig.exe
FirewallRules: [{4390FBAA-67CD-476C-9670-47E13A3F65F3}] => (Allow) D:\Risen 2\steamapps\common\FaceRig\Bin\FaceRig.exe
FirewallRules: [{F8B206B0-574B-41F0-BA2D-71499981949F}] => (Allow) D:\Risen 2\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{9202CCBC-BC6B-465F-946C-6D81F70173A4}] => (Allow) D:\Risen 2\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{61640212-611B-4EAB-B937-699CF638E6C6}] => (Allow) D:\Rayman Origins\Rayman Origins.exe
FirewallRules: [{3068BEA9-452F-4C2E-8C27-585ED671F9C5}] => (Allow) D:\Rayman Origins\Rayman Origins.exe
FirewallRules: [{21DF14E1-1CDB-4EC0-9EDA-7D246C8BA224}] => (Allow) D:\Rayman Origins\gu.exe
FirewallRules: [{A7BEEFBD-BD99-4CC3-879D-1785403AF6EA}] => (Allow) D:\Rayman Origins\gu.exe
FirewallRules: [TCP Query User{5AD5EFC7-FBB7-4543-A57E-7ECF92555C0A}D:\don't starve together\don't starve together beta\don't starve together\bin\dontstarve_steam.exe] => (Allow) D:\don't starve together\don't starve together beta\don't starve together\bin\dontstarve_steam.exe
FirewallRules: [UDP Query User{70910B60-801B-4256-867E-813E2F862A3B}D:\don't starve together\don't starve together beta\don't starve together\bin\dontstarve_steam.exe] => (Allow) D:\don't starve together\don't starve together beta\don't starve together\bin\dontstarve_steam.exe
FirewallRules: [{F419A831-22D6-4FD5-A461-69AC2F236380}] => (Block) D:\don't starve together\don't starve together beta\don't starve together\bin\dontstarve_steam.exe
FirewallRules: [{6E3708AD-AC23-4080-A839-B4567B018BFC}] => (Block) D:\don't starve together\don't starve together beta\don't starve together\bin\dontstarve_steam.exe
FirewallRules: [{449B6BF9-FEB1-4427-9585-FE48AA4CC0E5}] => (Allow) D:\Risen 2\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{5D9BB601-05BF-4CAA-9606-11B1AD4963D3}] => (Allow) D:\Risen 2\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [TCP Query User{51EBB725-1BA1-436E-88A3-4C6D9A0EEEA2}D:\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) D:\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{78A39CDC-6E9F-48A6-A725-46BA8DA0140D}D:\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) D:\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{41CFC122-ADAC-467A-BB2F-1C0657F686D4}] => (Allow) D:\Risen 2\steamapps\common\Talisman Prologue\Talisman.exe
FirewallRules: [{32ACCCDF-EA88-4C30-AA7B-C37E6DF20ADC}] => (Allow) D:\Risen 2\steamapps\common\Talisman Prologue\Talisman.exe
FirewallRules: [{2BD62EF8-1283-414A-95E5-D8EC16BBFA89}] => (Allow) D:\Risen 2\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{8450BACF-674C-4362-AE2F-CFB5E8DD0A79}] => (Allow) D:\Risen 2\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{F3975519-726C-4624-B6A8-A6CF826B9055}D:\risen 2\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Block) D:\risen 2\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [UDP Query User{3EEE47AA-CC70-4A53-902D-ABBC4468BBAF}D:\risen 2\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Block) D:\risen 2\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [{16E09615-A5F5-439F-8474-934D944B29E5}] => (Allow) D:\Risen 2\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{0FA00D06-43FD-45A7-90E7-014A5DF5774E}] => (Allow) D:\Risen 2\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{C891F9CE-579F-4D68-A512-48DD49D52065}D:\risen 2\steamapps\common\dayz\dayz.exe] => (Block) D:\risen 2\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{79A383B3-4136-4F7C-9C25-45D1CB39D4C6}D:\risen 2\steamapps\common\dayz\dayz.exe] => (Block) D:\risen 2\steamapps\common\dayz\dayz.exe
FirewallRules: [{CCBF7729-018F-4674-8298-B813C34302D6}] => (Allow) D:\Risen 2\steamapps\common\Pool Nation FX\PoolNationFX\Binaries\Win64\PoolNationFX.exe
FirewallRules: [{7E586E29-9EB5-47CC-ADE1-6833D8F43D65}] => (Allow) D:\Risen 2\steamapps\common\Pool Nation FX\PoolNationFX\Binaries\Win64\PoolNationFX.exe
FirewallRules: [{5714D1EA-9ED5-402F-8DE4-806097051988}] => (Allow) D:\Risen 2\steamapps\common\DCSWorld\Run.exe
FirewallRules: [{B0D7C9EF-D5BF-4A1B-9F7A-538D9129A70F}] => (Allow) D:\Risen 2\steamapps\common\DCSWorld\Run.exe
FirewallRules: [{03AB176D-249A-44D9-86EE-873512F32165}] => (Allow) E:\Tunngle\TnglCtrl.exe
FirewallRules: [{EF6E0619-27F6-49DC-AB12-B29E20E1CEC6}] => (Allow) E:\Tunngle\TnglCtrl.exe
FirewallRules: [{1938E287-EE0A-4342-8B1C-A85F0BADFE9F}] => (Allow) E:\Tunngle\TnglCtrl.exe
FirewallRules: [{762B442F-6CAB-474E-A561-E8E9480B49F4}] => (Allow) E:\Tunngle\TnglCtrl.exe
FirewallRules: [{C3664A2C-5D65-430F-A7D7-3430440E342B}] => (Allow) E:\Tunngle\Tunngle.exe
FirewallRules: [{AFFBD68C-C699-4825-86AE-52B9A74D5910}] => (Allow) E:\Tunngle\Tunngle.exe
FirewallRules: [{23B4898E-93AA-4A10-AA79-1BDA2210EB7A}] => (Allow) E:\Tunngle\Tunngle.exe
FirewallRules: [{3F9F358F-D4F8-4233-B3D2-15A4D3232C58}] => (Allow) E:\Tunngle\Tunngle.exe
FirewallRules: [{54157826-9133-424B-8C56-9CA3A289A3BA}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{3B7B8D8E-7D56-4EF4-866D-3E3B8A58ACC3}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{2C434F29-2509-4A44-9C23-90F61A15417E}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x86\PA.exe
FirewallRules: [{F60C0439-3C84-4F3E-8F96-339AA0F966C7}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x86\PA.exe
FirewallRules: [{091A5BC0-7C69-4058-A157-E794D25DF4F7}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe
FirewallRules: [{A3908D5F-0BD5-497B-82B1-6EF35D11E502}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe
FirewallRules: [{E3B36493-FA14-4DB9-B76F-979DBAC3D1DD}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{D59FEAE8-AD20-42D5-8D77-F141C5D39682}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{3ACBC4FB-909E-4BD2-ABAC-C818F8B7F784}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe
FirewallRules: [{098AA81A-7FCB-4D9A-A300-877E6901E040}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe
FirewallRules: [{6CE7E9A8-E84D-4D6C-A39C-93DC9BC9DF3A}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{C3178F59-7CB7-4A32-B01E-CCF9C1FA37B5}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{5D5EFE85-BFC6-456C-9872-CE04F21268D8}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\server.exe
FirewallRules: [{16FDB5DB-4E6C-4F0D-827F-D6C563265894}] => (Allow) D:\Risen 2\steamapps\common\Planetary Annihilation\bin_x64\server.exe
FirewallRules: [{52D70E32-8153-420C-9C4A-B6442A14EB4C}] => (Allow) D:\Risen 2\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{9A33ABE0-8431-47E9-91AA-75192BCC57EF}] => (Allow) D:\Risen 2\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{B437CD2A-157A-4041-8D8A-CAD61BEE2C9A}] => (Allow) D:\Risen 2\steamapps\common\The Universim Demo\The Universim Mother Planet Demo.exe
FirewallRules: [{29691847-1F36-4E62-8D49-E5FB65C20EF2}] => (Allow) D:\Risen 2\steamapps\common\The Universim Demo\The Universim Mother Planet Demo.exe
FirewallRules: [{75C9D895-4603-4D3E-9FDF-C9CC9222F529}] => (Allow) D:\Risen 2\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{EA452BEA-FA1E-4C3A-B72C-2752842DA12B}] => (Allow) D:\Risen 2\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [TCP Query User{8610FB10-CA4A-4E16-ACAB-F11A825C31C9}D:\risen 2\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\risen 2\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{D3C35DA8-0F8C-48DA-A6F7-DD16B44031FC}D:\risen 2\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\risen 2\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{8DCE5ED5-9629-4B31-8A31-350C714F2C18}] => (Allow) D:\Risen 2\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
FirewallRules: [{63CB0948-7770-4FCE-8ACC-B209753C6EF6}] => (Allow) D:\Risen 2\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
FirewallRules: [{0B1EC5BE-4C1A-449D-8370-F9F84D62976A}] => (Allow) D:\Risen 2\steamapps\common\Vertiginous Golf\vgolf.exe
FirewallRules: [{71336EAC-DD63-4009-96B4-497032FE81D4}] => (Allow) D:\Risen 2\steamapps\common\Vertiginous Golf\vgolf.exe
FirewallRules: [{5E6A6F7E-056A-4505-B194-97DA39DC05A1}] => (Allow) D:\Risen 2\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{6C2EEB4B-8BD0-4805-A5C3-993C8408C62B}] => (Allow) D:\Risen 2\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [TCP Query User{5E80F3E6-74D4-41EF-A05A-AB50A5B1409B}D:\hearthstone\hearthstone.exe] => (Block) D:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{8157B330-25C7-471E-A641-D93B06277BF9}D:\hearthstone\hearthstone.exe] => (Block) D:\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{4B61161A-91AC-4EDD-9DBD-C3FDCB675DDD}D:\risen 2\steamapps\common\consortium\consortium.exe] => (Allow) D:\risen 2\steamapps\common\consortium\consortium.exe
FirewallRules: [UDP Query User{4673ECA3-5FBF-431A-92E7-62D6B72C4FEB}D:\risen 2\steamapps\common\consortium\consortium.exe] => (Allow) D:\risen 2\steamapps\common\consortium\consortium.exe
FirewallRules: [TCP Query User{3E4BDC55-F8CB-44A0-92F8-849BAA21A37E}D:\wolfenstain the new order\wolfenstein_the_new_order-gameworks\wolfenstein.the.new.order\wolfneworder_x64.exe] => (Block) D:\wolfenstain the new order\wolfenstein_the_new_order-gameworks\wolfenstein.the.new.order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{D1AE40C1-F353-4CDF-86A1-FA1D5AFEDAA0}D:\wolfenstain the new order\wolfenstein_the_new_order-gameworks\wolfenstein.the.new.order\wolfneworder_x64.exe] => (Block) D:\wolfenstain the new order\wolfenstein_the_new_order-gameworks\wolfenstein.the.new.order\wolfneworder_x64.exe
FirewallRules: [{F9F8F43D-0777-4D5C-A1DC-89B2702AC8CF}] => (Allow) D:\Risen 2\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{F971D15C-593C-4FC0-A8FD-E2CF4E94EE5E}] => (Allow) D:\Risen 2\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{206AA8B4-2E9E-4CA2-B5D1-28F09CC466B6}] => (Allow) D:\Risen 2\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{3357C81D-4C07-4A82-BF27-B92C41996B3F}] => (Allow) D:\Risen 2\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [TCP Query User{F612A646-29FD-4A1F-9696-3182853C09BE}D:\risen 2\steamapps\common\this war of mine\modtools.exe] => (Allow) D:\risen 2\steamapps\common\this war of mine\modtools.exe
FirewallRules: [UDP Query User{D2B814F8-1341-4961-A473-19C31845F4D1}D:\risen 2\steamapps\common\this war of mine\modtools.exe] => (Allow) D:\risen 2\steamapps\common\this war of mine\modtools.exe
FirewallRules: [{75D3DB46-55AA-44A9-B6E0-CF70126B2DAF}] => (Allow) D:\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{9DCCE4BB-1EA8-4F02-B575-5349F0568648}] => (Allow) D:\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{DFACBFBB-DA02-45FD-B6E1-8D75EFAD5B8D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5D9093C5-A8B1-43DF-95D6-183C231E2B89}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{3DE681B3-01DC-40B1-8BF7-63626539C383}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C5FEE765-3366-4563-A793-3F6B25B5D6EE}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{D6B56615-9CAE-4D8E-8EE6-41B43F790F3A}] => (Allow) D:\Risen 2\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{BCD628ED-41A0-4B53-8743-DBBD29C4F7F5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1E5A498E-B337-48CA-B4D3-DA5521B29A23}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{33BE5216-014A-4243-B1B9-75D468E076DA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D6936322-83FD-45DC-AB26-ABCCF3170871}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B43FA229-BA1F-4BEE-A38D-CDFF69BEBBA8}] => (Allow) E:\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{394B5FB8-0B7F-4D94-85F9-A93ED2CC5063}] => (Allow) E:\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{B26452D0-A71C-478C-85F9-F64499C83FC3}] => (Allow) E:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{DC5BD595-D86D-4B79-A480-F27A75E8D900}] => (Allow) E:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{83FE2549-F2F2-4FC4-8B3B-6AE2ED911CB3}E:\origin games\battlefield 4\bf4.exe] => (Allow) E:\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{5F89505C-C5AF-4631-991F-8C5CD814677C}E:\origin games\battlefield 4\bf4.exe] => (Allow) E:\origin games\battlefield 4\bf4.exe
FirewallRules: [{BBD5E502-F9B0-41C6-ADAD-94EACC8756EA}] => (Allow) D:\DarkSouls\DARKSOULS.exe

==================== Punkty Przywracania systemu =========================

14-02-2016 13:44:03 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506
14-02-2016 13:44:13 Windows Update
16-02-2016 21:15:06 Zainstalowany program DirectX
16-02-2016 21:16:18 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
16-02-2016 21:16:24 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
17-02-2016 22:03:33 Zainstalowany program DirectX
17-02-2016 22:04:52 Zainstalowany program DirectX

==================== Wadliwe urządzenia w Menedżerze urządzeń =============


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (02/17/2016 07:44:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program firefox.exe w wersji 44.0.2.5884 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 14f0

Godzina rozpoczęcia: 01d1699a03b4a414

Godzina zakończenia: 146

Ścieżka aplikacji: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Identyfikator raportu: 706ac82b-d5a6-11e5-a29c-d43d7e4b0421

Error: (02/17/2016 04:42:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TS3.exe w wersji 0.2.0.32 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: d60

Godzina rozpoczęcia: 01d169975d541348

Godzina zakończenia: 143

Ścieżka aplikacji: D:\Origin Games\The Sims 3\Game\Bin\TS3.exe

Identyfikator raportu:

Error: (02/17/2016 12:13:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2016 12:11:52 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize   Net Detect:  Error Loading PROSet Library Error=0x2\n

Error: (02/17/2016 12:30:26 AM) (Source: MsiInstaller) (EventID: 1024) (User: Wilczur-komp)
Description: Produkt: Adobe Acrobat Reader DC - Polish - nie można zainstalować aktualizacji '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}'. Kod błędu 1625. Instalator Windows może tworzyć dzienniki, aby ułatwić rozwiązywanie problemów z instalowaniem pakietów oprogramowania. Użyj następującego łącza, aby uzyskać instrukcje dotyczące włączania obsługi rejestrowania: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (02/16/2016 10:06:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program bf4.exe w wersji 1.7.2.45672 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 1630

Godzina rozpoczęcia: 01d168fc42193513

Godzina zakończenia: 484

Ścieżka aplikacji: E:\Origin Games\Battlefield 4\bf4.exe

Identyfikator raportu:

Error: (02/16/2016 07:31:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Talisman.exe w wersji 1.0.0.1 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: d7c

Godzina rozpoczęcia: 01d168e82296139b

Godzina zakończenia: 0

Ścieżka aplikacji: D:\Talisman Digital Edition\Talisman.Digital.Edition.Multi.5.v.7.03 + Crack\Talisman\Talisman.exe

Identyfikator raportu:

Error: (02/16/2016 03:20:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: ProductUpdater.exe, wersja: 1.0.1.0, sygnatura czasowa: 0x55e6175b
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.19135, sygnatura czasowa: 0x56a1c79e
Kod wyjątku: 0xe0434352
Przesunięcie błędu: 0x0000c52f
Identyfikator procesu powodującego błąd: 0xc18
Godzina uruchomienia aplikacji powodującej błąd: 0xProductUpdater.exe0
Ścieżka aplikacji powodującej błąd: ProductUpdater.exe1
Ścieżka modułu powodującego błąd: ProductUpdater.exe2
Identyfikator raportu: ProductUpdater.exe3

Error: (02/16/2016 03:20:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikacja: ProductUpdater.exe
Wersja architektury: v4.0.30319
Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
Informacje o wyjątku: System.OutOfMemoryException
Stos:
   w MS.Win32.Penimc.IPimcManager.GetTabletCount(UInt32 ByRef)
   w System.Windows.Input.PenThreadWorker+WorkerOperationGetTabletsInfo.OnDoWork()
   w System.Windows.Input.PenThreadWorker+WorkerOperation.DoWork()
   w System.Windows.Input.PenThreadWorker.ThreadProc()
   w System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   w System.Threading.ThreadHelper.ThreadStart()

Error: (02/16/2016 01:49:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Dziennik System:
=============
Error: (02/17/2016 11:46:50 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/17/2016 11:46:50 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/17/2016 11:46:50 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/17/2016 11:46:50 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/17/2016 11:46:50 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/17/2016 11:46:50 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/17/2016 11:46:50 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/17/2016 11:46:50 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/17/2016 10:23:31 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error: (02/17/2016 10:11:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.


CodeIntegrity:
===================================
  Date: 2015-09-14 23:34:57.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:33:35.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:26:04.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:25:50.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:25:40.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:10:02.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:09:22.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:08:09.844
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:07:56.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-14 23:05:02.680
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.


==================== Statystyki pamięci ===========================

Procesor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Procent pamięci w użyciu: 45%
Całkowita pamięć fizyczna: 8136.55 MB
Dostępna pamięć fizyczna: 4412.23 MB
Całkowita pamięć wirtualna: 16271.3 MB
Dostępna pamięć wirtualna: 10726.88 MB

==================== Dyski ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:35.65 GB) NTFS
Drive d: (Gry) (Fixed) (Total:465.69 GB) (Free:7.26 GB) NTFS
Drive e: (Programy) (Fixed) (Total:465.82 GB) (Free:286.45 GB) NTFS
Drive g: (Darksoul PTD) (CDROM) (Total:3.74 GB) (Free:0 GB) UDF

==================== MBR & Tablica partycji ==================

==================== Koniec  Addition.txt ============================



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 AM

Posted 18 February 2016 - 08:45 AM


This file hjyd.sys recently created is suspicious.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

U0 hvoeaprd; C:\Windows\System32\drivers\hjyd.sys [79064 2016-02-17] (Malwarebytes)
C:\Windows\System32\drivers\hjyd.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Lets check further.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please let me know what problem persists with this computer.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 AM

Posted 24 February 2016 - 08:23 AM

Are you still with me?

#10 Wilczur2142

Wilczur2142
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 26 February 2016 - 05:42 PM

Yes! I'm so sorry that I haven't write anything but here are the logs:

 

FRST log

 

Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:17-02-2016
Uruchomiony przez Wilczur (2016-02-26 23:22:44) Run:2
Uruchomiony z E:\FRST
Załadowane profile: Wilczur (Dostępne profile: Wilczur)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

U0 hvoeaprd; C:\Windows\System32\drivers\hjyd.sys [79064 2016-02-17] (Malwarebytes)
C:\Windows\System32\drivers\hjyd.sys

End
*****************

Punkt przywracania został pomyślnie utworzony.
Procesy zostały pomyślnie zamknięte.
hvoeaprd => serwis nie znaleziono.
"C:\Windows\System32\drivers\hjyd.sys" => nie znaleziono.
EmptyTemp: => 694.9 MB danych tymczasowych Usunięto.


System wymagał restartu.

==== Koniec  Fixlog 23:22:55 ====

 

 

Rouge killer raport:

 

RogueKiller V11.0.13.0 [Feb 22 2016] (Free) od Adlice Software
Kontakt : http://www.adlice.com/contact/
Forum : http://forum.adlice.com
Strona internetowa : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

System operacyjny : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Tryb rozruchu : Tryb normalny
Użytkownik : Wilczur [Administrator]
Lokalizacja programu : E:\RougeKiller\RogueKiller.exe
Tryb : Usuwanie -- Data : 02/26/2016 23:37:03

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Rejestr : 0 ¤¤¤

¤¤¤ Zaplanowane zadania : 1 ¤¤¤
[Suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] \IntelMemoryDiagnostic -- "C:\Users\Wilczur\AppData\Roaming\d3dx10.exe" -> Usunięto

¤¤¤ Pliki : 2 ¤¤¤
[Hidden.ADS][Strumień] C:\Windows\System32\dnsapi.dll:$CmdTcID -> ERROR [5]
[Hidden.ADS][Strumień] C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID -> ERROR [5]

¤¤¤ Plik hosts : 0 ¤¤¤

¤¤¤ Rootkity : 0 (Driver: Nie załadowano [0xc000036b]) ¤¤¤

¤¤¤ Przeglądarki : 0 ¤¤¤

¤¤¤ Weryfikacja MBR : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A120G ATA Device +++++
--- User ---
[MBR] 112d19572b56428bb065bb56dfcf9c5a
[BSP] e35c1db21db3ad5e365f619714b7fa71 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10EZEX-00KUWA0 ATA Device +++++
--- User ---
[MBR] dfd4a55211770ef17c83830a2e5d6f45
[BSP] 5950afa0daf1d43eed64ec44813a9370 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476869 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 976629760 | Size: 476998 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 AM

Posted 27 February 2016 - 08:13 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#12 Wilczur2142

Wilczur2142
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 28 February 2016 - 10:03 AM

And what about a broken chrome? I reinstalled it and it's still not working.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 AM

Posted 28 February 2016 - 11:03 AM


I suggest your remove it and reinstall the browser.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

#14 Wilczur2142

Wilczur2142
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 28 February 2016 - 11:47 AM

I have reinstalled it and nothing changed

 

Here is a screen and error

 

PYOSDti.png

 

iDfFHDg.png


Edited by Wilczur2142, 28 February 2016 - 11:51 AM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 AM

Posted 28 February 2016 - 02:59 PM

I cannot translate the image text with Google.

Can you do it please.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users