Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacker cse.google.com $$$$$.tmp.exe


  • This topic is locked This topic is locked
7 replies to this topic

#1 Onioon

Onioon

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 26 December 2016 - 10:56 AM

After 2 days of fight using Malwarebytes, ESET and HitmanPro I come to naught. I have try almost everything, looked at hosts file, checked lan proxy settings but it's still redirecting my every google query to cse.google.com, and the $$$$$.tmp.exe ($ - random char.) process still regenerating. I'll be very glad if somebody can help me. FRST logs in attachments.Attached File  Addition.txt   66.93KB   3 downloads

Attached File  FRST.txt   68.81KB   5 downloads
 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 27 December 2016 - 08:51 PM

Greetings Onioon and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like to get the FRST reports in English so that it is easier for me to review. Please right click on the FRST icon, select Rename, and rename it to FRSTenglish or FRST64english depending on which version you are using. Please copy and paste both documents in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Onioon

Onioon
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 28 December 2016 - 03:11 PM

Thank you Gary, here's my FRST logs in english. I thought about it but I don't know how to change it before :D
 
Attached File  FRST.txt   66.66KB   1 downloads
Attached File  Addition.txt   68.97KB   1 downloads

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Web (administrator) on CEBULA (28-12-2016 21:08:01)
Running from C:\Users\Web\Downloads
Loaded Profiles: Web (Available Profiles: Ddarkyo & Web)
Platform: Windows 8.1 (Update) (X64) Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(The Within Network, LLC) C:\Windows\unsignedthemes.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(OSBASE) C:\Windows\System32\ddmgr.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
() C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Windows\Temp\gB0F9.tmp.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(BitTorrent Inc.) C:\Users\Web\AppData\Roaming\uTorrent\uTorrent.exe
(LogMeIn, Inc) C:\Users\Web\AppData\Local\join.me.launcher\join.me.launcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Curse, Inc) C:\Users\Web\AppData\Roaming\Curse Client\Bin\Curse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mega Limited) C:\Users\Web\AppData\Local\MEGAsync\MEGAsync.exe
(BitTorrent Inc.) C:\Users\Web\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(BitTorrent Inc.) C:\Users\Web\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Duet, Inc.) C:\Program Files\Kairos\Duet Display\duet.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Curse, Inc.) C:\Users\Web\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Curse, Inc.) C:\Users\Web\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Curse, Inc.) C:\Users\Web\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Curse, Inc.) C:\Users\Web\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Web\Downloads\FRST64english.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074600 2016-08-28] (The Eraser Project)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-05-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
HKLM-x32\...\Run: [UXTheme Launcher] => C:\Program Files (x86)\UXTheme Multi-Patcher\themeengine.exe [239870 2015-03-06] (Windows X)
HKLM-x32\...\Run: [Duet Display] => C:\Program Files\Kairos\Duet Display\duet.exe [1853040 2016-09-07] (Duet, Inc.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-09-28] (Razer Inc.)
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\Run: [uTorrent] => C:\Users\Web\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2016-12-21] (BitTorrent Inc.)
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\Run: [join.me.launcher] => C:\Users\Web\AppData\Local\join.me.launcher\join.me.launcher.exe [176560 2015-10-27] (LogMeIn, Inc)
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {3841a2c9-ca2a-11e6-beaa-d43d7ec000b6} - "V:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {92ef93af-c303-11e6-bea2-d43d7ec000b6} - "W:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {92ef9409-c303-11e6-bea2-d43d7ec000b6} - "X:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {92ef9543-c303-11e6-bea2-d43d7ec000b6} - "V:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {b274c52d-c784-11e6-bea4-d43d7ec000b6} - "V:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {b274c531-c784-11e6-bea4-d43d7ec000b6} - "V:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {b274c69a-c784-11e6-bea4-d43d7ec000b6} - "W:\SETUP.EXE"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {d46c4ab6-bcc0-11e6-bea2-d43d7ec000b6} - "V:\setup_legend_of_grimrock_1.1.4.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {d46c5e4e-bcc0-11e6-bea2-d43d7ec000b6} - "V:\setup.exe"
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Web\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Web\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Web\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Web\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Web\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Web\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Asystent menedżera zawartości dla PlayStation®.lnk [2016-08-29]
ShortcutTarget: Asystent menedżera zawartości dla PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\Ddarkyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-08-17]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Web\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Ddarkyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2016-09-01]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
Startup: C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-12-13]
ShortcutTarget: Curse.lnk -> C:\Users\Web\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-12-09]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Web\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D11D0B90-3E67-47ED-99DF-20AA7F7FC91D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-29] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-29] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-05-31] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-11-24] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-05-31] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default [2016-12-28]
CHR Extension: (Prezentacje Google) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-08]
CHR Extension: (Dokumenty Google) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-08]
CHR Extension: (Dysk Google) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-08]
CHR Extension: (YouTube) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-08]
CHR Extension: (Adblock dla serwisu Youtube™) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-12-09]
CHR Extension: (Arkusze Google) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-12-08]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-08]
CHR Extension: (Gmail) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACTION_SVC; C:\Program Files (x86)\Mirillis\Action!\action_svc.exe [16064 2014-10-25] ()
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-05-31] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
R2 ddmgr; C:\WINDOWS\system32\ddmgr.exe [1668256 2016-09-05] (OSBASE)
S3 DuetUpdater; C:\Program Files\Kairos\Duet Display\DuetUpdater.exe [734320 2016-09-07] (Kairos)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2016-12-14] (ESET)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2016-11-05] (Echobit LLC)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-12-25] (SurfRight B.V.)
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [19552 2015-12-15] (Olof Lagerkvist)
S4 ManyCam Service; C:\ProgramData\ManyCam\Service\service.exe [77528 2015-12-15] (Visicom Media Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-12-05] (Native Instruments GmbH) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S4 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-11-05] (Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-11-05] (Electronic Arts)
S4 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-11-06] ()
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
R2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [File not signed]
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-09-28] (Razer Inc.)
R2 UnsignedThemes; C:\WINDOWS\unsignedthemes.exe [13824 2013-09-23] (The Within Network, LLC) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-08-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-08-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AWEAlloc; C:\WINDOWS\system32\DRIVERS\awealloc.sys [21048 2015-12-15] (Olof Lagerkvist)
S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Partition Manager 12 Home Special Edition\program\BioNTDrv.SYS [19792 2013-02-26] (Paragon Software GmbH)
R4 ddkmd; C:\WINDOWS\system32\drivers\ddkmd.sys [273280 2016-09-05] (OSBASE)
R0 ddkmdldr; C:\WINDOWS\System32\drivers\ddkmdldr.sys [29568 2016-09-05] (OSBASE)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2016-12-13] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106768 2016-12-13] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-12-13] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2016-12-13] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [49672 2016-12-13] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [77616 2016-12-13] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [96856 2016-12-13] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R3 EvolveVirtualAdapter; C:\WINDOWS\system32\DRIVERS\evolve.sys [21656 2016-11-05] (Echobit, LLC)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2016-12-28] ()
R2 ImDisk; C:\WINDOWS\system32\DRIVERS\imdisk.sys [48704 2015-12-15] (Olof Lagerkvist)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2014-06-29] (hxxp://libusb-win32.sourceforge.net)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47928 2016-08-29] (hxxp://libusb-win32.sourceforge.net)
R3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [49272 2014-12-29] (Visicom Media Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2016-12-25] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2016-12-28] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-28] (Malwarebytes)
R3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (Visicom Media Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 usbbus; C:\WINDOWS\System32\drivers\lgx64bus.sys [17920 2011-02-14] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\system32\DRIVERS\lgx64diag.sys [28160 2011-02-14] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\system32\DRIVERS\lgx64modem.sys [34816 2011-02-14] (LG Electronics Inc.)
R2 uxstyle; C:\WINDOWS\system32\Drivers\uxstyle.sys [31440 2013-09-23] (The Within Network, LLC)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [437160 2016-08-27] (IDRIX)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2016-08-13] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2016-08-28] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2016-08-28] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2016-08-28] (Microsoft Corporation)
R3 gkernel; \??\C:\Users\Web\AppData\Local\Temp\gkernel.sys [X]
S3 HWiNFO32; \??\C:\Users\Ddarkyo\AppData\Local\Temp\HWiNFO64A.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-28 21:05 - 2016-12-28 21:05 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-12-27 11:45 - 2016-12-28 21:05 - 00003476 _____ C:\WINDOWS\System32\Tasks\Garena+ Plugin Host Service
2016-12-26 20:40 - 2016-12-26 20:40 - 00002312 _____ C:\Users\Public\Desktop\The Sims™ 3 Wymarzone Podróże.lnk
2016-12-26 20:37 - 2016-12-26 20:37 - 00002256 _____ C:\Users\Public\Desktop\The Sims™ 3 Rajska Wyspa.lnk
2016-12-26 20:36 - 2016-12-26 20:36 - 00002292 _____ C:\Users\Public\Desktop\The Sims™ 3 Film - Akcesoria.lnk
2016-12-26 18:09 - 2016-12-26 18:09 - 00002300 _____ C:\Users\Public\Desktop\The Sims™ 3 Zostań gwiazdą.lnk
2016-12-26 16:25 - 2016-12-26 16:25 - 00000000 ____D C:\Users\Web\Downloads\Autoruns
2016-12-26 16:24 - 2016-12-26 16:24 - 01304400 _____ C:\Users\Web\Downloads\Autoruns.zip
2016-12-26 16:15 - 2016-12-26 16:46 - 00068533 _____ C:\Users\Web\Downloads\Addition.txt
2016-12-26 16:14 - 2016-12-28 21:08 - 00027480 _____ C:\Users\Web\Downloads\FRST.txt
2016-12-26 16:14 - 2016-12-28 21:08 - 00000000 ____D C:\FRST
2016-12-26 16:14 - 2016-12-26 16:14 - 02420736 _____ (Farbar) C:\Users\Web\Downloads\FRST64english.exe
2016-12-26 11:52 - 2016-12-28 21:06 - 00000000 ____D C:\Users\Web\AppData\LocalLow\uTorrent
2016-12-26 01:23 - 2016-12-26 01:23 - 00000000 ____D C:\Users\Web\AppData\Roaming\Thunderbird
2016-12-26 01:23 - 2016-12-26 01:23 - 00000000 ____D C:\Users\Web\AppData\Local\Thunderbird
2016-12-25 23:39 - 2016-12-26 16:43 - 00000000 ___HD C:\ProgramData\936q338c541g343
2016-12-25 23:39 - 2016-12-26 12:17 - 00016708 _____ C:\WINDOWS\System32\Tasks\936q338c541g343
2016-12-25 23:32 - 2016-12-25 23:32 - 00000000 ____D C:\Users\Web\AppData\Local\ESET
2016-12-25 23:29 - 2016-12-25 23:29 - 00002043 _____ C:\Users\Public\Desktop\Ochrona bankowości internetowej.lnk
2016-12-25 23:29 - 2016-12-25 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-12-25 23:29 - 2016-12-25 23:29 - 00000000 ____D C:\ProgramData\ESET
2016-12-25 23:29 - 2016-12-25 23:29 - 00000000 ____D C:\Program Files\ESET
2016-12-25 23:25 - 2016-12-25 23:26 - 03137664 _____ (ESET) C:\Users\Web\Downloads\eset_smart_security_live_installer.exe
2016-12-25 22:20 - 2016-12-25 22:20 - 00002114 _____ C:\Users\Public\Desktop\The Sims™ 3.lnk
2016-12-25 22:20 - 2016-12-25 22:20 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2016-12-25 22:16 - 2016-12-26 20:38 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2016-12-25 22:07 - 2016-12-25 22:07 - 00000000 ____D C:\Users\Web\Documents\Simply Super Software
2016-12-25 22:01 - 2016-12-25 22:01 - 00419728 _____ C:\WINDOWS\Minidump\122516-31125-01.dmp
2016-12-25 21:58 - 2016-12-25 21:58 - 00004168 _____ C:\WINDOWS\system32\.crusader
2016-12-25 21:23 - 2016-12-25 21:23 - 00001951 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-12-25 21:23 - 2016-12-25 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-12-25 21:23 - 2016-12-25 21:23 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-25 21:22 - 2016-12-25 21:58 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-25 21:19 - 2016-12-25 21:19 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-12-25 21:16 - 2016-12-25 21:19 - 00935406 _____ C:\TDSSKiller.3.1.0.12_25.12.2016_21.16.56_log.txt
2016-12-25 21:14 - 2016-12-25 21:15 - 00235990 _____ C:\TDSSKiller.3.1.0.12_25.12.2016_21.14.17_log.txt
2016-12-25 21:08 - 2016-12-25 21:08 - 00388608 _____ (Trend Micro Inc.) C:\Users\Web\Downloads\HijackThis (1).exe
2016-12-25 21:06 - 2016-12-25 21:09 - 00000000 ____D C:\Users\Web\Downloads\backups
2016-12-25 21:02 - 2016-12-25 21:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Web\Downloads\HijackThis.exe
2016-12-25 00:32 - 2016-12-25 00:32 - 00000899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4 City Living.lnk
2016-12-25 00:32 - 2016-12-25 00:32 - 00000887 _____ C:\Users\Public\Desktop\The Sims 4 City Living.lnk
2016-12-25 00:32 - 2016-12-25 00:32 - 00000000 ____D C:\Program Files\The Sims 4 City Living
2016-12-24 22:56 - 2016-12-28 21:01 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-24 22:56 - 2016-12-28 21:01 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-24 22:56 - 2016-12-28 21:01 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-24 22:56 - 2016-12-27 11:43 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-24 22:56 - 2016-12-25 21:21 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-24 22:56 - 2016-12-25 21:21 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-24 22:56 - 2016-12-25 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-24 22:56 - 2016-12-24 22:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-24 22:56 - 2016-12-24 22:56 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-24 22:56 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-24 22:53 - 2016-12-24 22:55 - 54199488 _____ (Malwarebytes ) C:\Users\Web\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-24 22:53 - 2016-12-24 22:53 - 22851472 _____ (Malwarebytes ) C:\Users\Web\Downloads\mbam-setup-FileHippo.19901-2.2.1.1043.exe
2016-12-24 21:11 - 2016-12-24 21:11 - 00000000 ____D C:\Users\Web\AppData\Local\Eraser 6
2016-12-24 21:08 - 2016-12-25 22:04 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2016-12-24 21:08 - 2016-12-25 20:46 - 00000000 ____D C:\ProgramData\TEMP
2016-12-24 21:08 - 2016-12-24 21:08 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-12-24 21:03 - 2016-12-24 21:07 - 42942672 _____ (Simply Super Software ) C:\Users\Web\Downloads\trjsetup.exe
2016-12-24 20:51 - 2016-12-25 21:21 - 00003252 _____ C:\Users\Web\Desktop\Rkill.txt
2016-12-24 20:51 - 2016-12-24 20:51 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Web\Downloads\rkill.exe
2016-12-24 20:47 - 2016-12-24 20:47 - 05659917 _____ (Swearware) C:\Users\Web\Downloads\ComboFix.exe
2016-12-24 20:45 - 2016-12-24 20:45 - 342554092 _____ C:\Users\Web\Documents\backup rejestru.reg
2016-12-24 19:37 - 2016-12-24 19:37 - 00095564 _____ C:\Users\Web\Downloads\The.Sims.4.City.Living.INTERNAL-RELOADED.torrent
2016-12-24 19:36 - 2016-12-25 20:57 - 00000000 ____D C:\AdwCleaner
2016-12-24 19:35 - 2016-12-24 19:35 - 03977168 _____ C:\Users\Web\Downloads\AdwCleaner.exe
2016-12-24 19:31 - 2016-12-24 19:31 - 01625824 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\libeay32.dll
2016-12-24 19:31 - 2016-12-24 19:31 - 01559319 _____ (Microsoft Corporation) C:\WINDOWS\csrss.exe.vir
2016-12-24 19:31 - 2016-12-24 19:31 - 00608117 _____ C:\WINDOWS\libcurl-4.dll
2016-12-24 19:31 - 2016-12-24 19:31 - 00177152 _____ C:\WINDOWS\svchost.exe.vir
2016-12-24 19:31 - 2016-12-24 19:31 - 00054784 _____ (MingW-W64 Project. All rights reserved.) C:\WINDOWS\libwinpthread-1.dll
2016-12-24 19:31 - 2016-12-24 19:31 - 00000000 ____D C:\WINDOWS\Azart
2016-12-24 19:27 - 2016-12-24 19:27 - 00000000 ____D C:\Users\Web\Downloads\the_sims_4pcdlc__ww_sp08beta_1__pcsp08mlrintlkgdip_150121102005eadc8a01b84bf28f64fd1deb4bac66
2016-12-24 19:25 - 2016-12-26 18:10 - 00000000 ____D C:\Users\Web\Documents\Electronic Arts
2016-12-24 19:13 - 2016-12-24 14:42 - 00447752 ____R (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2016-12-24 14:34 - 2016-12-24 19:24 - 00000000 ____D C:\Users\Web\Downloads\The.Sims.4.Deluxe.Edition.v1.20.60.1020.Incl.Dine.Out
2016-12-24 14:32 - 2016-12-24 14:33 - 00151317 _____ C:\Users\Web\Downloads\The.Sims.4.Deluxe.Edition.v1.20.60.1020.Incl.Dine.Out.torrent
2016-12-22 22:30 - 2016-12-22 22:30 - 00096492 _____ C:\Users\Web\Downloads\Sildurs Vibrant Shaders v1.153 Extreme.zip
2016-12-22 22:27 - 2016-12-22 22:27 - 01981691 _____ C:\Users\Web\Downloads\OptiFine_1.11_HD_U_B5.jar
2016-12-22 14:30 - 2016-12-22 14:30 - 03649757 _____ C:\Users\Web\Downloads\Top Ten Fireworks Fails.mp4
2016-12-22 14:24 - 2016-12-22 14:24 - 15931346 _____ C:\Users\Web\Documents\swiateczna2 Audio Extracted.wav
2016-12-22 14:24 - 2016-12-22 14:24 - 00497532 _____ C:\Users\Web\Documents\swiateczna2 Audio Extracted.pkf
2016-12-22 14:13 - 2016-12-22 14:14 - 18190399 _____ C:\Users\Web\Downloads\Let's Have A Very Postal Christmas!.mp4
2016-12-22 13:49 - 2016-12-22 13:50 - 13091898 _____ C:\Users\Web\Downloads\Tiger i Kobra – mam do was pytanie czy ja wygrałem czy paweł wojczak – 0079.mp4
2016-12-22 13:45 - 2016-12-22 13:46 - 28017796 _____ C:\Users\Web\Downloads\schudnij_z_hipnoza_odchudzanie_szybsze_trawienie_w_transie.zip
2016-12-22 13:39 - 2016-12-22 13:47 - 60279650 _____ C:\Users\Web\Documents\swiatecznaprzemowa Audio Extracted.wav
2016-12-22 13:39 - 2016-12-22 13:47 - 00470876 _____ C:\Users\Web\Documents\swiatecznaprzemowa Audio Extracted.pkf
2016-12-21 18:56 - 2016-12-21 18:56 - 17407376 _____ C:\Users\Web\Documents\swiateczna2.wav
2016-12-21 18:56 - 2016-12-21 18:56 - 00271900 _____ C:\Users\Web\Documents\swiateczna2.pkf
2016-12-21 18:49 - 2016-12-21 18:49 - 62782864 _____ C:\Users\Web\Documents\swiatecznaprzemowa.wav
2016-12-21 18:49 - 2016-12-21 18:49 - 00490460 _____ C:\Users\Web\Documents\swiatecznaprzemowa.pkf
2016-12-21 18:29 - 2016-12-21 18:29 - 11539066 _____ C:\Users\Web\Downloads\Snow Green Screen Effect (Real Snow).mp4
2016-12-21 18:19 - 2016-12-21 18:24 - 03576489 _____ C:\Users\Web\Downloads\camera-multi.zip
2016-12-21 17:11 - 2016-12-21 17:11 - 00001178 _____ C:\Users\Web\Desktop\Santa Claus in Trouble.lnk
2016-12-21 17:11 - 2016-12-21 17:11 - 00001178 _____ C:\Users\Ddarkyo\Desktop\Santa Claus in Trouble.lnk
2016-12-21 17:11 - 2016-12-21 17:11 - 00000000 ____D C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Santa Claus in Trouble
2016-12-21 17:11 - 2016-12-21 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Santa Claus in Trouble
2016-12-21 17:11 - 2016-12-21 17:11 - 00000000 ____D C:\Program Files (x86)\Santa Claus in Trouble
2016-12-21 17:03 - 2016-12-21 17:03 - 10347189 _____ C:\Users\Web\Downloads\SantaClaus.zip
2016-12-21 16:44 - 2016-12-21 16:44 - 02099371 _____ C:\Users\Web\Downloads\Best Christmas fails 2015 -- Fail For Fun.mp4
2016-12-21 16:23 - 2016-12-21 16:23 - 00000000 ____D C:\Users\Web\AppData\Roaming\Mirillis
2016-12-21 16:23 - 2016-12-21 16:23 - 00000000 ____D C:\Users\Web\AppData\Local\Mirillis
2016-12-21 16:02 - 2016-12-21 16:23 - 00002055 _____ C:\Users\Public\Desktop\Action!.lnk
2016-12-21 16:02 - 2016-12-21 16:02 - 00000000 ____D C:\Users\Web\Downloads\Mirillis Action! 2.0.4 ( PL ) Activator
2016-12-21 15:58 - 2016-12-21 15:58 - 00001078 _____ C:\Users\Public\Desktop\Croc.lnk
2016-12-21 15:58 - 2016-12-21 15:58 - 00000000 ____D C:\Users\Web\Documents\Croc
2016-12-21 15:58 - 2016-12-21 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
2016-12-21 15:58 - 2016-12-21 15:58 - 00000000 ____D C:\Program Files (x86)\Fox
2016-12-21 15:58 - 1997-03-24 16:42 - 00314368 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2016-12-21 15:43 - 2016-12-21 15:45 - 103617833 _____ C:\Users\Web\Downloads\Croc.rar
2016-12-21 15:15 - 2016-12-21 15:17 - 00000000 ____D C:\Program Files (x86)\No Time To Explain Remastered
2016-12-21 15:15 - 2016-12-21 15:15 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No Time To Explain Remastered.lnk
2016-12-21 15:15 - 2016-12-21 15:15 - 00000986 _____ C:\Users\Public\Desktop\No Time To Explain Remastered.lnk
2016-12-21 15:11 - 2016-12-21 15:11 - 00036478 _____ C:\Users\Web\Downloads\[kat.cr]no.time.to.explain.remastered.hi2u.torrent
2016-12-20 22:49 - 2016-12-20 22:49 - 01589423 _____ C:\Users\Web\Downloads\Tamriel Online Client-67038-2-4-1.zip
2016-12-20 22:22 - 2016-12-20 22:23 - 00000000 ____D C:\Users\Web\Downloads\Tamriel Online Server-67038-2-4-0u4
2016-12-20 22:21 - 2016-12-20 22:22 - 82202870 _____ C:\Users\Web\Downloads\Tamriel Online Server-67038-2-4-0u4.zip
2016-12-20 20:40 - 2016-12-20 20:41 - 152574184 _____ (GOG.com ) C:\Users\Web\Downloads\setup_galaxy_1.1.25.13.exe
2016-12-20 15:03 - 2016-12-24 15:12 - 00000000 ____D C:\Users\Web\Documents\The Witcher 3
2016-12-20 13:27 - 2016-12-20 13:27 - 00001491 _____ C:\Users\Public\Desktop\The Witcher 3 Wild Hunt Complete.lnk
2016-12-20 13:27 - 2016-12-20 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2016-12-20 12:40 - 2016-12-20 12:40 - 00000000 ____D C:\Program Files (x86)\Mr DJ
2016-12-18 19:32 - 2016-12-18 20:39 - 00000000 ____D C:\Users\Web\Documents\TES5Edit
2016-12-18 19:28 - 2016-12-18 20:37 - 00000000 ____D C:\Users\Web\AppData\Local\LOOT
2016-12-18 19:19 - 2016-12-18 19:19 - 00000979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk
2016-12-18 19:19 - 2016-12-18 19:19 - 00000000 ____D C:\Program Files (x86)\LOOT
2016-12-17 22:08 - 2016-12-17 22:08 - 00001541 _____ C:\Users\Web\Desktop\ModOrganizer — skrót.lnk
2016-12-17 21:48 - 2016-12-17 21:48 - 00000000 ____D C:\Users\Web\AppData\Local\Nexus
2016-12-17 20:23 - 2016-12-24 16:20 - 00000000 ____D C:\Program Files (x86)\Mod Organizer
2016-12-17 20:19 - 2016-12-17 20:19 - 00001468 _____ C:\Users\Public\Desktop\The Elder Scrolls V Skyrim Legendary Edition.lnk
2016-12-17 20:19 - 2016-12-17 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTX Box Team
2016-12-17 19:34 - 2016-12-17 21:50 - 00002441 _____ C:\Users\Web\Desktop\Skyrim (SKSE).lnk
2016-12-17 19:34 - 2016-12-17 21:50 - 00002441 _____ C:\Users\Ddarkyo\Desktop\Skyrim (SKSE).lnk
2016-12-17 19:29 - 2016-12-18 19:34 - 00000000 ____D C:\Users\Web\AppData\Local\Skyrim
2016-12-17 19:27 - 2016-12-17 19:31 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-12-17 19:27 - 2016-12-17 19:29 - 00000000 ____D C:\Users\Web\Documents\Nexus Mod Manager
2016-12-17 19:27 - 2016-12-17 19:27 - 00000902 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-12-17 19:27 - 2016-12-17 19:27 - 00000000 ____D C:\Users\Web\AppData\Local\Black_Tree_Gaming
2016-12-17 19:27 - 2016-12-17 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-12-17 19:11 - 2011-11-24 15:45 - 00002940 _____ C:\Users\Web\Documents\SkyrimPrefs.ini
2016-12-17 19:03 - 2016-12-17 20:01 - 00000000 ____D C:\Program Files (x86)\GTX Box Team
2016-12-17 18:38 - 2016-12-17 18:38 - 00003178 _____ C:\WINDOWS\System32\Tasks\{3521EF7F-7188-49AE-96A0-772AFD999936}
2016-12-17 17:54 - 2016-12-17 17:54 - 00000000 ____D C:\Users\Web\AppData\Roaming\vlc
2016-12-17 17:31 - 2016-12-17 17:31 - 00000866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II.lnk
2016-12-17 17:31 - 2016-12-17 17:31 - 00000854 _____ C:\Users\Public\Desktop\Torchlight II.lnk
2016-12-17 17:27 - 2016-12-17 18:45 - 00000000 ____D C:\Program Files (x86)\Torchlight II
2016-12-17 17:11 - 2016-12-17 17:11 - 00000000 ____D C:\Users\Web\AppData\LocalLow\Berserk Games
2016-12-17 16:57 - 2016-12-17 16:57 - 00001143 _____ C:\Users\Web\Desktop\Tabletop Simulator.lnk
2016-12-17 16:57 - 2016-12-17 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tabletop Simulator
2016-12-17 16:55 - 2016-12-17 18:03 - 00000000 ____D C:\Program Files (x86)\Tabletop Simulator
2016-12-15 19:36 - 2016-12-15 19:36 - 00000050 _____ C:\Users\Web\.git-credentials
2016-12-15 19:09 - 2016-12-15 23:36 - 00000000 ____D C:\Users\Web\AppData\Roaming\discord
2016-12-15 17:10 - 2016-12-15 17:10 - 00001416 _____ C:\Users\Web\Desktop\Brackets — skrót.lnk
2016-12-14 22:58 - 2016-12-14 22:58 - 00000000 ____D C:\Users\Web\AppData\Roaming\.minecraft
2016-12-14 19:23 - 2016-12-14 19:23 - 00000000 ____D C:\Users\Web\AppData\Local\PopcornTimeDesktop
2016-12-14 09:05 - 2016-12-14 09:05 - 00000000 ____D C:\Users\Web\AppData\Roaming\java
2016-12-13 21:31 - 2016-12-13 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2016-12-13 21:31 - 2016-12-13 21:31 - 00000000 ____D C:\ProgramData\Git
2016-12-13 21:30 - 2016-12-13 21:31 - 00000000 ____D C:\Program Files\Git
2016-12-13 17:38 - 2016-12-13 17:38 - 00000000 ____D C:\Users\Web\Documents\Curse
2016-12-13 17:34 - 2016-12-28 21:07 - 00000000 ____D C:\Users\Web\AppData\Roaming\Curse Client
2016-12-13 17:34 - 2016-12-13 17:34 - 00001074 _____ C:\Users\Web\Desktop\Curse.lnk
2016-12-13 17:34 - 2016-12-13 17:34 - 00001060 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2016-12-13 17:34 - 2016-12-13 17:34 - 00000000 ____D C:\Users\Web\AppData\Roaming\Curse
2016-12-13 17:11 - 2016-12-13 17:11 - 00180544 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2016-12-13 17:11 - 2016-12-13 17:11 - 00132272 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2016-12-13 17:11 - 2016-12-13 17:11 - 00106768 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2016-12-13 17:11 - 2016-12-13 17:11 - 00096856 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2016-12-13 17:11 - 2016-12-13 17:11 - 00077616 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2016-12-13 17:11 - 2016-12-13 17:11 - 00049672 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2016-12-13 17:11 - 2016-12-13 17:11 - 00015488 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys
2016-12-12 22:36 - 2016-12-12 22:36 - 00001007 _____ C:\Users\Public\Desktop\ManyCam.lnk
2016-12-12 22:36 - 2016-12-12 22:36 - 00000000 ____D C:\Users\Web\AppData\Roaming\ManyCam
2016-12-12 22:36 - 2016-12-12 22:36 - 00000000 ____D C:\Users\Web\AppData\Local\ManyCam
2016-12-12 22:36 - 2016-12-12 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
2016-12-12 22:36 - 2016-12-12 22:36 - 00000000 ____D C:\ProgramData\ManyCam
2016-12-12 22:36 - 2016-12-12 22:36 - 00000000 ____D C:\Program Files (x86)\ManyCam
2016-12-12 22:29 - 2016-12-12 22:29 - 00001266 _____ C:\Users\Public\Desktop\CL-Eye Test.lnk
2016-12-12 22:29 - 2016-12-12 22:29 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2016-12-12 22:29 - 2016-12-12 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CL-Eye Driver
2016-12-12 22:29 - 2016-12-12 22:29 - 00000000 ____D C:\Program Files (x86)\Code Laboratories
2016-12-11 18:28 - 2016-12-11 21:04 - 00000000 ____D C:\Users\Web\AppData\Roaming\TS3Client
2016-12-11 18:28 - 2016-12-11 18:28 - 00000979 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-12-11 18:28 - 2016-12-11 18:28 - 00000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-12-11 18:28 - 2016-12-11 18:28 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-12-11 17:40 - 2016-12-11 17:40 - 00000000 ____D C:\Users\Web\AppData\Roaming\VeraCrypt
2016-12-11 14:50 - 2016-12-11 15:02 - 00000000 ____D C:\Users\Web\Documents\Adobe
2016-12-11 12:49 - 2016-12-11 12:49 - 00001915 _____ C:\Users\Web\Desktop\TVGL Switch To TV.lnk
2016-12-11 12:49 - 2016-12-11 12:49 - 00001915 _____ C:\Users\Web\Desktop\TVGL Switch To monitor.lnk
2016-12-11 12:48 - 2016-12-11 12:48 - 00000000 ____D C:\Users\Web\AppData\Local\TVGameLauncherGUI
2016-12-11 12:42 - 2016-12-11 12:42 - 00000000 ____D C:\Users\Web\Desktop\TV Game Launcher
2016-12-11 01:10 - 2016-12-11 01:10 - 00000000 ____D C:\Users\Web\Documents\Empire Earth II
2016-12-11 01:09 - 2016-12-11 01:09 - 00001786 _____ C:\Users\Public\Desktop\Empire Earth II - The Art of Supremacy.lnk
2016-12-11 01:09 - 2016-12-11 01:09 - 00001765 _____ C:\Users\Public\Desktop\Empire Earth II.lnk
2016-12-11 01:09 - 2016-12-11 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Earth II Gold Edition [GOG.com]
2016-12-11 01:07 - 2016-12-11 01:10 - 00000000 ____D C:\Users\Web\AppData\Roaming\Sierra
2016-12-11 00:57 - 2016-12-11 00:57 - 00000000 ____D C:\Users\Web\AppData\Local\join.me.launcher
2016-12-11 00:54 - 2016-12-11 01:07 - 00000000 ____D C:\Users\Web\AppData\Local\join.me
2016-12-11 00:54 - 2016-12-11 00:57 - 00001018 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2016-12-11 00:54 - 2016-12-11 00:57 - 00001010 _____ C:\Users\Web\Desktop\join.me.lnk
2016-12-11 00:54 - 2016-12-11 00:54 - 00000000 ____D C:\Users\Web\AppData\Roaming\join.me
2016-12-10 23:33 - 2016-12-10 23:33 - 00000000 ____D C:\Users\Web\AppData\Local\Echobit
2016-12-10 23:24 - 2016-12-20 23:02 - 00000000 ____D C:\Users\Web\AppData\Roaming\Skype
2016-12-10 23:24 - 2016-12-10 23:24 - 00000000 ____D C:\Users\Web\Tracing
2016-12-10 19:21 - 2016-12-27 13:34 - 00000000 ____D C:\Users\Web\AppData\Local\CrashDumps
2016-12-10 19:21 - 2016-12-10 19:22 - 00000000 ____D C:\Users\Web\Documents\Assassin's Creed IV Black Flag
2016-12-10 19:18 - 2016-12-10 19:18 - 00001188 _____ C:\Users\Public\Desktop\Assassin's Creed IV Black Flag.lnk
2016-12-10 19:18 - 2016-12-10 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin's Creed IV Black Flag
2016-12-10 18:49 - 2016-12-10 19:08 - 00000000 ____D C:\Users\Web\Downloads\No.Time.To.Explain.Remastered-HI2U
2016-12-10 17:21 - 2016-12-23 21:43 - 00000000 ____D C:\Users\Web\Documents\ShareX
2016-12-10 15:52 - 2016-12-10 15:52 - 00000000 ____D C:\Users\Web\AppData\Roaming\Notepad++
2016-12-10 11:10 - 2016-12-10 11:10 - 00000000 ____D C:\Users\Web\AppData\Local\Razer
2016-12-10 02:01 - 2016-12-10 02:01 - 00001668 _____ C:\Users\Web\Desktop\Grim Dawn.lnk
2016-12-10 01:28 - 2016-12-10 01:28 - 00001618 _____ C:\Users\Public\Desktop\Hacknet.lnk
2016-12-10 01:28 - 2016-12-10 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hacknet [GOG.com]
2016-12-09 23:52 - 2016-12-17 19:30 - 00000000 ____D C:\Users\Web\Documents\My Games
2016-12-09 23:50 - 2016-12-09 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Dawn [GOG.com]
2016-12-09 23:16 - 2016-12-09 23:16 - 00000000 ____D C:\Users\Web\Downloads\The Incredible Adventures of Van Helsing Complete Pack [GOG]
2016-12-09 22:59 - 2016-12-09 22:59 - 00001094 _____ C:\Users\Web\Desktop\MEGAsync.lnk
2016-12-09 22:59 - 2016-12-09 22:59 - 00000000 ____D C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-12-09 22:59 - 2016-12-09 22:59 - 00000000 ____D C:\Users\Web\AppData\Local\MEGAsync
2016-12-09 22:59 - 2016-12-09 22:59 - 00000000 ____D C:\Users\Web\AppData\Local\Mega Limited
2016-12-09 21:59 - 2016-12-09 21:59 - 00000000 ____D C:\Users\Web\AppData\Roaming\gd.sos.McPixel
2016-12-09 21:55 - 2016-12-09 21:55 - 00002673 _____ C:\Users\Web\Desktop\µTorrent.lnk
2016-12-09 21:41 - 2016-12-28 21:06 - 00000000 ____D C:\Users\Web\AppData\Roaming\uTorrent
2016-12-09 21:37 - 2016-12-09 21:37 - 00000000 ____D C:\Users\Web\AppData\Local\Steam
2016-12-08 20:24 - 2016-12-26 22:50 - 00000000 ____D C:\Users\Web\AppData\Roaming\GG
2016-12-08 20:24 - 2016-12-26 01:23 - 00000000 ____D C:\Users\Web\AppData\Roaming\Mozilla
2016-12-08 20:24 - 2016-12-08 20:24 - 00000000 ____D C:\Users\Web\AppData\Roaming\Macromedia
2016-12-08 20:24 - 2016-12-08 20:24 - 00000000 ____D C:\Users\Web\AppData\Local\GG
2016-12-08 19:45 - 2016-12-08 19:45 - 00001462 _____ C:\Users\Web\Desktop\Dungeons of Dredmor — skrót.lnk
2016-12-08 19:45 - 2016-12-08 19:45 - 00000000 ____D C:\Users\Web\Documents\Gaslamp Games
2016-12-08 19:45 - 2016-12-08 19:45 - 00000000 ____D C:\ProgramData\RELOADED
2016-12-08 17:25 - 2016-12-08 17:25 - 00000000 ____D C:\Program Files (x86)\Gaslamp Games, Inc
2016-12-08 16:20 - 2016-12-08 16:20 - 00000000 ____D C:\Users\Web\Documents\Almost Human
2016-12-08 16:17 - 2016-12-08 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-12-08 16:16 - 2016-12-10 11:32 - 00000000 ____D C:\Program Files (x86)\GOG.com
2016-12-08 16:04 - 2016-12-08 16:04 - 00000000 ____D C:\Users\Web\AppData\Local\Icecream
2016-12-08 16:04 - 2016-12-08 16:04 - 00000000 ____D C:\Users\Web\AppData\Local\CrashRpt
2016-12-08 16:04 - 2016-12-08 16:04 - 00000000 ____D C:\Users\Web\.Icecream Screen Recorder
2016-12-08 13:02 - 2016-12-08 13:02 - 00000000 ____D C:\Users\Web\AppData\Roaming\npm-cache
2016-12-08 13:02 - 2016-12-08 13:02 - 00000000 ____D C:\Users\Web\AppData\Roaming\npm
2016-12-08 12:27 - 2016-12-12 11:26 - 00000000 ____D C:\Users\Web\AppData\LocalLow\Adobe
2016-12-08 12:26 - 2016-12-08 12:26 - 00000000 ____D C:\Users\Web\AppData\Roaming\NVIDIA
2016-12-08 12:21 - 2016-12-08 12:21 - 00001706 _____ C:\Users\Web\Desktop\Dysk Google.lnk
2016-12-08 12:21 - 2016-12-08 12:21 - 00000000 ___RD C:\Users\Web\Dysk Google
2016-12-08 12:12 - 2016-12-08 12:17 - 00000000 ____D C:\Users\Web\.atom
2016-12-08 12:11 - 2016-12-08 12:12 - 00000000 ____D C:\Users\Web\AppData\Roaming\Atom
2016-12-08 12:11 - 2016-12-08 12:12 - 00000000 ____D C:\Users\Web\AppData\Local\SquirrelTemp
2016-12-08 12:11 - 2016-12-08 12:12 - 00000000 ____D C:\Users\Web\AppData\Local\atom
2016-12-08 12:11 - 2016-12-08 12:11 - 00002199 _____ C:\Users\Web\Desktop\Atom.lnk
2016-12-08 12:11 - 2016-12-08 12:11 - 00000000 ____D C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2016-12-08 12:10 - 2016-12-15 19:14 - 00000000 ____D C:\Users\Web\Documents\Webmastering
2016-12-08 10:51 - 2016-12-08 10:51 - 00000000 ____D C:\Users\Web\AppData\Roaming\Sublime Text 3
2016-12-08 10:51 - 2016-12-08 10:51 - 00000000 ____D C:\Users\Web\AppData\Local\Sublime Text 3
2016-12-08 10:47 - 2016-12-08 12:28 - 00000000 ____D C:\Users\Web\AppData\Roaming\Brackets
2016-12-08 10:47 - 2016-12-08 10:47 - 00000000 ____D C:\Users\Web\AppData\Local\CEF
2016-12-08 10:41 - 2016-12-27 11:54 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2235314058-1462497776-1017983739-1004
2016-12-08 10:41 - 2016-12-08 10:41 - 00000000 ____D C:\Users\Web\AppData\Roaming\Sun
2016-12-08 10:41 - 2016-12-08 10:41 - 00000000 ____D C:\Users\Web\AppData\LocalLow\Sun
2016-12-08 10:41 - 2016-12-08 10:41 - 00000000 ____D C:\Users\Web\.oracle_jre_usage
2016-12-08 10:36 - 2016-12-28 21:06 - 00000000 ____D C:\Users\Web\AppData\Roaming\duet
2016-12-08 10:36 - 2016-12-28 21:01 - 00000000 ____D C:\Users\Web
2016-12-08 10:36 - 2016-12-25 21:02 - 00000000 ____D C:\Users\Web\AppData\Local\VirtualStore
2016-12-08 10:36 - 2016-12-25 20:57 - 00001005 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-08 10:36 - 2016-12-25 12:28 - 00000000 ____D C:\Users\Web\AppData\Local\Google
2016-12-08 10:36 - 2016-12-12 11:27 - 00000000 ____D C:\Users\Web\AppData\Local\Adobe
2016-12-08 10:36 - 2016-12-12 11:26 - 00000000 ____D C:\Users\Web\AppData\Roaming\Adobe
2016-12-08 10:36 - 2016-12-08 10:37 - 00000000 ____D C:\Users\Web\AppData\Local\NVIDIA Corporation
2016-12-08 10:36 - 2016-12-08 10:36 - 00000020 ___SH C:\Users\Web\ntuser.ini
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 _SHDL C:\Users\Web\Ustawienia lokalne
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 _SHDL C:\Users\Web\Szablony
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 _SHDL C:\Users\Web\Moje dokumenty
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 _SHDL C:\Users\Web\Menu Start
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 _SHDL C:\Users\Web\Documents\Moje wideo
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 _SHDL C:\Users\Web\Documents\Moje obrazy
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 _SHDL C:\Users\Web\Documents\Moja muzyka
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 _SHDL C:\Users\Web\Dane aplikacji
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 _SHDL C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 _SHDL C:\Users\Web\AppData\Local\Historia
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 _SHDL C:\Users\Web\AppData\Local\Dane aplikacji
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 ____D C:\Users\Web\Documents\PS Vita
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 ____D C:\Users\Web\AppData\Roaming\Sony Corporation
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 ____D C:\Users\Web\AppData\Roaming\Motorola Mobility
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 ____D C:\Users\Web\AppData\Local\Wondershare
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 ____D C:\Users\Web\AppData\Local\Packages
2016-12-08 10:36 - 2016-12-08 10:36 - 00000000 ____D C:\Users\Web\AppData\Local\NVIDIA
2016-12-08 10:36 - 2016-09-14 15:58 - 00002290 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive dla Firm.lnk
2016-12-08 10:36 - 2014-11-21 05:47 - 00000369 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-12-08 10:36 - 2014-11-21 05:47 - 00000369 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-12-07 22:48 - 2016-12-07 22:48 - 00000000 ____D C:\Users\Ddarkyo\AppData\Local\inkle
2016-12-07 22:47 - 2016-12-07 22:47 - 00001700 _____ C:\Users\Ddarkyo\Desktop\Sorcery! Parts 1 and 2.lnk
2016-12-07 21:41 - 2016-12-07 21:41 - 00000000 ____D C:\Users\Ddarkyo\AppData\Roaming\Otchlan 1.3
2016-12-07 21:41 - 2016-12-07 21:41 - 00000000 ____D C:\Users\Ddarkyo\AppData\Local\Otchlan 1.3
2016-12-07 21:41 - 2016-12-07 21:41 - 00000000 ____D C:\ProgramData\Otchlan 1.3
2016-12-07 21:41 - 2016-12-07 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Otchlan 1.3
2016-12-07 21:41 - 2016-12-07 21:41 - 00000000 ____D C:\Program Files (x86)\Otchlan 1.3
2016-12-05 20:59 - 2016-12-06 19:05 - 00000000 ____D C:\Users\Ddarkyo\AppData\Roaming\Kodi
2016-12-05 20:57 - 2016-12-05 20:57 - 00000000 ____D C:\Users\Ddarkyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2016-12-05 20:57 - 2016-12-05 20:57 - 00000000 ____D C:\Program Files (x86)\Kodi
2016-12-05 19:20 - 2016-12-05 19:20 - 00000996 _____ C:\Users\Ddarkyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2016-12-05 19:20 - 2016-12-05 19:20 - 00000988 _____ C:\Users\Ddarkyo\Desktop\osu!.lnk
2016-12-05 19:19 - 2016-12-05 19:37 - 00000000 ____D C:\Users\Ddarkyo\AppData\Local\osu!
2016-12-03 17:25 - 2016-12-03 17:28 - 92189148 _____ C:\Users\Ddarkyo\Desktop\sexm.mp4
2016-12-02 13:49 - 2016-12-02 13:49 - 03145728 _____ C:\WINDOWS\SysWOW64\RigCam
2016-12-02 13:48 - 2016-12-02 13:50 - 00000000 ____D C:\WINDOWS\SysWOW64\DCS
2016-12-02 13:48 - 2016-12-02 13:48 - 00619008 _____ (Cisco Systems Inc.) C:\WINDOWS\SysWOW64\openh264-1.5.0-win32msvc.dll
2016-12-02 13:48 - 2016-12-02 13:48 - 00000000 ____D C:\WINDOWS\SysWOW64\Cef
2016-12-01 22:15 - 2016-12-01 22:15 - 00000000 ____D C:\Users\Ddarkyo\AppData\Roaming\gd.sos.McPixel
2016-12-01 22:10 - 2016-12-01 22:10 - 00001007 _____ C:\Users\Public\Desktop\McPixel.lnk
2016-12-01 22:10 - 2016-12-01 22:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McPixel
2016-12-01 22:10 - 2016-12-01 22:10 - 00000000 ____D C:\Program Files (x86)\McPixel
2016-11-30 20:02 - 2016-11-30 20:03 - 00000000 ____D C:\five reborn server
2016-11-30 20:01 - 2016-11-30 20:12 - 00000000 ____D C:\five reborn
2016-11-30 16:08 - 2016-11-30 16:08 - 00001239 _____ C:\Users\Ddarkyo\Desktop\ForceBindIp.lnk
2016-11-30 16:08 - 2016-11-30 16:08 - 00000000 ____D C:\Program Files (x86)\KrazyDev
2016-11-30 15:39 - 2016-11-30 15:39 - 00000000 ____D C:\Users\Ddarkyo\AppData\Roaming\Garena
2016-11-30 15:39 - 2016-11-30 15:39 - 00000000 ____D C:\ProgramData\Garena
2016-11-30 15:26 - 2016-12-08 11:36 - 00000000 ____D C:\Users\Ddarkyo\AppData\Roaming\GarenaPlus
2016-11-30 15:24 - 2016-12-08 11:36 - 00000000 ____D C:\ProgramData\GarenaMessenger
2016-11-30 15:24 - 2016-11-30 15:26 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2016-11-30 15:24 - 2016-11-30 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2016-11-29 21:18 - 2016-11-29 21:18 - 00001164 _____ C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
2016-11-29 21:18 - 2016-11-29 21:18 - 00001157 _____ C:\Users\Public\Desktop\WarCraft III.lnk
2016-11-29 21:17 - 2016-11-29 21:19 - 00000000 ____D C:\Program Files (x86)\WarCraft III
2016-11-29 21:13 - 2014-08-13 12:57 - 3393454080 _____ C:\WarCraft III Complete Edition.iso
2016-11-29 19:37 - 2016-11-29 19:37 - 00001972 _____ C:\Users\Ddarkyo\Desktop\Frozen Throne.lnk
2016-11-29 19:32 - 2016-11-29 19:32 - 00001965 _____ C:\Users\Ddarkyo\Desktop\Warcraft III.lnk
2016-11-29 19:19 - 2016-11-29 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2016-11-29 19:19 - 2016-11-29 19:37 - 00056549 _____ C:\WINDOWS\War3Unin.dat
2016-11-29 19:19 - 2016-11-29 19:35 - 00139264 _____ (Blizzard Entertainment) C:\WINDOWS\War3Unin.exe
2016-11-29 19:19 - 2016-11-29 19:35 - 00002829 _____ C:\WINDOWS\War3Unin.pif
2016-11-29 19:19 - 2016-11-29 19:35 - 00000000 ____D C:\Users\Ddarkyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2016-11-28 16:36 - 2016-11-28 16:36 - 00000000 ____D C:\Users\Ddarkyo\Desktop\EUP 7.4 - Automatic Install

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-28 21:05 - 2016-10-06 21:47 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-28 21:05 - 2016-09-15 05:47 - 00000000 ____D C:\Temp
2016-12-28 21:00 - 2016-08-28 19:55 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-28 21:00 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-27 13:47 - 2014-11-21 05:46 - 01825074 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-27 13:47 - 2014-11-21 05:07 - 00805918 _____ C:\WINDOWS\system32\perfh015.dat
2016-12-27 13:47 - 2014-11-21 05:07 - 00163272 _____ C:\WINDOWS\system32\perfc015.dat
2016-12-27 13:47 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-12-26 20:38 - 2016-09-12 12:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-26 01:23 - 2016-09-15 20:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-26 00:48 - 2016-09-17 18:18 - 00000000 ____D C:\Users\Ddarkyo\Desktop\Rodina.v1.2.3.C
2016-12-25 23:30 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-12-25 22:02 - 2016-08-28 20:01 - 00000000 ____D C:\Users\Ddarkyo
2016-12-25 22:01 - 2016-10-15 11:03 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-25 22:00 - 2016-10-15 11:03 - 647901301 _____ C:\WINDOWS\MEMORY.DMP
2016-12-25 20:56 - 2016-08-16 19:43 - 00001328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-25 02:16 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-12-24 23:05 - 2016-11-18 19:07 - 00000000 ____D C:\Program Files (x86)\Icecream Screen Recorder
2016-12-24 20:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-22 14:46 - 2016-08-29 17:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-20 14:49 - 2016-08-18 17:26 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-18 19:20 - 2016-08-16 19:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-17 21:52 - 2013-08-22 15:44 - 05218192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-17 19:31 - 2016-09-21 14:57 - 00000000 ____D C:\Games
2016-12-17 14:54 - 2016-08-16 19:43 - 00003480 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 14:54 - 2016-08-16 19:43 - 00003352 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-15 19:09 - 2016-09-04 12:50 - 00002504 _____ C:\Users\Ddarkyo\Desktop\Discord.lnk
2016-12-11 01:07 - 2016-08-16 20:03 - 00000000 ____D C:\GOG Games
2016-12-08 20:24 - 2016-08-16 21:29 - 00001368 _____ C:\Users\Ddarkyo\Desktop\GG.lnk
2016-12-08 16:07 - 2016-08-17 12:11 - 00001279 _____ C:\Users\Ddarkyo\Desktop\MEGAsync.lnk
2016-12-08 16:04 - 2016-08-16 19:43 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-08 12:07 - 2016-08-16 21:29 - 00000000 ____D C:\Users\Ddarkyo\AppData\Roaming\GG
2016-12-08 12:07 - 2016-08-16 19:52 - 00000000 ____D C:\Users\Ddarkyo\AppData\Roaming\uTorrent
2016-12-08 12:05 - 2016-09-15 13:40 - 00000000 ____D C:\Users\Ddarkyo\AppData\Roaming\Skype
2016-12-08 12:03 - 2016-08-16 19:21 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2235314058-1462497776-1017983739-1001
2016-12-08 11:32 - 2016-11-08 16:22 - 00000000 ____D C:\Users\Ddarkyo\AppData\LocalLow\uTorrent
2016-12-08 11:32 - 2016-10-04 20:20 - 00000000 ____D C:\Users\Ddarkyo\AppData\Roaming\duet
2016-12-08 11:32 - 2016-08-28 20:24 - 00000000 __RDO C:\Users\Ddarkyo\OneDrive
2016-12-08 10:50 - 2016-09-12 16:35 - 00000898 _____ C:\Users\Web\Desktop\Sublime Text 3.lnk
2016-12-08 10:50 - 2016-09-12 16:35 - 00000000 ____D C:\Program Files\Sublime Text 3
2016-12-08 10:35 - 2016-09-01 18:29 - 00000000 ____D C:\Users\Ddarkyo\Documents\ShareX
2016-12-08 10:00 - 2016-08-27 16:00 - 00000000 ____D C:\Users\Ddarkyo\AppData\Local\Adobe
2016-12-07 22:03 - 2016-09-02 20:01 - 00000000 _____ C:\Users\Ddarkyo\.node_repl_history
2016-12-07 21:19 - 2016-11-27 14:28 - 00000000 ____D C:\Grand Theft Auto V
2016-12-06 19:06 - 2016-08-17 14:32 - 00000000 ____D C:\Users\Ddarkyo\AppData\Local\CrashDumps
2016-12-06 08:53 - 2016-09-04 12:50 - 00000000 ____D C:\Users\Ddarkyo\AppData\Roaming\discord
2016-12-01 20:04 - 2016-08-16 19:13 - 00000000 ____D C:\Users\Ddarkyo\AppData\Local\Packages
2016-12-01 17:26 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-29 20:14 - 2016-08-17 17:02 - 00000000 ____D C:\Users\Ddarkyo\Documents\Backupy
2016-11-28 16:36 - 2016-08-18 15:34 - 00001328 _____ C:\Users\Ddarkyo\AppData\Roaming\Microsoft\Windows\Start Menu\OpenIV.lnk
2016-11-28 16:36 - 2016-08-18 15:34 - 00001326 _____ C:\Users\Ddarkyo\Desktop\OpenIV.lnk

Some files in TEMP:
====================
C:\Users\Web\AppData\Local\Temp\gAF00.tmp.exe
C:\Users\Web\AppData\Local\Temp\jansi-64-1046165856721337819.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-1465975492653561558.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-2808514518789273508.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3089034848121463719.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3190496639422423150.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3211646447735196207.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-339787256011782982.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3832698401946663147.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3834013642544805333.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-4065314938047610045.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-4718713254079700510.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-5595791038571911520.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-5800495213642288022.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-6162510468823227227.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-6694220637402066134.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-8063606912767288895.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-8458418848546586170.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-972868314782435258.dll
C:\Users\Web\AppData\Local\Temp\libeay32.dll
C:\Users\Web\AppData\Local\Temp\msvcr120.dll
C:\Users\Web\AppData\Local\Temp\Play.exe
C:\Users\Web\AppData\Local\Temp\setup.dll
C:\Users\Web\AppData\Local\Temp\setup.exe
C:\Users\Web\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-27 11:54

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Web (28-12-2016 21:09:05)
Running from C:\Users\Web\Downloads
Windows 8.1 (Update) (X64) (2016-08-28 19:21:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2235314058-1462497776-1017983739-500 - Administrator - Disabled)
Ddarkyo (S-1-5-21-2235314058-1462497776-1017983739-1001 - Administrator - Enabled) => C:\Users\Ddarkyo
Gość (S-1-5-21-2235314058-1462497776-1017983739-501 - Limited - Disabled)
Web (S-1-5-21-2235314058-1462497776-1017983739-1004 - Administrator - Enabled) => C:\Users\Web

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Smart Security 10.0.386.2 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.386.2 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Zapora osobista ESET (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 2.0.6 - Mirillis)
ActiveState Komodo IDE 10.0.1 (HKLM-x32\...\{ECA7BB1E-879E-45C9-85B5-C59F3F29B4C7}) (Version: 10.0.1 - ActiveState Software Inc.)
Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe Audition CC 2015.2 (HKLM-x32\...\AUDT_9_2_1) (Version: 9.2.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.270 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
AirDroid 3.3.4.0 (HKLM-x32\...\AirDroid) (Version: 3.3.4.0 - Sand Studio)
Aktualizacje NVIDIA 2.13.0.21 (Version: 2.13.0.21 - NVIDIA Corporation) Hidden
Anno 2070 Complete Edition wersja 2.0.7780.0 (HKLM-x32\...\Anno 2070 Complete Edition_is1) (Version: 2.0.7780.0 - UBISoft)
Ansel (Version: 372.54 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Assassin's Creed IV Black Flag wersja 1.07 (HKLM-x32\...\{0616F772-5099-41A0-A20F-339C74FDAE95}_is1) (Version: 1.07 - Ubisoft)
Asystent menedżera zawartości dla PlayStation® (HKLM-x32\...\{E5C1C342-5E78-4D91-85BE-40C716B09391}) (Version: 3.55.7671.0901 - Sony Computer Entertainment Inc.)
Atom (HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\atom) (Version: 1.12.6 - GitHub Inc.)
AutoHotkey 1.1.24.02 (HKLM\...\AutoHotkey) (Version: 1.1.24.02 - Lexikos)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
BloodRayne 2 (HKLM-x32\...\{8A876C9E-DB02-4402-9E21-998442C1A898}) (Version: 1.01.0000 - Majesco Entertainment)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Brackets (HKLM-x32\...\{EF4E49D9-63EF-4BD4-BAD0-2234C79970D3}) (Version: 1.7 - brackets.io)
Car Mechanic Simulator 2015 (HKLM-x32\...\Car Mechanic Simulator 2015_is1) (Version: 1.0.7.5 - RePack by Valdeni)
Carmageddon Max Damage (HKLM-x32\...\Carmageddon Max Damage_is1) (Version: - )
Clear Sky Complete (HKLM-x32\...\{Clear Sky Complete v1.1.3}}_is1) (Version: - )
CL-Eye Driver (HKLM-x32\...\CL-Eye Driver) (Version: 5.3.0.0341 - Code Laboratories, Inc.)
Clicker Heroes (HKLM\...\Steam App 363970) (Version: - Playsaurus)
Clustertruck (HKLM-x32\...\1661530902_is1) (Version: 2.0.0.2 - GOG.com)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Crazy Machines 3 (HKLM\...\Y3JhenltYWNoaW5lczM_is1) (Version: 1 - )
Croc (HKLM-x32\...\Croc) (Version: - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Driver Genius (HKLM-x32\...\Driver Genius_is1) (Version: 14.0 - Driver-Soft Inc.)
Duet Display (HKLM\...\{52444E6D-BBB3-4BC1-A4E3-3602B173BB42}) (Version: 1.4.4.7 - Kairos)
Dungeons of Dredmor incl. all DLC 1.1.2 (HKLM-x32\...\Dungeons of Dredmor incl. all DLC 1.1.2) (Version: - )
Empire Earth II Gold Edition (HKLM-x32\...\GOGPACKEMPIREEARTH2GOLD_is1) (Version: 2.0.0.17 - GOG.com)
Epic Clicker Journey (HKLM\...\Steam App 414730) (Version: - Cleversan Software)
Eraser 6.2.0.2979 (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project)
ESET Smart Security (HKLM\...\{B3C1CDAD-D203-4722-9A34-19AEB949DF2A}) (Version: 10.0.386.2 - ESET, spol. s r.o.)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
FileZilla Client 3.21.0 (HKLM-x32\...\FileZilla Client) (Version: 3.21.0 - Tim Kosse)
Firewatch (HKLM-x32\...\Firewatch_is1) (Version: - )
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
ForceBindIP-GUI (HKLM-x32\...\ForceBindIP-GUI) (Version: 1.4 - KrazyDev)
Garena+ (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
Git version 2.11.0 (HKLM\...\Git_is1) (Version: 2.11.0 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V Update v1.36 (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Grand Theft Auto V version 1.0.573.1 (HKLM-x32\...\{D22681B9-93A5-4EBC-A1DD-A6B2189CBD4D}_is1) (Version: 1.0.573.1 - )
Grim Dawn (HKLM-x32\...\1449651388_is1) (Version: 2.6.0.11 - GOG.com)
Hacknet (HKLM-x32\...\1439474400_is1) (Version: 2.8.0.9 - GOG.com)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Icecream Screen Recorder (wersja 4.52) (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 4.52 - Icecream Apps)
Ignite (HKLM-x32\...\{9A731246-E02E-44DC-940D-0F8110C1789D}) (Version: 1.3.1 - AIR Music Technology)
Ignite (x32 Version: 1.3.1 - AIR Music Technology) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: * - LTR Data)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
join.me (HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\JoinMe) (Version: 3.0.0.3909 - LogMeIn, Inc.)
join.me.launcher (x32 Version: 1.0.624.0 - LogMeIn, Inc.) Hidden
Kerbal Space Program (HKLM-x32\...\1429864849_is1) (Version: 2.6.0.8 - GOG.com)
L.A. Noire (HKLM-x32\...\{915726DF-7891-444A-AA03-0DF1D64F561A}) (Version: 1.00.0000 - Rockstar Games)
L.A. Noire PL [BDIP] wersja 1.01 (HKLM-x32\...\{C863E3ED-F40F-411B-925D-87824CC81DCF}_is1) (Version: 1.01 - BDIP)
L.A. Noire: The Complete Edition (HKLM-x32\...\L.A. Noire: The Complete Edition_is1) (Version: - )
Layers of Fear (HKLM\...\bGF5ZXJzb2ZmZWFy_is1) (Version: 1 - )
Legend of Grimrock (HKLM-x32\...\Legend of Grimrock_is1) (Version: - GOG.com)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
LibreOffice 5.2.2.2 (HKLM-x32\...\{69751441-D5E0-4668-893F-CB797B082D09}) (Version: 5.2.2.2 - The Document Foundation)
LOOT (wersja 0.10.2) (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.10.2 - LOOT Team)
LSPD First Response (HKLM-x32\...\LSPD First Response) (Version: 0.3.1 - G17 Media)
Mafia II wersja 1.0 u4 (HKLM-x32\...\Mafia II_is1) (Version: 1.0 u4 - 2K Games)
Malwarebytes (wersja 3.0.5.1299) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
ManyCam 5.1.0 (HKLM-x32\...\ManyCam) (Version: 5.1.0 - Visicom Media Inc.)
Max Payne 3 (HKLM-x32\...\Max Payne 3_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
McPixel version 1.0.4 (HKLM-x32\...\McPixel_is1) (Version: 1.0.4 - Sos)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Professional 2016 - pl-pl (HKLM\...\ProfessionalRetail - pl-pl) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Moirai (HKLM\...\Steam App 496920) (Version: - Chris Johnson)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.3.0.6081 - Mozilla)
Mozilla Thunderbird 45.3.0 (x86 pl) (HKLM-x32\...\Mozilla Thunderbird 45.3.0 (x86 pl)) (Version: 45.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.9 - Black Tree Gaming)
No Man's Sky (HKLM-x32\...\1446213994_is1) (Version: 2.4.0.6 - GOG.com)
No Man's Sky Pre-order DLC (HKLM-x32\...\2022706229_is1) (Version: 2.0.0.2 - GOG.com)
No Time To Explain Remastered (HKLM-x32\...\Tm9UaW1lVG9FeHBsYWluUmVtYXN0ZXJlZA==_is1) (Version: 1 - )
Node.js (HKLM\...\{DF97B44B-C53A-4B9E-BC85-5F985DC2B343}) (Version: 6.5.0 - Node.js Foundation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Sterownik 3D Vision 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.54 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation)
NVIDIA Sterownik kontrolera 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office Freakout (HKLM\...\b2ZmaWNlZnJlYWtvdXQ_is1) (Version: 1 - )
Origin (HKLM-x32\...\Origin) (Version: 10.2.1.38915 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{d5275984-09d6-4278-8320-3bdc3e5a5c88}) (Version: latest - ppy Pty Ltd)
Otchlan 1.3 v76 (HKLM-x32\...\{E6BE8B1B-4F19-4EB9-9D16-BE6FCC875121}_is1) (Version: - Otchlan Sp. zoo)
Outlast (HKLM-x32\...\Outlast_is1) (Version: - )
Pakiet sterowników systemu Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Pakiet sterowników systemu Windows - libusb-win32 PS Vita Type B (02/23/2013 1.2.6.0) (HKLM\...\E88FB411ED92EFDB9BF3A5F94548DA4956C0D97B) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
Panel sterowania NVIDIA 372.54 (Version: 372.54 - NVIDIA Corporation) Hidden
Paragon Partition Manager™ 12 Home Special Edition (HKLM-x32\...\{986A654F-F1E4-11DD-9FCA-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Paragon Partition Manager™ 2014 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Party Hard Dark Castle (HKLM\...\cGFydHloYXJkZGFya2Nhc3RsZQ_is1) (Version: 1 - )
Plane9 v2.4.1.4 (HKLM-x32\...\Plane9) (Version: v2.4.1.4 - Joakim Dahl / Planestate Software)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.1.2 - Popcorn Time) <==== ATTENTION
Prison Architect (HKLM-x32\...\1441974651_is1) (Version: 2.13.0.17 - GOG.com)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python 3.5.2 Add to Path (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{0276F61C-30FC-46D4-BEFE-0EA959C4D691}) (Version: 3.5.2121.0 - Python Software Foundation)
Qcma (HKLM\...\Qcma) (Version: 0.3.12 - codestation)
Ragnarok Clicker (HKLM\...\Steam App 493370) (Version: - Playsaurus)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.6.8.66 - Razer Inc.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
Remote Mouse version 3.002 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
S.T.A.L.K.E.R. Czyste Niebo (HKLM-x32\...\S.T.A.L.K.E.R. Czyste Niebo_is1) (Version: S.T.A.L.K.E.R. Czyste Niebo - )
Santa Claus in Trouble (HKLM-x32\...\Santa Claus in Trouble) (Version: - )
Sculptris Alpha 6 (HKLM-x32\...\Sculptris Alpha 6 Alpha 6) (Version: Alpha 6 - Pixologic)
Send Anywhere (HKLM-x32\...\{4C09F722-410A-481D-A488-D56FBE34334F}_is1) (Version: 2.6.9 - Estmob Inc.)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.2.1 - ShareX Team)
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Sid Meier's Civilization V_is1) (Version: - )
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Slender - The Arrival (HKLM-x32\...\Slender - The Arrival_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
SLENDER - The Arrival, 2.0 (HKLM-x32\...\{DC15EF93-7951-419C-A33F-4C509B943392}_is1) (Version: 2.0 - Salat Production)
Source Filmmaker (HKLM\...\Steam App 1840) (Version: - Valve)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.8.0.10 - GOG.com)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.7.5 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Kingdoms (HKLM-x32\...\{D1D632A2-E249-466D-A094-B1B934D37645}_is1) (Version: 1.17 - Firefly Studios)
Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Tabletop Simulator (HKLM-x32\...\Tabletop Simulator_is1) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Elder Scrolls V Skyrim Legendary Edition wersja 1.9.32.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Legendary Edition_is1) (Version: 1.9.32.8 - GTX Box Team)
The Sims 4: City Living (HKLM\...\dGhlc2ltczRjaXR5bGl2aW5n_is1) (Version: 1 - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Cztery pory roku (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Film - Akcesoria (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Kariera (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Nie z tego świata (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Po zmroku (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Pokolenia (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Rajska Wyspa (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Studenckie życie (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 Szalone Lata 70. 80. i 90. Akcesoria (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Wymarzone Podróże (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 3 Zostań gwiazdą (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Zwierzaki (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.25.136.1020 - Electronic Arts Inc.)
The Town of Light (HKLM-x32\...\The Town of Light_is1) (Version: - )
The Witcher 3 Wild Hunt Complete version 1.22.0.0 (HKLM-x32\...\The Witcher 3 Wild Hunt Complete_is1) (Version: 1.22.0.0 - Mr DJ)
This Is the Police (HKLM-x32\...\This Is the Police_is1) (Version: - )
Time Clickers (HKLM\...\Steam App 385770) (Version: - Proton Studio Inc)
Torchlight II © Runic Games version 1 (HKLM-x32\...\Torchlight II © Runic Games_is1) (Version: 1 - )
Tropico 5 - Complete Collection (HKLM-x32\...\Tropico 5 - Complete Collection_is1) (Version: - )
Trove (HKLM\...\Steam App 304050) (Version: - Trion Worlds)
Universe (HKLM\...\Universe Premium_is1) (Version: 1.6.0 CE - Team V.R)
UxStyle (HKLM-x32\...\{05560347-3a9b-4644-a8ed-8b64cc947189}) (Version: 0.2.3.0 - The Within Network, LLC)
UxStyle (Version: 0.2.3.0 - The Within Network, LLC) Hidden
Vampire - The Masquerade - Bloodlines (HKLM-x32\...\1207659240_is1) (Version: 2.0.0.7 - GOG.com)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.18a - IDRIX)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voodoo Garden version 1.0 (HKLM-x32\...\{DD066524-D01D-486B-9077-F584ABEA3DE8}_is1) (Version: 1.0 - Voodoo Garden)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
WarCraft III wersja 1.26a (HKLM-x32\...\WarCraft III_is1) (Version: 1.26a - Blizzard Entertainment)
Warface (HKLM\...\Steam App 291480) (Version: - Crytek)
Watch This! (HKLM\...\d2F0Y2h0aGlz_is1) (Version: 1 - )
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Wondershare Filmora(Build 7.5.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.24-1 - Bitnami)
XCOM 2 (HKLM-x32\...\XCOM 2_is1) (Version: - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zombie Night Terror (HKLM-x32\...\2071628374_is1) (Version: 2.0.0.2 - GOG.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F4D3510-AB49-4063-8121-094F84CC23EF} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {1C0DC399-48D6-44AA-AA11-0E32F5DD82BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {26791687-556A-402F-BC8E-BFBB08684214} - System32\Tasks\936q338c541g343 => Rundll32.exe "C:\ProgramData\936q338c541g343\936q338c541g343.dll",hcsopx <==== ATTENTION
Task: {27BB8890-9BC4-46D7-9C40-BE411515F348} - System32\Tasks\{3521EF7F-7188-49AE-96A0-772AFD999936} => pcalua.exe -a "C:\Program Files (x86)\Torchlight II\Torchlight2.exe" -d "C:\Program Files (x86)\Torchlight II"
Task: {2B2AEEEA-7646-43CC-94D0-1A5C261B9A86} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ddarkyo@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-05] (Adobe Systems Incorporated)
Task: {364A1C40-E72C-4F06-BBF7-54FBA531C824} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {3D6A40F6-3955-4143-92EB-F84D8707AF7F} - System32\Tasks\DuetUpdater => C:\Program Files\Kairos\Duet Display\DuetUpdater.exe [2016-09-07] (Kairos)
Task: {440B548C-B459-4B91-A396-95353010AF5A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {4667B875-0621-46A2-B461-292E8B63ECA5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {4A280743-A2E9-42D5-BAFB-6D90A353233C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {5CA9BB26-F43D-4FCE-855A-65A23CD3F2A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {6A611FDB-7513-4803-9568-6BB7CC802C39} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2235314058-1462497776-1017983739-1001 => C:\Users\Web\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Task: {6EB466FB-079D-4016-8778-C40E6E0F3ED3} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {74791E2B-C70E-4F78-9269-8D7F74262D4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {82DF6F9E-0B41-4930-8201-F177AEDFBE8D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)
Task: {923DFC64-D1E2-4B64-A70C-1D76891C5874} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation)
Task: {943F6A25-64FA-4CAC-B4C3-EBAF2933C95B} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2016-11-25] ()
Task: {A9E5762A-7BB9-45FD-8816-889DB2D475A2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {CF75BD36-DEB4-4AEC-9A85-3A03A0CA5BF9} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {DDB4AC86-D16C-4EBB-90F6-A259E1010F09} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-08-28 19:55 - 2016-08-11 12:49 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-22 00:07 - 2016-04-22 00:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 00:07 - 2016-04-22 00:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-20 19:08 - 2016-09-30 05:25 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-20 19:08 - 2016-09-30 05:25 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-20 19:09 - 2016-09-30 05:25 - 00419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-09-25 00:20 - 2016-09-25 00:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-10-30 19:24 - 2016-06-25 08:52 - 00018432 _____ () C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
2016-12-24 22:56 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-24 22:56 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-12-24 19:43 - 2016-12-28 21:01 - 00252416 _____ () C:\WINDOWS\TEMP\gB0F9.tmp.exe
2016-10-31 20:45 - 2016-10-31 20:45 - 00592384 _____ () C:\Users\Web\AppData\Local\MEGAsync\ShellExtX64.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-11-25 11:53 - 2016-11-25 11:53 - 00175096 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2016-12-14 22:56 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 22:56 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2015-01-07 00:17 - 2015-01-07 00:17 - 00503808 _____ () C:\WINDOWS\SYSTEM32\turbojpeg.dll
2016-05-22 18:32 - 2016-05-22 18:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-04-07 15:31 - 2014-04-07 15:31 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2016-10-30 19:24 - 2015-05-26 19:54 - 00152576 _____ () C:\Program Files (x86)\Remote Mouse\FileS.dll
2016-10-20 19:08 - 2016-09-30 05:25 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-25 11:53 - 2016-11-25 11:53 - 03436536 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2016-08-22 12:49 - 2016-08-22 12:49 - 40523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
2015-10-27 21:25 - 2015-10-27 21:25 - 00213936 _____ () C:\Users\Web\AppData\Local\join.me.launcher\ExternalLibs\x86\JoinMe.Launcher.Win.Wrapper.dll
2012-11-20 08:20 - 2016-08-29 23:23 - 00104448 _____ () C:\Program Files (x86)\Sony\Content Manager Assistant\opencma.dll
2016-05-31 03:46 - 2016-05-31 03:46 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-04-05 16:57 - 2016-04-05 16:57 - 00393608 _____ () C:\Users\Web\AppData\Roaming\Curse Client\Bin\opus.dll
2016-12-11 01:41 - 2016-12-14 22:44 - 00534408 _____ () C:\Users\Web\AppData\Roaming\Curse Client\Bin\Curse.Presto.Interface.dll
2016-04-13 09:38 - 2016-04-13 09:38 - 00482304 _____ () C:\Users\Web\AppData\Local\MEGAsync\libsodium.dll
2016-09-02 21:04 - 2016-06-20 13:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-09-02 21:04 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-11-27 15:45 - 2016-08-19 16:12 - 00149352 _____ () C:\Program Files (x86)\Razer\Razer Cortex\SimbaDeviceControl.dll
2016-05-12 21:37 - 2016-05-12 21:37 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00120832 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-05-31 03:40 - 2016-05-31 03:40 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-05-12 21:37 - 2016-05-12 21:37 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-12-11 01:13 - 2016-12-11 01:13 - 01949064 _____ () C:\Users\Web\AppData\Roaming\Curse Client\Bin\Electron\ffmpeg.dll
2016-12-11 01:13 - 2016-12-11 01:13 - 02269064 _____ () C:\Users\Web\AppData\Roaming\Curse Client\Bin\Electron\libglesv2.dll
2016-12-11 01:13 - 2016-12-11 01:13 - 00086920 _____ () C:\Users\Web\AppData\Roaming\Curse Client\Bin\Electron\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [133]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86955048.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86955048.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UnsignedThemes => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2016-12-24 21:02 - 00001029 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Web\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta z Przeglądarki fotografii systemu Windows.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{B25DFCB2-511E-4183-8DB0-FEE6AC293985}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{7B5A7979-73F3-454D-A16F-4D13D72FA0B1}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{3C73E84D-1B09-49E4-9592-5A35C4594F19}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2A5677F6-043F-4EB5-B9F3-E486E61205DF}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C55BFF22-C06B-4AB8-8F72-0B402A2D6E69}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8659E450-B349-4FAA-A2E1-878AB586C079}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9C79A284-1A3F-40D4-8314-09315E59D919}] => C:\Program Files (x86)\Grand Theft Auto V\GTA5.exe
FirewallRules: [{02D83B45-F93B-4EDF-A27A-286713A6100A}] => C:\Program Files (x86)\Grand Theft Auto V\GTA5.exe
FirewallRules: [{04003FCC-C102-4680-B01F-F4F03DB7C91F}] => C:\Users\Ddarkyo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E12C8CC4-E8A7-4AF6-A3A6-EA9C1CA16F9F}] => C:\Users\Ddarkyo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E1A0D886-D33E-4A92-8453-13C4E2CC9FF9}] => C:\Users\Ddarkyo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9C53459C-2580-4C73-A3BF-C12762CB702D}] => C:\Users\Ddarkyo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{68FF61B7-6147-49BD-91C9-D9D7460CBB1C}] => C:\Users\Ddarkyo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{60E88129-68C7-45F3-92CC-E3672DEE4C2D}] => C:\Users\Ddarkyo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5FF45500-6488-40C6-BB99-F37602B7AB6E}] => C:\Program Files (x86)\Send Anywhere\sendanywhere.exe
FirewallRules: [TCP Query User{C1EB8072-2240-43BF-9E1C-77D2389E4789}C:\program files\qcma\qcma.exe] => C:\program files\qcma\qcma.exe
FirewallRules: [UDP Query User{BF2F57B5-6944-4D63-B39F-8684B4D345FB}C:\program files\qcma\qcma.exe] => C:\program files\qcma\qcma.exe
FirewallRules: [TCP Query User{3FA1CA34-D91E-435B-ADCE-3DBEE247DBF3}C:\program files (x86)\activestate komodo ide 10\lib\mozilla\komodo.exe] => C:\program files (x86)\activestate komodo ide 10\lib\mozilla\komodo.exe
FirewallRules: [UDP Query User{81DB3FE9-7F3C-491A-BB06-F79980285E5B}C:\program files (x86)\activestate komodo ide 10\lib\mozilla\komodo.exe] => C:\program files (x86)\activestate komodo ide 10\lib\mozilla\komodo.exe
FirewallRules: [{F7D9CB00-3342-491A-A7E8-9DCDBD123AD3}] => %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [TCP Query User{2C91B005-DCE9-4C79-8A68-3B046FF45BAC}C:\program files (x86)\brackets\node.exe] => C:\program files (x86)\brackets\node.exe
FirewallRules: [UDP Query User{B06F93A7-6573-44BA-8B21-A3380AE18128}C:\program files (x86)\brackets\node.exe] => C:\program files (x86)\brackets\node.exe
FirewallRules: [TCP Query User{B6838EB8-3F81-419F-BBCF-B383DF4FBDC8}C:\users\ddarkyo\appdata\local\apps\2.0\k9wy67c2.dcv\e7vmbwmn.2kt\live..tion_0000000000000000_0000.0009_403689373d141ec5\res\livereloadnodejs.exe] => C:\users\ddarkyo\appdata\local\apps\2.0\k9wy67c2.dcv\e7vmbwmn.2kt\live..tion_0000000000000000_0000.0009_403689373d141ec5\res\livereloadnodejs.exe
FirewallRules: [UDP Query User{4D24B13D-2835-43ED-8066-3776D788E127}C:\users\ddarkyo\appdata\local\apps\2.0\k9wy67c2.dcv\e7vmbwmn.2kt\live..tion_0000000000000000_0000.0009_403689373d141ec5\res\livereloadnodejs.exe] => C:\users\ddarkyo\appdata\local\apps\2.0\k9wy67c2.dcv\e7vmbwmn.2kt\live..tion_0000000000000000_0000.0009_403689373d141ec5\res\livereloadnodejs.exe
FirewallRules: [TCP Query User{9516EDCA-7FF9-468F-9095-A781B52DCE42}C:\users\ddarkyo\appdata\local\livestyle\app-1.0.0\livestyle.exe] => C:\users\ddarkyo\appdata\local\livestyle\app-1.0.0\livestyle.exe
FirewallRules: [UDP Query User{10665954-F6C0-4499-A2D8-F9D0EE304F82}C:\users\ddarkyo\appdata\local\livestyle\app-1.0.0\livestyle.exe] => C:\users\ddarkyo\appdata\local\livestyle\app-1.0.0\livestyle.exe
FirewallRules: [{CA63DEB9-EA03-4DCB-B2E1-2E4F2C95F134}] => C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{5DF77AA3-2214-4EC5-B6F4-4C44644E7794}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{DA4DE82A-BE7F-4243-9B5A-B36341DC9F62}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{0F87C3AB-EC1C-4FCB-B328-E078AAE1B401}C:\users\ddarkyo\desktop\we.happy.few.pre-alpha.build.22249\glimpse\glimpsegame\binaries\win64\glimpsegame.exe] => C:\users\ddarkyo\desktop\we.happy.few.pre-alpha.build.22249\glimpse\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [UDP Query User{B4FC5B3C-3444-450B-9F66-793D865A8F57}C:\users\ddarkyo\desktop\we.happy.few.pre-alpha.build.22249\glimpse\glimpsegame\binaries\win64\glimpsegame.exe] => C:\users\ddarkyo\desktop\we.happy.few.pre-alpha.build.22249\glimpse\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [TCP Query User{298B0131-E396-4355-91B1-76E651CA5766}C:\program files (x86)\anno 2070 complete edition\initengine.exe] => C:\program files (x86)\anno 2070 complete edition\initengine.exe
FirewallRules: [UDP Query User{BA4B534B-F96C-44EE-947B-65ABE76EF1C6}C:\program files (x86)\anno 2070 complete edition\initengine.exe] => C:\program files (x86)\anno 2070 complete edition\initengine.exe
FirewallRules: [TCP Query User{F5017CCE-2A29-40A0-9A3A-70E85616843B}C:\program files (x86)\event 0\event0.exe] => C:\program files (x86)\event 0\event0.exe
FirewallRules: [UDP Query User{78BBD6A9-7800-4D94-81CA-9CDDDAA632AC}C:\program files (x86)\event 0\event0.exe] => C:\program files (x86)\event 0\event0.exe
FirewallRules: [{E4389B15-672C-4F80-B361-1429A6944B53}] => C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{FEC3E543-F25D-40A2-BB84-ADA4EBAF9EE5}] => C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{412F5701-73E1-4C3B-9578-AD542EE285BB}] => C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{83F59A3C-7933-401A-BF3F-80B3ADBA245A}] => C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{5723088B-DB1F-4AA0-B49D-2D63550C551B}] => C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{3AAD6B61-5D50-45C1-988C-559CABC59CF0}] => C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [TCP Query User{7B188132-475E-49C2-B7D2-95BDAEF344D8}C:\program files\office freakout\officefreakout\binaries\win32\officefreakout-win32-shipping.exe] => C:\program files\office freakout\officefreakout\binaries\win32\officefreakout-win32-shipping.exe
FirewallRules: [UDP Query User{FB15405A-33B0-4DDE-9DDB-B4945EA33C3B}C:\program files\office freakout\officefreakout\binaries\win32\officefreakout-win32-shipping.exe] => C:\program files\office freakout\officefreakout\binaries\win32\officefreakout-win32-shipping.exe
FirewallRules: [TCP Query User{70120C05-8A92-4E20-9540-CE9185E689B1}C:\program files\watch this\engine\binaries\win32\ue4game-win32-shipping.exe] => C:\program files\watch this\engine\binaries\win32\ue4game-win32-shipping.exe
FirewallRules: [UDP Query User{979BEB52-3D5E-481E-A1CA-DC12D5DCEFF6}C:\program files\watch this\engine\binaries\win32\ue4game-win32-shipping.exe] => C:\program files\watch this\engine\binaries\win32\ue4game-win32-shipping.exe
FirewallRules: [{077ADB1C-5BDD-46CF-AA56-A66DDD6E847F}] => C:\Program Files (x86)\Steam\steamapps\common\Moirai\Moirai.exe
FirewallRules: [{288D3980-D416-497A-A6BD-ED23C734C21E}] => C:\Program Files (x86)\Steam\steamapps\common\Moirai\Moirai.exe
FirewallRules: [{2017711A-0506-4859-B612-12D9149860D4}] => C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{79E93CAF-12D1-4DEA-8AE2-2D5A9F63DBF5}] => C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{0D168060-ADD5-450A-BC3B-A201706C33D6}] => C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{DB9F4C05-2838-4149-AA9D-6E917284C8FA}] => C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [TCP Query User{5353B04A-ED10-4810-A868-7782492D4A8D}C:\program files (x86)\firewatch\firewatch.exe] => C:\program files (x86)\firewatch\firewatch.exe
FirewallRules: [UDP Query User{2D41E25E-EB98-4A22-A086-DEB15D1BFE59}C:\program files (x86)\firewatch\firewatch.exe] => C:\program files (x86)\firewatch\firewatch.exe
FirewallRules: [TCP Query User{BCB010F9-6C93-4DCB-A066-FE5F7262EDB6}C:\program files (x86)\car mechanic simulator 2015\cms2015.exe] => C:\program files (x86)\car mechanic simulator 2015\cms2015.exe
FirewallRules: [UDP Query User{B19B5038-0BCF-4E61-9223-5ED455510792}C:\program files (x86)\car mechanic simulator 2015\cms2015.exe] => C:\program files (x86)\car mechanic simulator 2015\cms2015.exe
FirewallRules: [{DAFB502E-B09B-4DA7-800C-19A2393EB087}] => C:\Program Files (x86)\Steam\steamapps\common\Ragnarok Clicker Heroes\Ragnarok Clicker.exe
FirewallRules: [{E1200EE5-F119-4D79-89E7-449853E98E18}] => C:\Program Files (x86)\Steam\steamapps\common\Ragnarok Clicker Heroes\Ragnarok Clicker.exe
FirewallRules: [TCP Query User{3DE5DCAA-AC8C-4457-9522-D7B410300358}C:\program files (x86)\voodoo garden\voodoo garden.exe] => C:\program files (x86)\voodoo garden\voodoo garden.exe
FirewallRules: [UDP Query User{ABC8FE98-1CD5-420B-AB28-F514D72C2451}C:\program files (x86)\voodoo garden\voodoo garden.exe] => C:\program files (x86)\voodoo garden\voodoo garden.exe
FirewallRules: [{469A5EBA-44C1-43DC-A787-B1E581F40904}] => C:\Program Files (x86)\Steam\steamapps\common\Epic Clicker Journey\Epic Clicker Journey.exe
FirewallRules: [{7DD572C3-6165-4AF4-8775-20F327845CF8}] => C:\Program Files (x86)\Steam\steamapps\common\Epic Clicker Journey\Epic Clicker Journey.exe
FirewallRules: [TCP Query User{E3A4AB6D-2D93-4C64-BB55-B6B6DAA735B1}C:\games\xcom 2\binaries\win64\xcom2.exe] => C:\games\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{AD8C9E27-F6A2-440B-855E-C561DE1B6B68}C:\games\xcom 2\binaries\win64\xcom2.exe] => C:\games\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [TCP Query User{A2046EF5-F400-4BDB-82A6-BA73E1730334}C:\program files (x86)\airdroid\airdroid.exe] => C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{3D5D2DF4-579C-4991-B087-DB76C1363682}C:\program files (x86)\airdroid\airdroid.exe] => C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{59F8723D-A9F9-46AF-AEA5-439D9939D156}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5BEBB76F-1473-4062-AFD5-6833B6BAB3AC}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{D14244A8-DFB1-49FC-9F36-109821929D33}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D4725C18-AE51-48F0-8667-6FB8DA3531E9}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{14D315C5-C603-45F2-A650-84FA31FBC4DE}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4C6D6483-8E56-4E1A-BC90-9EB26A78DD2E}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{A8D66AEF-C6CB-4EE4-81DE-4FAF5AA509C5}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D3EE5ABD-139A-402B-88FA-7411094BDFFA}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0D51B943-E539-42A9-A55F-4C64AA5DB7A1}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{21C575A9-9F67-493A-BE19-DE4DD2C0AF8C}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{10D80C81-1421-4C4C-829F-0306DF46B90B}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8F7E8599-C69B-40E5-9D38-EEFA72721EA9}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{30BE5CA9-F1CA-4098-ADFE-096C53524FC1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{21106B66-453C-4871-AC39-3D605BFEA984}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{54C97B68-73BD-4A64-B513-DC921E8E09E0}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{33735881-7264-41C8-A66F-99CFF9FED71B}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{8C58682A-5A97-4961-AD9B-C20EBA0BA82B}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{AFA7FAA9-1E72-4541-B260-85E59EC44E70}C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe] => C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{A3CF77AF-5E4F-4178-ADCA-4AB0420D3059}C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe] => C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{250FB2E3-4F0F-4B6C-A088-6A31C15E1B75}C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe] => C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{358F7A4E-719D-4E74-A7AF-7A127D554EE6}C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe] => C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe
FirewallRules: [{130FB4FB-7566-4229-A90E-CDD6407367D4}] => C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{1ED1ED10-22E8-4173-BCDD-E00DC2FB4B7C}] => C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{6D880BCF-ABE0-4C20-9128-D46992371B6C}] => C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{0A8CA831-815E-40BB-B68D-2FB89D7C7C90}] => C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{611FFDA8-1B7E-445F-878C-DC01D4FD0098}] => C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{C1EA0724-9DEB-4AC7-96D5-D4E7B968366A}] => C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [TCP Query User{AF8E572E-119D-4826-95F7-2B8054A29B17}C:\users\ddarkyo\desktop\paint.the.town.red.v0.6.4\paintthetownred.exe] => C:\users\ddarkyo\desktop\paint.the.town.red.v0.6.4\paintthetownred.exe
FirewallRules: [UDP Query User{AF09E046-F6B0-4DCC-874A-B7A71C92C02B}C:\users\ddarkyo\desktop\paint.the.town.red.v0.6.4\paintthetownred.exe] => C:\users\ddarkyo\desktop\paint.the.town.red.v0.6.4\paintthetownred.exe
FirewallRules: [{B2247067-38E7-4B96-AB94-25957E849C37}] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{647248D0-7B69-4369-BB0C-3F0E587E9061}] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{00945827-8A1A-47B0-A526-85EAACF93B47}] => C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{1A2C4106-FD09-4E89-ADE7-2242DC98599A}] => C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{8E6FC740-8C12-41BE-A31E-9676146B820A}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C5EE17BF-01BE-49FA-9763-BA70E79B0BCE}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5BC1258A-46BC-41C0-B9C9-7149DF63EB50}] => C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{2623ECA7-25F6-409C-9195-CFA6EBFB9DCB}] => C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{213027CA-DBD1-42FD-969D-30B738DB95CC}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{294EE0F5-FF6E-4DB5-92FF-90882229DCB5}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{31899BCE-F361-4ADD-A345-08381ED342DC}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1A25B086-FC36-45FB-9837-06BB4ADD38B9}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{00636FC0-BB51-4695-8AED-47FC44DDFA9B}] => C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{69472F66-5F68-41B7-95BC-02BEED52E385}] => C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{EA101ACA-CFF2-4063-8DFF-D3D1EC66EA60}C:\program files (x86)\carmageddon max damage\carmageddon_max_damage.exe] => C:\program files (x86)\carmageddon max damage\carmageddon_max_damage.exe
FirewallRules: [UDP Query User{C94991C2-AF9A-44FB-973E-53192834660E}C:\program files (x86)\carmageddon max damage\carmageddon_max_damage.exe] => C:\program files (x86)\carmageddon max damage\carmageddon_max_damage.exe
FirewallRules: [TCP Query User{4E634021-9BC3-4166-9875-FF6C238D6F10}C:\grand theft auto v\gta5.exe] => C:\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{E6B7A3AE-AA7E-4061-9F5D-A447C285041A}C:\grand theft auto v\gta5.exe] => C:\grand theft auto v\gta5.exe
FirewallRules: [{2B1D9829-C16E-4E4E-B798-83A2491442EF}] => C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{1DE0B80C-B369-48C9-B741-C9730D5A4D0A}] => C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [TCP Query User{953B3BE2-B8FE-4B4B-A943-3DE82BD8E5A2}C:\program files (x86)\warcraft iii\war3.exe] => C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{E59C258D-783D-4AEB-822D-73D3E164D9A0}C:\program files (x86)\warcraft iii\war3.exe] => C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [TCP Query User{7147E483-206D-45B3-8417-A5B00B7935A6}C:\grand theft auto v\scripts\gtaserver.exe] => C:\grand theft auto v\scripts\gtaserver.exe
FirewallRules: [UDP Query User{66B8C44E-C781-4109-9B89-95AA89517713}C:\grand theft auto v\scripts\gtaserver.exe] => C:\grand theft auto v\scripts\gtaserver.exe
FirewallRules: [{FBB5E5FB-DBD3-409A-A059-F36771678FAB}] => C:\Grand Theft Auto V\GTA5.exe
FirewallRules: [{1FE68767-B139-467C-8E61-8AC1A2A36F94}] => C:\Grand Theft Auto V\GTA5.exe
FirewallRules: [{B85AE9B4-80C9-4A0B-9625-D340798A60BC}] => C:\Program Files (x86)\Steam\steamapps\common\Warface\live\gflauncher.exe
FirewallRules: [{71EDC7B6-C616-41E6-8EAA-DDDCAF1B68AA}] => C:\Program Files (x86)\Steam\steamapps\common\Warface\live\gflauncher.exe
FirewallRules: [{3D456E7B-0848-4174-ABAC-00B7BAD335DE}] => C:\Users\Web\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{637A836B-B031-47D9-8B96-8EA42725CFE0}] => C:\Users\Web\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{984CF41F-CBDC-4A5A-B0F7-5FD4BC64D376}] => C:\Users\Web\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D0AE5186-A6E7-43E7-B4B8-E153E924BF1C}] => C:\Users\Web\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5DCB2FCF-C83A-44C4-8960-4F0BA7FB8ABE}] => C:\Users\Web\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FFCBE50F-F07B-414F-AF07-A6DEF5710468}] => C:\Users\Web\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{00CB9229-C588-464D-9D35-66C96A849820}C:\gog games\empire earth ii gold edition\ee2.exe] => C:\gog games\empire earth ii gold edition\ee2.exe
FirewallRules: [UDP Query User{327A04A0-0C1E-48C6-B740-2E3C03C44BED}C:\gog games\empire earth ii gold edition\ee2.exe] => C:\gog games\empire earth ii gold edition\ee2.exe
FirewallRules: [{A03FAD6F-8FA4-4976-B890-E2DA4BC95D41}] => C:\gog games\empire earth ii gold edition\ee2.exe
FirewallRules: [{28CA71DD-24A4-43AF-9C61-CE89D1E2486A}] => C:\gog games\empire earth ii gold edition\ee2.exe
FirewallRules: [{BEF86D2B-7989-4079-AA1A-A865FE8ADE60}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1F781539-A6DB-4D0B-A417-51650B4AD2A6}C:\users\web\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\web\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{519CA4E4-7B91-43F0-A04C-A07C4B140129}C:\users\web\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\web\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{7CCF7441-F851-48F2-BAA4-4C2DE278BD31}C:\program files (x86)\tabletop simulator\tabletop simulator.exe] => C:\program files (x86)\tabletop simulator\tabletop simulator.exe
FirewallRules: [UDP Query User{A1E6A5CF-91C5-423A-81D5-55193C1EB12C}C:\program files (x86)\tabletop simulator\tabletop simulator.exe] => C:\program files (x86)\tabletop simulator\tabletop simulator.exe
FirewallRules: [{1CDF6165-6AE9-4D38-80B8-B74DD30CA48F}] => C:\Program Files (x86)\GTX Box Team\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [{F2DD1A35-995E-45AE-9DD6-2C774FA2DF14}] => C:\Program Files (x86)\GTX Box Team\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [TCP Query User{65B0EB4C-21AA-4930-A2B3-F9601CEE921C}C:\users\web\downloads\tamriel online server-67038-2-4-0u4\sfs2x\sfs2x-standalone.exe] => C:\users\web\downloads\tamriel online server-67038-2-4-0u4\sfs2x\sfs2x-standalone.exe
FirewallRules: [UDP Query User{EC9184A5-F389-4899-9805-A69145C424B1}C:\users\web\downloads\tamriel online server-67038-2-4-0u4\sfs2x\sfs2x-standalone.exe] => C:\users\web\downloads\tamriel online server-67038-2-4-0u4\sfs2x\sfs2x-standalone.exe
FirewallRules: [{5772968A-9B36-45DC-AAFB-0CEEB35C93A8}] => C:\Program Files (x86)\Mr DJ\The Witcher 3 Wild Hunt Complete\bin\x64\witcher3.exe
FirewallRules: [{28ABACCB-287E-41E0-BA15-43E55165F33D}] => C:\Program Files (x86)\Mr DJ\The Witcher 3 Wild Hunt Complete\bin\x64\witcher3.exe
FirewallRules: [{56C5F713-953F-47C6-AFBE-F24E4426CCC4}] => C:\Users\Web\Downloads\The.Sims.4.Deluxe.Edition.v1.20.60.1020.Incl.Dine.Out\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{59D02200-9AD5-4A8C-8212-91C87E86B77F}] => C:\Users\Web\Downloads\The.Sims.4.Deluxe.Edition.v1.20.60.1020.Incl.Dine.Out\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{6F85EECB-1450-47A2-B054-340D4A4E8E9A}] => C:\Users\Web\Downloads\The.Sims.4.Deluxe.Edition.v1.20.60.1020.Incl.Dine.Out\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{DCF23D0F-AFD4-48E8-8868-3FA3BBE197EA}] => C:\Users\Web\Downloads\The.Sims.4.Deluxe.Edition.v1.20.60.1020.Incl.Dine.Out\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{F6B1129F-4485-445F-8766-67B58BDE0DFA}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{34E6713A-DF31-45B0-96E3-36C6467BD3EF}] => C:\Program Files\The Sims 4 City Living\Game\Bin\TS4.exe
FirewallRules: [{01301679-CA67-4071-B205-D95F7178EC49}] => C:\Program Files\The Sims 4 City Living\Game\Bin\TS4.exe
FirewallRules: [{7D8420D7-F29D-46E1-A52E-586F0AD99978}] => C:\Program Files\The Sims 4 City Living\Game\Bin\TS4_x64.exe
FirewallRules: [{AA6E7EE8-67CE-4F6A-A52D-38F83186B19F}] => C:\Program Files\The Sims 4 City Living\Game\Bin\TS4_x64.exe
FirewallRules: [{BD63D322-2789-4057-B25D-C835BFAF9320}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{7BE9DA3E-FD9B-4636-8743-B6510CA37ACA}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{4B332E7B-BFA9-46C0-9FDF-AA8C5B4AA6E9}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{4759DD97-A961-4BAD-A940-E72AF3F82C9D}] => C:\Windows\System32\rundll32.exe

==================== Restore Points =========================

25-12-2016 10:31:57 Zaplanowany punkt kontrolny
26-12-2016 17:48:08 Zainstalowane TheSims3EP7

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Kontroler magistrali zarządzania systemem
Description: Kontroler magistrali zarządzania systemem
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2016 01:33:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 55.0.2883.87, sygnatura czasowa: 0x5848db5a
Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.3.9600.18438, sygnatura czasowa: 0x57ae642e
Kod wyjątku: 0xc0000135
Przesunięcie błędu: 0x00000000000ecdd0
Identyfikator procesu powodującego błąd: 0x1a6c
Godzina uruchomienia aplikacji powodującej błąd: 0x01d2603d7586fdca
Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Ścieżka modułu powodującego błąd: C:\WINDOWS\SYSTEM32\ntdll.dll
Identyfikator raportu: bcb0f3b7-cc30-11e6-beb5-d43d7ec000b6
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (12/27/2016 12:45:28 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Nie powiodło się wykonanie procedury otwierania dla usługi „WmiApRpl” w bibliotece DLL „C:\WINDOWS\system32\wbem\wmiaprpl.dll”. Dane wydajności dla tej usługi nie będą dostępne. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu.

Error: (12/27/2016 12:45:28 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: System Windows nie może załadować biblioteki DLL licznika rozszerzalnego rdyboost. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu systemu Windows.

Error: (12/27/2016 12:45:28 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nie można otworzyć obiektu wydajności usługi Server. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod stanu.

Error: (12/27/2016 12:45:28 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Nie powiodło się wykonanie procedury otwierania dla usługi „MSDTC” w bibliotece DLL „C:\WINDOWS\system32\msdtcuiu.DLL”. Dane wydajności dla tej usługi nie będą dostępne. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu.

Error: (12/27/2016 12:45:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Nie powiodło się wykonanie procedury otwierania dla usługi „Lsa” w bibliotece DLL „C:\Windows\System32\Secur32.dll”. Dane wydajności dla tej usługi nie będą dostępne. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu.

Error: (12/27/2016 12:45:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Nie powiodło się wykonanie procedury otwierania dla usługi „ESENT” w bibliotece DLL „C:\WINDOWS\system32\esentprf.dll”. Dane wydajności dla tej usługi nie będą dostępne. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu.

Error: (12/27/2016 12:45:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Nie powiodło się wykonanie procedury otwierania dla usługi „BITS” w bibliotece DLL „C:\Windows\System32\bitsperf.dll”. Dane wydajności dla tej usługi nie będą dostępne. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu.

Error: (12/27/2016 11:49:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 55.0.2883.87, sygnatura czasowa: 0x5848db5a
Nazwa modułu powodującego błąd: USER32.dll, wersja: 6.3.9600.18438, sygnatura czasowa: 0x57ae642e
Kod wyjątku: 0xc0000142
Przesunięcie błędu: 0x00000000000ecdd0
Identyfikator procesu powodującego błąd: 0xd58
Godzina uruchomienia aplikacji powodującej błąd: 0x01d2602ee48e6b0d
Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Ścieżka modułu powodującego błąd: USER32.dll
Identyfikator raportu: 2b12999f-cc22-11e6-beb5-d43d7ec000b6
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (12/27/2016 11:45:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 55.0.2883.87, sygnatura czasowa: 0x5848db5a
Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.3.9600.18438, sygnatura czasowa: 0x57ae642e
Kod wyjątku: 0xc0000135
Przesunięcie błędu: 0x00000000000ecdd0
Identyfikator procesu powodującego błąd: 0xa10
Godzina uruchomienia aplikacji powodującej błąd: 0x01d2602e46eaca28
Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Ścieżka modułu powodującego błąd: C:\WINDOWS\SYSTEM32\ntdll.dll
Identyfikator raportu: 9fa83213-cc21-11e6-beb5-d43d7ec000b6
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:


System errors:
=============
Error: (12/28/2016 09:00:02 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: ZARZĄDZANIE NT)
Description: I:\Device\HarddiskVolume92

Error: (12/28/2016 09:00:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 22:22:46 na ‎2016-‎12-‎27 było nieoczekiwane.

Error: (12/27/2016 12:06:09 PM) (Source: DCOM) (EventID: 10010) (User: Cebula)
Description: Serwer {1B1F472E-3221-4826-97DB-2C2324D389AE} nie zarejestrował się w modelu DCOM w wymaganym czasie.

Error: (12/27/2016 12:05:18 PM) (Source: DCOM) (EventID: 10010) (User: Cebula)
Description: Serwer {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} nie zarejestrował się w modelu DCOM w wymaganym czasie.

Error: (12/27/2016 11:55:21 AM) (Source: DCOM) (EventID: 10010) (User: Cebula)
Description: Serwer {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} nie zarejestrował się w modelu DCOM w wymaganym czasie.

Error: (12/27/2016 11:54:50 AM) (Source: DCOM) (EventID: 10010) (User: Cebula)
Description: Serwer {1B1F472E-3221-4826-97DB-2C2324D389AE} nie zarejestrował się w modelu DCOM w wymaganym czasie.

Error: (12/27/2016 11:42:46 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: ZARZĄDZANIE NT)
Description: I:\Device\HarddiskVolume92

Error: (12/26/2016 02:06:23 PM) (Source: DCOM) (EventID: 10010) (User: Cebula)
Description: Serwer {1B1F472E-3221-4826-97DB-2C2324D389AE} nie zarejestrował się w modelu DCOM w wymaganym czasie.

Error: (12/26/2016 02:05:52 PM) (Source: DCOM) (EventID: 10010) (User: Cebula)
Description: Serwer {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} nie zarejestrował się w modelu DCOM w wymaganym czasie.

Error: (12/26/2016 11:49:22 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: ZARZĄDZANIE NT)
Description: I:\Device\HarddiskVolume92


==================== Memory info ===========================

Processor: Intel® Core™ i5-4430 CPU @ 3.00GHz
Percentage of memory in use: 37%
Total physical RAM: 8120 MB
Available physical RAM: 5072.2 MB
Total Virtual: 16312 MB
Available Virtual: 12368 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:418.16 GB) (Free:17.45 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive i: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:238.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2D17C143)

Partition: GPT.
Partition 2: (Not Active) - (Size=512.6 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=418.2 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 931.5 GB) (Disk ID: 02843348)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by Oh My!, 28 December 2016 - 04:00 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 28 December 2016 - 04:30 PM

Greetings and thank you for the extra effort. It makes it much easier to help you since my wife has forgotten most of her Polish! :)

Is the browser hijack only with Chrome?

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
() C:\Windows\Temp\gB0F9.tmp.exe
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {3841a2c9-ca2a-11e6-beaa-d43d7ec000b6} - "V:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {92ef93af-c303-11e6-bea2-d43d7ec000b6} - "W:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {92ef9409-c303-11e6-bea2-d43d7ec000b6} - "X:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {92ef9543-c303-11e6-bea2-d43d7ec000b6} - "V:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {b274c52d-c784-11e6-bea4-d43d7ec000b6} - "V:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {b274c531-c784-11e6-bea4-d43d7ec000b6} - "V:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {b274c69a-c784-11e6-bea4-d43d7ec000b6} - "W:\SETUP.EXE"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {d46c4ab6-bcc0-11e6-bea2-d43d7ec000b6} - "V:\setup_legend_of_grimrock_1.1.4.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {d46c5e4e-bcc0-11e6-bea2-d43d7ec000b6} - "V:\setup.exe"
ShellIconOverlayIdentifiers: [ OneDrive1] -> {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => -> No File
GroupPolicy: Restriction <======= ATTENTION
R3 gkernel; \??\C:\Users\Web\AppData\Local\Temp\gkernel.sys [X]
S3 HWiNFO32; \??\C:\Users\Ddarkyo\AppData\Local\Temp\HWiNFO64A.SYS [X]
2016-12-25 23:39 - 2016-12-26 16:43 - 00000000 ___HD C:\ProgramData\936q338c541g343
2016-12-25 23:39 - 2016-12-26 12:17 - 00016708 _____ C:\WINDOWS\System32\Tasks\936q338c541g343
C:\Users\Web\AppData\Local\Temp\gAF00.tmp.exe
C:\Users\Web\AppData\Local\Temp\jansi-64-1046165856721337819.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-1465975492653561558.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-2808514518789273508.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3089034848121463719.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3190496639422423150.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3211646447735196207.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-339787256011782982.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3832698401946663147.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3834013642544805333.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-4065314938047610045.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-4718713254079700510.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-5595791038571911520.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-5800495213642288022.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-6162510468823227227.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-6694220637402066134.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-8063606912767288895.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-8458418848546586170.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-972868314782435258.dll
C:\Users\Web\AppData\Local\Temp\libeay32.dll
C:\Users\Web\AppData\Local\Temp\msvcr120.dll
C:\Users\Web\AppData\Local\Temp\Play.exe
C:\Users\Web\AppData\Local\Temp\setup.dll
C:\Users\Web\AppData\Local\Temp\setup.exe
C:\Users\Web\AppData\Local\Temp\sqlite3.dll
Task: {26791687-556A-402F-BC8E-BFBB08684214} - System32\Tasks\936q338c541g343 => Rundll32.exe "C:\ProgramData\936q338c541g343\936q338c541g343.dll",hcsopx <==== ATTENTION
C:\ProgramData\936q338c541g343\936q338c541g343.dll
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [133]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86955048.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86955048.sys => ""="Driver"
Folder: C:\Program Files (x86)\KrazyDev
hosts:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Chrome?
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Onioon

Onioon
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 30 December 2016 - 04:37 AM

It hijacks also Ms Edge. For now .tmp.exe proces changed icon, but everything is still same (with even more chrome 'out of memory' i think). But there is a little problem I had accidentaly deleted first-run Fixlog so I add second-scan FRST.txt, Addition.txt and second-run Fixlog, sorry.
 
Attached File  chrome_2016-12-29_14-04-17.png   392.31KB   0 downloads

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Web (30-12-2016 10:10:42) Run:2
Running from C:\Users\Web\Downloads
Loaded Profiles: Web (Available Profiles: Ddarkyo & Web)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
() C:\Windows\Temp\gB0F9.tmp.exe
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {3841a2c9-ca2a-11e6-beaa-d43d7ec000b6} - "V:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {92ef93af-c303-11e6-bea2-d43d7ec000b6} - "W:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {92ef9409-c303-11e6-bea2-d43d7ec000b6} - "X:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {92ef9543-c303-11e6-bea2-d43d7ec000b6} - "V:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {b274c52d-c784-11e6-bea4-d43d7ec000b6} - "V:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {b274c531-c784-11e6-bea4-d43d7ec000b6} - "V:\setup.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {b274c69a-c784-11e6-bea4-d43d7ec000b6} - "W:\SETUP.EXE"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {d46c4ab6-bcc0-11e6-bea2-d43d7ec000b6} - "V:\setup_legend_of_grimrock_1.1.4.exe"
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\...\MountPoints2: {d46c5e4e-bcc0-11e6-bea2-d43d7ec000b6} - "V:\setup.exe"
ShellIconOverlayIdentifiers: [ OneDrive1] -> {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => -> No File
GroupPolicy: Restriction <======= ATTENTION
R3 gkernel; \??\C:\Users\Web\AppData\Local\Temp\gkernel.sys [X]
S3 HWiNFO32; \??\C:\Users\Ddarkyo\AppData\Local\Temp\HWiNFO64A.SYS [X]
2016-12-25 23:39 - 2016-12-26 16:43 - 00000000 ___HD C:\ProgramData\936q338c541g343
2016-12-25 23:39 - 2016-12-26 12:17 - 00016708 _____ C:\WINDOWS\System32\Tasks\936q338c541g343
C:\Users\Web\AppData\Local\Temp\gAF00.tmp.exe
C:\Users\Web\AppData\Local\Temp\jansi-64-1046165856721337819.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-1465975492653561558.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-2808514518789273508.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3089034848121463719.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3190496639422423150.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3211646447735196207.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-339787256011782982.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3832698401946663147.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-3834013642544805333.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-4065314938047610045.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-4718713254079700510.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-5595791038571911520.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-5800495213642288022.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-6162510468823227227.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-6694220637402066134.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-8063606912767288895.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-8458418848546586170.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-972868314782435258.dll
C:\Users\Web\AppData\Local\Temp\libeay32.dll
C:\Users\Web\AppData\Local\Temp\msvcr120.dll
C:\Users\Web\AppData\Local\Temp\Play.exe
C:\Users\Web\AppData\Local\Temp\setup.dll
C:\Users\Web\AppData\Local\Temp\setup.exe
C:\Users\Web\AppData\Local\Temp\sqlite3.dll
Task: {26791687-556A-402F-BC8E-BFBB08684214} - System32\Tasks\936q338c541g343 => Rundll32.exe "C:\ProgramData\936q338c541g343\936q338c541g343.dll",hcsopx <==== ATTENTION
C:\ProgramData\936q338c541g343\936q338c541g343.dll
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [133]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86955048.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86955048.sys => ""="Driver"
Folder: C:\Program Files (x86)\KrazyDev
hosts:
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\Temp\gB0F9.tmp.exe => No running process found
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3841a2c9-ca2a-11e6-beaa-d43d7ec000b6} => key not found.
HKCR\CLSID\{3841a2c9-ca2a-11e6-beaa-d43d7ec000b6} => key not found.
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92ef93af-c303-11e6-bea2-d43d7ec000b6} => key not found.
HKCR\CLSID\{92ef93af-c303-11e6-bea2-d43d7ec000b6} => key not found.
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92ef9409-c303-11e6-bea2-d43d7ec000b6} => key not found.
HKCR\CLSID\{92ef9409-c303-11e6-bea2-d43d7ec000b6} => key not found.
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92ef9543-c303-11e6-bea2-d43d7ec000b6} => key not found.
HKCR\CLSID\{92ef9543-c303-11e6-bea2-d43d7ec000b6} => key not found.
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b274c52d-c784-11e6-bea4-d43d7ec000b6} => key not found.
HKCR\CLSID\{b274c52d-c784-11e6-bea4-d43d7ec000b6} => key not found.
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b274c531-c784-11e6-bea4-d43d7ec000b6} => key not found.
HKCR\CLSID\{b274c531-c784-11e6-bea4-d43d7ec000b6} => key not found.
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b274c69a-c784-11e6-bea4-d43d7ec000b6} => key not found.
HKCR\CLSID\{b274c69a-c784-11e6-bea4-d43d7ec000b6} => key not found.
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d46c4ab6-bcc0-11e6-bea2-d43d7ec000b6} => key not found.
HKCR\CLSID\{d46c4ab6-bcc0-11e6-bea2-d43d7ec000b6} => key not found.
HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d46c5e4e-bcc0-11e6-bea2-d43d7ec000b6} => key not found.
HKCR\CLSID\{d46c5e4e-bcc0-11e6-bea2-d43d7ec000b6} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key not found.
HKCR\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key not found.
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key not found.
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key not found.
HKCR\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key not found.
HKCR\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key not found.
HKCR\Wow6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key not found.
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key not found.
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key not found.
HKCR\Wow6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key not found.
HKCR\Wow6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key not found.
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
gkernel => Unable to stop service.
gkernel => service removed successfully
HWiNFO32 => service not found.
"C:\ProgramData\936q338c541g343" => not found.
"C:\WINDOWS\System32\Tasks\936q338c541g343" => not found.
"C:\Users\Web\AppData\Local\Temp\gAF00.tmp.exe" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-1046165856721337819.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-1465975492653561558.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-2808514518789273508.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-3089034848121463719.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-3190496639422423150.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-3211646447735196207.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-339787256011782982.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-3832698401946663147.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-3834013642544805333.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-4065314938047610045.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-4718713254079700510.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-5595791038571911520.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-5800495213642288022.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-6162510468823227227.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-6694220637402066134.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-8063606912767288895.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-8458418848546586170.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\jansi-64-972868314782435258.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\libeay32.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\msvcr120.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\Play.exe" => not found.
"C:\Users\Web\AppData\Local\Temp\setup.dll" => not found.
"C:\Users\Web\AppData\Local\Temp\setup.exe" => not found.
"C:\Users\Web\AppData\Local\Temp\sqlite3.dll" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26791687-556A-402F-BC8E-BFBB08684214} => key not found.
C:\WINDOWS\System32\Tasks\936q338c541g343 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\936q338c541g343 => key not found.
"C:\ProgramData\936q338c541g343\936q338c541g343.dll" => not found.
"C:\ProgramData\TEMP" => ":CB0AACC9" ADS not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\86955048.sys => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\86955048.sys => key not found.

========================= Folder: C:\Program Files (x86)\KrazyDev ========================

2016-11-30 16:08 - 2016-11-30 16:08 - 0000000 ____D () C:\Program Files (x86)\KrazyDev\ForceBindIP-GUI
2016-11-30 16:08 - 2016-11-30 16:09 - 0000036 _____ () C:\Program Files (x86)\KrazyDev\ForceBindIP-GUI\Config.ini
2016-11-30 16:08 - 2016-10-26 21:26 - 0032698 _____ () C:\Program Files (x86)\KrazyDev\ForceBindIP-GUI\ForceBindIPGui.jar
2016-11-30 16:08 - 2016-11-30 16:08 - 0000000 _____ () C:\Program Files (x86)\KrazyDev\ForceBindIP-GUI\Profiles.ini
2016-11-30 16:08 - 2016-11-30 16:08 - 0000362 _____ () C:\Program Files (x86)\KrazyDev\ForceBindIP-GUI\uninstall.dat
2016-11-30 16:08 - 2016-11-30 16:08 - 0119808 _____ () C:\Program Files (x86)\KrazyDev\ForceBindIP-GUI\Uninstall.exe
2016-11-30 16:08 - 2016-11-30 16:08 - 0003006 _____ () C:\Program Files (x86)\KrazyDev\ForceBindIP-GUI\uninstall_l.ifl

====== End of Folder: ======

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.


The system needed a reboot.

==== End of Fixlog 10:12:04 ====

Attached Files


Edited by Oh My!, 30 December 2016 - 11:26 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 30 December 2016 - 11:54 AM

Greetings,

Did you install KrazyDev on your computer?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
C:\Windows\Temp\g127A.tmp.exe
HKLM\...\RunOnce: [wd] => C:\WINDOWS\TEMP\g127A.tmp.exe [249856 2016-12-30] () <===== ATTENTION
CHR HKU\S-1-5-21-2235314058-1462497776-1017983739-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
R3 gkernel; \??\C:\Users\Web\AppData\Local\Temp\gkernel.sys [X]
C:\Users\Web\AppData\Local\Temp\gFA85.tmp.exe
C:\Users\Web\AppData\Local\Temp\gFA86.tmp.exe
C:\Users\Web\AppData\Local\Temp\jansi-64-5816766601108435059.dll
C:\Users\Web\AppData\Local\Temp\jansi-64-7474634991415700211.dll
Task: {0F4D3510-AB49-4063-8121-094F84CC23EF} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {114436F6-F20C-4C5D-A776-714898C7ED95} - System32\Tasks\3470r588o6m971 => Rundll32.exe "C:\ProgramData\3470r588o6m971\3470r588o6m971.dll",romovr <==== ATTENTION
C:\ProgramData\3470r588o6m971
2016-12-30 09:49 - 2016-12-30 09:49 - 00249856 _____ () C:\WINDOWS\TEMP\g127A.tmp.exe
2016-12-24 19:44 - 2016-12-30 09:49 - 03662848 _____ () C:\WINDOWS\TEMP\g7E0E.tmp
2016-12-24 19:43 - 2016-12-30 09:49 - 03780096 _____ () C:\WINDOWS\TEMP\g87A4.tmp
File: C:\WINDOWS\csrss.exe.vir
File: C:\WINDOWS\svchost.exe.vir
Folder: C:\WINDOWS\Azart
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 03 January 2017 - 10:34 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 08 January 2017 - 10:11 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users