Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shady services running in background, unattended installations etc.


  • This topic is locked This topic is locked
20 replies to this topic

#1 kamild1996

kamild1996

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 28 March 2017 - 10:12 AM

Hello, I've recently got infected with a package of malware - let's just say I hit an iceberg...
Minutes after infection (which made Windows go a bit crazy) my first reaction was to power off my computer, boot in safe mode and scan my PC with both AdwCleaner and Malwarebytes' AntiMalware. Both of these programs removed a plenty of garbage off of my PC, then I booted Windows as usual. Didn't notice any odd services running in the background so I kept using my computer as usual.
But today I noticed that there's still something shady running in the background. The fact that Opera (my main browser) suddenly closed and shortcuts to Firefox and Chrome appeared out of nowhere on my desktop and on my taskbar tripped me off. These were most likely infected, so I removed the shortcuts. I tried scanning with Malwarebytes again today, but for some reason it gets stuck while trying to scan the "C:\$Recycle.bin" directory. That's why I'm submitting the FRST logs, kindly asking you for help. :)
I'm fairly tech-savvy but I'm not really knowledgable about interpreting FRST logs. I do see a few potentially malicious entries but I haven't done anything about them just yet.
 
Oh, one more thing. I'm 100% sure I've had my flash drive and external HDD (S: and V:, respectively) connected to my computer while the infection has happened. Any tips on making sure these haven't been infected as well?

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 15-03-2017
Uruchomiony przez Kamil (administrator) KAMIL-PC (28-03-2017 16:55:41)
Uruchomiony z R:\Pobrane\scoped_dir_13100_13849
Załadowane profile: Kamil & (Dostępne profile: defaultuser0 & Kamil & Adrian)
Platform: Windows 10 Pro Wersja 1607 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: "C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1")
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
() C:\Program Files\Synergy\synergyd.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(painter) C:\Windows Update Disabler\UpdaterDisabler.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Performix LLC) C:\Program Files (x86)\Adguard\Adguard.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(TeamViewer GmbH) R:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5485\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Kyubey.exe) C:\Users\Kamil\AppData\Roaming\clean\Kyubey.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(CPUID) C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
(Matthew Malensek) C:\Program Files (x86)\3RVX\3RVX.exe
(Kyubey.exe) C:\Users\Kamil\AppData\Roaming\Kyubey\Kyubey.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776192 2016-12-02] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe [1243328 2016-09-20] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [Blackmagic CheckVersion] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersion.exe
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [SoliCallPro] => C:\Program Files (x86)\SoliCall\bin\SoliCall_Pro.exe [1646792 2016-12-11] ()
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908420\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163912830\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [thebat_startup] => C:\Program Files\The Bat!\thebat64.exe /minimize
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-07-06] (Unified Intents AB)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9161720 2016-12-23] (Binary Fortress Software)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5622032 2017-02-07] (Performix LLC)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [LZQ2IBR9D2] => "C:\Program Files (x86)\PubHotspot\K7Z95.exe"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [thebat_startup] => C:\Program Files\The Bat!\thebat64.exe /minimize
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-07-06] (Unified Intents AB)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9161720 2016-12-23] (Binary Fortress Software)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5622032 2017-02-07] (Performix LLC)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [LZQ2IBR9D2] => "C:\Program Files (x86)\PubHotspot\K7Z95.exe"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [thebat_startup] => C:\Program Files\The Bat!\thebat64.exe /minimize
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-07-06] (Unified Intents AB)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9161720 2016-12-23] (Binary Fortress Software)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5622032 2017-02-07] (Performix LLC)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [LZQ2IBR9D2] => "C:\Program Files (x86)\PubHotspot\K7Z95.exe"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4125575926-357873309-2165598990-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908924\...\RunOnce: [Uninstall 17.3.6517.0809\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Adrian\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64"
HKU\S-1-5-21-4125575926-357873309-2165598990-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908924\...\RunOnce: [Uninstall 17.3.6517.0809] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Adrian\AppData\Local\Microsoft\OneDrive\17.3.6517.0809"
HKU\S-1-5-21-4125575926-357873309-2165598990-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913886\...\RunOnce: [Uninstall 17.3.6517.0809\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Adrian\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64"
HKU\S-1-5-21-4125575926-357873309-2165598990-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913886\...\RunOnce: [Uninstall 17.3.6517.0809] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Adrian\AppData\Local\Microsoft\OneDrive\17.3.6517.0809"
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-12-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-11-03]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-02-25]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
GroupPolicy: Ograniczenia <======= UWAGA
GroupPolicy\User: Ograniczenia <======= UWAGA

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt
Tcpip\..\Interfaces\{933d2940-7c7b-49ad-8abb-7d303f49cb9e}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Brak nazwy -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> Brak pliku
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-11-03] (LastPass)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Brak nazwy -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> Brak pliku
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-11-03] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-11-03] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-11-03] (LastPass)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1490015270616
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 3nylrhuv.default
FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\3nylrhuv.default [2017-03-22]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\3nylrhuv.default -> trotux
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3nylrhuv.default -> trotux
FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Firefox\Firefox\Profiles\3nylrhuv.default [2017-03-28]
FF SelectedSearchEngine: Firefox\Firefox\Profiles\3nylrhuv.default -> trotux
FF Extension: (SimilarWeb) - C:\Users\Kamil\AppData\Roaming\Firefox\Firefox\Profiles\3nylrhuv.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-28] [Brak podpisu cyfrowego]
FF Extension: (FF Adr) - C:\Users\Kamil\AppData\Roaming\Firefox\Firefox\Profiles\3nylrhuv.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-28] [Brak podpisu cyfrowego]
FF Extension: (Polski Language Pack) - C:\Users\Kamil\AppData\Roaming\Firefox\Firefox\Profiles\3nylrhuv.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-03-28] [Brak podpisu cyfrowego]
FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Firefox\Firefox\Profiles\3nylrhuv.default\searchplugins\startsearch.xml [2017-03-28]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-11-03] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-11-03] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-09-13] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.google.com/
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=bf298271074f86f11173771g9z9t8e9gbt3w5g9gcg&from=icb&uid=ADATAXSU800_2G3720064027&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Profile: C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-27] <==== UWAGA
CHR Extension: (Prezentacje Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-05]
CHR Extension: (BetterTTV) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-03-27]
CHR Extension: (Dokumenty Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-05]
CHR Extension: (Dysk Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-05]
CHR Extension: (YouTube) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-05]
CHR Extension: (Arkusze Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-10]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-27]
CHR Extension: (Gmail) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-05]
CHR Extension: (Chrome Media Router) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-11]
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== UWAGA
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== UWAGA
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== UWAGA

Opera:
=======
OPR Extension: (Magic Actions for YouTube™) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-03-16]
OPR Extension: (BetterTTV) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-03-24]
OPR Extension: (ImprovedTube - YouTube Extension) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2017-02-23]
OPR Extension: (Google search link fix) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\cekfddagaicikmgoheekchngpadahmlf [2017-02-06]
OPR Extension: (uBlock Origin) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-14]
OPR Extension: (LastPass: Free Password Manager) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2016-11-03]
OPR Extension: (Reddit Enhancement Suite) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-16]
OPR Extension: (Download Chrome Extension) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2017-02-10]
OPR Extension: (Video DownloadHelper) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2017-02-08]
OPR Extension: (Tampermonkey) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2017-03-04]
OPR Extension: (Enhanced Steam) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-01-30]

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [151312 2017-02-07] (Performix LLC)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
S3 BcmBtRSupport; C:\Windows\system32\btwrsupportservice.exe [2278152 2015-07-17] (Broadcom Corporation.)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [Brak podpisu cyfrowego]
S2 debugregsvc; C:\Windows\System32\debugregsvc.dll [29184 2016-07-15] (Microsoft Corporation)
S3 DeveloperToolsService; C:\Windows\System32\DeveloperToolsSvc.exe [104448 2016-07-15] (Microsoft Corporation)
S4 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [437224 2016-10-27] (Digital Wave Ltd.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5098008 2016-12-23] (Binary Fortress Software)
S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [859304 2017-02-08] (FileZilla Project)
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [108720 2017-03-28] ()
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [19552 2015-12-15] (Olof Lagerkvist)
R2 Kyubey; C:\Users\Kamil\AppData\Roaming\Kyubey\Kyubey.exe [237056 2017-03-28] (Kyubey.exe) [Brak podpisu cyfrowego]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MVCSrv; C:\ProgramData\Package Cache\{2A002F88-FD5D-379B-A350-A25D84AF128B}v14.0.25420\packages\VisualC_D14\VC_IDE.Base\VC_IDE_Base.dll [105984 2017-03-28] () [Brak podpisu cyfrowego]
R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [99328 2017-03-11] (Microsoft Corporation)
S3 ptsysexec; C:\Windows\ptsysexec.exe [238688 2016-06-30] (Pismo Technic Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
S3 RemoteSystemMonitorService; C:\Program Files (x86)\TRIGONE\Remote System Monitor Server\RemoteSystemMonitorService.exe [16384 2014-02-05] () [Brak podpisu cyfrowego]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S4 SNMP; C:\Windows\System32\snmp.exe [53248 2017-02-05] (Microsoft Corporation)
S4 SNMP; C:\Windows\SysWOW64\snmp.exe [47104 2017-02-05] (Microsoft Corporation)
R3 SshBroker; C:\Windows\System32\SshBroker.dll [360960 2016-12-21] (Microsoft Corporation)
R3 SshProxy; C:\Windows\System32\SshProxy.dll [275456 2016-12-21] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Brak podpisu cyfrowego]
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [307880 2016-12-12] ()
R2 TeamViewer; R:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
R2 UpdateDisabler; C:\Windows Update Disabler\UpdaterDisabler.exe [162304 2016-11-29] (painter) [Brak podpisu cyfrowego]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S4 WebManagement; C:\Windows\system32\WebManagement.exe [1000448 2016-09-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\Kamil\AppData\Roaming\WinSAPSvc\WinSAP.dll [218624 2017-03-27] (Windows) [Brak podpisu cyfrowego]
R2 WINSNARE; C:\Users\Kamil\AppData\Roaming\WINSNARE\WinSnare.dll [1293312 2017-03-28] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [75368 2017-02-01] ()
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0311199.inf_amd64_71ef621a77f87d8c\atikmdag.sys [32690568 2017-02-10] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0311199.inf_amd64_71ef621a77f87d8c\atikmpag.sys [516488 2017-02-10] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)
R2 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [21048 2015-12-15] (Olof Lagerkvist)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [186152 2016-02-17] (Broadcom Corporation.)
S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
R3 cpuz140; C:\Users\Kamil\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [45888 2017-03-28] (CPUID) <==== UWAGA
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [30808 2016-05-04] (ELAN Microelectronic Corp.)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
S3 GPU-Z; C:\Users\Kamil\AppData\Local\Temp\GPU-Z.sys [27008 2017-02-28] () <==== UWAGA
R2 ImDisk; C:\Windows\system32\DRIVERS\imdisk.sys [48704 2015-12-15] (Olof Lagerkvist)
S3 irsir; C:\Windows\system32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-28] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-28] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-28] (Malwarebytes)
R3 msvad_simple; C:\Windows\system32\solicall.sys [40664 2010-10-30] (SoliCall)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [260608 2017-03-11] (Microsoft Corporation)
S3 P17; C:\Windows\system32\drivers\P17.sys [1309696 2009-10-16] (Creative Technology Ltd.) [Brak podpisu cyfrowego]
S3 pfmfs_183; C:\Windows\System32\Drivers\pfmfs_183.sys [267144 2016-06-30] (Pismo Technic Inc.)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2016-11-16] (Sysinternals - www.sysinternals.com)
R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [132608 2017-03-11] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [946696 2016-11-02] (Realtek )
R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 TDKLIB; C:\Users\Kamil\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [19296 2017-02-27] () <==== UWAGA
R1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102576 2015-11-10] ()
R1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25904 2015-11-10] ()
R1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [701360 2015-11-10] ()
R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [27064 2016-07-06] (Windows ® Win 7 DDK provider)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-11-21] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-11-21] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [138896 2016-11-21] (Oracle Corporation)
R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [52288 2016-10-21] (VMware, Inc.)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U0 aswVmm; Brak ImagePath
U4 nxfs; Brak ImagePath
U4 nxpcap; Brak ImagePath
U4 nxsshd; Brak ImagePath
U4 nxusbd; Brak ImagePath
U4 nxusbh; Brak ImagePath
U4 nxusbs; Brak ImagePath

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

NETSVC: debugregsvc -> C:\Windows\System32\debugregsvc.dll (Microsoft Corporation)

==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-03-28 16:55 - 2017-03-28 16:55 - 00000000 ____D C:\FRST
2017-03-28 15:26 - 2017-03-28 15:26 - 00002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-28 15:26 - 2017-03-28 15:26 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Firefox
2017-03-28 15:26 - 2017-03-28 15:26 - 00000000 ____D C:\Users\Kamil\AppData\Local\Yeshat
2017-03-28 15:26 - 2017-03-28 15:26 - 00000000 ____D C:\Users\Kamil\AppData\Local\Firefox
2017-03-28 15:25 - 2017-03-28 15:26 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-03-28 15:25 - 2017-03-28 15:25 - 00000000 ____D C:\Program Files (x86)\Yeshat
2017-03-28 15:24 - 2017-03-28 16:36 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-28 15:24 - 2017-03-28 15:25 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Kyubey
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\3RVX
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.4.0)
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 _____ C:\Windows\SysWOW64\4
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 _____ C:\Windows\SysWOW64\3
2017-03-28 15:23 - 2017-03-28 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3RVX
2017-03-28 15:23 - 2017-03-28 15:23 - 00000000 ____D C:\Program Files (x86)\3RVX
2017-03-27 17:09 - 2017-03-28 15:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\WinSnare
2017-03-27 17:09 - 2017-03-27 17:09 - 00003632 _____ C:\Windows\System32\Tasks\Milimili
2017-03-27 17:09 - 2017-03-27 17:09 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\WinSAPSvc
2017-03-27 17:09 - 2017-03-27 17:09 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\clean
2017-03-27 17:09 - 2017-03-27 17:09 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-27 17:05 - 2017-03-28 15:24 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-25 23:21 - 2017-03-25 23:51 - 00000057 _____ C:\Users\Kamil\Desktop\Plan ucieczki.txt
2017-03-24 13:14 - 2017-03-24 13:14 - 00000346 _____ C:\Users\Kamil\.i18n-editor
2017-03-24 13:09 - 2017-03-24 13:09 - 00000068 _____ C:\Users\Kamil\Documents\.i18n-editor-metadata
2017-03-24 13:08 - 2017-03-24 13:14 - 00000000 ____D C:\Users\Kamil\Documents\tlumaczenie
2017-03-24 13:06 - 2017-03-24 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JvMs Software
2017-03-22 18:49 - 2017-03-22 18:49 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2017.lnk
2017-03-22 18:08 - 2017-03-22 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2017-03-22 17:55 - 2017-03-22 17:55 - 00092088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-22 17:13 - 2017-03-22 17:17 - 00000000 _____ C:\Recovery.txt
2017-03-22 17:05 - 2017-03-27 17:04 - 00000000 ____D C:\Program Files (x86)\Shunosyjibtain
2017-03-22 17:05 - 2017-03-22 18:12 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Coutering
2017-03-22 17:05 - 2017-03-22 18:01 - 00000000 ____D C:\Program Files\C6DZPJWWS8
2017-03-22 17:05 - 2017-03-22 17:05 - 00000000 ____D C:\Users\Kamil\AppData\Local\Atudadomtasoph
2017-03-22 16:53 - 2017-03-28 16:37 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-22 16:53 - 2017-03-28 16:37 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-22 16:53 - 2017-03-28 16:37 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-22 16:53 - 2017-03-22 16:53 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-22 16:53 - 2017-03-22 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-22 16:53 - 2017-03-22 16:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-22 16:53 - 2017-03-22 16:53 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-22 16:53 - 2017-02-24 07:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-22 16:51 - 2017-03-22 16:54 - 00000000 ____D C:\AdwCleaner
2017-03-22 16:43 - 2017-03-22 16:49 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-21 21:34 - 2017-03-21 21:34 - 00002075 _____ C:\Users\Kamil\Documents\tłumaczenie wisielca.sesja
2017-03-21 21:33 - 2017-03-24 14:28 - 00098089 _____ C:\Users\Kamil\Documents\tłumaczenie wisielca.json
2017-03-21 09:41 - 2017-03-28 01:45 - 00001080 _____ C:\Windows\system32\settingsbkup.sfm
2017-03-21 09:41 - 2017-03-28 01:45 - 00001080 _____ C:\Windows\system32\settings.sfm
2017-03-20 16:13 - 2017-03-28 01:45 - 00062476 _____ C:\Windows\system32\BMXStateBkp-{00000006-00000000-00000001-00001102-00000005-00291102}.rfx
2017-03-20 16:13 - 2017-03-28 01:45 - 00062476 _____ C:\Windows\system32\BMXState-{00000006-00000000-00000001-00001102-00000005-00291102}.rfx
2017-03-20 16:13 - 2017-03-28 01:45 - 00000788 _____ C:\Windows\system32\DVCState-{00000006-00000000-00000001-00001102-00000005-00291102}.rfx
2017-03-20 16:11 - 2000-05-11 02:00 - 00090112 ____N (Creative Technology Ltd.) C:\Windows\Updreg.EXE
2017-03-20 16:10 - 2017-03-20 16:10 - 00000000 ___HD C:\Program Files (x86)\Creative Installation Information
2017-03-20 16:09 - 2017-03-20 16:09 - 00000000 ____D C:\Windows\LastGood
2017-03-20 16:08 - 2017-03-20 16:10 - 00000000 ____D C:\Program Files\Creative
2017-03-20 16:08 - 2017-03-20 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2017-03-20 16:01 - 2015-12-19 15:54 - 00182272 _____ (Creative Technology Ltd) C:\Windows\system32\CT_OAL.DLL
2017-03-20 15:58 - 2017-03-20 16:09 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2017-03-20 15:58 - 2017-03-20 16:09 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2017-03-20 15:58 - 2017-03-20 16:09 - 00123480 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2017-03-20 15:58 - 2017-03-20 16:09 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2017-03-20 15:58 - 2017-03-20 15:58 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-03-20 15:58 - 2017-03-20 15:58 - 00000000 ____D C:\Program Files (x86)\OpenAL
2017-03-20 15:58 - 2008-02-04 11:28 - 00107008 _____ (Creative Technology Ltd) C:\Windows\system32\cttele64.dll
2017-03-20 15:58 - 2008-02-04 11:27 - 00102400 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\cttele32.dll
2017-03-20 15:24 - 2017-03-20 15:24 - 00000444 __RSH C:\Users\Kamil\ntuser.pol
2017-03-20 14:52 - 2015-12-19 16:30 - 00018688 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\pfmodnt.sys
2017-03-20 14:52 - 2015-12-19 16:29 - 01564416 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\ha20x2k.sys
2017-03-20 14:52 - 2015-12-19 16:29 - 00689024 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\ctaud2k.sys
2017-03-20 14:52 - 2015-12-19 16:29 - 00215296 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\ctsfm2k.sys
2017-03-20 14:52 - 2015-12-19 16:29 - 00181504 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\ctoss2k.sys
2017-03-20 14:52 - 2015-12-19 16:29 - 00120576 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\emupia2k.sys
2017-03-20 14:52 - 2015-12-19 16:29 - 00018176 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\ctprxy2k.sys
2017-03-20 14:52 - 2015-12-19 16:28 - 01419520 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CTEXFIFX.sys
2017-03-20 14:52 - 2015-12-19 16:28 - 00582912 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\ctac32k.sys
2017-03-20 14:52 - 2015-12-19 16:28 - 00205056 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CT20XUT.sys
2017-03-20 14:52 - 2015-12-19 16:28 - 00097024 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CTHWIUT.sys
2017-03-20 14:52 - 2015-12-19 16:19 - 00218624 _____ (Creative Technology Limited) C:\Windows\system32\ctdvinst.dll
2017-03-20 14:52 - 2015-12-19 16:19 - 00073728 _____ (Creative Technology Limited) C:\Windows\system32\ctcoinst.dll
2017-03-20 14:52 - 2015-12-19 15:54 - 00067584 _____ (Creative Technology Ltd) C:\Windows\system32\ctdpxy64.dll
2017-03-20 14:52 - 2015-12-19 15:54 - 00055808 _____ (Creative Technology Ltd) C:\Windows\system32\ctasio64.dll
2017-03-20 14:52 - 2015-12-19 15:52 - 00089600 _____ (Creative Technology Ltd) C:\Windows\system32\ctosur64.dll
2017-03-20 14:52 - 2015-12-19 15:52 - 00018432 _____ C:\Windows\system32\regplib.exe
2017-03-20 14:52 - 2015-12-19 15:15 - 00027216 _____ C:\Windows\SysWOW64\instwdm.ini
2017-03-20 14:52 - 2015-12-19 15:15 - 00027216 _____ C:\Windows\system32\instwdm.ini
2017-03-20 14:52 - 2015-12-19 15:15 - 00000054 _____ C:\Windows\SysWOW64\ctzapxx.ini
2017-03-20 14:52 - 2015-12-19 15:15 - 00000054 _____ C:\Windows\system32\ctzapxx.ini
2017-03-20 14:52 - 2015-12-19 14:06 - 00060928 _____ ( ) C:\Windows\SysWOW64\a3d.dll
2017-03-20 14:52 - 2015-12-19 14:05 - 00048640 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ac3api.dll
2017-03-20 14:52 - 2015-12-19 14:03 - 00041472 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTxfiBtn.dll
2017-03-20 14:52 - 2015-12-19 14:03 - 00039424 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTxfiSpk.dll
2017-03-20 14:52 - 2015-12-19 14:03 - 00026112 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
2017-03-20 14:52 - 2015-12-19 14:03 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2017-03-20 14:52 - 2015-12-19 14:03 - 00002560 _____ () C:\Windows\system32\CtxfiRes.dll
2017-03-20 14:52 - 2015-12-19 13:57 - 01216512 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
2017-03-20 14:52 - 2015-12-19 13:57 - 00046592 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTxfiReg.exe
2017-03-20 14:52 - 2015-12-19 13:57 - 00015360 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\Ct20xspi.dll
2017-03-20 14:52 - 2015-12-19 13:48 - 00321512 _____ C:\Windows\SysWOW64\ctdlang.dat
2017-03-20 14:52 - 2015-12-19 13:48 - 00321512 _____ C:\Windows\system32\ctdlang.dat
2017-03-20 14:52 - 2015-12-19 13:48 - 00056509 _____ C:\Windows\SysWOW64\ctdnlstr.dat
2017-03-20 14:52 - 2015-12-19 13:48 - 00056509 _____ C:\Windows\system32\ctdnlstr.dat
2017-03-20 14:52 - 2015-12-19 13:47 - 00114688 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ctemupia.dll
2017-03-20 14:52 - 2015-12-19 13:37 - 00193024 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ct_oal.dll
2017-03-20 14:52 - 2015-12-19 13:37 - 00061952 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ctdproxy.dll
2017-03-20 14:52 - 2015-12-19 13:37 - 00051712 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ctasio.dll
2017-03-20 14:52 - 2015-12-19 13:35 - 00113152 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\sfms32.dll
2017-03-20 14:52 - 2015-12-19 13:35 - 00074752 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ctosuser.dll
2017-03-20 14:52 - 2015-12-19 13:35 - 00010240 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\sfman32.dll
2017-03-20 14:52 - 2015-12-19 13:34 - 00080896 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\piaproxy.dll
2017-03-20 14:52 - 2015-12-19 13:29 - 00012800 _____ ( ) C:\Windows\SysWOW64\killapps.exe
2017-03-20 14:52 - 2015-12-19 13:29 - 00007680 _____ C:\Windows\SysWOW64\enlocstr.exe
2017-03-20 14:52 - 2015-12-19 13:27 - 00036864 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\devreg.dll
2017-03-20 14:52 - 2013-11-19 10:57 - 00853784 _____ (Creative Technology Ltd.) C:\Windows\system32\UDAAPO64.dll
2017-03-20 14:52 - 2013-11-19 10:57 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\UDAPLD64.dll
2017-03-20 14:52 - 2013-11-19 10:56 - 00716056 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\UDAAPO32.dll
2017-03-20 14:52 - 2013-11-19 10:55 - 00011017 _____ C:\Windows\SysWOW64\UDAAPO64.UDA
2017-03-20 14:52 - 2012-10-30 12:44 - 27474632 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\AppSetup.exe
2017-03-20 14:52 - 2012-04-18 12:39 - 00042496 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\AddCat.exe
2017-03-20 14:52 - 2009-11-19 04:20 - 00809560 _____ (Creative Labs Inc.) C:\Windows\SysWOW64\oalinst.exe
2017-03-20 14:52 - 2009-07-07 14:56 - 02167684 _____ C:\Windows\SysWOW64\CT2MGM.SF2
2017-03-20 14:52 - 2009-07-07 14:56 - 02167684 _____ C:\Windows\system32\CT2MGM.SF2
2017-03-20 14:52 - 2009-07-07 14:56 - 01048576 _____ C:\Windows\SysWOW64\CT1MGM.ROM
2017-03-20 14:52 - 2009-07-07 14:56 - 01048576 _____ C:\Windows\system32\CT1MGM.ROM
2017-03-20 14:52 - 2009-07-07 14:56 - 00077824 _____ (Creative Labs) C:\Windows\SysWOW64\eaxac3.dll
2017-03-20 14:52 - 2009-07-07 14:56 - 00003128 _____ C:\Windows\system32\XFi.bmp
2017-03-20 14:52 - 2009-07-07 14:56 - 00000297 _____ C:\Windows\SysWOW64\kill.ini
2017-03-20 14:52 - 2009-07-07 14:56 - 00000059 _____ C:\Windows\SysWOW64\default8.sfm
2017-03-20 14:52 - 2009-07-07 14:56 - 00000059 _____ C:\Windows\SysWOW64\default4.sfm
2017-03-20 14:52 - 2009-07-07 14:56 - 00000059 _____ C:\Windows\SysWOW64\default.sfm
2017-03-20 14:52 - 2009-07-07 14:56 - 00000059 _____ C:\Windows\system32\default8.sfm
2017-03-20 14:52 - 2009-07-07 14:56 - 00000059 _____ C:\Windows\system32\default4.sfm
2017-03-20 14:52 - 2009-07-07 14:56 - 00000059 _____ C:\Windows\system32\default.sfm
2017-03-20 14:52 - 2009-03-26 17:10 - 00600211 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\UDAAIM64.exe
2017-03-20 14:52 - 2008-06-02 12:11 - 00005530 _____ C:\Windows\SysWOW64\CTMLFX64.UDA
2017-03-20 14:52 - 2008-06-02 12:10 - 00005458 _____ C:\Windows\SysWOW64\CTMLFX32.UDA
2017-03-20 14:52 - 2008-06-02 10:42 - 00072704 _____ (Creative Technology Ltd) C:\Windows\system32\CTMLFX64.dll
2017-03-20 14:52 - 2008-06-02 10:40 - 00062976 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTMLFX32.dll
2017-03-20 14:52 - 2007-03-13 11:33 - 00099064 _____ (Creative Technology Ltd) C:\Windows\system32\ctpxst64.exe
2017-03-20 14:52 - 2007-03-13 11:32 - 00089336 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ctpxst32.exe
2017-03-20 12:03 - 2017-03-20 12:04 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\AccurateRip
2017-03-20 12:03 - 2017-03-20 12:03 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\EAC
2017-03-20 12:03 - 2017-03-20 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2017-03-20 12:03 - 2017-03-20 12:03 - 00000000 ____D C:\Program Files (x86)\Exact Audio Copy
2017-03-20 11:03 - 2017-03-20 11:03 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CDCheck
2017-03-20 11:03 - 2017-03-20 11:03 - 00000000 ____D C:\Program Files (x86)\CDCheck
2017-03-20 10:59 - 2017-03-20 10:59 - 00000000 ____D C:\Users\Kamil\AppData\Local\Recovery Toolbox for CD Free
2017-03-20 10:59 - 2017-03-20 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Toolbox for CD Free
2017-03-20 10:59 - 2017-03-20 10:59 - 00000000 ____D C:\Program Files (x86)\Recovery Toolbox for CD Free
2017-03-14 17:09 - 2017-03-20 16:19 - 00000000 ____D C:\ProgramData\Creative
2017-03-14 17:09 - 2017-03-20 16:09 - 00000159 ___RH C:\Windows\ctfile.rfc
2017-03-14 17:09 - 2017-03-20 15:58 - 00000000 ____D C:\Windows\SysWOW64\Data
2017-03-14 17:09 - 2017-03-20 15:58 - 00000000 ____D C:\Windows\system32\Data
2017-03-14 17:09 - 2016-09-27 18:23 - 00089600 _____ C:\Windows\system32\CmdRtr64.DLL
2017-03-14 17:09 - 2016-09-27 18:22 - 00074240 _____ C:\Windows\SysWOW64\CmdRtr.DLL
2017-03-14 17:09 - 2016-09-27 18:21 - 00363520 _____ C:\Windows\system32\APOMgr64.DLL
2017-03-14 17:09 - 2016-09-27 18:19 - 00273920 _____ C:\Windows\SysWOW64\APOMngr.DLL
2017-03-14 17:09 - 2015-12-19 19:19 - 00012288 _____ (Creative Technology Limited) C:\Windows\system32\INRES.DLL
2017-03-14 17:09 - 2015-12-19 17:10 - 00011776 _____ (Creative Technology Limited) C:\Windows\SysWOW64\INRES.DLL
2017-03-14 17:08 - 2017-03-20 16:09 - 00000000 ____D C:\Program Files (x86)\Creative
2017-03-14 17:08 - 2009-10-16 11:44 - 01309696 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\P17.sys
2017-03-14 17:08 - 2009-08-25 07:33 - 00613503 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\APOIM64.exe
2017-03-14 17:08 - 2009-08-13 12:19 - 00144384 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\OemSpiE.dll
2017-03-14 17:08 - 2009-07-28 19:38 - 00217600 _____ (Creative Technology Limited) C:\Windows\system32\ctdvins1.dll
2017-03-14 17:08 - 2009-07-28 19:38 - 00073728 _____ (Creative Technology Limited) C:\Windows\system32\ctcoins1.dll
2017-03-14 17:08 - 2009-04-21 07:40 - 00581120 _____ (Creative Technology Ltd.) C:\Windows\system32\P17APO64.dll
2017-03-14 17:08 - 2009-04-21 07:40 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\P17pld64.dll
2017-03-14 17:08 - 2009-04-21 07:38 - 00506368 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\P17APO32.dll
2017-03-14 17:08 - 2009-02-26 06:36 - 00140800 _____ (Creative Technology Ltd.) C:\Windows\system32\P17res.dll
2017-03-14 17:08 - 2008-11-13 11:07 - 00002177 _____ C:\Windows\P17EP.ini
2017-03-14 17:08 - 2007-06-07 10:25 - 00001578 _____ C:\Windows\P17EPLS.ini
2017-03-14 17:08 - 2007-06-07 10:25 - 00001578 _____ C:\Windows\P17EP51.ini
2017-03-14 17:08 - 2007-05-09 04:07 - 00018432 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\P17RunE.dll
2017-03-14 17:04 - 2017-03-20 15:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-13 16:41 - 2017-03-13 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoliCall
2017-03-13 16:41 - 2017-03-13 16:41 - 00000000 ____D C:\Program Files (x86)\SoliCall
2017-03-13 13:02 - 2017-03-13 13:13 - 00000000 ____D C:\MyM
2017-03-13 13:01 - 2017-03-13 13:09 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\.mineyourmind
2017-03-12 11:02 - 2017-03-12 11:02 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\BetterDiscord
2017-03-12 09:39 - 2017-03-12 09:42 - 00001714 _____ C:\Users\Kamil\Desktop\CS GO (borderless).lnk
2017-03-12 09:39 - 2017-03-12 09:42 - 00001698 _____ C:\Users\Kamil\Desktop\CS GO (fullscreen).lnk
2017-03-12 07:52 - 2017-02-02 22:37 - 00002297 _____ C:\Users\Kamil\Desktop\Discord.lnk
2017-03-11 14:24 - 2017-03-11 14:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Curse
2017-03-11 04:21 - 2017-03-11 04:21 - 00001432 _____ C:\Users\Kamil\Documents\ooshutup10.cfg
2017-03-10 22:57 - 2017-03-11 04:24 - 00000000 ___HD C:\Users\Kamil\.nx
2017-03-10 22:57 - 2017-03-10 23:05 - 00000000 ____D C:\Users\Kamil\Documents\NoMachine
2017-03-10 22:56 - 2015-03-02 14:39 - 00087216 _____ (NoMachine) C:\Windows\system32\Drivers\nxusbf.sys
2017-03-10 22:56 - 2015-03-02 14:39 - 00068096 _____ (NoMachine) C:\Windows\system32\Drivers\nxusbh.sys
2017-03-10 22:56 - 2015-03-02 14:39 - 00010240 _____ (NoMachine) C:\Windows\system32\Drivers\nxusbs.sys
2017-03-10 22:56 - 2014-04-22 16:07 - 00017920 _____ (NoMachine) C:\Windows\system32\Drivers\nxaudio.sys
2017-03-10 21:01 - 2017-03-10 21:01 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\UltraVNC
2017-03-09 20:55 - 2017-03-09 20:55 - 00000000 ____D C:\Users\Kamil\Documents\Mirrors Edge Catalyst
2017-03-09 18:00 - 2017-03-09 18:00 - 00000919 _____ C:\Users\Kamil\Documents\recenzja plantronics komputronik.txt
2017-03-08 14:44 - 2017-03-08 14:44 - 00001585 _____ C:\Users\Kamil\Desktop\Steam Desktop Authenticator.lnk
2017-03-06 17:43 - 2017-03-06 17:43 - 00000000 ____D C:\Users\Kamil\AppData\Local\Splashtop
2017-03-06 17:40 - 2017-03-06 17:41 - 00000000 ____D C:\ProgramData\Splashtop
2017-03-06 17:40 - 2017-03-06 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
2017-03-06 17:40 - 2017-03-06 17:40 - 00000000 ____D C:\Program Files (x86)\Splashtop
2017-03-06 15:00 - 2017-03-25 16:00 - 00000783 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-03-05 18:18 - 2017-03-05 18:18 - 00001421 _____ C:\steamapps — skrót.lnk
2017-03-05 18:03 - 2017-03-06 14:41 - 00000000 ____D C:\Users\Kamil\AppData\Local\VMware
2017-03-05 18:03 - 2017-03-06 13:37 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\VMware
2017-03-05 18:01 - 2017-03-22 18:12 - 00000000 ____D C:\ProgramData\VMware
2017-03-05 18:01 - 2017-03-05 18:01 - 03512798 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-03-05 18:01 - 2017-03-05 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2017-03-05 18:01 - 2017-03-05 18:01 - 00000000 ____D C:\Program Files\Common Files\VMware
2017-03-05 18:01 - 2017-03-05 18:01 - 00000000 ____D C:\Program Files (x86)\VMware
2017-03-05 18:01 - 2016-10-21 08:47 - 01148488 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2017-03-05 18:01 - 2016-10-21 08:47 - 00366664 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2017-03-05 18:01 - 2016-10-21 08:46 - 00400968 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2017-03-05 18:01 - 2016-10-21 08:39 - 00088128 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2017-03-05 18:01 - 2016-10-21 08:39 - 00052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys
2017-03-05 18:01 - 2016-10-21 08:22 - 00066624 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2017-03-05 18:01 - 2016-10-21 08:22 - 00044096 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2017-03-05 18:01 - 2016-09-30 02:12 - 00091712 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2017-03-05 18:01 - 2016-09-30 02:12 - 00069104 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2017-03-05 18:01 - 2016-09-30 02:12 - 00065016 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2017-03-05 18:01 - 2016-09-06 19:48 - 00083008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2017-03-05 01:13 - 2017-03-05 01:21 - 00000132 _____ C:\Users\Kamil\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-03-05 00:21 - 2017-03-05 00:21 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\mpv
2017-03-04 04:54 - 2017-03-04 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch Test
2017-03-03 17:17 - 2017-03-11 04:25 - 00003106 _____ C:\Windows\System32\Tasks\Process Lasso Management Console (GUI)
2017-03-03 17:17 - 2017-03-11 04:25 - 00003096 _____ C:\Windows\System32\Tasks\Process Lasso Core Engine Only
2017-03-03 17:16 - 2017-03-28 14:51 - 00000000 ____D C:\ProgramData\ProcessLasso
2017-03-03 17:15 - 2017-03-11 04:27 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\ProcessLasso
2017-03-03 17:15 - 2017-03-11 04:27 - 00000000 ____D C:\Program Files\Process Lasso
2017-03-03 17:15 - 2017-03-03 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
2017-03-03 13:47 - 2017-03-10 16:02 - 00000000 ____D C:\Overwatch Test
2017-02-28 23:04 - 2017-03-05 02:10 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\obs-studio
2017-02-28 14:41 - 2017-02-28 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Encoder for OBS Studio
2017-02-27 18:40 - 2017-02-27 18:40 - 00000000 ____D C:\Users\Kamil\AppData\Local\Deployment
2017-02-27 18:40 - 2017-02-27 18:40 - 00000000 ____D C:\Users\Kamil\AppData\Local\Apps\2.0
2017-02-26 02:22 - 2017-02-26 02:23 - 00000000 ____D C:\Users\Kamil\Documents\CDBurnerXP
2017-02-26 01:14 - 2017-02-26 01:14 - 00001184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2017-02-26 01:14 - 2017-02-26 01:14 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Canneverbe Limited
2017-02-26 01:14 - 2017-02-26 01:14 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2017-02-26 01:14 - 2017-02-26 01:14 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2017-02-26 00:26 - 2017-02-26 00:26 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\FileZilla Server
2017-02-26 00:26 - 2017-02-26 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server
2017-02-26 00:26 - 2017-02-26 00:26 - 00000000 ____D C:\Program Files (x86)\FileZilla Server

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-03-28 16:56 - 2017-02-04 13:33 - 00000000 ____D C:\ProgramData\Adguard
2017-03-28 16:55 - 2016-11-17 22:50 - 00000000 ____D C:\Users\Kamil\AppData\Local\Battle.net
2017-03-28 16:07 - 2016-11-15 17:44 - 00000000 ___RD C:\Users\Kamil\Desktop\Programy
2017-03-28 15:27 - 2016-12-05 14:59 - 00000000 ____D C:\Users\Kamil\AppData\LocalLow\Mozilla
2017-03-28 15:26 - 2016-12-05 15:01 - 00002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-28 15:26 - 2016-11-03 16:34 - 00000000 ____D C:\Users\Kamil\AppData\Local\CrashDumps
2017-03-28 15:25 - 2016-10-27 17:53 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-28 15:21 - 2016-10-27 18:19 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-28 14:47 - 2016-10-27 17:21 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-03-27 19:44 - 2016-11-21 19:28 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Audacity
2017-03-27 17:04 - 2016-11-07 14:55 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2017-03-27 16:49 - 2016-10-28 14:11 - 00000000 ____D C:\Users\Kamil\AppData\Local\Arduino15
2017-03-27 01:32 - 2016-11-17 22:48 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-27 01:26 - 2017-01-12 17:22 - 00000000 ____D C:\Overwatch
2017-03-26 19:41 - 2016-11-28 12:57 - 00010210 _____ C:\Users\Kamil\AppData\Local\dM550
2017-03-26 18:10 - 2016-10-28 23:02 - 00002324 ____H C:\Users\Kamil\Documents\Default.rdp
2017-03-26 17:55 - 2017-02-11 15:20 - 00007620 _____ C:\Users\Kamil\AppData\Local\resmon.resmoncfg
2017-03-24 13:14 - 2016-10-27 17:24 - 00000000 ____D C:\Users\Kamil
2017-03-24 13:05 - 2016-11-07 12:53 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\qBittorrent
2017-03-24 12:45 - 2016-10-27 18:26 - 00003998 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1477585562
2017-03-24 12:45 - 2016-10-27 18:26 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-24 12:45 - 2016-10-27 18:25 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-24 12:12 - 2017-02-10 21:20 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2017-03-23 23:19 - 2016-10-30 16:17 - 00000000 ____D C:\osu!
2017-03-23 18:23 - 2017-02-09 11:37 - 00000000 ____D C:\AMD
2017-03-23 17:50 - 2017-01-10 00:45 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\foobar2000
2017-03-23 13:25 - 2017-02-02 15:30 - 00000000 ____D C:\Users\Kamil\AppData\Local\DisplayFusion
2017-03-22 21:41 - 2016-12-21 22:56 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\discord
2017-03-22 18:51 - 2016-11-23 18:05 - 00000000 ____D C:\Users\Public\Documents\Adobe
2017-03-22 18:51 - 2016-11-23 17:54 - 00000000 ____D C:\Users\Kamil\Documents\Adobe
2017-03-22 18:49 - 2016-11-23 17:44 - 00000000 ____D C:\Program Files\Adobe
2017-03-22 18:49 - 2016-10-27 17:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Adobe
2017-03-22 18:47 - 2016-11-25 16:45 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-03-22 18:17 - 2016-10-27 17:26 - 04001918 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-22 18:17 - 2016-07-17 00:05 - 01762760 _____ C:\Windows\system32\perfh015.dat
2017-03-22 18:17 - 2016-07-17 00:05 - 00478518 _____ C:\Windows\system32\perfc015.dat
2017-03-22 18:12 - 2017-02-04 13:33 - 00000000 ____D C:\Program Files (x86)\Adguard
2017-03-22 18:12 - 2016-10-27 17:54 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-03-22 18:12 - 2016-10-27 17:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-22 18:12 - 2016-07-16 08:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-03-22 18:08 - 2016-11-07 12:53 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2017-03-22 18:01 - 2016-11-06 13:57 - 00000000 ____D C:\ProgramData\Ashampoo
2017-03-22 17:04 - 2016-11-15 14:58 - 00000000 ____D C:\Program Files\Java
2017-03-20 16:20 - 2016-10-27 17:24 - 00000000 ____D C:\Users\Kamil\AppData\Local\VirtualStore
2017-03-20 15:58 - 2016-07-16 13:45 - 00000000 ____D C:\Windows\INF
2017-03-20 15:07 - 2016-07-16 13:47 - 00000000 ___SD C:\Windows\Downloaded Program Files
2017-03-16 18:21 - 2016-11-06 14:27 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\.minecraft
2017-03-12 11:01 - 2016-12-21 22:56 - 00000000 ____D C:\Users\Kamil\AppData\Local\Discord
2017-03-12 07:50 - 2016-11-14 19:56 - 00003022 __RSH C:\ProgramData\ntuser.pol
2017-03-12 07:49 - 2016-07-16 13:47 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-03-11 21:30 - 2017-01-12 00:13 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\HandBrake
2017-03-11 18:17 - 2016-07-16 13:43 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\nfscimprov.dll
2017-03-11 18:17 - 2016-07-16 13:43 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nfsrdr.sys
2017-03-11 18:17 - 2016-07-16 13:43 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\nfscommgmt.dll
2017-03-11 18:17 - 2016-07-16 13:43 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\nfsadmin.exe
2017-03-11 18:17 - 2016-07-16 13:43 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rpcxdr.sys
2017-03-11 18:17 - 2016-07-16 13:43 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\rpcinfo.exe
2017-03-11 18:17 - 2016-07-16 13:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\umount.exe
2017-03-11 18:17 - 2016-07-16 13:43 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\nfsclnt.exe
2017-03-11 18:17 - 2016-07-16 13:43 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\nfsnp.dll
2017-03-11 18:17 - 2016-07-16 13:43 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\mount.exe
2017-03-11 18:17 - 2016-07-16 13:43 - 00093510 _____ C:\Windows\system32\nfsmgmt.msc
2017-03-11 18:17 - 2016-07-16 13:43 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\showmount.exe
2017-03-11 18:17 - 2016-07-16 13:43 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\nfscprop.dll
2017-03-11 18:17 - 2016-07-16 13:43 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\nfsrc.dll
2017-03-11 18:17 - 2016-07-16 13:36 - 00000000 ____D C:\Windows\CbsTemp
2017-03-11 18:11 - 2016-10-27 23:06 - 00000000 ____D C:\Users\Kamil\AppData\Local\Vivaldi
2017-03-11 18:10 - 2016-12-05 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-11 18:08 - 2016-12-27 00:17 - 00000000 ____D C:\Users\Kamil\AppData\Local\FluxSoftware
2017-03-11 18:08 - 2016-12-05 15:00 - 00000000 ____D C:\Users\Kamil\AppData\Local\Google
2017-03-08 22:13 - 2016-11-16 02:48 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-03-07 03:12 - 2016-10-27 17:21 - 05043544 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-07 03:07 - 2016-10-27 20:36 - 00000000 ____D C:\Windows\system32\MRT
2017-03-07 03:05 - 2016-10-27 20:36 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-06 17:38 - 2017-01-10 00:37 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\vlc
2017-03-06 15:00 - 2016-11-06 20:35 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\TeamViewer
2017-03-05 00:25 - 2016-11-22 19:34 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\HexChat
2017-03-04 23:59 - 2016-10-28 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2017-03-04 23:36 - 2016-12-05 14:59 - 00000000 ____D C:\Users\Kamil\AppData\Local\Mozilla
2017-03-03 20:14 - 2016-12-01 13:21 - 00000000 ____D C:\Users\Kamil\.VirtualBox
2017-03-03 14:10 - 2016-07-16 13:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-02 17:30 - 2016-12-24 22:08 - 00000748 _____ C:\Users\Public\Desktop\Overwatch.lnk
2017-03-02 12:48 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-01 22:44 - 2017-01-03 10:46 - 00000000 __SHD C:\Users\Kamil\AppData\Local\lxss
2017-03-01 15:07 - 2016-07-16 13:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-28 22:43 - 2016-11-16 15:00 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\_obs-studio
2017-02-28 18:06 - 2016-11-16 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-02-28 14:45 - 2016-12-03 16:34 - 00000992 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-28 14:41 - 2016-11-16 14:41 - 00000000 ____D C:\Program Files (x86)\obs-studio

==================== Pliki w katalogu głównym wybranych folderów =======

2016-11-03 21:43 - 2016-11-03 21:43 - 21874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2017-03-05 01:13 - 2017-03-05 01:21 - 0000132 _____ () C:\Users\Kamil\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-11-18 16:17 - 2016-11-18 17:15 - 0000338 _____ () C:\Users\Kamil\AppData\Roaming\basic.ini
2016-11-28 12:51 - 2016-11-28 12:51 - 0000035 _____ () C:\Users\Kamil\AppData\Local\330E95B1
2017-01-06 20:16 - 2017-01-06 20:16 - 0000035 _____ () C:\Users\Kamil\AppData\Local\65C9CE5E
2016-11-28 12:57 - 2017-03-26 19:41 - 0010210 _____ () C:\Users\Kamil\AppData\Local\dM550
2017-02-21 21:12 - 2017-02-21 21:12 - 0000031 _____ () C:\Users\Kamil\AppData\Local\ekkccs
2016-11-15 22:01 - 2017-02-02 23:38 - 1307648 _____ () C:\Users\Kamil\AppData\Local\file__0.localstorage
2017-02-11 15:20 - 2017-03-26 17:55 - 0007620 _____ () C:\Users\Kamil\AppData\Local\resmon.resmoncfg
2017-02-04 13:33 - 2017-02-04 13:33 - 0000273 _____ () C:\ProgramData\fontcacheev1.dat

Pliki do przeniesienia lub usunięcia:
====================
C:\ProgramData\fontcacheev1.dat


Niektóre pliki w TEMP:
====================
2017-03-22 17:05 - 2017-03-22 17:05 - 0501318 _____ (Leading2Apps ) C:\Users\Kamil\AppData\Local\Temp\5VIG7E2.exe
2017-03-22 17:03 - 2017-03-22 17:03 - 1850711 _____ () C:\Users\Kamil\AppData\Local\Temp\cpa.exe
2017-03-22 17:03 - 2017-03-22 17:03 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\Kamil\AppData\Local\Temp\fox.exe
2017-03-16 17:59 - 2017-03-16 17:59 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-1409432450459442093.dll
2017-02-05 20:53 - 2017-02-05 20:53 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-1479831947992304513.dll
2017-02-01 15:20 - 2017-02-01 15:20 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-1746988933896551976.dll
2017-03-24 19:07 - 2017-03-24 19:07 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3045220268993178214.dll
2017-02-01 19:06 - 2017-02-01 19:06 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-31270204293463020.dll
2017-03-20 08:13 - 2017-03-20 08:13 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3150225623553462976.dll
2017-03-13 13:52 - 2017-03-13 13:52 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3177618153642059782.dll
2017-03-15 18:53 - 2017-03-15 18:53 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3287323729577952511.dll
2017-03-11 14:07 - 2017-03-11 14:07 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3353519181720269585.dll
2017-02-02 16:50 - 2017-02-02 16:50 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3435835913299404161.dll
2017-03-15 19:35 - 2017-03-15 19:35 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3617739769266999222.dll
2017-02-05 00:47 - 2017-02-05 00:47 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-4137518519978669326.dll
2017-03-13 13:13 - 2017-03-13 13:13 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-4378492146681649808.dll
2017-02-04 01:15 - 2017-02-04 01:15 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-5326892182348902446.dll
2017-03-11 15:30 - 2017-03-11 15:30 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-6306762901013566247.dll
2017-01-30 00:50 - 2017-01-30 00:50 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-663287360271946064.dll
2017-03-15 18:37 - 2017-03-15 18:37 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-7309154871441500776.dll
2017-03-13 13:39 - 2017-03-13 13:39 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-775977161049445315.dll
2017-02-15 15:04 - 2017-02-15 15:04 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-7809453959299361496.dll
2017-03-11 16:16 - 2017-03-11 16:16 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-7981041923348423633.dll
2017-03-13 13:50 - 2017-03-13 13:50 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-8272468583016597149.dll
2017-02-04 01:20 - 2017-02-04 01:20 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-8680535282092752817.dll
2017-02-04 01:03 - 2017-02-04 01:03 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-8706281606965000702.dll
2017-01-31 14:28 - 2017-01-31 14:28 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-8861498799969908041.dll
2017-02-16 16:51 - 2017-02-16 16:51 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-94797009938302158.dll
2017-02-05 22:42 - 2017-02-19 21:43 - 0000000 _____ () C:\Users\Kamil\AppData\Local\Temp\JIntellitype.dll
2017-03-22 17:04 - 2017-03-22 17:04 - 0016384 _____ (DoxX) C:\Users\Kamil\AppData\Local\Temp\kube.exe
2017-03-22 17:04 - 2017-03-22 17:04 - 0459264 _____ (Win4you) C:\Users\Kamil\AppData\Local\Temp\Setup.exe
2017-02-10 21:20 - 2017-03-24 12:12 - 0192512 _____ () C:\Users\Kamil\AppData\Local\Temp\sfamcc00001.dll
2015-02-10 19:56 - 2015-02-10 19:56 - 0105984 _____ () C:\Users\Kamil\AppData\Local\Temp\sfextra.dll
2017-03-22 17:05 - 2017-03-22 17:04 - 1199825 _____ () C:\Users\Kamil\AppData\Local\Temp\unins000.exe
2017-03-22 17:04 - 2017-03-22 17:04 - 1247942 _____ (VideoBox ) C:\Users\Kamil\AppData\Local\Temp\vbsetup.exe
2017-02-03 12:58 - 2017-02-03 12:58 - 14773216 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Local\Temp\vcredist_x64.exe
2017-03-22 17:03 - 2017-03-22 17:03 - 0011446 _____ () C:\Users\Kamil\AppData\Local\Temp\wowrr.exe

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


nointegritychecks: ==> "IntegrityChecks" [funkcja wyłączona] <===== UWAGA

LastRegBack: 2017-02-28 19:08

==================== Koniec FRST.txt ============================

Attached Files


Edited by Oh My!, 28 March 2017 - 05:28 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 PM

Posted 28 March 2017 - 05:27 PM

Greetings kamild1996 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 kamild1996

kamild1996
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 28 March 2017 - 05:34 PM

Friendship accepted  :thumbup2:  I'm Kamil, nice to meet you!

I'm subscribed to this thread and I'm receiving instant notifications about responses, which I also can see as soon as they arrive. Thank you for the introduction, I'm going to wait patiently  :bananas:

 

I just noticed these logs have some phrases written in Polish rather than English. If it makes any difference, I can just translate some of them for you.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 PM

Posted 28 March 2017 - 05:38 PM

Thank you.

If you rename FRST64.exe to englishFRST64.exe and launch it you can click Scan and the results will be in English, for the most part. Please copy/paste the reports in your reply. If the content is too long just post one report per reply.

cześć i witaj :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 kamild1996

kamild1996
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 28 March 2017 - 05:44 PM

Not a problem. I'll post the reports separately.

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Kamil (administrator) on KAMIL-PC (29-03-2017 00:39:56)
Running from C:\Program Files\FRST
Loaded Profiles: Kamil &  (Available Profiles: defaultuser0 & Kamil & Adrian)
Platform: Windows 10 Pro Version 1607 (X64) Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
() C:\Program Files\Synergy\synergyd.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(painter) C:\Windows Update Disabler\UpdaterDisabler.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Performix LLC) C:\Program Files (x86)\Adguard\Adguard.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(TeamViewer GmbH) R:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5485\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Kyubey.exe) C:\Users\Kamil\AppData\Roaming\clean\Kyubey.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(CPUID) C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
(Matthew Malensek) C:\Program Files (x86)\3RVX\3RVX.exe
(Kyubey.exe) C:\Users\Kamil\AppData\Roaming\Kyubey\Kyubey.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Hammer & Chisel, Inc.) C:\Users\Kamil\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Kamil\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Kamil\AppData\Local\Discord\app-0.0.297\Discord.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
(Farbar) C:\Program Files\FRST\englishFRST64.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776192 2016-12-02] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe [1243328 2016-09-20] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [Blackmagic CheckVersion] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersion.exe
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [SoliCallPro] => C:\Program Files (x86)\SoliCall\bin\SoliCall_Pro.exe [1646792 2016-12-11] ()
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908420\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163912830\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [thebat_startup] => C:\Program Files\The Bat!\thebat64.exe /minimize
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-07-06] (Unified Intents AB)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9161720 2016-12-23] (Binary Fortress Software)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5622032 2017-02-07] (Performix LLC)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [LZQ2IBR9D2] => "C:\Program Files (x86)\PubHotspot\K7Z95.exe"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [thebat_startup] => C:\Program Files\The Bat!\thebat64.exe /minimize
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-07-06] (Unified Intents AB)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9161720 2016-12-23] (Binary Fortress Software)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5622032 2017-02-07] (Performix LLC)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [LZQ2IBR9D2] => "C:\Program Files (x86)\PubHotspot\K7Z95.exe"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [thebat_startup] => C:\Program Files\The Bat!\thebat64.exe /minimize
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-07-06] (Unified Intents AB)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9161720 2016-12-23] (Binary Fortress Software)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5622032 2017-02-07] (Performix LLC)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [LZQ2IBR9D2] => "C:\Program Files (x86)\PubHotspot\K7Z95.exe"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4125575926-357873309-2165598990-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908924\...\RunOnce: [Uninstall 17.3.6517.0809\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Adrian\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64"
HKU\S-1-5-21-4125575926-357873309-2165598990-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908924\...\RunOnce: [Uninstall 17.3.6517.0809] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Adrian\AppData\Local\Microsoft\OneDrive\17.3.6517.0809"
HKU\S-1-5-21-4125575926-357873309-2165598990-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913886\...\RunOnce: [Uninstall 17.3.6517.0809\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Adrian\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64"
HKU\S-1-5-21-4125575926-357873309-2165598990-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913886\...\RunOnce: [Uninstall 17.3.6517.0809] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Adrian\AppData\Local\Microsoft\OneDrive\17.3.6517.0809"
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-12-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-11-03]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-02-25]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{933d2940-7c7b-49ad-8abb-7d303f49cb9e}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-11-03] (LastPass)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-11-03] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-11-03] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-11-03] (LastPass)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1490015270616
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 3nylrhuv.default
FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\3nylrhuv.default [2017-03-22]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\3nylrhuv.default -> trotux
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3nylrhuv.default -> trotux
FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Firefox\Firefox\Profiles\3nylrhuv.default [2017-03-28]
FF SelectedSearchEngine: Firefox\Firefox\Profiles\3nylrhuv.default -> trotux
FF Extension: (SimilarWeb) - C:\Users\Kamil\AppData\Roaming\Firefox\Firefox\Profiles\3nylrhuv.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-28] [not signed]
FF Extension: (FF Adr) - C:\Users\Kamil\AppData\Roaming\Firefox\Firefox\Profiles\3nylrhuv.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-28] [not signed]
FF Extension: (Polski Language Pack) - C:\Users\Kamil\AppData\Roaming\Firefox\Firefox\Profiles\3nylrhuv.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-03-28] [not signed]
FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Firefox\Firefox\Profiles\3nylrhuv.default\searchplugins\startsearch.xml [2017-03-28]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-11-03] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-11-03] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-09-13] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.google.com/
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=bf298271074f86f11173771g9z9t8e9gbt3w5g9gcg&from=icb&uid=ADATAXSU800_2G3720064027&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Profile: C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-27] <==== ATTENTION
CHR Extension: (Prezentacje Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-05]
CHR Extension: (BetterTTV) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-03-27]
CHR Extension: (Dokumenty Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-05]
CHR Extension: (Dysk Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-05]
CHR Extension: (YouTube) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-05]
CHR Extension: (Arkusze Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-10]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-27]
CHR Extension: (Gmail) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-05]
CHR Extension: (Chrome Media Router) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-11]
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
 
Opera: 
=======
OPR Extension: (Magic Actions for YouTube™) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-03-16]
OPR Extension: (BetterTTV) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-03-24]
OPR Extension: (ImprovedTube - YouTube Extension) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2017-02-23]
OPR Extension: (Google search link fix) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\cekfddagaicikmgoheekchngpadahmlf [2017-02-06]
OPR Extension: (uBlock Origin) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-14]
OPR Extension: (LastPass: Free Password Manager) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2016-11-03]
OPR Extension: (Reddit Enhancement Suite) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-16]
OPR Extension: (Download Chrome Extension) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2017-02-10]
OPR Extension: (Video DownloadHelper) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2017-02-08]
OPR Extension: (Tampermonkey) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2017-03-04]
OPR Extension: (Enhanced Steam) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-01-30]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [151312 2017-02-07] (Performix LLC)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
S3 BcmBtRSupport; C:\Windows\system32\btwrsupportservice.exe [2278152 2015-07-17] (Broadcom Corporation.)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]
S2 debugregsvc; C:\Windows\System32\debugregsvc.dll [29184 2016-07-15] (Microsoft Corporation)
S3 DeveloperToolsService; C:\Windows\System32\DeveloperToolsSvc.exe [104448 2016-07-15] (Microsoft Corporation)
S4 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [437224 2016-10-27] (Digital Wave Ltd.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5098008 2016-12-23] (Binary Fortress Software)
S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [859304 2017-02-08] (FileZilla Project)
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [108720 2017-03-28] ()
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [19552 2015-12-15] (Olof Lagerkvist)
R2 Kyubey; C:\Users\Kamil\AppData\Roaming\Kyubey\Kyubey.exe [237056 2017-03-28] (Kyubey.exe) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MVCSrv; C:\ProgramData\Package Cache\{2A002F88-FD5D-379B-A350-A25D84AF128B}v14.0.25420\packages\VisualC_D14\VC_IDE.Base\VC_IDE_Base.dll [105984 2017-03-28] () [File not signed]
R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [99328 2017-03-11] (Microsoft Corporation)
S3 ptsysexec; C:\Windows\ptsysexec.exe [238688 2016-06-30] (Pismo Technic Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
S3 RemoteSystemMonitorService; C:\Program Files (x86)\TRIGONE\Remote System Monitor Server\RemoteSystemMonitorService.exe [16384 2014-02-05] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S4 SNMP; C:\Windows\System32\snmp.exe [53248 2017-02-05] (Microsoft Corporation)
S4 SNMP; C:\Windows\SysWOW64\snmp.exe [47104 2017-02-05] (Microsoft Corporation)
R3 SshBroker; C:\Windows\System32\SshBroker.dll [360960 2016-12-21] (Microsoft Corporation)
R3 SshProxy; C:\Windows\System32\SshProxy.dll [275456 2016-12-21] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [307880 2016-12-12] ()
R2 TeamViewer; R:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
R2 UpdateDisabler; C:\Windows Update Disabler\UpdaterDisabler.exe [162304 2016-11-29] (painter) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S4 WebManagement; C:\Windows\system32\WebManagement.exe [1000448 2016-09-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\Kamil\AppData\Roaming\WinSAPSvc\WinSAP.dll [218624 2017-03-27] (Windows) [File not signed]
R2 WINSNARE; C:\Users\Kamil\AppData\Roaming\WINSNARE\WinSnare.dll [1293312 2017-03-28] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [75368 2017-02-01] ()
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0311199.inf_amd64_71ef621a77f87d8c\atikmdag.sys [32690568 2017-02-10] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0311199.inf_amd64_71ef621a77f87d8c\atikmpag.sys [516488 2017-02-10] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)
R2 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [21048 2015-12-15] (Olof Lagerkvist)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [186152 2016-02-17] (Broadcom Corporation.)
S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
R3 cpuz140; C:\Users\Kamil\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [45888 2017-03-28] (CPUID) <==== ATTENTION
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [30808 2016-05-04] (ELAN Microelectronic Corp.)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
S3 GPU-Z; C:\Users\Kamil\AppData\Local\Temp\GPU-Z.sys [27008 2017-02-28] () <==== ATTENTION
R2 ImDisk; C:\Windows\system32\DRIVERS\imdisk.sys [48704 2015-12-15] (Olof Lagerkvist)
S3 irsir; C:\Windows\system32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-28] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-28] (Malwarebytes)
R3 msvad_simple; C:\Windows\system32\solicall.sys [40664 2010-10-30] (SoliCall)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [260608 2017-03-11] (Microsoft Corporation)
S3 P17; C:\Windows\system32\drivers\P17.sys [1309696 2009-10-16] (Creative Technology Ltd.) [File not signed]
S3 pfmfs_183; C:\Windows\System32\Drivers\pfmfs_183.sys [267144 2016-06-30] (Pismo Technic Inc.)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2016-11-16] (Sysinternals - www.sysinternals.com)
R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [132608 2017-03-11] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [946696 2016-11-02] (Realtek                                            )
R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 TDKLIB; C:\Users\Kamil\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [19296 2017-02-27] () <==== ATTENTION
R1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102576 2015-11-10] ()
R1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25904 2015-11-10] ()
R1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [701360 2015-11-10] ()
R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [27064 2016-07-06] (Windows ® Win 7 DDK provider)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-11-21] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-11-21] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [138896 2016-11-21] (Oracle Corporation)
R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [52288 2016-10-21] (VMware, Inc.)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U0 aswVmm; no ImagePath
U4 nxfs; no ImagePath
U4 nxpcap; no ImagePath
U4 nxsshd; no ImagePath
U4 nxusbd; no ImagePath
U4 nxusbh; no ImagePath
U4 nxusbs; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: debugregsvc -> C:\Windows\System32\debugregsvc.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-29 00:39 - 2017-03-29 00:39 - 00000000 ____D C:\Program Files\FRST
2017-03-28 16:55 - 2017-03-29 00:39 - 00000000 ____D C:\FRST
2017-03-28 15:26 - 2017-03-28 15:26 - 00002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-28 15:26 - 2017-03-28 15:26 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Firefox
2017-03-28 15:26 - 2017-03-28 15:26 - 00000000 ____D C:\Users\Kamil\AppData\Local\Yeshat
2017-03-28 15:26 - 2017-03-28 15:26 - 00000000 ____D C:\Users\Kamil\AppData\Local\Firefox
2017-03-28 15:25 - 2017-03-28 15:26 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-03-28 15:25 - 2017-03-28 15:25 - 00000000 ____D C:\Program Files (x86)\Yeshat
2017-03-28 15:24 - 2017-03-29 00:36 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-28 15:24 - 2017-03-28 15:25 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Kyubey
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\3RVX
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.4.0)
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 _____ C:\Windows\SysWOW64\4
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 _____ C:\Windows\SysWOW64\3
2017-03-28 15:23 - 2017-03-28 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3RVX
2017-03-28 15:23 - 2017-03-28 15:23 - 00000000 ____D C:\Program Files (x86)\3RVX
2017-03-27 17:09 - 2017-03-28 15:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\WinSnare
2017-03-27 17:09 - 2017-03-27 17:09 - 00003632 _____ C:\Windows\System32\Tasks\Milimili
2017-03-27 17:09 - 2017-03-27 17:09 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\WinSAPSvc
2017-03-27 17:09 - 2017-03-27 17:09 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\clean
2017-03-27 17:09 - 2017-03-27 17:09 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-27 17:05 - 2017-03-28 15:24 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-25 23:21 - 2017-03-25 23:51 - 00000057 _____ C:\Users\Kamil\Desktop\Plan ucieczki.txt
2017-03-24 13:14 - 2017-03-24 13:14 - 00000346 _____ C:\Users\Kamil\.i18n-editor
2017-03-24 13:09 - 2017-03-24 13:09 - 00000068 _____ C:\Users\Kamil\Documents\.i18n-editor-metadata
2017-03-24 13:08 - 2017-03-24 13:14 - 00000000 ____D C:\Users\Kamil\Documents\tlumaczenie
2017-03-24 13:06 - 2017-03-24 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JvMs Software
2017-03-22 18:49 - 2017-03-22 18:49 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2017.lnk
2017-03-22 18:08 - 2017-03-22 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2017-03-22 17:55 - 2017-03-22 17:55 - 00092088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-22 17:13 - 2017-03-22 17:17 - 00000000 _____ C:\Recovery.txt
2017-03-22 17:05 - 2017-03-27 17:04 - 00000000 ____D C:\Program Files (x86)\Shunosyjibtain
2017-03-22 17:05 - 2017-03-22 18:12 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Coutering
2017-03-22 17:05 - 2017-03-22 18:01 - 00000000 ____D C:\Program Files\C6DZPJWWS8
2017-03-22 17:05 - 2017-03-22 17:05 - 00000000 ____D C:\Users\Kamil\AppData\Local\Atudadomtasoph
2017-03-22 16:53 - 2017-03-28 17:22 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-22 16:53 - 2017-03-28 17:22 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-22 16:53 - 2017-03-28 17:22 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-22 16:53 - 2017-03-22 16:53 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-22 16:53 - 2017-03-22 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-22 16:53 - 2017-03-22 16:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-22 16:53 - 2017-03-22 16:53 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-22 16:53 - 2017-02-24 07:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-22 16:51 - 2017-03-22 16:54 - 00000000 ____D C:\AdwCleaner
2017-03-22 16:43 - 2017-03-22 16:49 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-21 21:34 - 2017-03-21 21:34 - 00002075 _____ C:\Users\Kamil\Documents\tłumaczenie wisielca.sesja
2017-03-21 21:33 - 2017-03-24 14:28 - 00098089 _____ C:\Users\Kamil\Documents\tłumaczenie wisielca.json
2017-03-21 09:41 - 2017-03-28 01:45 - 00001080 _____ C:\Windows\system32\settingsbkup.sfm
2017-03-21 09:41 - 2017-03-28 01:45 - 00001080 _____ C:\Windows\system32\settings.sfm
2017-03-20 16:13 - 2017-03-28 01:45 - 00062476 _____ C:\Windows\system32\BMXStateBkp-{00000006-00000000-00000001-00001102-00000005-00291102}.rfx
2017-03-20 16:13 - 2017-03-28 01:45 - 00062476 _____ C:\Windows\system32\BMXState-{00000006-00000000-00000001-00001102-00000005-00291102}.rfx
2017-03-20 16:13 - 2017-03-28 01:45 - 00000788 _____ C:\Windows\system32\DVCState-{00000006-00000000-00000001-00001102-00000005-00291102}.rfx
2017-03-20 16:11 - 2000-05-11 02:00 - 00090112 ____N (Creative Technology Ltd.) C:\Windows\Updreg.EXE
2017-03-20 16:10 - 2017-03-20 16:10 - 00000000 ___HD C:\Program Files (x86)\Creative Installation Information
2017-03-20 16:09 - 2017-03-20 16:09 - 00000000 ____D C:\Windows\LastGood
2017-03-20 16:08 - 2017-03-20 16:10 - 00000000 ____D C:\Program Files\Creative
2017-03-20 16:08 - 2017-03-20 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2017-03-20 16:01 - 2015-12-19 15:54 - 00182272 _____ (Creative Technology Ltd) C:\Windows\system32\CT_OAL.DLL
2017-03-20 15:58 - 2017-03-20 16:09 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2017-03-20 15:58 - 2017-03-20 16:09 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2017-03-20 15:58 - 2017-03-20 16:09 - 00123480 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2017-03-20 15:58 - 2017-03-20 16:09 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2017-03-20 15:58 - 2017-03-20 15:58 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-03-20 15:58 - 2017-03-20 15:58 - 00000000 ____D C:\Program Files (x86)\OpenAL
2017-03-20 15:58 - 2008-02-04 11:28 - 00107008 _____ (Creative Technology Ltd) C:\Windows\system32\cttele64.dll
2017-03-20 15:58 - 2008-02-04 11:27 - 00102400 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\cttele32.dll
2017-03-20 15:24 - 2017-03-20 15:24 - 00000444 __RSH C:\Users\Kamil\ntuser.pol
2017-03-20 14:52 - 2015-12-19 16:30 - 00018688 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\pfmodnt.sys
2017-03-20 14:52 - 2015-12-19 16:29 - 01564416 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\ha20x2k.sys
2017-03-20 14:52 - 2015-12-19 16:29 - 00689024 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\ctaud2k.sys
2017-03-20 14:52 - 2015-12-19 16:29 - 00215296 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\ctsfm2k.sys
2017-03-20 14:52 - 2015-12-19 16:29 - 00181504 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\ctoss2k.sys
2017-03-20 14:52 - 2015-12-19 16:29 - 00120576 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\emupia2k.sys
2017-03-20 14:52 - 2015-12-19 16:29 - 00018176 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\ctprxy2k.sys
2017-03-20 14:52 - 2015-12-19 16:28 - 01419520 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CTEXFIFX.sys
2017-03-20 14:52 - 2015-12-19 16:28 - 00582912 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\ctac32k.sys
2017-03-20 14:52 - 2015-12-19 16:28 - 00205056 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CT20XUT.sys
2017-03-20 14:52 - 2015-12-19 16:28 - 00097024 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CTHWIUT.sys
2017-03-20 14:52 - 2015-12-19 16:19 - 00218624 _____ (Creative Technology Limited) C:\Windows\system32\ctdvinst.dll
2017-03-20 14:52 - 2015-12-19 16:19 - 00073728 _____ (Creative Technology Limited) C:\Windows\system32\ctcoinst.dll
2017-03-20 14:52 - 2015-12-19 15:54 - 00067584 _____ (Creative Technology Ltd) C:\Windows\system32\ctdpxy64.dll
2017-03-20 14:52 - 2015-12-19 15:54 - 00055808 _____ (Creative Technology Ltd) C:\Windows\system32\ctasio64.dll
2017-03-20 14:52 - 2015-12-19 15:52 - 00089600 _____ (Creative Technology Ltd) C:\Windows\system32\ctosur64.dll
2017-03-20 14:52 - 2015-12-19 15:52 - 00018432 _____ C:\Windows\system32\regplib.exe
2017-03-20 14:52 - 2015-12-19 15:15 - 00027216 _____ C:\Windows\SysWOW64\instwdm.ini
2017-03-20 14:52 - 2015-12-19 15:15 - 00027216 _____ C:\Windows\system32\instwdm.ini
2017-03-20 14:52 - 2015-12-19 15:15 - 00000054 _____ C:\Windows\SysWOW64\ctzapxx.ini
2017-03-20 14:52 - 2015-12-19 15:15 - 00000054 _____ C:\Windows\system32\ctzapxx.ini
2017-03-20 14:52 - 2015-12-19 14:06 - 00060928 _____ ( ) C:\Windows\SysWOW64\a3d.dll
2017-03-20 14:52 - 2015-12-19 14:05 - 00048640 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ac3api.dll
2017-03-20 14:52 - 2015-12-19 14:03 - 00041472 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTxfiBtn.dll
2017-03-20 14:52 - 2015-12-19 14:03 - 00039424 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTxfiSpk.dll
2017-03-20 14:52 - 2015-12-19 14:03 - 00026112 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
2017-03-20 14:52 - 2015-12-19 14:03 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2017-03-20 14:52 - 2015-12-19 14:03 - 00002560 _____ () C:\Windows\system32\CtxfiRes.dll
2017-03-20 14:52 - 2015-12-19 13:57 - 01216512 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
2017-03-20 14:52 - 2015-12-19 13:57 - 00046592 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTxfiReg.exe
2017-03-20 14:52 - 2015-12-19 13:57 - 00015360 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\Ct20xspi.dll
2017-03-20 14:52 - 2015-12-19 13:48 - 00321512 _____ C:\Windows\SysWOW64\ctdlang.dat
2017-03-20 14:52 - 2015-12-19 13:48 - 00321512 _____ C:\Windows\system32\ctdlang.dat
2017-03-20 14:52 - 2015-12-19 13:48 - 00056509 _____ C:\Windows\SysWOW64\ctdnlstr.dat
2017-03-20 14:52 - 2015-12-19 13:48 - 00056509 _____ C:\Windows\system32\ctdnlstr.dat
2017-03-20 14:52 - 2015-12-19 13:47 - 00114688 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ctemupia.dll
2017-03-20 14:52 - 2015-12-19 13:37 - 00193024 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ct_oal.dll
2017-03-20 14:52 - 2015-12-19 13:37 - 00061952 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ctdproxy.dll
2017-03-20 14:52 - 2015-12-19 13:37 - 00051712 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ctasio.dll
2017-03-20 14:52 - 2015-12-19 13:35 - 00113152 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\sfms32.dll
2017-03-20 14:52 - 2015-12-19 13:35 - 00074752 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ctosuser.dll
2017-03-20 14:52 - 2015-12-19 13:35 - 00010240 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\sfman32.dll
2017-03-20 14:52 - 2015-12-19 13:34 - 00080896 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\piaproxy.dll
2017-03-20 14:52 - 2015-12-19 13:29 - 00012800 _____ ( ) C:\Windows\SysWOW64\killapps.exe
2017-03-20 14:52 - 2015-12-19 13:29 - 00007680 _____ C:\Windows\SysWOW64\enlocstr.exe
2017-03-20 14:52 - 2015-12-19 13:27 - 00036864 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\devreg.dll
2017-03-20 14:52 - 2013-11-19 10:57 - 00853784 _____ (Creative Technology Ltd.) C:\Windows\system32\UDAAPO64.dll
2017-03-20 14:52 - 2013-11-19 10:57 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\UDAPLD64.dll
2017-03-20 14:52 - 2013-11-19 10:56 - 00716056 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\UDAAPO32.dll
2017-03-20 14:52 - 2013-11-19 10:55 - 00011017 _____ C:\Windows\SysWOW64\UDAAPO64.UDA
2017-03-20 14:52 - 2012-10-30 12:44 - 27474632 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\AppSetup.exe
2017-03-20 14:52 - 2012-04-18 12:39 - 00042496 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\AddCat.exe
2017-03-20 14:52 - 2009-11-19 04:20 - 00809560 _____ (Creative Labs Inc.) C:\Windows\SysWOW64\oalinst.exe
2017-03-20 14:52 - 2009-07-07 14:56 - 02167684 _____ C:\Windows\SysWOW64\CT2MGM.SF2
2017-03-20 14:52 - 2009-07-07 14:56 - 02167684 _____ C:\Windows\system32\CT2MGM.SF2
2017-03-20 14:52 - 2009-07-07 14:56 - 01048576 _____ C:\Windows\SysWOW64\CT1MGM.ROM
2017-03-20 14:52 - 2009-07-07 14:56 - 01048576 _____ C:\Windows\system32\CT1MGM.ROM
2017-03-20 14:52 - 2009-07-07 14:56 - 00077824 _____ (Creative Labs) C:\Windows\SysWOW64\eaxac3.dll
2017-03-20 14:52 - 2009-07-07 14:56 - 00003128 _____ C:\Windows\system32\XFi.bmp
2017-03-20 14:52 - 2009-07-07 14:56 - 00000297 _____ C:\Windows\SysWOW64\kill.ini
2017-03-20 14:52 - 2009-07-07 14:56 - 00000059 _____ C:\Windows\SysWOW64\default8.sfm
2017-03-20 14:52 - 2009-07-07 14:56 - 00000059 _____ C:\Windows\SysWOW64\default4.sfm
2017-03-20 14:52 - 2009-07-07 14:56 - 00000059 _____ C:\Windows\SysWOW64\default.sfm
2017-03-20 14:52 - 2009-07-07 14:56 - 00000059 _____ C:\Windows\system32\default8.sfm
2017-03-20 14:52 - 2009-07-07 14:56 - 00000059 _____ C:\Windows\system32\default4.sfm
2017-03-20 14:52 - 2009-07-07 14:56 - 00000059 _____ C:\Windows\system32\default.sfm
2017-03-20 14:52 - 2009-03-26 17:10 - 00600211 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\UDAAIM64.exe
2017-03-20 14:52 - 2008-06-02 12:11 - 00005530 _____ C:\Windows\SysWOW64\CTMLFX64.UDA
2017-03-20 14:52 - 2008-06-02 12:10 - 00005458 _____ C:\Windows\SysWOW64\CTMLFX32.UDA
2017-03-20 14:52 - 2008-06-02 10:42 - 00072704 _____ (Creative Technology Ltd) C:\Windows\system32\CTMLFX64.dll
2017-03-20 14:52 - 2008-06-02 10:40 - 00062976 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTMLFX32.dll
2017-03-20 14:52 - 2007-03-13 11:33 - 00099064 _____ (Creative Technology Ltd) C:\Windows\system32\ctpxst64.exe
2017-03-20 14:52 - 2007-03-13 11:32 - 00089336 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ctpxst32.exe
2017-03-20 12:03 - 2017-03-20 12:04 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\AccurateRip
2017-03-20 12:03 - 2017-03-20 12:03 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\EAC
2017-03-20 12:03 - 2017-03-20 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2017-03-20 12:03 - 2017-03-20 12:03 - 00000000 ____D C:\Program Files (x86)\Exact Audio Copy
2017-03-20 11:03 - 2017-03-20 11:03 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CDCheck
2017-03-20 11:03 - 2017-03-20 11:03 - 00000000 ____D C:\Program Files (x86)\CDCheck
2017-03-20 10:59 - 2017-03-20 10:59 - 00000000 ____D C:\Users\Kamil\AppData\Local\Recovery Toolbox for CD Free
2017-03-20 10:59 - 2017-03-20 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Toolbox for CD Free
2017-03-20 10:59 - 2017-03-20 10:59 - 00000000 ____D C:\Program Files (x86)\Recovery Toolbox for CD Free
2017-03-14 17:09 - 2017-03-20 16:19 - 00000000 ____D C:\ProgramData\Creative
2017-03-14 17:09 - 2017-03-20 16:09 - 00000159 ___RH C:\Windows\ctfile.rfc
2017-03-14 17:09 - 2017-03-20 15:58 - 00000000 ____D C:\Windows\SysWOW64\Data
2017-03-14 17:09 - 2017-03-20 15:58 - 00000000 ____D C:\Windows\system32\Data
2017-03-14 17:09 - 2016-09-27 18:23 - 00089600 _____ C:\Windows\system32\CmdRtr64.DLL
2017-03-14 17:09 - 2016-09-27 18:22 - 00074240 _____ C:\Windows\SysWOW64\CmdRtr.DLL
2017-03-14 17:09 - 2016-09-27 18:21 - 00363520 _____ C:\Windows\system32\APOMgr64.DLL
2017-03-14 17:09 - 2016-09-27 18:19 - 00273920 _____ C:\Windows\SysWOW64\APOMngr.DLL
2017-03-14 17:09 - 2015-12-19 19:19 - 00012288 _____ (Creative Technology Limited) C:\Windows\system32\INRES.DLL
2017-03-14 17:09 - 2015-12-19 17:10 - 00011776 _____ (Creative Technology Limited) C:\Windows\SysWOW64\INRES.DLL
2017-03-14 17:08 - 2017-03-20 16:09 - 00000000 ____D C:\Program Files (x86)\Creative
2017-03-14 17:08 - 2009-10-16 11:44 - 01309696 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\P17.sys
2017-03-14 17:08 - 2009-08-25 07:33 - 00613503 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\APOIM64.exe
2017-03-14 17:08 - 2009-08-13 12:19 - 00144384 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\OemSpiE.dll
2017-03-14 17:08 - 2009-07-28 19:38 - 00217600 _____ (Creative Technology Limited) C:\Windows\system32\ctdvins1.dll
2017-03-14 17:08 - 2009-07-28 19:38 - 00073728 _____ (Creative Technology Limited) C:\Windows\system32\ctcoins1.dll
2017-03-14 17:08 - 2009-04-21 07:40 - 00581120 _____ (Creative Technology Ltd.) C:\Windows\system32\P17APO64.dll
2017-03-14 17:08 - 2009-04-21 07:40 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\P17pld64.dll
2017-03-14 17:08 - 2009-04-21 07:38 - 00506368 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\P17APO32.dll
2017-03-14 17:08 - 2009-02-26 06:36 - 00140800 _____ (Creative Technology Ltd.) C:\Windows\system32\P17res.dll
2017-03-14 17:08 - 2008-11-13 11:07 - 00002177 _____ C:\Windows\P17EP.ini
2017-03-14 17:08 - 2007-06-07 10:25 - 00001578 _____ C:\Windows\P17EPLS.ini
2017-03-14 17:08 - 2007-06-07 10:25 - 00001578 _____ C:\Windows\P17EP51.ini
2017-03-14 17:08 - 2007-05-09 04:07 - 00018432 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\P17RunE.dll
2017-03-14 17:04 - 2017-03-20 15:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-13 16:41 - 2017-03-13 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoliCall
2017-03-13 16:41 - 2017-03-13 16:41 - 00000000 ____D C:\Program Files (x86)\SoliCall
2017-03-13 13:02 - 2017-03-13 13:13 - 00000000 ____D C:\MyM
2017-03-13 13:01 - 2017-03-13 13:09 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\.mineyourmind
2017-03-12 11:02 - 2017-03-12 11:02 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\BetterDiscord
2017-03-12 09:39 - 2017-03-12 09:42 - 00001714 _____ C:\Users\Kamil\Desktop\CS GO (borderless).lnk
2017-03-12 09:39 - 2017-03-12 09:42 - 00001698 _____ C:\Users\Kamil\Desktop\CS GO (fullscreen).lnk
2017-03-12 07:52 - 2017-02-02 22:37 - 00002297 _____ C:\Users\Kamil\Desktop\Discord.lnk
2017-03-11 14:24 - 2017-03-11 14:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Curse
2017-03-11 04:21 - 2017-03-11 04:21 - 00001432 _____ C:\Users\Kamil\Documents\ooshutup10.cfg
2017-03-10 22:57 - 2017-03-11 04:24 - 00000000 ___HD C:\Users\Kamil\.nx
2017-03-10 22:57 - 2017-03-10 23:05 - 00000000 ____D C:\Users\Kamil\Documents\NoMachine
2017-03-10 22:56 - 2015-03-02 14:39 - 00087216 _____ (NoMachine) C:\Windows\system32\Drivers\nxusbf.sys
2017-03-10 22:56 - 2015-03-02 14:39 - 00068096 _____ (NoMachine) C:\Windows\system32\Drivers\nxusbh.sys
2017-03-10 22:56 - 2015-03-02 14:39 - 00010240 _____ (NoMachine) C:\Windows\system32\Drivers\nxusbs.sys
2017-03-10 22:56 - 2014-04-22 16:07 - 00017920 _____ (NoMachine) C:\Windows\system32\Drivers\nxaudio.sys
2017-03-10 21:01 - 2017-03-10 21:01 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\UltraVNC
2017-03-09 20:55 - 2017-03-09 20:55 - 00000000 ____D C:\Users\Kamil\Documents\Mirrors Edge Catalyst
2017-03-09 18:00 - 2017-03-09 18:00 - 00000919 _____ C:\Users\Kamil\Documents\recenzja plantronics komputronik.txt
2017-03-08 14:44 - 2017-03-08 14:44 - 00001585 _____ C:\Users\Kamil\Desktop\Steam Desktop Authenticator.lnk
2017-03-06 17:43 - 2017-03-06 17:43 - 00000000 ____D C:\Users\Kamil\AppData\Local\Splashtop
2017-03-06 17:40 - 2017-03-06 17:41 - 00000000 ____D C:\ProgramData\Splashtop
2017-03-06 17:40 - 2017-03-06 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
2017-03-06 17:40 - 2017-03-06 17:40 - 00000000 ____D C:\Program Files (x86)\Splashtop
2017-03-06 15:00 - 2017-03-25 16:00 - 00000783 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-03-05 18:18 - 2017-03-05 18:18 - 00001421 _____ C:\steamapps — skrót.lnk
2017-03-05 18:03 - 2017-03-06 14:41 - 00000000 ____D C:\Users\Kamil\AppData\Local\VMware
2017-03-05 18:03 - 2017-03-06 13:37 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\VMware
2017-03-05 18:01 - 2017-03-22 18:12 - 00000000 ____D C:\ProgramData\VMware
2017-03-05 18:01 - 2017-03-05 18:01 - 03512798 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-03-05 18:01 - 2017-03-05 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2017-03-05 18:01 - 2017-03-05 18:01 - 00000000 ____D C:\Program Files\Common Files\VMware
2017-03-05 18:01 - 2017-03-05 18:01 - 00000000 ____D C:\Program Files (x86)\VMware
2017-03-05 18:01 - 2016-10-21 08:47 - 01148488 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2017-03-05 18:01 - 2016-10-21 08:47 - 00366664 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2017-03-05 18:01 - 2016-10-21 08:46 - 00400968 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2017-03-05 18:01 - 2016-10-21 08:39 - 00088128 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2017-03-05 18:01 - 2016-10-21 08:39 - 00052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys
2017-03-05 18:01 - 2016-10-21 08:22 - 00066624 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2017-03-05 18:01 - 2016-10-21 08:22 - 00044096 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2017-03-05 18:01 - 2016-09-30 02:12 - 00091712 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2017-03-05 18:01 - 2016-09-30 02:12 - 00069104 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2017-03-05 18:01 - 2016-09-30 02:12 - 00065016 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2017-03-05 18:01 - 2016-09-06 19:48 - 00083008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2017-03-05 01:13 - 2017-03-05 01:21 - 00000132 _____ C:\Users\Kamil\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-03-05 00:21 - 2017-03-05 00:21 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\mpv
2017-03-04 04:54 - 2017-03-04 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch Test
2017-03-03 17:17 - 2017-03-11 04:25 - 00003106 _____ C:\Windows\System32\Tasks\Process Lasso Management Console (GUI)
2017-03-03 17:17 - 2017-03-11 04:25 - 00003096 _____ C:\Windows\System32\Tasks\Process Lasso Core Engine Only
2017-03-03 17:16 - 2017-03-29 00:17 - 00000000 ____D C:\ProgramData\ProcessLasso
2017-03-03 17:15 - 2017-03-11 04:27 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\ProcessLasso
2017-03-03 17:15 - 2017-03-11 04:27 - 00000000 ____D C:\Program Files\Process Lasso
2017-03-03 17:15 - 2017-03-03 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
2017-03-03 13:47 - 2017-03-10 16:02 - 00000000 ____D C:\Overwatch Test
2017-02-28 23:04 - 2017-03-05 02:10 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\obs-studio
2017-02-28 14:41 - 2017-02-28 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Encoder for OBS Studio
2017-02-27 18:40 - 2017-02-27 18:40 - 00000000 ____D C:\Users\Kamil\AppData\Local\Deployment
2017-02-27 18:40 - 2017-02-27 18:40 - 00000000 ____D C:\Users\Kamil\AppData\Local\Apps\2.0
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-29 00:40 - 2017-02-04 13:33 - 00000000 ____D C:\ProgramData\Adguard
2017-03-29 00:36 - 2016-11-17 22:50 - 00000000 ____D C:\Users\Kamil\AppData\Local\Battle.net
2017-03-29 00:17 - 2016-10-27 17:21 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-03-29 00:03 - 2016-10-27 18:19 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-28 21:36 - 2017-01-12 17:22 - 00000000 ____D C:\Overwatch
2017-03-28 18:37 - 2016-10-28 23:02 - 00002324 ____H C:\Users\Kamil\Documents\Default.rdp
2017-03-28 16:07 - 2016-11-15 17:44 - 00000000 ___RD C:\Users\Kamil\Desktop\Programy
2017-03-28 15:27 - 2016-12-05 14:59 - 00000000 ____D C:\Users\Kamil\AppData\LocalLow\Mozilla
2017-03-28 15:26 - 2016-12-05 15:01 - 00002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-28 15:26 - 2016-11-03 16:34 - 00000000 ____D C:\Users\Kamil\AppData\Local\CrashDumps
2017-03-28 15:25 - 2016-10-27 17:53 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-27 19:44 - 2016-11-21 19:28 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Audacity
2017-03-27 17:04 - 2016-11-07 14:55 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2017-03-27 16:49 - 2016-10-28 14:11 - 00000000 ____D C:\Users\Kamil\AppData\Local\Arduino15
2017-03-27 01:32 - 2016-11-17 22:48 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-26 19:41 - 2016-11-28 12:57 - 00010210 _____ C:\Users\Kamil\AppData\Local\dM550
2017-03-26 17:55 - 2017-02-11 15:20 - 00007620 _____ C:\Users\Kamil\AppData\Local\resmon.resmoncfg
2017-03-24 13:14 - 2016-10-27 17:24 - 00000000 ____D C:\Users\Kamil
2017-03-24 13:05 - 2016-11-07 12:53 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\qBittorrent
2017-03-24 12:45 - 2016-10-27 18:26 - 00003998 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1477585562
2017-03-24 12:45 - 2016-10-27 18:26 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-24 12:45 - 2016-10-27 18:25 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-24 12:12 - 2017-02-10 21:20 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2017-03-23 23:19 - 2016-10-30 16:17 - 00000000 ____D C:\osu!
2017-03-23 18:23 - 2017-02-09 11:37 - 00000000 ____D C:\AMD
2017-03-23 17:50 - 2017-01-10 00:45 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\foobar2000
2017-03-23 13:25 - 2017-02-02 15:30 - 00000000 ____D C:\Users\Kamil\AppData\Local\DisplayFusion
2017-03-22 21:41 - 2016-12-21 22:56 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\discord
2017-03-22 18:51 - 2016-11-23 18:05 - 00000000 ____D C:\Users\Public\Documents\Adobe
2017-03-22 18:51 - 2016-11-23 17:54 - 00000000 ____D C:\Users\Kamil\Documents\Adobe
2017-03-22 18:49 - 2016-11-23 17:44 - 00000000 ____D C:\Program Files\Adobe
2017-03-22 18:49 - 2016-10-27 17:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Adobe
2017-03-22 18:47 - 2016-11-25 16:45 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-03-22 18:17 - 2016-10-27 17:26 - 04001918 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-22 18:17 - 2016-07-17 00:05 - 01762760 _____ C:\Windows\system32\perfh015.dat
2017-03-22 18:17 - 2016-07-17 00:05 - 00478518 _____ C:\Windows\system32\perfc015.dat
2017-03-22 18:12 - 2017-02-04 13:33 - 00000000 ____D C:\Program Files (x86)\Adguard
2017-03-22 18:12 - 2016-10-27 17:54 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-03-22 18:12 - 2016-10-27 17:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-22 18:12 - 2016-07-16 08:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-03-22 18:08 - 2016-11-07 12:53 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2017-03-22 18:01 - 2016-11-06 13:57 - 00000000 ____D C:\ProgramData\Ashampoo
2017-03-22 17:04 - 2016-11-15 14:58 - 00000000 ____D C:\Program Files\Java
2017-03-20 16:20 - 2016-10-27 17:24 - 00000000 ____D C:\Users\Kamil\AppData\Local\VirtualStore
2017-03-20 15:58 - 2016-07-16 13:45 - 00000000 ____D C:\Windows\INF
2017-03-20 15:07 - 2016-07-16 13:47 - 00000000 ___SD C:\Windows\Downloaded Program Files
2017-03-16 18:21 - 2016-11-06 14:27 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\.minecraft
2017-03-12 11:01 - 2016-12-21 22:56 - 00000000 ____D C:\Users\Kamil\AppData\Local\Discord
2017-03-12 07:50 - 2016-11-14 19:56 - 00003022 __RSH C:\ProgramData\ntuser.pol
2017-03-12 07:49 - 2016-07-16 13:47 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-03-11 21:30 - 2017-01-12 00:13 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\HandBrake
2017-03-11 18:17 - 2016-07-16 13:43 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\nfscimprov.dll
2017-03-11 18:17 - 2016-07-16 13:43 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nfsrdr.sys
2017-03-11 18:17 - 2016-07-16 13:43 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\nfscommgmt.dll
2017-03-11 18:17 - 2016-07-16 13:43 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\nfsadmin.exe
2017-03-11 18:17 - 2016-07-16 13:43 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rpcxdr.sys
2017-03-11 18:17 - 2016-07-16 13:43 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\rpcinfo.exe
2017-03-11 18:17 - 2016-07-16 13:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\umount.exe
2017-03-11 18:17 - 2016-07-16 13:43 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\nfsclnt.exe
2017-03-11 18:17 - 2016-07-16 13:43 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\nfsnp.dll
2017-03-11 18:17 - 2016-07-16 13:43 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\mount.exe
2017-03-11 18:17 - 2016-07-16 13:43 - 00093510 _____ C:\Windows\system32\nfsmgmt.msc
2017-03-11 18:17 - 2016-07-16 13:43 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\showmount.exe
2017-03-11 18:17 - 2016-07-16 13:43 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\nfscprop.dll
2017-03-11 18:17 - 2016-07-16 13:43 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\nfsrc.dll
2017-03-11 18:17 - 2016-07-16 13:36 - 00000000 ____D C:\Windows\CbsTemp
2017-03-11 18:11 - 2016-10-27 23:06 - 00000000 ____D C:\Users\Kamil\AppData\Local\Vivaldi
2017-03-11 18:10 - 2016-12-05 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-11 18:08 - 2016-12-27 00:17 - 00000000 ____D C:\Users\Kamil\AppData\Local\FluxSoftware
2017-03-11 18:08 - 2016-12-05 15:00 - 00000000 ____D C:\Users\Kamil\AppData\Local\Google
2017-03-08 22:13 - 2016-11-16 02:48 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-03-07 03:12 - 2016-10-27 17:21 - 05043544 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-07 03:07 - 2016-10-27 20:36 - 00000000 ____D C:\Windows\system32\MRT
2017-03-07 03:05 - 2016-10-27 20:36 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-06 17:38 - 2017-01-10 00:37 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\vlc
2017-03-06 15:00 - 2016-11-06 20:35 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\TeamViewer
2017-03-05 00:25 - 2016-11-22 19:34 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\HexChat
2017-03-04 23:59 - 2016-10-28 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2017-03-04 23:36 - 2016-12-05 14:59 - 00000000 ____D C:\Users\Kamil\AppData\Local\Mozilla
2017-03-03 20:14 - 2016-12-01 13:21 - 00000000 ____D C:\Users\Kamil\.VirtualBox
2017-03-03 14:10 - 2016-07-16 13:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-02 17:30 - 2016-12-24 22:08 - 00000748 _____ C:\Users\Public\Desktop\Overwatch.lnk
2017-03-02 12:48 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-01 22:44 - 2017-01-03 10:46 - 00000000 __SHD C:\Users\Kamil\AppData\Local\lxss
2017-03-01 15:07 - 2016-07-16 13:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-28 22:43 - 2016-11-16 15:00 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\_obs-studio
2017-02-28 18:06 - 2016-11-16 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-02-28 14:45 - 2016-12-03 16:34 - 00000992 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-28 14:41 - 2016-11-16 14:41 - 00000000 ____D C:\Program Files (x86)\obs-studio
 
==================== Files in the root of some directories =======
 
2016-11-03 21:43 - 2016-11-03 21:43 - 21874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2017-03-05 01:13 - 2017-03-05 01:21 - 0000132 _____ () C:\Users\Kamil\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-11-18 16:17 - 2016-11-18 17:15 - 0000338 _____ () C:\Users\Kamil\AppData\Roaming\basic.ini
2016-11-28 12:51 - 2016-11-28 12:51 - 0000035 _____ () C:\Users\Kamil\AppData\Local\330E95B1
2017-01-06 20:16 - 2017-01-06 20:16 - 0000035 _____ () C:\Users\Kamil\AppData\Local\65C9CE5E
2016-11-28 12:57 - 2017-03-26 19:41 - 0010210 _____ () C:\Users\Kamil\AppData\Local\dM550
2017-02-21 21:12 - 2017-02-21 21:12 - 0000031 _____ () C:\Users\Kamil\AppData\Local\ekkccs
2016-11-15 22:01 - 2017-02-02 23:38 - 1307648 _____ () C:\Users\Kamil\AppData\Local\file__0.localstorage
2017-02-11 15:20 - 2017-03-26 17:55 - 0007620 _____ () C:\Users\Kamil\AppData\Local\resmon.resmoncfg
2017-02-04 13:33 - 2017-02-04 13:33 - 0000273 _____ () C:\ProgramData\fontcacheev1.dat
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
 
 
Some files in TEMP:
====================
2017-03-22 17:05 - 2017-03-22 17:05 - 0501318 _____ (Leading2Apps                                                ) C:\Users\Kamil\AppData\Local\Temp\5VIG7E2.exe
2017-03-22 17:03 - 2017-03-22 17:03 - 1850711 _____ () C:\Users\Kamil\AppData\Local\Temp\cpa.exe
2017-03-22 17:03 - 2017-03-22 17:03 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\Kamil\AppData\Local\Temp\fox.exe
2017-03-16 17:59 - 2017-03-16 17:59 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-1409432450459442093.dll
2017-02-05 20:53 - 2017-02-05 20:53 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-1479831947992304513.dll
2017-02-01 15:20 - 2017-02-01 15:20 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-1746988933896551976.dll
2017-03-24 19:07 - 2017-03-24 19:07 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3045220268993178214.dll
2017-02-01 19:06 - 2017-02-01 19:06 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-31270204293463020.dll
2017-03-20 08:13 - 2017-03-20 08:13 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3150225623553462976.dll
2017-03-13 13:52 - 2017-03-13 13:52 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3177618153642059782.dll
2017-03-15 18:53 - 2017-03-15 18:53 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3287323729577952511.dll
2017-03-11 14:07 - 2017-03-11 14:07 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3353519181720269585.dll
2017-02-02 16:50 - 2017-02-02 16:50 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3435835913299404161.dll
2017-03-15 19:35 - 2017-03-15 19:35 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3617739769266999222.dll
2017-02-05 00:47 - 2017-02-05 00:47 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-4137518519978669326.dll
2017-03-13 13:13 - 2017-03-13 13:13 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-4378492146681649808.dll
2017-02-04 01:15 - 2017-02-04 01:15 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-5326892182348902446.dll
2017-03-11 15:30 - 2017-03-11 15:30 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-6306762901013566247.dll
2017-01-30 00:50 - 2017-01-30 00:50 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-663287360271946064.dll
2017-03-15 18:37 - 2017-03-15 18:37 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-7309154871441500776.dll
2017-03-13 13:39 - 2017-03-13 13:39 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-775977161049445315.dll
2017-02-15 15:04 - 2017-02-15 15:04 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-7809453959299361496.dll
2017-03-11 16:16 - 2017-03-11 16:16 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-7981041923348423633.dll
2017-03-13 13:50 - 2017-03-13 13:50 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-8272468583016597149.dll
2017-02-04 01:20 - 2017-02-04 01:20 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-8680535282092752817.dll
2017-02-04 01:03 - 2017-02-04 01:03 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-8706281606965000702.dll
2017-01-31 14:28 - 2017-01-31 14:28 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-8861498799969908041.dll
2017-02-16 16:51 - 2017-02-16 16:51 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-94797009938302158.dll
2017-02-05 22:42 - 2017-02-19 21:43 - 0000000 _____ () C:\Users\Kamil\AppData\Local\Temp\JIntellitype.dll
2017-03-22 17:04 - 2017-03-22 17:04 - 0016384 _____ (DoxX) C:\Users\Kamil\AppData\Local\Temp\kube.exe
2017-03-22 17:04 - 2017-03-22 17:04 - 0459264 _____ (Win4you) C:\Users\Kamil\AppData\Local\Temp\Setup.exe
2017-02-10 21:20 - 2017-03-24 12:12 - 0192512 _____ () C:\Users\Kamil\AppData\Local\Temp\sfamcc00001.dll
2015-02-10 19:56 - 2015-02-10 19:56 - 0105984 _____ () C:\Users\Kamil\AppData\Local\Temp\sfextra.dll
2017-03-22 17:05 - 2017-03-22 17:04 - 1199825 _____ () C:\Users\Kamil\AppData\Local\Temp\unins000.exe
2017-03-22 17:04 - 2017-03-22 17:04 - 1247942 _____ (VideoBox                                                    ) C:\Users\Kamil\AppData\Local\Temp\vbsetup.exe
2017-02-03 12:58 - 2017-02-03 12:58 - 14773216 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Local\Temp\vcredist_x64.exe
2017-03-22 17:03 - 2017-03-22 17:03 - 0011446 _____ () C:\Users\Kamil\AppData\Local\Temp\wowrr.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
nointegritychecks: ==> "IntegrityChecks" is disabled. <===== ATTENTION
 
LastRegBack: 2017-02-28 19:08
 
==================== End of FRST.txt ============================

Additions.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Kamil (29-03-2017 00:40:24)
Running from C:\Program Files\FRST
Windows 10 Pro Version 1607 (X64) (2016-10-27 15:23:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4125575926-357873309-2165598990-500 - Administrator - Disabled)
Adrian (S-1-5-21-4125575926-357873309-2165598990-1003 - Limited - Enabled) => C:\Users\Adrian
defaultuser0 (S-1-5-21-4125575926-357873309-2165598990-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gość (S-1-5-21-4125575926-357873309-2165598990-501 - Limited - Disabled)
Kamil (S-1-5-21-4125575926-357873309-2165598990-1001 - Administrator - Enabled) => C:\Users\Kamil
Konto domyślne (S-1-5-21-4125575926-357873309-2165598990-503 - Limited - Disabled)
Sieciowe (S-1-5-21-4125575926-357873309-2165598990-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3RVX (HKLM-x32\...\{400A8514-5440-410A-B318-44061BD7EE8E}) (Version: 2.9.2.0 - Matthew Malensek)
4K Video Downloader 4.2 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.2.1.2185 - Open Media LLC)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adguard (HKLM-x32\...\{40cda39c-10b3-45eb-ab10-eefe31c90933}) (Version: 6.1.312.1629 - Performix LLC)
Adguard (x32 Version: 6.1.312.1629 - Performix LLC) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_2) (Version: 10.0.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
AMD Encoder for OBS Studio version 1.9.9.6 (HKLM-x32\...\{FD6676CE-0580-4B34-9DB4-4879A0BEB31D}_is1) (Version: 1.9.9.6 - Xaymars Technology Workshop)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.12 - Arduino LLC)
Ashampoo Burning Studio 18 (HKLM-x32\...\{91B33C97-AF35-C3DC-976E-8A253D817482}_is1) (Version: 18.0.0 - Ashampoo GmbH & Co. KG)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Audition (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
AviSynth+ 0.1.0 r2294 (HKLM-x32\...\{AC78780F-BACA-4805-8D4F-AE1B52B7E7D3}_is1) (Version: 0.1.0.2294 - The Public)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6521 - CDBurnerXP)
CDCheck (HKLM-x32\...\CDCheck) (Version:  - )
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
CPUID CPU-Z OC Formula 1.77 (HKLM\...\CPUID CPU-Z OC Formula_is1) (Version: 1.77 - CPUID, Inc.)
CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CrystalDiskInfo 7.0.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.2 - Crystal Dew World)
CSVed 2.4 (HKLM-x32\...\CSVed_is1) (Version: 2.4 - Sam Francke)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Discord (HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 2.5 - DiskInternals Research)
DisplayFusion 8.1.2 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 8.1.2.0 - Binary Fortress Software)
EaseUS Partition Master 11.9 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
Exact Audio Copy 1.3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.3 - Andre Wiethoff)
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.60 - FileZilla Project)
foobar2000 v1.3.14 (HKLM-x32\...\foobar2000) (Version: 1.3.14 - Peter Pawlowski)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version:  - FreeDownloadManager.ORG)
Free YouTube Uploader (HKLM-x32\...\Free YouTube Uploader_is1) (Version: 4.0.66.1027 - Digital Wave Ltd)
GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version:  - Ryan Gregg)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HandBrake 1.0.1 (HKLM-x32\...\HandBrake) (Version: 1.0.1 - )
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.3 - HexChat)
i18n-editor version 1.0.0 (HKLM\...\{16A49296-8A8D-4BDA-A743-5F1BF02953D5}_is1) (Version: 1.0.0 - JvMs Software)
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: * - LTR Data)
ioquake3 (HKLM-x32\...\ioquake3) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 8 Update 121 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180121}) (Version: 8.0.1210.13 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LastPass (tylko odinstaluj) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.8 - Hermann Schinagl)
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version:  - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.2.1549 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes (wersja 3.0.6.1469) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MediaInfo 0.7.90 (HKLM\...\MediaInfo) (Version: 0.7.90 - MediaArea.net)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 z dodatkiem Targeting Pack (Polski) (HKLM-x32\...\{EDC3FD45-C9CE-483F-8013-D18C69EF3F85}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4125575926-357873309-2165598990-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908924\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4125575926-357873309-2165598990-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913886\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MKVToolNix 9.7.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 9.7.1 - Moritz Bunkus)
MPC-HC 1.7.10 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team)
Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2 - Notepad++ Team)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.0 - OBS Project)
obs-websocket version 0.3.2 (HKLM-x32\...\{117EE44F-48E1-49E5-A381-CC8D9195CF35}_is1) (Version: 0.3.2 - Stéphane Lepin)
Open Capture and Analytics Tool (HKLM-x32\...\{13b9a7c3-d6fe-4a6a-9695-f97fd8fac162}) (Version: 0.9.9.0 - Daniel Suttor)
Open Capture and Analytics Tool 0.9.9.0 (x32 Version: 0.9.9.0 - Daniel Suttor) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 44.0.2510.857 (HKLM-x32\...\Opera 44.0.2510.857) (Version: 44.0.2510.857 - Opera Software)
Oprogramowanie mikroukładu Intel® (x32 Version: 10.1.1.14 - Intel® Corporation) Hidden
Oracle VM VirtualBox 5.1.10 (HKLM\...\{57682F33-488A-4065-8255-C3681A2B6F4E}) (Version: 5.1.10 - Oracle Corporation)
osu! (HKLM-x32\...\{9ebc7a8e-41d9-4949-8ddb-5828462cf703}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Pakiet sterowników systemu Windows - Broadcom Corporation (bcbtums) Bluetooth  (07/14/2015 12.0.1.658) (HKLM\...\BABE4E18F2E0DA329C1139E5584082BBE6F64E5F) (Version: 07/14/2015 12.0.1.658 - Broadcom Corporation)
Pakiet sterowników systemu Windows - Intel Corporation (iaStorA) HDC  (05/22/2015 12.8.20.1002) (HKLM\...\07E94F3EC342B4669A70C695F573EA362DCFE858) (Version: 05/22/2015 12.8.20.1002 - Intel Corporation)
Paragon Hard Disk Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 9.0.0.197 Beta - Bitsum)
Python 2.7.13 (HKLM-x32\...\{4A656C6C-D24A-473F-9747-3A8D00907A03}) (Version: 2.7.13150 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
qBittorrent 3.3.11 (HKLM-x32\...\qBittorrent) (Version: 3.3.11 - The qBittorrent project)
QuickGamma 4.0.0.2 (HKLM-x32\...\QuickGamma_is1) (Version: 4.0.0.2 - Eberhard Werle)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Recovery Toolbox for CD Free 2.2 (HKLM-x32\...\Recovery Toolbox for CD Free_is1) (Version:  - Recovery Toolbox, Inc.)
Remote System Monitor Server (HKLM-x32\...\RSMS) (Version: 2.0.3 - TRIGONE)
RivaTuner Statistics Server 6.5.1 (HKLM-x32\...\RTSS) (Version: 6.5.1 - Unwinder)
SDK Debuggers (HKLM-x32\...\{FDA61F6D-E5AC-8EDB-189A-F8CAE260D273}) (Version: 10.1.10586.15 - Microsoft Corporation)
Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.12.0.19 - GOG.com)
SoliCall Pro (HKLM-x32\...\SoliCall Pro) (Version:  - SoliCall)
Sound Blaster X-Fi (HKLM-x32\...\{0282C872-4B44-444B-9818-54FBD7D50ECD}) (Version: 1.0 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Splashtop Personal (HKLM-x32\...\{E7CF0F14-8C1D-41F3-85ED-579C108262C7}) (Version: 2.6.4.0 - Splashtop Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
StartIsBack++ (HKLM-x32\...\StartIsBack) (Version: 1.3.4 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Street Fighter V (HKLM-x32\...\Street Fighter V_is1) (Version:  - )
Synergy (64-bit) (HKLM\...\{C97665B7-4322-42B9-8D27-7B0C80299F93}) (Version: 1.8.6 - Symless Ltd)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TightVNC (HKLM\...\{8B9896FC-B4F2-44CD-8B6E-78A0B1851B59}) (Version: 2.8.5.0 - GlavSoft LLC.)
TruckersMP Launcher 1.0.0.1 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.1 - TruckersMP Team)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.4.1 - Unified Intents AB)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.) <==== ATTENTION
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0415-1000-0000000FF1CE}_Office15.PROPLUS_{67847964-08E2-4A8F-B09D-B08D5CE69250}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3161988) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E1C47F57-5CCA-4077-96A6-7BFD2A026ECD}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3161988) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E1C47F57-5CCA-4077-96A6-7BFD2A026ECD}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3161988) 64-Bit Edition (HKLM\...\{90150000-012B-0415-1000-0000000FF1CE}_Office15.PROPLUS_{E1C47F57-5CCA-4077-96A6-7BFD2A026ECD}) (Version:  - Microsoft)
Update_msi (HKLM-x32\...\{59B5A9CD-253D-4C41-A073-B387D4C9672D}) (Version: 1.0.0 - Default Company Name)
Uplay (HKLM-x32\...\Uplay) (Version: 25.0 - Ubisoft)
VapourSynth/AVISynth File System Support Package (HKLM\...\pfm-license-vapoursynth.txt) (Version:  - )
Virtual Audio Cable 4.15 (HKLM\...\Virtual Audio Cable 4.15) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Player (HKLM\...\{646FD2AF-74E5-462C-82EE-1860DD252BF6}) (Version: 12.5.1 - VMware, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-4) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (Version: 1.0.37.0 - LunarG, Inc.) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.940 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\WinDirStat) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\WinDirStat) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\WinDirStat) (Version:  - )
Windows SDK AddOn (HKLM-x32\...\{45D392D2-5956-4646-9CA6-83CBF67507B6}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM-x32\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)
WinSnare (HKLM-x32\...\{10CB3D4C-21FB-43AA-B191-AF187522EEE8}) (Version: 4.4.0 - WinSnare) <==== ATTENTION
WiX Toolset v3.8 Core (x32 Version: 3.8.1128.0 - Outercurve Foundation) Hidden
WiX Toolset v3.8 Managed SDK (x32 Version: 3.8.1128.0 - Outercurve Foundation) Hidden
WiX Toolset v3.8 X64 (Version: 3.8.1128.0 - Outercurve Foundation) Hidden
WiX Toolset v3.8.1128.0 (HKLM-x32\...\{a9ee4e53-3e8c-4c6e-8183-a108d2f12a8e}) (Version: 3.8.1128.0 - Outercurve Foundation)
X64 Debuggers And Tools (HKLM\...\{70DF4503-3D36-6EFD-F79C-4A7E74B21B43}) (Version: 10.1.14393.0 - Microsoft Corporation)
XMedia Recode (wersja 3.3.5.8) (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.3.5.8 - XMedia Recode)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net)
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D7AE887-2D02-4C29-B1E7-8E1AAB6E26AE} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-03-27] ()
Task: {14096328-F103-464B-A54E-419377937A3E} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => R:\Pliki programów (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe 
Task: {14FC8C3A-3497-4E6F-AB1D-55E912F01B04} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {1504799E-6356-4C35-B189-3931EE4588E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {15104F68-C09F-4A27-A8BF-408126E83F11} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {1C738B67-285C-4B2F-90B3-EF0A345E23E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-05] (Google Inc.)
Task: {22AD5DCE-2202-4C77-B2F7-37363EE374A5} - \Ghovucultliviied -> No File <==== ATTENTION
Task: {252C4E0E-B841-405E-BA0C-6B74CED0310A} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe 
Task: {2A04BEA9-48E4-47FC-A383-F5619E557ABB} - \Microsoft\Windows\Media Center\RegisterObject -> No File <==== ATTENTION
Task: {300A8FFF-EBA4-4471-A994-3FFDC81B38F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {360D9EDB-F4A4-4D44-9C46-AFAA354771F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-05] (Google Inc.)
Task: {3C667A0F-C507-41E5-924F-21A0CABFE36A} - System32\Tasks\StartIsBack health check => C:\Program Files (x86)\StartIsBack\startscreen.exe [2016-10-09] (www.startisback.com)
Task: {3F2383D1-B8FA-4F37-A284-9F5C7488F71B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-02-10] (Advanced Micro Devices, Inc.)
Task: {5D680E45-84C0-4197-A631-0C70B28CAE9E} - \FreeDownloadManagerNetworkMonitor -> No File <==== ATTENTION
Task: {5D816150-E148-4DFA-B157-A6C44E6339D9} - System32\Tasks\Sapphire TRIXX => C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe 
Task: {5E36C68F-C05F-4E53-9758-008FD0AB51E6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {703DF4B2-F5C1-40D7-AE19-4F4711B0F079} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {79F6B15C-C894-412D-B7BA-E9268DB74ED0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-30] (AVAST Software)
Task: {BB43F681-8015-4142-97D3-C89E7D3BCF4B} - System32\Tasks\D3DGearRawFrameCaptureTask => C:\PROGRA~1\D3DGear\d3dGear.exe 
Task: {CD197606-893C-403E-A20F-631E1B9D3CAC} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [2017-03-10] (Bitsum LLC)
Task: {CDCA9BEA-F24E-4C21-87CF-447430C66E04} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {CE54E068-8D15-469C-A04A-95696D9F1813} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-25] (Adobe Systems Incorporated)
Task: {CF264A24-D176-4454-8F10-548145AF559E} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe 
Task: {D1B285E7-8A02-47E6-91BF-1DF75EB7BE28} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {E53B98C0-CF03-4B1E-9426-ED23FAAC3744} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {F1E8482E-A7B1-4507-B71D-59A89572A4E9} - \DriverPack Notifier -> No File <==== ATTENTION
Task: {F2E284FE-B410-4522-8EC9-63C5522A6A0E} - System32\Tasks\Opera scheduled Autoupdate 1477585562 => C:\Program Files (x86)\Opera\launcher.exe [2017-03-21] (Opera Software)
Task: {F67B7E5F-FE72-4B20-AB3D-9FBC75982A50} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2017-03-10] (Bitsum LLC)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Kamil\Desktop\Programy\Google Chrome.lnk -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension\Donate.lnk -> hxxp://schinagl.priv.at/nt/hardlinkshellext/linkshellextension.htm
Shortcut: C:\Users\Kamil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-02-06 06:11 - 2016-12-09 12:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-12 18:05 - 2016-12-12 18:05 - 00307880 _____ () C:\Program Files\Synergy\synergyd.exe
2017-02-06 06:11 - 2016-12-09 12:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-10-25 10:57 - 2016-10-25 10:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-10-28 18:00 - 2016-10-28 18:00 - 01864384 _____ () C:\Users\Kamil\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2016-10-27 20:35 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-02-06 06:11 - 2016-12-21 09:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-06 06:11 - 2016-12-21 09:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-02-06 06:10 - 2016-12-21 08:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-02-06 06:10 - 2016-12-21 08:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-06 06:10 - 2016-12-21 08:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-02-06 06:10 - 2016-12-21 08:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-02-06 06:10 - 2016-12-21 08:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-29 20:13 - 2016-06-29 20:13 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-06-29 20:13 - 2016-06-29 20:13 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-29 20:13 - 2016-06-29 20:13 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-06-29 20:13 - 2016-06-29 20:13 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-06-29 20:13 - 2016-06-29 20:13 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-06-29 20:13 - 2016-06-29 20:13 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-06-29 20:13 - 2016-06-29 20:13 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-03-27 01:24 - 2017-03-27 01:24 - 01477096 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net Helper.exe
2017-03-28 15:26 - 2017-03-28 11:44 - 00108720 _____ () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
2017-02-07 14:25 - 2017-02-07 14:25 - 01415952 _____ () C:\Program Files (x86)\Adguard\AdguardNetApi.DLL
2017-02-07 14:25 - 2017-02-07 14:25 - 00142096 _____ () C:\Program Files (x86)\Adguard\AdguardNetLib.DLL
2017-03-20 14:52 - 2015-12-19 14:03 - 00002560 _____ () C:\Windows\system32\CTXFIRES.DLL
2016-10-27 18:22 - 2017-03-10 02:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-10-27 18:22 - 2016-09-01 03:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-10-27 18:22 - 2017-03-23 02:52 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2016-10-27 18:22 - 2016-09-01 03:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-10-27 18:22 - 2016-09-01 03:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-10-27 18:22 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-10-27 18:22 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-10-27 18:22 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-10-27 18:22 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-10-27 18:22 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-10-27 18:22 - 2017-03-23 02:52 - 00839456 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-10-27 18:22 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-28 18:00 - 2016-10-28 18:00 - 01383616 _____ () C:\Users\Kamil\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-12-13 07:27 - 2017-01-30 23:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-10-27 18:22 - 2017-03-23 02:52 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-10-27 18:22 - 2015-09-25 01:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-03-27 01:24 - 2017-03-27 01:25 - 55758824 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libcef.dll
2017-03-27 01:25 - 2017-03-27 01:25 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\ortp.dll
2017-03-27 01:25 - 2017-03-27 01:25 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libEGL.dll
2017-03-27 01:25 - 2017-03-27 01:25 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libGLESv2.dll
2017-03-27 01:25 - 2017-03-27 01:25 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libglesv2.dll
2017-03-27 01:25 - 2017-03-27 01:25 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libegl.dll
2016-11-19 23:39 - 2014-07-17 20:31 - 03502080 _____ () C:\Program Files (x86)\ffdshow\ffdshow.ax
2017-03-28 15:25 - 2017-03-28 04:48 - 00105984 _____ () c:\programdata\package cache\{2a002f88-fd5d-379b-a350-a25d84af128b}v14.0.25420\packages\visualc_d14\vc_ide.base\vc_ide_base.dll
2017-03-28 15:25 - 2017-03-28 04:48 - 00105984 _____ () C:\ProgramData\Package Cache\{2A002F88-FD5D-379B-A350-A25D84AF128B}v14.0.25420\packages\VisualC_D14\VC_IDE.Base\VC_IDE_Base.dll
2017-02-06 06:11 - 2016-12-09 12:29 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
2017-03-24 12:45 - 2017-03-24 12:45 - 63944280 _____ () C:\Program Files (x86)\Opera\44.0.2510.857\opera_browser.dll
2017-03-24 12:45 - 2017-03-24 12:45 - 00178776 _____ () C:\Program Files (x86)\Opera\44.0.2510.857\message_center_win8.dll
2017-03-24 12:45 - 2017-03-24 12:45 - 02101336 _____ () C:\Program Files (x86)\Opera\44.0.2510.857\libglesv2.dll
2017-03-24 12:45 - 2017-03-24 12:45 - 00087128 _____ () C:\Program Files (x86)\Opera\44.0.2510.857\libegl.dll
2017-02-02 22:37 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\Kamil\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-02-02 22:37 - 2017-02-02 22:37 - 01082880 _____ () \\?\C:\Users\Kamil\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-02-02 22:37 - 2017-02-02 22:37 - 03750400 _____ () \\?\C:\Users\Kamil\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-02-02 22:37 - 2017-02-02 22:37 - 00914432 _____ () \\?\C:\Users\Kamil\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-02-02 22:37 - 2017-02-02 22:37 - 01127424 _____ () \\?\C:\Users\Kamil\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-02-02 22:37 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\Kamil\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-02-02 22:37 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\Kamil\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-03-12 11:02 - 2017-03-12 11:02 - 00148992 _____ () \\?\C:\Users\Kamil\AppData\Local\Discord\app-0.0.297\resources\app\node_modules\erlpack\build\Release\erlpack.node
2017-02-02 22:37 - 2017-02-02 22:37 - 02658304 _____ () \\?\C:\Users\Kamil\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-02-02 22:39 - 2017-03-22 21:41 - 02665976 _____ () \\?\C:\Users\Kamil\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 13:47 - 2017-03-22 18:01 - 00000888 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 v1.ff.avast.com 
127.0.0.1 vlcproxy.ff.avast.com 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908548\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913081\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908576\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913099\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4125575926-357873309-2165598990-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908603\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4125575926-357873309-2165598990-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913119\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kamil\AppData\Local\DisplayFusion\Wallpaper_1.png
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\Control Panel\Desktop\\Wallpaper -> C:\Users\Kamil\AppData\Local\DisplayFusion\Wallpaper_1.png
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\Control Panel\Desktop\\Wallpaper -> C:\Users\Kamil\AppData\Local\DisplayFusion\Wallpaper_1.png
HKU\S-1-5-21-4125575926-357873309-2165598990-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908924\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4125575926-357873309-2165598990-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913886\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Blackmagic CheckVersion"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "DriverPack Notifier"
HKLM\...\StartupApproved\Run32: => "P17RunE"
HKLM\...\StartupApproved\Run32: => "SoliCallPro"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartupApproved\Run: => "thebat_startup"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartupApproved\Run: => "Unified Remote V3"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartupApproved\Run: => "LZQ2IBR9D2"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartupApproved\Run: => "XT4Z0AMNGL"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartupApproved\Run: => "J'FE-hPh0K.exe"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartupApproved\Run: => "thebat_startup"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartupApproved\Run: => "Unified Remote V3"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartupApproved\Run: => "LZQ2IBR9D2"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartupApproved\Run: => "XT4Z0AMNGL"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartupApproved\Run: => "J'FE-hPh0K.exe"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartupApproved\Run: => "thebat_startup"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartupApproved\Run: => "Unified Remote V3"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartupApproved\Run: => "LZQ2IBR9D2"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartupApproved\Run: => "XT4Z0AMNGL"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartupApproved\Run: => "J'FE-hPh0K.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{00375B54-9C30-460F-81A6-1BA0BC831BC6}H:\snappy\sdi_x64_r496.exe] => (Allow) H:\snappy\sdi_x64_r496.exe
FirewallRules: [UDP Query User{7F0BF07C-0F4B-4EB3-A112-F8DD7E3F9FBF}H:\snappy\sdi_x64_r496.exe] => (Allow) H:\snappy\sdi_x64_r496.exe
FirewallRules: [{465C99A3-E57E-4817-82D4-472F5D803114}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60197782-635C-464E-8556-0C5CAD9814DB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{08B18AEE-40D8-492E-AA2B-EA3C62D97818}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{577DF9D7-36BB-4317-BB6A-F04D58750374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{88C08E7C-8EAF-4B7F-AE10-99D083708619}] => (Allow) C:\Grand Theft Auto V\GTA5.exe
FirewallRules: [{0535EF8B-FED6-44FF-8793-EA24F3E8BABD}] => (Allow) C:\Grand Theft Auto V\GTA5.exe
FirewallRules: [TCP Query User{851628C4-E4AD-4151-B1B0-A5A613081556}C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{B198C4BC-CEF4-4C09-B061-6FB198D74BCC}C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{11012ADA-6E84-48C5-A06D-678B63CB6EB3}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{E3FD0785-E55D-4FCB-BD6F-C7A3F081592B}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{C254D19F-0075-4569-9756-B9325C6ED6C7}] => (Allow) R:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{66B55066-55C0-409C-86F2-A27D7C46138B}] => (Allow) R:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4B2CD67D-7E85-4E5D-8983-A7A2F46CFC81}] => (Allow) R:\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{F42FC02C-0005-4F47-8844-C4F1B1ED78AD}] => (Allow) R:\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{B086F0E3-1366-4C76-8D10-A0488F544D48}C:\counter strike global offensive warzone\csgo.exe] => (Allow) C:\counter strike global offensive warzone\csgo.exe
FirewallRules: [UDP Query User{CC5CFC16-26F3-4097-97AD-E87DD6913AD9}C:\counter strike global offensive warzone\csgo.exe] => (Allow) C:\counter strike global offensive warzone\csgo.exe
FirewallRules: [{4B4FA2F3-B60A-4FC9-BD96-FA7B5A6D9581}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{9EFA74A4-2BCF-41C1-8376-852AC14B2C6E}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{CA9BC7E3-1BF9-4903-BD7A-45A43906C442}] => (Allow) C:\Windows\system32\wwahost.exe
FirewallRules: [{2B45FAA6-F32C-47D8-9A31-CE10B5579EDF}] => (Block) %ProgramFiles% (x86)\EaseUS\EaseUS Partition Master 11.9\bin\Main.exe
FirewallRules: [{47152138-FEB0-4D80-B81E-1A225649C8DE}] => (Block) %ProgramFiles% (x86)\EaseUS\EaseUS Partition Master 11.9\bin\Main.exe
FirewallRules: [{4B76F9E2-0F4B-4038-9B62-74779A2524F4}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{0E770972-BB29-41AE-9665-511390327E3C}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [TCP Query User{3D26A53F-FD13-43AD-B53E-5B632FC0F1C7}C:\program files\mpc-hc\mpc-hc64.exe] => (Allow) C:\program files\mpc-hc\mpc-hc64.exe
FirewallRules: [UDP Query User{3D527497-6D10-4316-B39E-6D43E3698627}C:\program files\mpc-hc\mpc-hc64.exe] => (Allow) C:\program files\mpc-hc\mpc-hc64.exe
FirewallRules: [TCP Query User{D63D1DB5-E7A5-44A7-8A26-3D26FF9533AD}R:\game files\counter strike global offensive warzone\csgo.exe] => (Allow) R:\game files\counter strike global offensive warzone\csgo.exe
FirewallRules: [UDP Query User{6EAC0ED3-9990-4569-8904-17DF0E83D8DF}R:\game files\counter strike global offensive warzone\csgo.exe] => (Allow) R:\game files\counter strike global offensive warzone\csgo.exe
FirewallRules: [{94EA7330-7660-47E6-AC5F-75D9DA33AC08}] => (Allow) R:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{EC12DFE7-BBC6-49A1-8211-B65348E4965A}] => (Allow) R:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{6579508A-1ABF-44E6-A4D3-E492D903DCF5}] => (Allow) R:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{32BBF0D0-7347-45C7-A382-A74FD8DC41B0}] => (Allow) R:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [TCP Query User{FF5AF3B3-302B-4796-8232-CECB9C586802}R:\game files\cs1.6_szkolny\cstrike.exe] => (Allow) R:\game files\cs1.6_szkolny\cstrike.exe
FirewallRules: [UDP Query User{D903205A-64EE-43C7-AF64-15BE759980A7}R:\game files\cs1.6_szkolny\cstrike.exe] => (Allow) R:\game files\cs1.6_szkolny\cstrike.exe
FirewallRules: [TCP Query User{18F6E71A-EDFD-45B8-AF0B-531D209FF8E7}R:\steam\steamapps\common\half-life\hl.exe] => (Allow) R:\steam\steamapps\common\half-life\hl.exe
FirewallRules: [UDP Query User{D52C7693-F075-4382-BCB0-E763552F1E3E}R:\steam\steamapps\common\half-life\hl.exe] => (Allow) R:\steam\steamapps\common\half-life\hl.exe
FirewallRules: [TCP Query User{849FC420-E145-477C-9762-C354724E2461}C:\smartpixel\bin\smartpixel.exe] => (Allow) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [UDP Query User{1328C3F2-4839-46D4-9D82-9A0E544A46C3}C:\smartpixel\bin\smartpixel.exe] => (Allow) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [TCP Query User{C2A0ACB0-C288-4954-B987-0D8DD642E6BC}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7CCDC4A9-0345-449C-9117-737734558C72}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{ED45A79D-6CA1-4329-8C93-5968FDFD1BF4}C:\program files\java\jre1.8.0_112\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_112\bin\javaw.exe
FirewallRules: [UDP Query User{0FE42E93-F20E-4364-975B-5A8244E0D8D8}C:\program files\java\jre1.8.0_112\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_112\bin\javaw.exe
FirewallRules: [TCP Query User{B64AA2C3-A179-4B77-97CB-77702C0504F6}C:\program files (x86)\mirillis\action!\action.exe] => (Allow) C:\program files (x86)\mirillis\action!\action.exe
FirewallRules: [UDP Query User{1648F377-A0F0-4D58-A79A-A22C132C147C}C:\program files (x86)\mirillis\action!\action.exe] => (Allow) C:\program files (x86)\mirillis\action!\action.exe
FirewallRules: [TCP Query User{161EE333-0FB8-4149-B3D9-1005ADCF16C1}C:\program files (x86)\overwatch\overwatch.exe] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{3CF7DBED-3EB2-4F53-8EEC-0F440D50EEFD}C:\program files (x86)\overwatch\overwatch.exe] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{2750EF9E-E4F7-492E-A61A-FDE7DFDDF96B}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{C2779471-5EA6-43E5-BE31-C77C84FA6324}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [TCP Query User{7206BE4F-0C0E-4227-9E76-AFE63AC57BDF}C:\program files (x86)\mpc-hc\mpc-hc.exe] => (Allow) C:\program files (x86)\mpc-hc\mpc-hc.exe
FirewallRules: [UDP Query User{3A0900C7-95DD-427A-ACAA-64CD27753B20}C:\program files (x86)\mpc-hc\mpc-hc.exe] => (Allow) C:\program files (x86)\mpc-hc\mpc-hc.exe
FirewallRules: [{7CA57CC7-8891-490C-BF19-D44A46DADD53}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CS6\Adobe Premiere Pro.exe
FirewallRules: [{D1744A92-13AD-4679-84CA-587B360581A9}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{E014E65F-03F2-4058-8B16-19A54829230F}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{1573374F-E4ED-4332-8D61-144A91F22143}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CS6\Adobe Premiere Pro.exe
FirewallRules: [{0CA7DD8B-D9DC-48C7-B5FB-1ECDF04B8341}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{B6AB5FBB-B3A2-4123-AAC8-A668F3CE0540}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{E9A71DD7-2F27-4992-A684-498820EDC32A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{14AAF30D-1671-4D35-B788-5A3A84FF3B8A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{AD78602B-BF5B-42CE-8F5C-111429D741B2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{823D6F81-3D58-4DCA-B294-74ED8B543B61}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{1D400EEB-6072-42D2-8F96-8AED57525309}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{72EB0C9C-3A12-46A5-8920-406BDF6B782B}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [TCP Query User{D2BFDB99-D2F4-4F8A-AF72-734ECB155C61}V:\gry portable\cs 1.6\cstrike.exe] => (Allow) V:\gry portable\cs 1.6\cstrike.exe
FirewallRules: [UDP Query User{32CE15B9-1892-4659-963E-A0680C95654D}V:\gry portable\cs 1.6\cstrike.exe] => (Allow) V:\gry portable\cs 1.6\cstrike.exe
FirewallRules: [TCP Query User{D20BE294-8D57-4267-B7B0-AA894EA30A20}R:\snappy\sdi_x64_r496.exe] => (Allow) R:\snappy\sdi_x64_r496.exe
FirewallRules: [UDP Query User{C96B62DE-31B3-4418-8689-082DE372FCDC}R:\snappy\sdi_x64_r496.exe] => (Allow) R:\snappy\sdi_x64_r496.exe
FirewallRules: [TCP Query User{E803DC84-D4FD-49BF-8838-7953310640FD}R:\snappy\sdi_x64_r524.exe] => (Allow) R:\snappy\sdi_x64_r524.exe
FirewallRules: [UDP Query User{F1B1FF12-F266-46D8-9FDA-D535795B3ACC}R:\snappy\sdi_x64_r524.exe] => (Allow) R:\snappy\sdi_x64_r524.exe
FirewallRules: [TCP Query User{914F3625-E57D-4397-B5E0-A06265D48600}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [UDP Query User{3BD085E6-C002-40AF-94ED-792E168ECA33}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{AF475B01-950B-499B-9686-C767A760B442}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{78200914-24A5-4510-8810-9B506CF3BE51}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{BAF1C1A8-A150-4A51-A7DC-87C13F985CFA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{80785539-FC31-4A3F-8775-303DD4EFFDD4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9542EDCC-4D2D-40E3-A278-9CF9A03C7515}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{39833FCD-9906-4380-98C8-5A46DDEEBB64}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{803F0239-5C33-4C5A-9EEA-B6AEAEE4F89E}R:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe] => (Allow) R:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe
FirewallRules: [UDP Query User{95603FC0-DC7E-4C50-86D0-291F2E60803A}R:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe] => (Allow) R:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe
FirewallRules: [{6DDB039D-5E7E-465C-A8A1-41942D642E8D}] => (Allow) R:\Steam\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{225623FF-DD4D-4045-BE8A-424934875CC0}] => (Allow) R:\Steam\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{1B2F4FD8-8CC1-47CD-ABD0-5BD32D03FEC5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2A0A65A7-6F49-40AA-A113-568D65270953}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C79DD99A-2F35-4C4D-BFE1-B522AD2C8BF4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D6A559EC-46A9-4DFD-82FB-A64EB99DA46B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9B25697E-6F8B-42D0-80BA-C3F47759F106}] => (Allow) C:\Program Files\Synergy\synergys.exe
FirewallRules: [{4BB5A393-1CD8-4483-BC11-8E7299CF9D43}] => (Allow) R:\Steam\steamapps\common\Audiosurf 2\Audiosurf2.exe
FirewallRules: [{4AB9744E-4EEC-4017-A68C-4CB5C13A9573}] => (Allow) R:\Steam\steamapps\common\Audiosurf 2\Audiosurf2.exe
FirewallRules: [TCP Query User{7380F669-F25C-42C7-9954-D3394B6F2431}R:\game files\overwatch\overwatch.exe] => (Allow) R:\game files\overwatch\overwatch.exe
FirewallRules: [UDP Query User{22029250-EF06-407A-BDE0-2F06C2E497A2}R:\game files\overwatch\overwatch.exe] => (Allow) R:\game files\overwatch\overwatch.exe
FirewallRules: [TCP Query User{C16D406E-BC2C-4B29-8C2F-8B8F9514AA5F}R:\game files\grand theft auto v\gta5.exe] => (Allow) R:\game files\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{ECAD77E3-FF09-414D-9D65-A108D6E6FF21}R:\game files\grand theft auto v\gta5.exe] => (Allow) R:\game files\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{59D522D4-E5DF-4CA2-8A93-2F33B92C81E8}R:\snappy\sdi_x64_r526.exe] => (Allow) R:\snappy\sdi_x64_r526.exe
FirewallRules: [UDP Query User{5BE579FF-EE81-408E-AB99-F602EFB1130E}R:\snappy\sdi_x64_r526.exe] => (Allow) R:\snappy\sdi_x64_r526.exe
FirewallRules: [TCP Query User{2B52B8EE-2ADE-4100-BBC5-B0A4331D9716}C:\users\kamil\appdata\local\temp\bluetooth window\win64\btserverspylite.exe] => (Allow) C:\users\kamil\appdata\local\temp\bluetooth window\win64\btserverspylite.exe
FirewallRules: [UDP Query User{08CF27F8-140B-41A0-B75B-431649D52076}C:\users\kamil\appdata\local\temp\bluetooth window\win64\btserverspylite.exe] => (Allow) C:\users\kamil\appdata\local\temp\bluetooth window\win64\btserverspylite.exe
FirewallRules: [{B53D00CF-547B-40FD-958E-582C4BAE7DA9}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{BD1FA13C-149B-49E2-8252-DD281B90EF18}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [TCP Query User{0A9F4092-74A6-4CB0-87C0-E8FEA11E3B3E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{B1600005-8B30-4789-8517-8EACC14D14AF}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{D30C7D1E-DCB3-49BA-9C16-8594281D8D31}C:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) C:\program files (x86)\foobar2000\foobar2000.exe
FirewallRules: [UDP Query User{4395749E-9D5C-4652-8E30-37BB9CD2FC52}C:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) C:\program files (x86)\foobar2000\foobar2000.exe
FirewallRules: [TCP Query User{9A912FD7-A451-4154-8463-DC6DE6C9A388}C:\program files (x86)\airfoil\airfoil.exe] => (Allow) C:\program files (x86)\airfoil\airfoil.exe
FirewallRules: [UDP Query User{B2943420-9496-4869-BD45-B64FD734205E}C:\program files (x86)\airfoil\airfoil.exe] => (Allow) C:\program files (x86)\airfoil\airfoil.exe
FirewallRules: [TCP Query User{565AA7EF-444E-438D-AA02-5165D646DC1C}C:\program files (x86)\airfoilsatellite\airfoilsatellite.exe] => (Allow) C:\program files (x86)\airfoilsatellite\airfoilsatellite.exe
FirewallRules: [UDP Query User{B9B3D74D-8FF1-4B5D-950A-C7D759724EF2}C:\program files (x86)\airfoilsatellite\airfoilsatellite.exe] => (Allow) C:\program files (x86)\airfoilsatellite\airfoilsatellite.exe
FirewallRules: [{9FE27827-59D2-414A-9C14-E6E854FAC8EF}] => (Allow) LPort=30567
FirewallRules: [TCP Query User{8A4FA586-9269-4D78-8791-C9B1308F6F24}C:\program files (x86)\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files (x86)\obs-studio\bin\64bit\obs64.exe
FirewallRules: [UDP Query User{5D005B17-87AF-4052-9E7A-814551A866E3}C:\program files (x86)\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files (x86)\obs-studio\bin\64bit\obs64.exe
FirewallRules: [TCP Query User{CEB5EB91-AB7E-4010-8D3B-74B55A3534CB}C:\overwatch\overwatch.exe] => (Allow) C:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{9CF7EEBA-F4C5-46ED-8C44-0203710C6470}C:\overwatch\overwatch.exe] => (Allow) C:\overwatch\overwatch.exe
FirewallRules: [TCP Query User{02EEB9FE-BE88-4E6E-BDCE-BF1AA8F908F4}C:\program files\mpc-hc\mpc-hc64.exe] => (Block) C:\program files\mpc-hc\mpc-hc64.exe
FirewallRules: [UDP Query User{28D4CD1B-D31E-460A-92FF-268332BFF7D8}C:\program files\mpc-hc\mpc-hc64.exe] => (Block) C:\program files\mpc-hc\mpc-hc64.exe
FirewallRules: [TCP Query User{D84CCE5E-2C8E-4829-8EF3-98EA8EAB5759}R:\game files\condition zero\czero.exe] => (Allow) R:\game files\condition zero\czero.exe
FirewallRules: [UDP Query User{D7B62956-7AA6-4A1B-997D-3B6E1A64DB60}R:\game files\condition zero\czero.exe] => (Allow) R:\game files\condition zero\czero.exe
FirewallRules: [TCP Query User{A8F2D1B6-9B22-434F-8BA9-AC7F1F50095F}R:\game files\csgo - strogino\csgo.exe] => (Allow) R:\game files\csgo - strogino\csgo.exe
FirewallRules: [UDP Query User{81FE110F-8D36-4EA5-9905-B5B2DE2BF2F5}R:\game files\csgo - strogino\csgo.exe] => (Allow) R:\game files\csgo - strogino\csgo.exe
FirewallRules: [TCP Query User{76874CA5-9FA7-4656-8F82-F0EA5E6CABAC}R:\game files\csgo - warzone\csgo.exe] => (Allow) R:\game files\csgo - warzone\csgo.exe
FirewallRules: [UDP Query User{129596AF-CDE0-4415-A21F-9D729AC656B7}R:\game files\csgo - warzone\csgo.exe] => (Allow) R:\game files\csgo - warzone\csgo.exe
FirewallRules: [TCP Query User{8251C883-A036-4988-82CF-9F384D3DE708}C:\program files\java\jdk1.8.0_121\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_121\bin\java.exe
FirewallRules: [UDP Query User{D7C79334-0F6A-4F2E-A928-C3F0E8782FF6}C:\program files\java\jdk1.8.0_121\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_121\bin\java.exe
FirewallRules: [TCP Query User{C3466569-6866-4F3E-9C66-4DAE7D23D0D8}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{FFBF3A61-745A-4254-AD76-E22DB1EA460B}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{919EC4B1-78BA-4CDD-A26C-FD2C78CBA368}] => (Allow) C:\Program Files (x86)\TRIGONE\Remote System Monitor Server\RemoteSystemMonitorServer.exe
FirewallRules: [{B403020C-1CE3-4C00-8CE3-F6E1C80A7AF0}] => (Allow) C:\Program Files (x86)\TRIGONE\Remote System Monitor Server\RemoteSystemMonitorServer.exe
FirewallRules: [{1A5BF23E-94B2-4E61-9F0C-24A70A69D52D}] => (Allow) R:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{54D7870E-BCB9-4EDD-BAF1-FB113A3E807E}] => (Allow) R:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{C847C3E7-C627-4E3B-9F6D-BF447CC671DF}] => (Allow) C:\Program Files\TightVNC\tvnviewer.exe
FirewallRules: [{66762372-4049-47AD-AFC3-2B95752C02C0}] => (Allow) C:\Program Files\HexChat\hexchat.exe
FirewallRules: [{7DC1EFB0-C8D2-4C7E-99CA-E93F7A87B1F9}] => (Allow) C:\Program Files\HexChat\hexchat.exe
FirewallRules: [{8F0D56A6-2487-4404-87E7-5B0566DDF71F}] => (Block) %ProgramFiles% (x86)\DisplayFusion\DisplayFusionSettings.exe
FirewallRules: [{E10912C9-DF4F-49B9-87CB-0E76048D00C4}] => (Block) %ProgramFiles% (x86)\DisplayFusion\DisplayFusion.exe
FirewallRules: [TCP Query User{BD022F52-834F-4F34-B394-445C0D66FF69}C:\users\kamil\desktop\teamspeak3-server_win64\ts3server.exe] => (Allow) C:\users\kamil\desktop\teamspeak3-server_win64\ts3server.exe
FirewallRules: [UDP Query User{C0439237-BFB5-4FCE-8D77-AA4D3CB0EDD2}C:\users\kamil\desktop\teamspeak3-server_win64\ts3server.exe] => (Allow) C:\users\kamil\desktop\teamspeak3-server_win64\ts3server.exe
FirewallRules: [{A31098A2-7594-4D86-9E84-5ABDA8B1872F}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe
FirewallRules: [TCP Query User{C46B6533-EC47-40EB-8BB7-CBCE29786706}C:\ioquake3\ioquake3.x86_64.exe] => (Allow) C:\ioquake3\ioquake3.x86_64.exe
FirewallRules: [UDP Query User{2D7F95A6-4983-4682-8EC7-5C096BA1ADD6}C:\ioquake3\ioquake3.x86_64.exe] => (Allow) C:\ioquake3\ioquake3.x86_64.exe
FirewallRules: [TCP Query User{24F3BAE9-D938-437E-AFB7-4FE56203D5A7}C:\ioquake3\ioq3ded.x86_64.exe] => (Allow) C:\ioquake3\ioq3ded.x86_64.exe
FirewallRules: [UDP Query User{73862EA1-B6D3-4684-B83A-2BDF15DC5680}C:\ioquake3\ioq3ded.x86_64.exe] => (Allow) C:\ioquake3\ioq3ded.x86_64.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{CBFC3E15-CE20-46D2-8B9C-0E63B3429C66}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{7D946508-F909-463B-95D3-C2BA958177A8}R:\snappy\sdi_x64_r533.exe] => (Allow) R:\snappy\sdi_x64_r533.exe
FirewallRules: [UDP Query User{5B03D316-339C-4909-932B-BFFFDD879B1E}R:\snappy\sdi_x64_r533.exe] => (Allow) R:\snappy\sdi_x64_r533.exe
FirewallRules: [TCP Query User{3E793C2F-5BAC-472D-AA7B-D0A0BC972354}R:\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) R:\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{29E1C9FF-CC3A-4307-8C28-CB15CD72D72B}R:\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) R:\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{6DD397A7-04CB-4DA6-9371-38CCA385C38D}R:\game files\far cry primal\bin\fcprimal.exe] => (Allow) R:\game files\far cry primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{C209D750-2A45-4B92-B2CC-BA8118279BCF}R:\game files\far cry primal\bin\fcprimal.exe] => (Allow) R:\game files\far cry primal\bin\fcprimal.exe
FirewallRules: [{8E6BCB25-F77E-4BF4-A347-7B9D65C517C7}] => (Block) R:\Game Files\Street Fighter V\StreetFighterV.exe
FirewallRules: [TCP Query User{1E418CA0-1556-4E82-9D42-CD52B93B91DC}R:\game files\street fighter v\streetfighterv\binaries\win64\streetfighterv.exe] => (Block) R:\game files\street fighter v\streetfighterv\binaries\win64\streetfighterv.exe
FirewallRules: [UDP Query User{D175BE39-5716-41E6-82A5-88B031E879D8}R:\game files\street fighter v\streetfighterv\binaries\win64\streetfighterv.exe] => (Block) R:\game files\street fighter v\streetfighterv\binaries\win64\streetfighterv.exe
FirewallRules: [{F3011CC8-86D5-44F3-AE76-92A6516B3936}] => (Block) %ProgramFiles% (x86)\Ashampoo\Ashampoo Burning Studio 18\burningstudio18.exe
FirewallRules: [{B29C9E7A-EBD7-4296-A46F-8A1682B575F3}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
FirewallRules: [{8E215BDE-4005-479D-9039-BE46B3383713}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
FirewallRules: [{064E50D5-6BFD-4F48-9FAC-AD4047078D28}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
FirewallRules: [{E80BA6A7-73AA-4183-B74F-585D447B00DC}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
FirewallRules: [{558AF9FC-FBA6-4FE2-A52B-8A64607EFB78}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [TCP Query User{957C545B-ED59-4C0B-93A3-CA0B4B2F3F7D}R:\game files\overwatch test\overwatch.exe] => (Allow) R:\game files\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{A74565E8-56F7-4126-B973-F7CA898E9DC2}R:\game files\overwatch test\overwatch.exe] => (Allow) R:\game files\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{F1DCAE2B-D144-4865-81D3-A00614FB3BB6}C:\overwatch test\overwatch.exe] => (Allow) C:\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{65DDD43B-6794-4F95-B389-BD34C31741AC}C:\overwatch test\overwatch.exe] => (Allow) C:\overwatch test\overwatch.exe
FirewallRules: [{6BFA8BA2-DF8F-4999-A028-875B9F508C6D}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{82D87AAD-FE0F-4E6E-A77D-798B78CC8F3F}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{C32A44DF-DDE0-4808-88BB-40B78B7F58DE}R:\snappy\sdi_x64_r535.exe] => (Allow) R:\snappy\sdi_x64_r535.exe
FirewallRules: [UDP Query User{48326CCF-F9A0-4557-99A5-933DCA92DE81}R:\snappy\sdi_x64_r535.exe] => (Allow) R:\snappy\sdi_x64_r535.exe
FirewallRules: [{4D69EF66-5F94-4A00-BB83-5E6B21282FAC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
FirewallRules: [{E9B9C25E-C20D-4F16-A037-2958FDE6A12E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
FirewallRules: [TCP Query User{EA516584-6BF6-4EF8-B691-D40095DF0BF2}C:\users\kamil\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\kamil\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{EB117166-4AB9-494C-8FB6-BF4C4B3F2CB3}C:\users\kamil\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\kamil\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [TCP Query User{FD939298-CA3F-4A35-A845-D09FCFA7F875}C:\program files\java\jre1.8.0_121\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe
FirewallRules: [UDP Query User{E15D1512-9123-43CE-B635-20DCE8FD6B5E}C:\program files\java\jre1.8.0_121\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe
FirewallRules: [{89725B32-041E-4170-9055-C2DD1CB40EDC}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{0F322927-04C1-4449-BDAD-FC97792BD71D}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3659BEEC-8AAC-4E2A-B59A-F63664057EE9}] => (Allow) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
FirewallRules: [{473D7558-D46D-42DA-B891-C45DBC09CCF5}] => (Allow) R:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{D4CA0736-3359-4549-8179-7BA94B9A1067}] => (Allow) R:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{E2F79F02-EB6F-4D9D-830F-CB4F77C53DF2}] => (Allow) R:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{083B5345-CDCB-46BD-B90A-A9A69763F5C6}] => (Allow) R:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{79F46115-2B72-4C4B-B8F6-A63416010925}] => (Allow) R:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{ACA10443-337F-4F50-BEFD-99ADEFA5B691}] => (Allow) R:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CDB346E2-4AE5-46AC-B4A4-808935B33934}] => (Allow) R:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{59E2A5BB-AB02-4D11-ABFD-D070175EA1EE}] => (Allow) R:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{47EABDBF-F5C4-42B4-A9E9-31AB345C8FAD}] => (Allow) C:\Program Files (x86)\MIO\loader\adataxsu800_2g3720064027.dat
FirewallRules: [{F33302F4-99EB-42C0-BCFB-A27718B3D7F5}] => (Allow) C:\Program Files (x86)\MIO\loader\adataxsu800_2g3720064027.dat
FirewallRules: [{A9695CA4-808B-4558-B95A-A996CFA8F89C}] => (Allow) C:\Program Files (x86)\Yeshat\Application\chrome.exe
FirewallRules: [{6F1E84ED-74C0-4CF2-ABD2-A58FABA4A266}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{7EF7DF23-AE70-4C69-BA6E-9064202D25AF}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
 
==================== Restore Points =========================
 
16-02-2017 04:48:17 Windows Update
21-02-2017 17:02:24 Zainstalowany program DirectX
25-02-2017 19:59:02 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
05-03-2017 18:01:02 Installed VMware Player
11-03-2017 04:19:09 O&O ShutUp10
14-03-2017 17:08:48 Installed Creative Audio Control Panel
20-03-2017 14:16:11 Removed Host OpenAL
28-03-2017 15:23:25 Installed 3RVX
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/28/2017 05:22:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: mbamservice.exe, wersja: 3.1.0.415, sygnatura czasowa: 0x5881b7a1
Nazwa modułu powodującego błąd: ntdll.dll, wersja: 10.0.14393.479, sygnatura czasowa: 0x5825887f
Kod wyjątku: 0xc0000374
Przesunięcie błędu: 0x00000000000f8283
Identyfikator procesu powodującego błąd: 0x38f0
Godzina uruchomienia aplikacji powodującej błąd: 0x01d2a7d7143351f3
Ścieżka aplikacji powodującej błąd: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll
Identyfikator raportu: 8e163bac-7029-4612-8e56-2a3d6a637774
Pełna nazwa pakietu powodującego błąd: 
Identyfikator aplikacji względem pakietu powodującego błąd:
 
Error: (03/28/2017 04:41:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: mbamservice.exe, wersja: 3.1.0.415, sygnatura czasowa: 0x5881b7a1
Nazwa modułu powodującego błąd: ScanControllerImpl.dll, wersja: 3.0.0.652, sygnatura czasowa: 0x589e1d88
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000001ea590
Identyfikator procesu powodującego błąd: 0x3710
Godzina uruchomienia aplikacji powodującej błąd: 0x01d2a7d0cedeae60
Ścieżka aplikacji powodującej błąd: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Ścieżka modułu powodującego błąd: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll
Identyfikator raportu: d462f1b6-248e-43bf-959b-5436d4f618e9
Pełna nazwa pakietu powodującego błąd: 
Identyfikator aplikacji względem pakietu powodującego błąd:
 
Error: (03/28/2017 03:26:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: Discord.exe, wersja: 0.0.41.0, sygnatura czasowa: 0x586d73db
Nazwa modułu powodującego błąd: ntdll.dll, wersja: 10.0.14393.479, sygnatura czasowa: 0x58256ca0
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x000484a4
Identyfikator procesu powodującego błąd: 0xadc
Godzina uruchomienia aplikacji powodującej błąd: 0x01d2a34455e2fd42
Ścieżka aplikacji powodującej błąd: C:\Users\Kamil\AppData\Local\Discord\app-0.0.297\Discord.exe
Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll
Identyfikator raportu: 2221e18d-2998-4346-84b3-449f293e6ee0
Pełna nazwa pakietu powodującego błąd: 
Identyfikator aplikacji względem pakietu powodującego błąd:
 
Error: (03/28/2017 03:23:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokół LLDP (Link-Layer Discovery Protocol) firmy Microsoft.
 
System Error:
Odmowa dostępu.
.
 
Error: (03/28/2017 11:43:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname KAMIL-PC.local already in use; will try KAMIL-PC-2.local instead
 
Error: (03/28/2017 11:43:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister   16 KAMIL-PC.local. AAAA FE80:0000:0000:0000:2C23:F2EE:1977:2F3C
 
Error: (03/28/2017 11:43:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:2C23:F2EE:1977:2F3C:5353    4 KAMIL-PC.local. Addr 192.168.2.1
 
Error: (03/22/2017 06:10:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu .
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
 
Error: (03/22/2017 05:06:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu .
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
 
Error: (03/21/2017 06:10:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe w wersji 1.0.1702.14001 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w oknie Zabezpieczenia i konserwacja w Panelu sterowania.
 
Identyfikator procesu: 1f70
 
Godzina rozpoczęcia: 01d2a254acf56ff6
 
Godzina zakończenia: 4294967295
 
Ścieżka aplikacji: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Identyfikator raportu: d0b62aca-0e50-11e7-95fb-bc5ff4e5d1a1
 
Pełna nazwa pakietu powodującego błąd: Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe
 
Identyfikator aplikacji względem pakietu powodującego błąd: App
 
 
System errors:
=============
Error: (03/29/2017 12:39:04 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: ZARZĄDZANIE NT)
Description: Menedżer filtrów nie może dołączyć do woluminu \Device\HarddiskVolume15. Do czasu ponownego rozruchu ten wolumin nie będzie dostępny do filtrowania. Stan końcowy: 0xc03a001c.
 
Error: (03/29/2017 12:39:04 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: ZARZĄDZANIE NT)
Description: Menedżer filtrów nie może dołączyć do woluminu \Device\HarddiskVolume15. Do czasu ponownego rozruchu ten wolumin nie będzie dostępny do filtrowania. Stan końcowy: 0xc03a001c.
 
Error: (03/29/2017 12:39:04 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: ZARZĄDZANIE NT)
Description: Menedżer filtrów nie może dołączyć do woluminu \Device\HarddiskVolume15. Do czasu ponownego rozruchu ten wolumin nie będzie dostępny do filtrowania. Stan końcowy: 0xc03a001c.
 
Error: (03/29/2017 12:39:04 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: ZARZĄDZANIE NT)
Description: Menedżer filtrów nie może dołączyć do woluminu \Device\HarddiskVolume15. Do czasu ponownego rozruchu ten wolumin nie będzie dostępny do filtrowania. Stan końcowy: 0xc03a001c.
 
Error: (03/29/2017 12:39:04 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: ZARZĄDZANIE NT)
Description: Menedżer filtrów nie może dołączyć do woluminu \Device\HarddiskVolume15. Do czasu ponownego rozruchu ten wolumin nie będzie dostępny do filtrowania. Stan końcowy: 0xc03a001c.
 
Error: (03/29/2017 12:39:04 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: ZARZĄDZANIE NT)
Description: Menedżer filtrów nie może dołączyć do woluminu \Device\HarddiskVolume15. Do czasu ponownego rozruchu ten wolumin nie będzie dostępny do filtrowania. Stan końcowy: 0xc03a001c.
 
Error: (03/29/2017 12:39:04 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: ZARZĄDZANIE NT)
Description: Menedżer filtrów nie może dołączyć do woluminu \Device\HarddiskVolume15. Do czasu ponownego rozruchu ten wolumin nie będzie dostępny do filtrowania. Stan końcowy: 0xc03a001c.
 
Error: (03/29/2017 12:39:04 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: ZARZĄDZANIE NT)
Description: Menedżer filtrów nie może dołączyć do woluminu \Device\HarddiskVolume15. Do czasu ponownego rozruchu ten wolumin nie będzie dostępny do filtrowania. Stan końcowy: 0xc03a001c.
 
Error: (03/29/2017 12:39:04 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: ZARZĄDZANIE NT)
Description: Menedżer filtrów nie może dołączyć do woluminu \Device\HarddiskVolume15. Do czasu ponownego rozruchu ten wolumin nie będzie dostępny do filtrowania. Stan końcowy: 0xc03a001c.
 
Error: (03/29/2017 12:39:04 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: ZARZĄDZANIE NT)
Description: Menedżer filtrów nie może dołączyć do woluminu \Device\HarddiskVolume15. Do czasu ponownego rozruchu ten wolumin nie będzie dostępny do filtrowania. Stan końcowy: 0xc03a001c.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-11 17:08:34.255
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-03-04 23:20:39.247
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-04 23:20:39.246
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-04 22:51:20.595
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-04 22:51:20.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-01 02:49:30.147
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-26 00:55:46.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-24 10:45:08.858
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-23 18:44:13.532
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-23 18:44:13.530
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 61%
Total physical RAM: 8150.07 MB
Available physical RAM: 3175.22 MB
Total Virtual: 11090.75 MB
Available Virtual: 2084.44 MB
 
==================== Drives ================================
 
Drive c: (SSD/System) (Fixed) (Total:220.74 GB) (Free:66.19 GB) NTFS
Drive r: (Dane) (Fixed) (Total:931.51 GB) (Free:192.74 GB) NTFS
Drive s: (Serwisowy) (Removable) (Total:57.83 GB) (Free:18.56 GB) NTFS
Drive v: (Verbatim) (Fixed) (Total:465.76 GB) (Free:43.02 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 7BFE7DA7)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 0E99CD32)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: BE27014B)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 57.8 GB) (Disk ID: A35F685D)
Partition 1: (Active) - (Size=57.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=32 KB) - (Type=21)
 

 

==================== End of Addition.txt ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 PM

Posted 28 March 2017 - 05:54 PM

FYI, I will be away from my computer for a couple of hours. Sorry.....
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 kamild1996

kamild1996
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 28 March 2017 - 05:55 PM

Fine by me, it's way too late for me already anyway :)

 

I'm expecting to be available again in approx. 9-11 hours.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 PM

Posted 28 March 2017 - 08:21 PM

Good morning. :)

Did you install this program on your computer?

Windows Update Disabler

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
C:\Windows Update Disabler\UpdaterDisabler.exe
C:\Users\Kamil\AppData\Roaming\clean
C:\Users\Kamil\AppData\Roaming\Kyubey
C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [LZQ2IBR9D2] => "C:\Program Files (x86)\PubHotspot\K7Z95.exe"
C:\Program Files (x86)\PubHotspot
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [LZQ2IBR9D2] => "C:\Program Files (x86)\PubHotspot\K7Z95.exe"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [LZQ2IBR9D2] => "C:\Program Files (x86)\PubHotspot\K7Z95.exe"
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\3nylrhuv.default -> trotux
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3nylrhuv.default -> trotux
FF SelectedSearchEngine: Firefox\Firefox\Profiles\3nylrhuv.default -> trotux
FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Firefox\Firefox\Profiles\3nylrhuv.default\searchplugins\startsearch.xml [2017-03-28]
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=bf298271074f86f11173771g9z9t8e9gbt3w5g9gcg&from=icb&uid=ADATAXSU800_2G3720064027&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Profile: C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-27] <==== ATTENTION
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
C:\Program Files (x86)\Yeshat
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [108720 2017-03-28] ()
R2 Kyubey; C:\Users\Kamil\AppData\Roaming\Kyubey\Kyubey.exe [237056 2017-03-28] (Kyubey.exe) [File not signed]
R2 WINSNARE; C:\Users\Kamil\AppData\Roaming\WINSNARE\WinSnare.dll [1293312 2017-03-28] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
C:\Users\Kamil\AppData\Roaming\WINSNARE
R3 cpuz140; C:\Users\Kamil\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [45888 2017-03-28] (CPUID) <==== ATTENTION
S3 GPU-Z; C:\Users\Kamil\AppData\Local\Temp\GPU-Z.sys [27008 2017-02-28] () <==== ATTENTION
S3 TDKLIB; C:\Users\Kamil\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [19296 2017-02-27] () <==== ATTENTION
U0 aswVmm; no ImagePath
U4 nxfs; no ImagePath
U4 nxpcap; no ImagePath
U4 nxsshd; no ImagePath
U4 nxusbd; no ImagePath
U4 nxusbh; no ImagePath
U4 nxusbs; no ImagePath
C:\Users\Kamil\AppData\Local\Yeshat
2017-03-28 15:24 - 2017-03-29 00:36 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-28 15:24 - 2017-03-28 15:25 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Kyubey
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\3RVX
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.4.0)
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 _____ C:\Windows\SysWOW64\4
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 _____ C:\Windows\SysWOW64\3
2017-03-28 15:23 - 2017-03-28 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3RVX
2017-03-28 15:23 - 2017-03-28 15:23 - 00000000 ____D C:\Program Files (x86)\3RVX
2017-03-27 17:09 - 2017-03-28 15:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\WinSnare
2017-03-27 17:09 - 2017-03-27 17:09 - 00003632 _____ C:\Windows\System32\Tasks\Milimili
2017-03-27 17:09 - 2017-03-27 17:09 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\WinSAPSvc
2017-03-27 17:09 - 2017-03-27 17:09 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\clean
2017-03-27 17:09 - 2017-03-27 17:09 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-27 17:05 - 2017-03-28 15:24 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-22 17:05 - 2017-03-27 17:04 - 00000000 ____D C:\Program Files (x86)\Shunosyjibtain
2017-03-22 17:05 - 2017-03-22 18:12 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Coutering
2017-03-22 17:05 - 2017-03-22 18:01 - 00000000 ____D C:\Program Files\C6DZPJWWS8
2017-03-22 17:05 - 2017-03-22 17:05 - 00000000 ____D C:\Users\Kamil\AppData\Local\Atudadomtasoph
2017-03-26 19:41 - 2016-11-28 12:57 - 00010210 _____ C:\Users\Kamil\AppData\Local\dM550
2016-11-28 12:51 - 2016-11-28 12:51 - 0000035 _____ () C:\Users\Kamil\AppData\Local\330E95B1
2017-01-06 20:16 - 2017-01-06 20:16 - 0000035 _____ () C:\Users\Kamil\AppData\Local\65C9CE5E
2016-11-28 12:57 - 2017-03-26 19:41 - 0010210 _____ () C:\Users\Kamil\AppData\Local\dM550
2017-02-21 21:12 - 2017-02-21 21:12 - 0000031 _____ () C:\Users\Kamil\AppData\Local\ekkccs
C:\ProgramData\fontcacheev1.dat
C:\Users\Kamil\AppData\Local\Temp\5VIG7E2.exe
C:\Users\Kamil\AppData\Local\Temp\cpa.exe
C:\Users\Kamil\AppData\Local\Temp\fox.exe
C:\Users\Kamil\AppData\Local\Temp\vbsetup.exe
C:\Users\Kamil\AppData\Local\Temp\wowrr.exe
nointegritychecks: ==> "IntegrityChecks" is disabled. <===== ATTENTION
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
Shortcut: C:\Users\Kamil\Desktop\Programy\Google Chrome.lnk -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.)
DeleteValue: HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|"LZQ2IBR9D2"
DeleteValue: HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|"XT4Z0AMNGL"
DeleteValue: HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|"J'FE-hPh0K.exe"
hosts:
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 kamild1996

kamild1996
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 29 March 2017 - 03:32 AM

Thank you!
Yes, I've installed Windows Updater Disabler manually. It's a program made by PainteR which disables Windows 10 updates, and I found this program to be working the best for me - I'm been using it for a long time, I really doubt it's a major threat to my OS (is it?). I'm still re-enabling updates once per week to get the most important fixes though.
Also looks like you decided to remove 3RVX, why's that? It's a program I use for showing the volume level on the second monitor, which is especially useful when running fullscreen applications - Windows 10's volume indicator isn't then visible. https://3rvx.com/
 
Thank you for the warning, I know about the dangers of P2P though, I've actually managed to avoid getting infected when using these types of websites for several years, this one infection is just an exception that proves the rule :) I also know about ransomware, that's why I'm keeping all of my data backed up into my spare HDDs, which are staying disconnected/offline, and safe by such.
 
I've only been using the computer after doing the fix for a few minutes, but I can no longer see any processes of unknown source running in the background, and any kind of aforementioned behavior seems to have ceased for now.
 
Here's the fixlog.txt after the fix (from which I've removed the entries of Updater Disabler and 3RVX):
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Kamil (29-03-2017 10:08:50) Run:1
Running from C:\Program Files\FRST
Loaded Profiles: Kamil & (Available Profiles: defaultuser0 & Kamil & Adrian)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Users\Kamil\AppData\Roaming\clean
C:\Users\Kamil\AppData\Roaming\Kyubey
C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\Run: [LZQ2IBR9D2] => "C:\Program Files (x86)\PubHotspot\K7Z95.exe"
C:\Program Files (x86)\PubHotspot
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [LZQ2IBR9D2] => "C:\Program Files (x86)\PubHotspot\K7Z95.exe"
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [LZQ2IBR9D2] => "C:\Program Files (x86)\PubHotspot\K7Z95.exe"
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\3nylrhuv.default -> trotux
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3nylrhuv.default -> trotux
FF SelectedSearchEngine: Firefox\Firefox\Profiles\3nylrhuv.default -> trotux
FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Firefox\Firefox\Profiles\3nylrhuv.default\searchplugins\startsearch.xml [2017-03-28]
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=bf298271074f86f11173771g9z9t8e9gbt3w5g9gcg&from=icb&uid=ADATAXSU800_2G3720064027&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Profile: C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-27] <==== ATTENTION
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
C:\Program Files (x86)\Yeshat
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [108720 2017-03-28] ()
R2 Kyubey; C:\Users\Kamil\AppData\Roaming\Kyubey\Kyubey.exe [237056 2017-03-28] (Kyubey.exe) [File not signed]
R2 WINSNARE; C:\Users\Kamil\AppData\Roaming\WINSNARE\WinSnare.dll [1293312 2017-03-28] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
C:\Users\Kamil\AppData\Roaming\WINSNARE
R3 cpuz140; C:\Users\Kamil\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [45888 2017-03-28] (CPUID) <==== ATTENTION
S3 GPU-Z; C:\Users\Kamil\AppData\Local\Temp\GPU-Z.sys [27008 2017-02-28] () <==== ATTENTION
S3 TDKLIB; C:\Users\Kamil\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [19296 2017-02-27] () <==== ATTENTION
U0 aswVmm; no ImagePath
U4 nxfs; no ImagePath
U4 nxpcap; no ImagePath
U4 nxsshd; no ImagePath
U4 nxusbd; no ImagePath
U4 nxusbh; no ImagePath
U4 nxusbs; no ImagePath
C:\Users\Kamil\AppData\Local\Yeshat
2017-03-28 15:24 - 2017-03-29 00:36 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-28 15:24 - 2017-03-28 15:25 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Kyubey
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.4.0)
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 _____ C:\Windows\SysWOW64\4
2017-03-28 15:24 - 2017-03-28 15:24 - 00000000 _____ C:\Windows\SysWOW64\3
2017-03-27 17:09 - 2017-03-28 15:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\WinSnare
2017-03-27 17:09 - 2017-03-27 17:09 - 00003632 _____ C:\Windows\System32\Tasks\Milimili
2017-03-27 17:09 - 2017-03-27 17:09 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\WinSAPSvc
2017-03-27 17:09 - 2017-03-27 17:09 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\clean
2017-03-27 17:09 - 2017-03-27 17:09 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-27 17:05 - 2017-03-28 15:24 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-22 17:05 - 2017-03-27 17:04 - 00000000 ____D C:\Program Files (x86)\Shunosyjibtain
2017-03-22 17:05 - 2017-03-22 18:12 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Coutering
2017-03-22 17:05 - 2017-03-22 18:01 - 00000000 ____D C:\Program Files\C6DZPJWWS8
2017-03-22 17:05 - 2017-03-22 17:05 - 00000000 ____D C:\Users\Kamil\AppData\Local\Atudadomtasoph
2017-03-26 19:41 - 2016-11-28 12:57 - 00010210 _____ C:\Users\Kamil\AppData\Local\dM550
2016-11-28 12:51 - 2016-11-28 12:51 - 0000035 _____ () C:\Users\Kamil\AppData\Local\330E95B1
2017-01-06 20:16 - 2017-01-06 20:16 - 0000035 _____ () C:\Users\Kamil\AppData\Local\65C9CE5E
2016-11-28 12:57 - 2017-03-26 19:41 - 0010210 _____ () C:\Users\Kamil\AppData\Local\dM550
2017-02-21 21:12 - 2017-02-21 21:12 - 0000031 _____ () C:\Users\Kamil\AppData\Local\ekkccs
C:\ProgramData\fontcacheev1.dat
C:\Users\Kamil\AppData\Local\Temp\5VIG7E2.exe
C:\Users\Kamil\AppData\Local\Temp\cpa.exe
C:\Users\Kamil\AppData\Local\Temp\fox.exe
C:\Users\Kamil\AppData\Local\Temp\vbsetup.exe
C:\Users\Kamil\AppData\Local\Temp\wowrr.exe
nointegritychecks: ==> "IntegrityChecks" is disabled. <===== ATTENTION
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\...\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION
Shortcut: C:\Users\Kamil\Desktop\Programy\Google Chrome.lnk -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.)
DeleteValue: HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|"LZQ2IBR9D2"
DeleteValue: HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|"XT4Z0AMNGL"
DeleteValue: HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|"J'FE-hPh0K.exe"
hosts:
emptytemp:
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Kamil\AppData\Roaming\clean => moved successfully
C:\Users\Kamil\AppData\Roaming\Kyubey => moved successfully
C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe => moved successfully
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\Software\Microsoft\Windows\CurrentVersion\Run\\LZQ2IBR9D2 => value removed successfully
"C:\Program Files (x86)\PubHotspot" => not found.
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\Run: [LZQ2IBR9D2] => "C:\Program Files (x86)\PubHotspot\K7Z95.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\Run: [LZQ2IBR9D2] => "C:\Program Files (x86)\PubHotspot\K7Z95.exe" => Error: No automatic fix found for this entry.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key removed successfully
HKCR\CLSID\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key removed successfully
HKCR\Wow6432Node\CLSID\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key not found.
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
C:\Users\Kamil\AppData\Roaming\Firefox\Firefox\Profiles\3nylrhuv.default\searchplugins\startsearch.xml => moved successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKU\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML => key removed successfully
C:\Program Files (x86)\Yeshat => moved successfully
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\FirefoxU => key removed successfully
FirefoxU => service removed successfully
HKLM\System\CurrentControlSet\Services\Kyubey => key removed successfully
Kyubey => service removed successfully
WINSNARE => Unable to stop service.
HKLM\System\CurrentControlSet\Services\WINSNARE => key removed successfully
WINSNARE => service removed successfully
C:\Users\Kamil\AppData\Roaming\WINSNARE => moved successfully
cpuz140 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\cpuz140 => key removed successfully
cpuz140 => service removed successfully
HKLM\System\CurrentControlSet\Services\GPU-Z => key removed successfully
GPU-Z => service removed successfully
HKLM\System\CurrentControlSet\Services\TDKLIB => key removed successfully
TDKLIB => service removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
HKLM\System\CurrentControlSet\Services\nxfs => key removed successfully
nxfs => service removed successfully
HKLM\System\CurrentControlSet\Services\nxpcap => key removed successfully
nxpcap => service removed successfully
HKLM\System\CurrentControlSet\Services\nxsshd => key removed successfully
nxsshd => service removed successfully
HKLM\System\CurrentControlSet\Services\nxusbd => key removed successfully
nxusbd => service removed successfully
HKLM\System\CurrentControlSet\Services\nxusbh => key removed successfully
nxusbh => service removed successfully
HKLM\System\CurrentControlSet\Services\nxusbs => key removed successfully
nxusbs => service removed successfully
C:\Users\Kamil\AppData\Local\Yeshat => moved successfully
C:\Users\Public\Documents\report.dat => moved successfully
C:\Users\Public\Documents\temp.dat => moved successfully
"C:\Users\Kamil\AppData\Roaming\Kyubey" => not found.
C:\Program Files (x86)\WinSnare(4.4.0) => moved successfully
C:\Windows\SysWOW64\4 => moved successfully
C:\Windows\SysWOW64\3 => moved successfully
"C:\Users\Kamil\AppData\Roaming\WinSnare" => not found.
C:\Windows\System32\Tasks\Milimili => moved successfully
C:\Users\Kamil\AppData\Roaming\WinSAPSvc => moved successfully
"C:\Users\Kamil\AppData\Roaming\clean" => not found.
C:\Program Files (x86)\MIO => moved successfully
C:\Program Files (x86)\MK => moved successfully
C:\Program Files (x86)\Shunosyjibtain => moved successfully
C:\Users\Kamil\AppData\Roaming\Coutering => moved successfully
C:\Program Files\C6DZPJWWS8 => moved successfully
C:\Users\Kamil\AppData\Local\Atudadomtasoph => moved successfully
C:\Users\Kamil\AppData\Local\dM550 => moved successfully
C:\Users\Kamil\AppData\Local\330E95B1 => moved successfully
C:\Users\Kamil\AppData\Local\65C9CE5E => moved successfully
"C:\Users\Kamil\AppData\Local\dM550" => not found.
C:\Users\Kamil\AppData\Local\ekkccs => moved successfully
C:\ProgramData\fontcacheev1.dat => moved successfully
C:\Users\Kamil\AppData\Local\Temp\5VIG7E2.exe => moved successfully
C:\Users\Kamil\AppData\Local\Temp\cpa.exe => moved successfully
C:\Users\Kamil\AppData\Local\Temp\fox.exe => moved successfully
C:\Users\Kamil\AppData\Local\Temp\vbsetup.exe => moved successfully
C:\Users\Kamil\AppData\Local\Temp\wowrr.exe => moved successfully

========================= bcdedit ========================


Operacja ukoäczona pomylnie.

========= End of bcdedit =========

HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163908649\...\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\...\ChromeHTML: -> C:\Program Files (x86)\Yeshat\Application\chrome.exe (Google Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\ChromeHTML => key removed successfully
C:\Users\Kamil\Desktop\Programy\Google Chrome.lnk => moved successfully
DeleteValue: HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|"LZQ2IBR9D2" => Error: No automatic fix found for this entry.
DeleteValue: HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|"XT4Z0AMNGL" => Error: No automatic fix found for this entry.
DeleteValue: HKU\S-1-5-21-4125575926-357873309-2165598990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03282017163913237\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|"J'FE-hPh0K.exe" => Error: No automatic fix found for this entry.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68822019 B
Java, Flash, Steam htmlcache => 496240462 B
Windows/system/drivers => 280606770 B
Edge => 23965456 B
Chrome => 0 B
Firefox => 32929551 B
Opera => 502354488 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 7533696 B
LocalService => 6576 B
NetworkService => 223630 B
defaultuser0 => 128 B
Kamil => 1225565126 B
Adrian => 72549194 B

RecycleBin => 3819907 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:09:57 ====

Edited by Oh My!, 29 March 2017 - 09:46 AM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 PM

Posted 29 March 2017 - 09:59 AM

Greetings,

Windows Updater is not malicious and it is good to know you are still doing updates.

Thanks for removing the 3RVX entries. It was left in there by mistake.

Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook for either 64 bit or 32 bit systems and save it to your Desktop.
  • Right-click SystemLook.exe and select Run as administrator...
  • Copy the content of the following codebox into the main textfield:
:filefind
LZQ2IBR9D2
K7Z95.exe
Yeshat
XT4Z0AMNGL
J'FE-hPh0K.exe
:regfind
LZQ2IBR9D2
K7Z95.exe
Yeshat
XT4Z0AMNGL
J'FE-hPh0K.exe
:folderfind
Yeshat
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 kamild1996

kamild1996
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 29 March 2017 - 10:20 AM

Here's the output:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 17:08 on 29/03/2017 by Kamil
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "LZQ2IBR9D2"
No files found.
 
Searching for "K7Z95.exe"
No files found.
 
Searching for "Yeshat"
No files found.
 
Searching for "XT4Z0AMNGL"
No files found.
 
Searching for "J'FE-hPh0K.exe"
No files found.
 
========== regfind ==========
 
Searching for "LZQ2IBR9D2"
No data found.
 
Searching for "K7Z95.exe"
No data found.
 
Searching for "Yeshat"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69bca1ab_0]
@="{2}.\\?\pci#ven_1102&dev_0005&subsys_00291102&rev_00#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\topology/00010006|\Device\HarddiskVolume4\Program Files (x86)\Yeshat\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\SOFTWARE\Yeshat]
[HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\http\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\http\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\https\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\https\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\irc\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\irc\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.FriendlyAppName"="Google Chrome"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.ApplicationCompany"="Google Inc."
[HKEY_CURRENT_USER\SOFTWARE\Classes\mailto\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\mailto\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\mms\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\mms\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\news\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\news\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\nntp\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\nntp\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\sms\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\sms\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\smsto\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\smsto\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\tel\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\tel\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\urn\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\urn\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\webcal\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\webcal\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Yeshat]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Yeshat]
"path"="C:\Program Files (x86)\Yeshat\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Yeshat]
"publicdirectroy_du"="C:\Program Files (x86)\Yeshat\Reports\Dump"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A9695CA4-808B-4558-B95A-A996CFA8F89C}"="v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Yeshat\Application\chrome.exe|Name=Chrome browser|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A9695CA4-808B-4558-B95A-A996CFA8F89C}"="v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Yeshat\Application\chrome.exe|Name=Chrome browser|"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69bca1ab_0]
@="{2}.\\?\pci#ven_1102&dev_0005&subsys_00291102&rev_00#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\topology/00010006|\Device\HarddiskVolume4\Program Files (x86)\Yeshat\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Yeshat]
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\ftp\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\ftp\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\http\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\http\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\https\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\https\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\irc\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\irc\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.FriendlyAppName"="Google Chrome"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.ApplicationCompany"="Google Inc."
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mailto\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mailto\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mms\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mms\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\news\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\news\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\nntp\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\nntp\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\sms\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\sms\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\smsto\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\smsto\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\tel\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\tel\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\urn\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\urn\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\webcal\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\webcal\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\ftp\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\ftp\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\http\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\http\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\https\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\https\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\irc\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\irc\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.FriendlyAppName"="Google Chrome"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.ApplicationCompany"="Google Inc."
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mailto\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mailto\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mms\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mms\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\news\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\news\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\nntp\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\nntp\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\sms\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\sms\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\smsto\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\smsto\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\tel\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\tel\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\urn\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\urn\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\webcal\DefaultIcon]
@="C:\Program Files (x86)\Yeshat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\webcal\shell\open\command]
@=""C:\Program Files (x86)\Yeshat\Application\chrome.exe" "%1""
 
Searching for "XT4Z0AMNGL"
No data found.
 
Searching for "J'FE-hPh0K.exe"
No data found.
 
========== folderfind ==========
 
Searching for "Yeshat"
C:\FRST\Quarantine\C\Program Files (x86)\Yeshat d------ [13:25 28/03/2017]
C:\FRST\Quarantine\C\Users\Kamil\AppData\Local\Yeshat d------ [13:26 28/03/2017]
 
-= EOF =-


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 PM

Posted 29 March 2017 - 11:05 AM

Thank you. This is next.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
StartRegedit:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69bca1ab_0]
@="-
[-HKEY_CURRENT_USER\SOFTWARE\Yeshat]
[HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\http\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\http\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\https\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\https\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\irc\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\irc\shell\open\command]
@=-
[-HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.FriendlyAppName"=-
[-HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.ApplicationCompany"=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\mailto\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\mailto\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\mms\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\mms\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\news\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\news\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\nntp\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\nntp\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\sms\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\sms\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\smsto\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\smsto\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\tel\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\tel\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\urn\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\urn\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\webcal\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\webcal\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Yeshat]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A9695CA4-808B-4558-B95A-A996CFA8F89C}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A9695CA4-808B-4558-B95A-A996CFA8F89C}"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69bca1ab_0]
@=-
[-HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Yeshat]
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\ftp\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\ftp\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\http\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\http\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\https\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\https\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\irc\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\irc\shell\open\command]
@=-
[-HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.ApplicationCompany"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mailto\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mailto\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mms\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mms\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\news\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\news\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\nntp\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\nntp\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\sms\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\sms\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\smsto\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\smsto\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\tel\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\tel\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\urn\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\urn\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\webcal\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\webcal\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\ftp\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\ftp\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\http\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\http\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\https\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\https\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\irc\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\irc\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.ApplicationCompany"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mailto\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mailto\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mms\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mms\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\news\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\news\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\nntp\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\nntp\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\sms\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\sms\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\smsto\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\smsto\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\tel\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\tel\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\urn\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\urn\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\webcal\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\webcal\shell\open\command]
@=-
EndRegedit:
reboot:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#13 kamild1996

kamild1996
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 29 March 2017 - 11:15 AM

And another one

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Kamil (29-03-2017 18:07:32) Run:2
Running from C:\Program Files\FRST
Loaded Profiles: Kamil (Available Profiles: defaultuser0 & Kamil & Adrian)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
StartRegedit:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69bca1ab_0]
@="-
[-HKEY_CURRENT_USER\SOFTWARE\Yeshat]
[HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\http\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\http\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\https\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\https\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\irc\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\irc\shell\open\command]
@=-
[-HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.FriendlyAppName"=-
[-HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.ApplicationCompany"=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\mailto\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\mailto\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\mms\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\mms\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\news\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\news\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\nntp\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\nntp\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\sms\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\sms\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\smsto\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\smsto\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\tel\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\tel\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\urn\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\urn\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\webcal\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\webcal\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Yeshat]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A9695CA4-808B-4558-B95A-A996CFA8F89C}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A9695CA4-808B-4558-B95A-A996CFA8F89C}"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69bca1ab_0]
@=-
[-HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Yeshat]
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\ftp\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\ftp\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\http\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\http\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\https\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\https\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\irc\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\irc\shell\open\command]
@=-
[-HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.ApplicationCompany"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mailto\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mailto\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mms\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mms\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\news\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\news\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\nntp\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\nntp\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\sms\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\sms\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\smsto\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\smsto\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\tel\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\tel\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\urn\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\urn\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\webcal\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\webcal\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\ftp\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\ftp\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\http\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\http\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\https\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\https\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\irc\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\irc\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.ApplicationCompany"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mailto\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mailto\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mms\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mms\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\news\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\news\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\nntp\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\nntp\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\sms\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\sms\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\smsto\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\smsto\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\tel\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\tel\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\urn\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\urn\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\webcal\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\webcal\shell\open\command]
@=-
EndRegedit:
reboot:
*****************
 
 
====> Registry
 
 
The system needed a reboot.
 
==== End of Fixlog 18:07:32 ====


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 PM

Posted 29 March 2017 - 11:29 AM

Thank you. I think I missed one. Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
StartRegedit:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69bca1ab_0]
@="-
EndRegedit:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#15 kamild1996

kamild1996
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 30 March 2017 - 12:32 AM

Gee, the scanning really took a long time... Over 7 hours to scan about 1.5 TB of data across all the drives, incl. external ones.
Oh, and the PC seems to be good now, no more activities I would rate as "malicious". But I'm all up for removing as much garbage as possible that the viruses have left on my system.
 
Fixlog.txt:
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Kamil (29-03-2017 18:07:32) Run:2
Running from C:\Program Files\FRST
Loaded Profiles: Kamil (Available Profiles: defaultuser0 & Kamil & Adrian)
Boot Mode: Normal
==============================================

fixlist content:
*****************
StartRegedit:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69bca1ab_0]
@="-
[-HKEY_CURRENT_USER\SOFTWARE\Yeshat]
[HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\http\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\http\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\https\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\https\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\irc\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\irc\shell\open\command]
@=-
[-HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.FriendlyAppName"=-
[-HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.ApplicationCompany"=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\mailto\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\mailto\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\mms\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\mms\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\news\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\news\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\nntp\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\nntp\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\sms\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\sms\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\smsto\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\smsto\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\tel\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\tel\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\urn\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\urn\shell\open\command]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\webcal\DefaultIcon]
@=-
[HKEY_CURRENT_USER\SOFTWARE\Classes\webcal\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Yeshat]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A9695CA4-808B-4558-B95A-A996CFA8F89C}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A9695CA4-808B-4558-B95A-A996CFA8F89C}"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69bca1ab_0]
@=-
[-HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Yeshat]
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\ftp\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\ftp\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\http\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\http\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\https\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\https\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\irc\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\irc\shell\open\command]
@=-
[-HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.ApplicationCompany"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mailto\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mailto\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mms\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\mms\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\news\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\news\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\nntp\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\nntp\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\sms\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\sms\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\smsto\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\smsto\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\tel\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\tel\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\urn\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\urn\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\webcal\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001\SOFTWARE\Classes\webcal\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\ftp\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\ftp\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\http\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\http\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\https\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\https\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\irc\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\irc\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Yeshat\Application\chrome.exe.ApplicationCompany"=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mailto\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mailto\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mms\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\mms\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\news\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\news\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\nntp\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\nntp\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\sms\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\sms\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\smsto\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\smsto\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\tel\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\tel\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\urn\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\urn\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\webcal\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4125575926-357873309-2165598990-1001_Classes\webcal\shell\open\command]
@=-
EndRegedit:
reboot:
*****************


====> Registry


The system needed a reboot.

==== End of Fixlog 18:07:32 ====

 
ESET report (after removal, because I derped):
[code=auto:0]C:\AdwCleaner\quarantine\files\wdhshxjkryboioshpbqfeuygevihujns.back a variant of Win32/Adware.Agent.NPN application cleaned by deleting
C:\AdwCleaner\quarantine\files\fkbltprqrgaitajcddnmrmygxsghiwyg\em.exe a variant of Win32/Jawego.D potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\opcsobhardlzraqkwlrnalsfygzevcwt\pccleanplus.exe a variant of Win32/Jawego.C potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe.xBAD a variant of Win32/Adware.ELEX.IV application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\MIO\loader\adataxsu800_2g3720064027.dat a variant of Generik.HPVLLOR trojan cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\Shunosyjibtain\_ALLOWDEL_1981da45\MIO.dll Win32/Adware.ELEX.IT application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\Shunosyjibtain\_ALLOWDEL_1981da45\simple.dll Win32/Adware.ELEX.IU application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\Shunosyjibtain\_ALLOWDEL_1981da45\SSS.dll a variant of Win32/Adware.ELEX.IO application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\Shunosyjibtain\_ALLOWDEL_1981da45\WinSnare.msi a variant of Win64/Snarasite.A trojan deleted
C:\FRST\Quarantine\C\Users\Kamil\AppData\Local\Temp\5VIG7E2.exe.xBAD a variant of Win32/EasyHotspot.A potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Users\Kamil\AppData\Local\Temp\cpa.exe.xBAD Win32/Indiloadz.A trojan cleaned by deleting
V:\.Trash-1000\files\utorrent.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
V:\Instalki\Programy na po formacie\FileZilla_3.9.0.6_win32-setup.exe a variant of Win32/InstallCore.ACZ potentially unwanted application cleaned by deleting
V:\Instalki\Programy na po formacie\FreemakeVideoConverterSetup.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting

 
Security Check log:

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
Google Chrome (56.0.2924.87)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Edited by Oh My!, 30 March 2017 - 09:07 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users