Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with malware + Sync.madnet.ru and maybe backdoor? Please check FRST


  • This topic is locked This topic is locked
22 replies to this topic

#1 piotrek123

piotrek123

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 12 November 2017 - 05:13 AM

Hello,

My computer started to behave really weird. I think that I have infected computer (I'm not an IT guy). The only thing which changed is that my computer runs slowly, ESET asked me to allow Sync.madnet.ru to "access" to firewall (?), plus I wanted to do some stuff in Revit and I wasn't able to use it's options - while using Revit, in family enviroment, clicking on "Edit Type" causes that program turns off.

 

Before using FRST I scanned my computer with ComboFix, AdvCleaner, rkill, JRT and yesterday I did ESET scan, which took 7-8 hours, on newly updated 11 version.

 

I did FRST scan by all filters checked. I attached generated files.

 

I would be really thankful for help.

 

 

EDIT: 15:15 +1 GMT TIME

Sorry, I read about FRST, and logs from previous scan, were done by FRST without running it as administrator, my apologise. I attached new logs and changed logs in second post

Attached Files


Edited by piotrek123, 12 November 2017 - 09:57 AM.


BC AdBot (Login to Remove)

 


#2 piotrek123

piotrek123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 12 November 2017 - 05:28 AM

EDIT: As explained in the orginal post. Sorry for my mistake

 

FRST

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 12-11-2017
Uruchomiony przez Piotr (administrator)  KOMPUTER (12-11-2017 15:12:21)
Uruchomiony z C:\Users\Piotr\Downloads\1
Załadowane profile: Piotr (Dostępne profile: Piotr)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Adobe Systems Inc.) E:\Mathcad PDSi\Acrobat\acrotray.exe
(Macrovision Europe Ltd.) C:\Users\Piotr\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Creative Labs) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Farbar) C:\Users\Piotr\Downloads\1\FRST64(1).exe

==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2017-01-17] (Autodesk, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [323328 2017-11-10] (ESET)
HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2015-01-19] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CTSyncService] => C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Mathcad PDSi\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-03-10] (Autodesk, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKU\S-1-5-21-136798832-305523967-369107754-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-136798832-305523967-369107754-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [1277016 2017-04-15] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254
Tcpip\..\Interfaces\{9AE69636-73F8-4B6D-8E2D-DBAA31D83575}: [DhcpNameServer] 37.8.214.2 31.11.202.254

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-136798832-305523967-369107754-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-136798832-305523967-369107754-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.pl/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-136798832-305523967-369107754-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-20] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\MS Project\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\u1uf3m1r.default-1421960799249 [2017-11-12]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-05-06] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: (PDF Architect 3 Creator) - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-06-17] [Brak podpisu cyfrowego]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-10-02] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-10-02] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-21] (Microsoft Corporation)

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1309176 2017-03-10] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-01-19] (Creative Labs) [Brak podpisu cyfrowego]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-01-19] (Creative Labs) [Brak podpisu cyfrowego]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [Brak podpisu cyfrowego]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1932336 2017-11-10] (ESET)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2123104 2017-10-21] (Electronic Arts)
S2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [3002720 2017-10-21] (Electronic Arts)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2015-01-19] (Creative Labs) [Brak podpisu cyfrowego]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== UWAGA (Brak ServiceDLL)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-19] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [133856 2017-10-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107336 2017-09-25] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2017-10-05] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50744 2017-09-25] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [81888 2017-09-25] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61040 2017-09-25] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [106312 2017-09-25] (ESET)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2015-01-20] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2015-01-19] (FNet Co., Ltd.)
S2 Kmm4xNT; C:\Windows\SysWow64\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk) [Brak podpisu cyfrowego]
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2016-12-05] (Nicomsoft Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-11-12 15:08 - 2017-11-12 15:08 - 000000000 ____D C:\Users\Piotr\Downloads\1
2017-11-12 15:07 - 2017-11-12 15:07 - 000000000 ____D C:\Users\Piotr\Downloads\frst
2017-11-11 11:19 - 2017-11-11 11:21 - 000000000 ____D C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP
2017-11-11 11:19 - 2017-11-11 11:19 - 000000000 ____D C:\Program Files (x86)\Enigma Software Group
2017-11-11 11:06 - 2017-11-12 11:02 - 000068187 _____ C:\Users\Piotr\Downloads\Shortcut.txt
2017-11-11 11:03 - 2017-11-12 11:02 - 000053587 _____ C:\Users\Piotr\Downloads\Addition.txt
2017-11-11 11:02 - 2017-11-12 11:02 - 000023917 _____ C:\Users\Piotr\Downloads\FRST1.txt
2017-11-11 10:52 - 2017-11-11 10:52 - 000002529 _____ C:\Users\Piotr\Desktop\JRT.txt
2017-11-10 21:57 - 2017-11-10 22:00 - 000002158 _____ C:\Users\Piotr\Desktop\Rkill.txt
2017-11-10 21:49 - 2017-11-10 21:51 - 000000000 ____D C:\AdwCleaner
2017-11-10 21:43 - 2017-11-10 21:43 - 000019266 _____ C:\ComboFix.txt
2017-11-10 21:17 - 2017-11-10 21:17 - 002403328 _____ (Farbar) C:\Users\Piotr\Downloads\FRST64.exe
2017-11-10 21:15 - 2017-11-10 21:15 - 001790024 _____ (Malwarebytes) C:\Users\Piotr\Downloads\JRT.exe
2017-11-10 21:14 - 2017-11-10 21:15 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Piotr\Downloads\rkill.exe
2017-11-10 21:14 - 2017-11-10 21:14 - 008261584 _____ (Malwarebytes) C:\Users\Piotr\Downloads\AdwCleaner.exe
2017-11-09 22:30 - 2017-11-09 22:30 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\Piotr\Downloads\SpyHunter-Installer.exe
2017-11-06 20:54 - 2017-11-06 20:54 - 000001943 _____ C:\Users\Public\Desktop\ESET Ochrona bankowości internetowej.lnk
2017-11-06 20:53 - 2017-11-06 20:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-11-06 20:53 - 2017-11-06 20:53 - 000000000 ____D C:\ProgramData\ESET
2017-11-06 20:53 - 2017-11-06 20:53 - 000000000 ____D C:\Program Files\ESET
2017-11-06 20:37 - 2017-11-06 20:45 - 184480376 _____ (ESET) C:\Users\Piotr\Downloads\essp_nt64.exe
2017-10-29 09:51 - 2017-10-29 09:51 - 000118617 _____ C:\Users\Piotr\Downloads\fwdrenumerki.zip
2017-10-29 09:21 - 2017-10-29 09:21 - 000000000 ____D C:\Users\Piotr\Downloads\mm
2017-10-29 08:18 - 2017-10-29 08:18 - 000000725 _____ C:\Users\Public\Desktop\PTC Mathcad Prime 4.0.lnk
2017-10-29 08:18 - 2017-10-29 08:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC Mathcad
2017-10-29 08:18 - 2017-10-29 08:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC
2017-10-29 07:42 - 2015-09-11 14:49 - 000001574 _____ C:\Users\Piotr\Documents\pim_installmgr.log.bak
2017-10-29 07:41 - 2017-10-29 07:42 - 000000000 ____D C:\Users\Piotr\Downloads\prime 4.0
2017-10-29 07:35 - 2017-10-29 07:41 - 1177027153 _____ C:\Users\Piotr\Downloads\MED-60893-CD-240_M010.zip
2017-10-27 21:29 - 2017-10-27 21:29 - 000018642 _____ C:\Users\Piotr\Downloads\printOnUnopenedFiles.dyn
2017-10-26 22:24 - 2017-10-26 22:24 - 000064108 _____ C:\Users\Piotr\Downloads\TR_DETAILS_20171026232440.pdf
2017-10-26 22:22 - 2017-10-26 22:22 - 000010849 _____ C:\Users\Piotr\Downloads\0321638-FV_1060234_2017_OPER_LODC.pdf
2017-10-26 22:16 - 2017-10-26 22:16 - 000063476 _____ C:\Users\Piotr\Downloads\TR_DETAILS_20171026231629.pdf
2017-10-26 22:16 - 2017-10-26 22:16 - 000063367 _____ C:\Users\Piotr\Downloads\TR_DETAILS_20171026231636.pdf
2017-10-19 18:49 - 2017-10-19 18:49 - 000064317 _____ C:\Users\Piotr\Downloads\TR_DETAILS_20171019194935.pdf
2017-10-17 08:07 - 2017-10-17 08:07 - 000133856 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-11-12 15:12 - 2017-03-22 20:56 - 000000000 ____D C:\FRST
2017-11-12 15:08 - 2016-11-23 17:18 - 000000000 ____D C:\Users\Piotr\AppData\LocalLow\Mozilla
2017-11-12 10:49 - 2009-07-14 05:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-12 10:49 - 2009-07-14 05:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-12 10:33 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-11 11:18 - 2015-01-22 20:40 - 000000000 ____D C:\Qoobox
2017-11-10 21:31 - 2009-07-14 03:34 - 000000215 _____ C:\Windows\system.ini
2017-11-09 21:12 - 2015-01-21 20:24 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-11-07 19:00 - 2016-05-11 17:06 - 000000000 ____D C:\ProgramData\RevitInterProcess
2017-11-07 18:33 - 2015-01-24 17:58 - 000000000 ____D C:\Users\Piotr\AppData\Local\CrashDumps
2017-11-07 18:30 - 2011-04-12 14:21 - 000740098 _____ C:\Windows\system32\perfh015.dat
2017-11-07 18:30 - 2011-04-12 14:21 - 000155672 _____ C:\Windows\system32\perfc015.dat
2017-11-07 18:30 - 2009-07-14 06:13 - 001669190 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-07 18:30 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-10-30 07:13 - 2017-08-13 17:09 - 000000000 ____D C:\Users\Piotr\Documents\FV
2017-10-30 07:13 - 2017-08-07 22:17 - 000000000 ____D C:\Users\Public\Documents\TaxMachine
2017-10-30 07:11 - 2017-08-27 20:27 - 000000632 _____ C:\Users\Piotr\Desktop\TaxMachine 2.lnk
2017-10-30 07:11 - 2017-08-07 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxMachine 2
2017-10-29 23:37 - 2009-07-14 05:45 - 000534952 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-29 09:56 - 2015-03-20 22:24 - 000000600 _____ C:\Users\Piotr\AppData\Roaming\winscp.rnd
2017-10-29 09:13 - 2015-01-19 22:58 - 000146376 _____ C:\Users\Piotr\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-29 08:18 - 2015-09-11 14:06 - 000000000 ____D C:\ProgramData\PTC
2017-10-29 08:06 - 2015-01-20 08:42 - 001640860 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-10-27 21:17 - 2015-01-19 23:14 - 000000000 ____D C:\Users\Piotr\AppData\Roaming\DAEMON Tools Lite
2017-10-26 22:31 - 2016-04-21 20:40 - 000003888 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1461267634
2017-10-26 22:31 - 2015-01-31 00:46 - 000000000 ____D C:\Program Files (x86)\Opera
2017-10-22 15:53 - 2015-01-25 13:00 - 000000000 ____D C:\ProgramData\Origin
2017-10-22 15:33 - 2016-10-24 16:30 - 000000000 ____D C:\Users\Piotr\AppData\Roaming\Origin

==================== Pliki w katalogu głównym wybranych folderów =======

2015-03-20 22:24 - 2017-10-29 09:56 - 000000600 _____ () C:\Users\Piotr\AppData\Roaming\winscp.rnd
2017-05-21 17:46 - 2017-05-21 17:46 - 000007602 _____ () C:\Users\Piotr\AppData\Local\Resmon.ResmonCfg
2017-08-28 23:08 - 2017-08-28 23:08 - 000003250 _____ () C:\Users\Piotr\AppData\Local\unins000.dat
2017-08-28 23:08 - 2017-08-28 23:08 - 000011761 _____ () C:\Users\Piotr\AppData\Local\unins000.msg
2015-07-29 16:30 - 2015-07-29 16:30 - 000000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

LastRegBack: 2017-11-09 21:42

==================== Koniec  FRST.txt ============================

 

 

Addition

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 12-11-2017
Uruchomiony przez Piotr (12-11-2017 15:12:36)
Uruchomiony z C:\Users\Piotr\Downloads\1
Windows 7 Home Premium Service Pack 1 (X64) (2015-01-19 21:17:27)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Administrator (S-1-5-21-136798832-305523967-369107754-500 - Administrator - Disabled)
Gość (S-1-5-21-136798832-305523967-369107754-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-136798832-305523967-369107754-1002 - Limited - Enabled)
Piotr (S-1-5-21-136798832-305523967-369107754-1000 - Administrator - Enabled) => C:\Users\Piotr

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: ESET Smart Security Premium (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security Premium (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Zapora (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
AdiIRC (HKLM-x32\...\AdiIRC) (Version: 2.6 - Per Amundsen)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1500, 31.08.2015 - AIMP DevTeam)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Aplikacja na pulpit firmy Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.5.154 - Autodesk)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.54 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.26 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.0.27.1100 - Autodesk)
Autodesk A360 Collaboration for Revit 2017 (HKLM\...\{AA384BE4-1704-0010-0000-97E7D7D00B17}) (Version: 17.0.1117.0 - Autodesk) Hidden
Autodesk A360 Collaboration for Revit 2017 (HKLM\...\Autodesk A360 Collaboration for Revit 2017) (Version: 17.0.1117.0 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk BIM 360 Revit 2015 Add-in 64 bit (HKLM\...\{37E1C3A1-7DBF-4250-9314-46167B68383D}) (Version: 3.32.3357 - Autodesk)
Autodesk BIM 360 Revit 2016 Add-in 64 bit (HKLM\...\{C5A83116-8654-47A3-A3B1-B76905C8A198}) (Version: 4.35.3969 - Autodesk)
Autodesk BIM 360 Revit 2017 Add-in 64 bit (HKLM\...\{A26EBAD5-9591-407F-9D6C-C7A4F3DFE506}) (Version: 4.37.6853 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2015 (HKLM-x32\...\{4FBC9635-AC56-4378-8FDE-C4D3ED072681}) (Version: 5.2.8.100 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2016 (HKLM-x32\...\{FA5DF4D1-CD59-4183-B3D4-779A56498786}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2017 (HKLM-x32\...\{360AC116-6CD4-4E7D-8174-28D47B05E898}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.8.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2017 (HKLM-x32\...\{CB6E007E-701D-42CD-AF0E-4BE9C36C7F7C}) (Version: 15.11.3.0 - Autodesk)
Autodesk ReCap (HKLM\...\{31ABA3F2-0000-1033-0102-111D43815377}) (Version: 1.3.1.39 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
Autodesk Revit 2015 - Polski (Polish) (HKLM\...\Autodesk Revit 2015 - Polski (Polish)) (Version: 15.0.207.0 - Autodesk)
Autodesk Revit 2015 Language Pack - English (HKLM\...\Autodesk Revit 2015 Language Pack - English) (Version: 15.0.136.0 - Autodesk)
Autodesk Revit 2016 (HKLM\...\Autodesk Revit 2016) (Version: 16.0.490.0 - Autodesk)
Autodesk Revit 2017 (HKLM\...\Autodesk Revit 2017) (Version: 17.0.1117.0 - Autodesk)
Autodesk Revit 2017 (HKLM\...\Revit 2017) (Version:  - )
Autodesk Revit 2017.2 (HKLM\...\Autodesk Revit 2017 SP5) (Version: 17.0.1117.0 - Autodesk)
Autodesk Revit 2017.2 Update (HKLM-x32\...\{847e32aa-e899-47d0-a06a-13cf9d58d370}) (Version: 17.0.1117.0 - Autodesk) Hidden
Autodesk Revit Content Libraries 2015 - Polski (Polish) (HKLM\...\Autodesk Revit Content Libraries 2015 - Polski (Polish)) (Version: 15.0.207.0 - Autodesk)
Autodesk Revit Content Libraries 2016 (HKLM\...\Autodesk Revit Content Libraries 2016) (Version: 16.0.490.0 - Autodesk)
Autodesk Revit Content Libraries 2017 - Polski (Polish) (HKLM\...\Autodesk Revit Content Libraries 2017 - Polski (Polish)) (Version: 17.0.416.0 - Autodesk)
Autodesk Revit Content Libraries 2017 - Polski (Polish) (HKLM\...\Revit Content Libraries 2017 - Polski (Polish)) (Version:  - )
Autodesk Revit DB Link 2017 (HKLM\...\{282CD6A9-1700-0010-0000-A6206F57D8FE}) (Version: 17.0.456.0 - Autodesk) Hidden
Autodesk Revit DB Link 2017 (HKLM\...\Autodesk Revit DB Link 2017) (Version: 17.0.456.0 - Autodesk)
Autodesk Revit Extension for Autodesk Fabrication (HKLM\...\{C3153D89-8E9E-4A1E-A0E8-FB913151A78D}) (Version: 3.05.980.0 - Autodesk) Hidden
Autodesk Revit Extension for Autodesk Fabrication (HKLM\...\Autodesk Revit Extension for Autodesk Fabrication) (Version: 3.05.980.0 - Autodesk)
Autodesk Revit MEP Imperial Content v2.0 (HKLM\...\{F2538944-3E07-4E97-B41A-FC48AB53EE9D}) (Version: 2.0 - Autodesk)
Autodesk Revit MEP Metric Content v2.0 (HKLM\...\{DEF775C7-84BF-4730-976A-FE3747F1757C}) (Version: 2.0 - Autodesk)
Autodesk Revit Model Review 2017 (HKLM\...\{715812E8-1700-0010-0000-BBB894911B46}) (Version: 17.0.456.0 - Autodesk) Hidden
Autodesk Revit Model Review 2017 (HKLM\...\Autodesk Revit Model Review 2017) (Version: 17.0.456.0 - Autodesk)
Autodesk Revit Site Designer Extension 2017 (HKLM\...\{48F4AD4C-1702-0010-0000-0A7B3B0A5D16}) (Version: 17.0.1057.0 - Autodesk) Hidden
Autodesk Revit Site Designer Extension 2017 (HKLM\...\Autodesk Revit Site Designer Extension 2017) (Version: 17.0.1057.0 - Autodesk)
Autodesk Robot Structural Analysis Professional 2015 - Polish regional settings (HKLM\...\{D720E343-2FAC-4AE8-838A-28D9CB224471}) (Version: 2015.0.0.5335 - Autodesk) Hidden
Autodesk Robot Structural Analysis Professional 2015 (HKLM\...\{3490656B-EAD3-467A-87BB-FE4C54F6C9E7}) (Version: 2015.0.0.5335 - Autodesk, Inc.) Hidden
Autodesk Robot Structural Analysis Professional 2015 (HKLM\...\Autodesk Robot Structural Analysis Professional 2015) (Version: 2015.0.0.5335 - Autodesk, Inc.)
Autodesk Steel Connections for Revit (HKLM\...\{D1D58D9D-1700-0000-0000-F357167BE193}) (Version: 17.0.451.0 - Autodesk) Hidden
Autodesk Steel Connections for Revit (HKLM\...\Autodesk Steel Connections for Revit) (Version: 17.0.451.0 - Autodesk)
Autodesk Workflows 2015 (HKLM\...\{A90DD6F8-60D2-4803-AFF6-796400E73E1B}) (Version: 5.2.14.100 - Autodesk, Inc.)
Autodesk Workflows 2016 (HKLM\...\{535CDED0-D690-4738-83EE-09056A365BAC}) (Version: 6.3.0.18 - Autodesk, Inc.)
Autodesk Workflows 2017 (HKLM\...\{23A13F78-5B67-441A-ABF9-48BE8B5455DB}) (Version: 15.11.13.0 - Autodesk, Inc.)
Batch Print for Autodesk Revit 2017 (HKLM\...\{82AF00E4-1700-0010-0000-FCE0F87063F9}) (Version: 17.0.456.0 - Autodesk) Hidden
Batch Print for Autodesk Revit 2017 (HKLM\...\Batch Print for Autodesk Revit 2017) (Version: 17.0.456.0 - Autodesk)
Belka v.3.0.27.640 FREE (HKLM-x32\...\Belka FREE_is1) (Version:  - SPECBUD)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
ChomikBox (HKLM-x32\...\{71736AF6-BA4B-4F3C-8496-C325B97869BA}) (Version: 2.0.8.1 - Chomikuj.pl)
Civil Structures for Autodesk Revit 2017 (HKLM\...\{8EFD2115-0569-4291-9536-89A840B1825D}) (Version: 17.0.0.3 - Autodesk)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dynamo 0.9.1 (HKLM\...\{85626FB3-CAF9-49C1-AA28-E3C75164BD6F}) (Version: 0.9.1.4062 - Autodesk)
Dynamo Core 1.3.1 (HKLM\...\{19F6B758-E5CF-4E91-BBA2-11DFABD5EF4A}) (Version: 1.3.1.1736 - Dynamo)
Dynamo Revit 1.3.1 (HKLM\...\{39E0B8C6-FEFB-4A13-A55B-CFE2C625122D}) (Version: 1.3.1.1736 - Dynamo)
e-Deklaracje Desktop (HKLM-x32\...\{145486BA-033C-7D81-9949-E4BF0C2AD165}) (Version: 9.0.5 - Ministerstwo Finansow) Hidden
e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 9.0.5 - Ministerstwo Finansow)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
ESET Security (HKLM\...\{F6EFF0FC-2E8F-4BA6-93BC-DEFD0AD5D8C6}) (Version: 11.0.144.0 - ESET, spol. s r.o.)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FIFA 17 (HKLM-x32\...\{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}) (Version: 1.0.48.30259 - Electronic Arts)
FormIt 360 Converter For Revit 2017 (HKLM\...\{637211B6-D2E9-474A-BF06-4F61F1254104}) (Version: 1.9.0.0 - Autodesk)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
i-Menu version 4.3.6 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.3.6 - AOC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
IronPython 2.7.3 (HKLM-x32\...\{1EBADAEA-1A0F-40E3-848C-0DD8C5E5A10D}) (Version: 2.7.31000.0 - IronPython Team)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java SE Development Kit 8 Update 141 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180141}) (Version: 8.0.1410.15 - Oracle Corporation)
Kurs Całki Wielokrotne eTrapez (HKLM-x32\...\Kurs Całki Wielokrotne eTrapez) (Version: 2013 - eTrapez Krystian Karczyński)
Kurs Szeregi eTrapez (HKLM-x32\...\Kurs Szeregi eTrapez) (Version: 2013 - eTrapez Krystian Karczyński)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
Mathcad PDSi viewable support (HKLM-x32\...\{AC76D478-1033-0000-3478-000000000004}) (Version: 9.0.0 - Adobe Systems) Hidden
Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems)
Microsoft .NET Framework 4.6 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 pl) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 pl)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
oCam wersja 344.0 (HKLM-x32\...\oCam_is1) (Version: 344.0 - hxxp://ohsoft.net/)
Opera Stable 48.0.2685.52 (HKLM-x32\...\Opera 48.0.2685.52) (Version: 48.0.2685.52 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.4.63358 - Electronic Arts, Inc.)
Pazera Free Audio Extractor (32-bit) 2.4 (HKLM-x32\...\{6899C238-3E4A-4A04-B251-A0C9EDC7EDBC}_is1) (Version: 2.4 - Jacek Pazera)
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (HKLM-x32\...\{38BA288B-C4F4-4C62-9237-4BFAB374F966}) (Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (HKLM-x32\...\{5183F03D-90FA-493B-A074-F0F78B8486AD}) (Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (HKLM-x32\...\{EB24E9E7-4BC1-4FD7-BF86-BDE07A7A03D7}) (Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{D646643B-56BD-43B2-9932-9C03D7E90FED}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{792B82BA-6895-4719-B603-E198AEE90D68}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{FF4FA406-055A-479E-B025-1AAA7FFAA39F}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.317.1 - Tracker Software Products Ltd)
Personal Accelerator for Revit (HKLM\...\{7C317DB0-F399-4024-A289-92CF4B6FB256}) (Version: 16.0.1205.0 - Autodesk) Hidden
Personal Accelerator for Revit (HKLM\...\Personal Accelerator for Revit) (Version: 16.0.1205.0 - Autodesk)
PTC Diagnostic Tools (HKLM\...\{D5DF50CC-3FFB-4155-96A0-B3530CB3301B}) (Version: 4.0.0.0 - PTC)
PTC Mathcad Prime 3.1 (HKLM\...\{3A4F83E8-C604-4970-8A1F-8963B3507630}) (Version: 3.1.0 - PTC)
PTC Mathcad Prime 4.0 (HKLM\...\{F7F13E1C-A30A-406D-9890-FBD24D507867}) (Version: 4.0.1 - PTC)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Revit 2015 - Polski (Polish) (HKLM\...\{7346B4A0-1500-0510-0000-705C0D862004}) (Version: 15.0.207.0 - Autodesk) Hidden
Revit 2015 Language Pack - English (HKLM\...\{7346B4A0-1500-0511-0409-705C0D862004}) (Version: 15.0.136.0 - Autodesk) Hidden
Revit 2015 Pakiet językowy - Polski (Polish) (HKLM\...\{7346B4A0-1500-0511-0415-705C0D862004}) (Version: 15.0.207.0 - Autodesk) Hidden
Revit 2016 (HKLM\...\{7346B4A0-1600-0510-0000-705C0D862004}) (Version: 16.0.490.0 - Autodesk) Hidden
Revit 2017 (HKLM\...\{7346B4A0-1700-0510-0000-705C0D862004}) (Version: 17.0.1117.0 - Autodesk) Hidden
Revit Content Libraries 2015 - Polski (Polish) (HKLM\...\{941030D0-1500-0410-0000-818BB38A95FC}) (Version: 15.0.207.0 - Autodesk) Hidden
Revit Content Libraries 2016 (HKLM\...\{941030D0-1600-0410-0000-818BB38A95FC}) (Version: 16.0.490.0 - Autodesk) Hidden
Revit Content Libraries 2017 - Polski (Polish) (HKLM\...\{941030D0-1700-0410-0000-818BB38A95FC}) (Version: 17.0.416.0 - Autodesk) Hidden
Revit Extensions for Autodesk Revit 2017 (HKLM\...\{8B2BC096-5AC1-4071-AE6E-A16B81B73996}) (Version: 1.0.0.0 - Autodesk)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
Roombook Areabook Buildingbook for Revit 2017 V1 (HKLM\...\{B6913E65-3BC2-4907-8C1D-712598A69E72}) (Version: 7.00.2513 - Autodesk, Inc.)
Screen+ version Screen+ 1.4.2 (HKLM\...\Screen+_is1) (Version: Screen+ 1.4.2 - AOC)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Soldis PROJEKTANT 2016 (HKLM-x32\...\E94B1101-7675-4E37-9CB2-2E38A872154A) (Version: 8.6 - SOLDIS)
Sound Blaster X-Fi MB (HKLM-x32\...\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}) (Version: 1.0 - Creative Technology Limited)
TaxMachine 2 (HKLM-x32\...\TaxMachine_is1) (Version: 2.8 - NEONET CONSULTING S.C.)
USB Vibration Joystick (BM) (HKLM-x32\...\{61A994FF-D39B-4937-9DB9-87EC4FF1BB88}) (Version: 1.00.0000 - ShanWan)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
WinSCP 5.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7 - Martin Prikryl)
Worksharing Monitor for Autodesk Revit 2017 (HKLM\...\{5063E738-1700-0010-0000-7B7B9AB0B696}) (Version: 17.0.476.0 - Autodesk) Hidden
Worksharing Monitor for Autodesk Revit 2017 (HKLM\...\Worksharing Monitor for Autodesk Revit 2017) (Version: 17.0.476.0 - Autodesk)
Wtyczka e-Deklaracje (HKLM-x32\...\{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1) (Version: 4.3.0 - Ministerstwo Finansów)
XFastUsb (HKLM-x32\...\XFastUsb) (Version:  - )

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-10] (ESET)
ContextMenuHandlers1-x32: [PDFArchitect3_PDFManagerExt] -> {7519DD38-AA6F-4250-8E81-F1576DA1A05E} => C:\Program Files (x86)\PDF Architect 3\creator-context-menu.dll [2015-04-24] (pdfforge GmbH)
ContextMenuHandlers1-x32: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-01-15] (pdfforge GmbH)
ContextMenuHandlers1-x32: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-10] (ESET)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Brak pliku
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-09-15] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => E:\Mathcad PDSi\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-10-06] (Adobe Systems Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-10] (ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Brak pliku
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => E:\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {03601735-0D40-48C5-964F-F632929869D8} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {03601735-0D40-48C5-964F-F632929869D8} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {1D7C5C4F-96C7-4CED-8085-2679B7517857} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {1D7C5C4F-96C7-4CED-8085-2679B7517857} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {1D7C5C4F-96C7-4CED-8085-2679B7517857} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {641AADB6-B843-47AB-BCEA-4B8627E39DB5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [2017-04-15] (Adobe Systems Incorporated)
Task: {78149B87-302A-492C-98C8-53DA5D3A0EE4} - System32\Tasks\Opera scheduled Autoupdate 1461267634 => C:\Program Files (x86)\Opera\launcher.exe [2017-10-24] (Opera Software)
Task: {7A9C30CF-8F79-4EA6-BCD5-CE249EFD4E9A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => E:\MS Project\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A95B3934-F0AC-4931-AEB2-8316EDCF800F} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {A95B3934-F0AC-4931-AEB2-8316EDCF800F} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {ECDDD548-D751-419F-BF66-7156211476B0} - System32\Tasks\{0F9A5E65-FFB4-4AC5-8177-D093B908AE5E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard\Engine\7.0.0.18\Gear\GEARDIFx.exe" -d C:\Users\Piotr\Downloads -c INSTALL "NBRTWizard" "{A4274214-B468-482e-B2AC-24FCD2365C4B}"
Task: {FBAA22B8-89EF-415C-AD93-883E2A9439E5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)


==================== Skróty & WMI ========================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)


==================== Załadowane moduły (filtrowane) ==============

2015-04-21 12:44 - 2015-04-21 12:44 - 000059784 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qoauth_Ad_1.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 000922504 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qca_Ad_2.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 000232328 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qjson_Ad_0.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 000048520 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\QtSolutions_MFCMigrationFramework_Ad_2.dll
2016-05-11 16:52 - 2017-03-10 11:48 - 000061944 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2016-05-11 16:52 - 2017-03-10 11:48 - 000110584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2017-11-12 10:40 - 2017-11-12 10:40 - 000697884 _____ () C:\Users\Piotr\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0002\~df394b.tmp
2017-11-12 10:40 - 2017-11-12 10:40 - 000592896 _____ () C:\Users\Piotr\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0002\~de6248.tmp
2015-01-19 22:45 - 2009-02-06 18:52 - 000073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2015-01-19 22:45 - 2009-04-20 11:55 - 000148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)


==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)


==================== Powiązania plików (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 03:34 - 2017-11-10 21:31 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-136798832-305523967-369107754-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 37.8.214.2 - 31.11.202.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

MSCONFIG\startupreg: ADSKAppManager => "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [{7A2F0740-0339-406F-AA7C-05C0E34FE198}] => (Allow) LPort=50248
FirewallRules: [{7FBFDEE3-5EF2-4F6C-8816-FCB71BDE2594}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8FCDA4D-346C-4416-857B-E1B1DD5E412C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{761A13DD-7E05-42FC-8236-6DA3F66BB0B1}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{067B170B-646F-4F3D-ACF0-08365254A1E8}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7EB60220-30B8-4FB8-B31E-D8801EE631B5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{5CE3FD2B-D732-4389-A127-9530F87A1169}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{5F1902D3-92B4-4814-AE46-2EAC3B74DDA3}E:\rockstar games\grand theft auto v\gta5.exe] => (Allow) E:\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{2A1275CC-DD63-491B-903F-1118660E8ACF}E:\rockstar games\grand theft auto v\gta5.exe] => (Allow) E:\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{A17A4F73-CC18-4B04-96AA-07A849298194}] => (Allow) E:\NapiProjekt\napisy.exe
FirewallRules: [{EDB12B8C-DECE-4964-8E24-41DFAC095F1A}] => (Allow) E:\NapiProjekt\napisy.exe
FirewallRules: [TCP Query User{4D4D815E-126E-45FC-ACAC-2B35EADC3FB4}C:\users\piotr\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\piotr\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3CB88F16-B82D-4F1E-9371-77855C9CE09E}C:\users\piotr\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\piotr\appdata\local\akamai\netsession_win.exe
FirewallRules: [{52F2D5FA-AB85-4599-81B5-FD425CE1D5F9}] => (Block) C:\users\piotr\appdata\local\akamai\netsession_win.exe
FirewallRules: [{DFEDB12E-FF50-467B-9DEA-11C301EC4D73}] => (Block) C:\users\piotr\appdata\local\akamai\netsession_win.exe
FirewallRules: [{E8336CB6-DC6D-4D5D-9738-F1C30D68D007}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F529D1CC-51FE-4522-AB1F-7935F963754A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DFDB66F5-74FA-462B-9B75-5FDBDFA99A10}] => (Allow) LPort=1688
FirewallRules: [{E7183039-992B-4FA6-A6A6-05DC98A145A7}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{1CB83355-2933-414B-80A9-774DCAACA810}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{081F0D77-883D-4083-8D22-F04D36722C94}] => (Allow) C:\Program Files (x86)\Opera\48.0.2685.50\opera.exe
FirewallRules: [{19256581-BAE9-4898-B8EA-AF540D23BD46}] => (Allow) C:\Program Files (x86)\Opera\48.0.2685.52\opera.exe

==================== Punkty Przywracania systemu =========================

04-11-2017 19:21:09 Zaplanowany punkt kontrolny
10-11-2017 21:19:01 ComboFix created restore point
11-11-2017 10:49:06 JRT Pre-Junkware Removal
11-11-2017 11:20:51 Removed SpyHunter

==================== Wadliwe urządzenia w Menedżerze urządzeń =============


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (11/12/2017 10:35:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/12/2017 12:03:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/11/2017 11:01:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/11/2017 10:47:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/10/2017 09:54:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/10/2017 09:47:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/10/2017 09:11:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/10/2017 07:02:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/10/2017 06:51:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/09/2017 09:13:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Dziennik System:
=============
Error: (11/12/2017 10:34:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Origin Web Helper Service z powodu następującego błędu:
Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie.

Error: (11/12/2017 10:34:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Origin Web Helper Service.

Error: (11/12/2017 10:33:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Kmm4xNT z powodu następującego błędu:
Nastąpiło zablokowanie ładowania sterownika

Error: (11/12/2017 10:33:59 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Ładowanie sterownika \SystemRoot\SysWow64\Drivers\Kmm4xNT.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika.

Error: (11/12/2017 12:02:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Origin Web Helper Service z powodu następującego błędu:
Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie.

Error: (11/12/2017 12:02:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Origin Web Helper Service.

Error: (11/12/2017 12:01:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Kmm4xNT z powodu następującego błędu:
Nastąpiło zablokowanie ładowania sterownika

Error: (11/12/2017 12:01:56 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Ładowanie sterownika \SystemRoot\SysWow64\Drivers\Kmm4xNT.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika.

Error: (11/11/2017 11:18:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa PDF Architect 4 Manager niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (11/11/2017 11:00:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Origin Web Helper Service z powodu następującego błędu:
Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie.


CodeIntegrity:
===================================
  Date: 2017-11-10 21:27:33.578
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-10 21:27:33.562
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-08 23:20:43.940
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-08 23:20:43.909
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-08 23:20:43.894
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-08 23:20:43.878
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-22 20:44:53.549
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-22 20:44:53.518
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Statystyki pamięci ===========================

Procesor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Procent pamięci w użyciu: 25%
Całkowita pamięć fizyczna: 8174.68 MB
Dostępna pamięć fizyczna: 6102.71 MB
Całkowita pamięć wirtualna: 16347.57 MB
Dostępna pamięć wirtualna: 14128.4 MB

==================== Dyski ================================

Drive c: () (Fixed) (Total:292.87 GB) (Free:124.97 GB) NTFS
Drive d: (Nowy) (Fixed) (Total:345.57 GB) (Free:29.91 GB) NTFS
Drive e: () (Fixed) (Total:292.97 GB) (Free:42.45 GB) NTFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B15EB200)
Partition 1: (Not Active) - (Size=101 MB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=292.9 GB) - (Type=42)
Partition 4: (Not Active) - (Size=638.4 GB) - (Type=42)

==================== Koniec  Addition.txt ============================

 

 

 

Rezultat skanowania skrótów użytkowników (x64) Wersja: 12-11-2017
Uruchomiony przez Piotr (12-11-2017 15:12:50)
Uruchomiony z C:\Users\Piotr\Downloads\1
Tryb startu: Normal

==================== Skróty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk -> C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> E:\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Deklaracje.lnk -> E:\Firma\edeklaracje\e-Deklaracje\e-Deklaracje.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk -> E:\WinSCP\WinSCP.exe (Martin Prikryl)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB\Uninstall.LNK -> C:\Program Files (x86)\XFastUsb\Uninstall.exe (FNet Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB\XFast USB.LNK -> C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxMachine 2\Deinstalacja programu TaxMachine 2.lnk -> E:\Firma\TaxMachine\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxMachine 2\Deinstalacja programu TaxMachine.lnk -> E:\Firma\TaxMachine\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxMachine 2\TaxMachine 2.lnk -> E:\Firma\TaxMachine\tmxp.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxMachine 2\TaxMachine.lnk -> E:\Firma\TaxMachine\tmxp.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen+\Screen+.lnk -> C:\Program Files\Screen+\ScreenLM64.exe (AOC Corps)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen+\Uninstall Screen+.lnk -> C:\Program Files\Screen+\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto V\Grand Theft Auto V.lnk -> E:\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Deinstalacja programu Revo Uninstaller Pro.lnk -> E:\Revo Uninstaller Pro\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk -> E:\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk -> E:\Revo Uninstaller Pro\RevoUninPro.exe (VS Revo Group)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC Mathcad\PTC Mathcad License Wizard.lnk -> E:\Prime 4.0\Mathcad Prime 4.0\LicenseWizard.exe (PTC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC Mathcad\PTC Mathcad Prime 4.0 XMCD, MCD Converter.lnk -> E:\Prime 4.0\Mathcad Prime 4.0\WorkSheetConverter.exe (PTC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC Mathcad\PTC Mathcad Prime 4.0.lnk -> E:\Prime 4.0\Mathcad Prime 4.0\MathcadPrime.exe (PTC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC\Diagnostic Tools.lnk -> C:\Windows\Installer\{D5DF50CC-3FFB-4155-96A0-B3530CB3301B}\QAgent_icon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Darowizna na PDFCreator.lnk -> C:\Program Files\PDFCreator\Darowizna na PDFCreator.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator Pomoc.lnk -> C:\Program Files\PDFCreator\PDFCreator_english.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator.lnk -> C:\Program Files\PDFCreator\PDFCreator.exe (pdfforge)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Strona WWW programu PDFCreator.lnk -> C:\Program Files\PDFCreator\PDFCreator.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\AFPL License.lnk -> C:\Program Files\PDFCreator\AFPL License.txt (Brak pliku)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\FairPlay License.lnk -> C:\Program Files\PDFCreator\FairPlay License.txt (Brak pliku)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\GPL License.lnk -> C:\Program Files\PDFCreator\GNU License.txt (Brak pliku)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\PDF-Viewer.lnk -> C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe (Tracker Software Products (Canada) Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\Uninstall.lnk -> C:\Program Files\Tracker Software\PDF Viewer\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 4\PDF Architect 4.lnk -> C:\Program Files\PDF Architect 4\architect.exe (pdfforge GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 3\PDF Architect 3.lnk -> C:\Program Files (x86)\PDF Architect 3\architect.exe (pdfforge GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pazera Free Audio Extractor (32-bit)\Deinstalacja programu Pazera Free Audio Extractor (32-bit).lnk -> E:\Audio_Extractor_32\unins000.exe (Brak pliku)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pazera Free Audio Extractor (32-bit)\Pazera Free Audio Extractor (32-bit).lnk -> E:\Audio_Extractor_32\AudioExtractor.exe (Brak pliku)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oCam\oCam.lnk -> C:\Program Files (x86)\oCam\oCam.exe (oh!soft ( Partner: MediaWave ))
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oCam\Uninstall.lnk -> C:\Program Files (x86)\oCam\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\Changelog.lnk -> C:\Program Files\MPC-HC\Changelog.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\Deinstalacja programu MPC-HC.lnk -> C:\Program Files\MPC-HC\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\MPC-HC x64.lnk -> C:\Program Files\MPC-HC\mpc-hc64.exe (MPC-HC Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mathcad\Mathcad 14\Mathcad 14.lnk -> C:\Program Files (x86)\Mathcad\Mathcad 14\mathcad.exe (Parametric Technology Corporation.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kurs Szeregi eTrapez\Kurs Szeregi eTrapez.lnk -> E:\eTrapez\Szeregi\VideoPlayer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kurs Szeregi eTrapez\Usuń Kurs Szeregi eTrapez.lnk -> E:\eTrapez\Szeregi\uninstall.exe (eTrapez Krystian Karczyński)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kurs Całki Wielokrotne eTrapez\Kurs Całki Wielokrotne eTrapez.lnk -> E:\eTrapez\Całki wielokrotnie złożone\VideoPlayer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kurs Całki Wielokrotne eTrapez\Usuń Kurs Całki Wielokrotne eTrapez.lnk -> E:\eTrapez\Całki wielokrotnie złożone\uninstall.exe (eTrapez Krystian Karczyński)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk -> C:\Program Files (x86)\Java\jdk1.8.0_141\bin\jmc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk -> C:\Program Files (x86)\Java\jdk1.8.0_141\bin\java.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\java.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\java.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IronPython 2.7\IronPython Console (64-bit).lnk -> C:\Program Files (x86)\IronPython 2.7\ipy64.exe (IronPython Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IronPython 2.7\IronPython Console.lnk -> C:\Program Files (x86)\IronPython 2.7\ipy.exe (IronPython Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IronPython 2.7\IronPython Documentation.lnk -> C:\Program Files (x86)\IronPython 2.7\Doc\IronPython.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IronPython 2.7\IronPython Readme.lnk -> C:\Program Files (x86)\IronPython 2.7\Readme.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Menu\i-Menu.lnk -> C:\Program Files (x86)\i-Menu\i-Menu.exe (AOC Monitors.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Menu\Uninstall i-Menu.lnk -> C:\Program Files (x86)\i-Menu\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\EA SPORTSt FIFA 15.lnk -> [LF]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\EA SPORTS™ FIFA 15.lnk -> [LF6"pH,R GFSI)ΞLܚEA SPORTS"! FIFA 15(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FIFA 14.lnk -> [LF6"pH,R GFSI74]F L.FIFA 14(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk -> C:\Program Files\Microsoft Games\More Games\MoreGames.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 17\FIFA 17.lnk -> E:\Program Files (x86)\Origin Games\FIFA 17\FIFA17.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 17\Pomoc techniczna.lnk -> E:\Program Files (x86)\Origin Games\FIFA 17\Support\EA Help\Pomoc techniczna.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 17\Umowa użytkownika FIFA 17.lnk -> E:\Program Files (x86)\Origin Games\FIFA 17\Support\eula\pl_PL_eula.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security\ESET Security.lnk -> C:\Program Files\ESET\ESET Security\egui.exe (ESET)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security\ESET SysInspector.lnk -> C:\Program Files\ESET\ESET Security\SysInspector.exe (ESET)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security\ESET SysRescue.lnk -> C:\Program Files\ESET\ESET Security\SysRescue.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUB File Reader\EPUB File Reader.lnk -> E:\EPUB File Reader\epubfilereader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUB File Reader\Uninstall EPUB File Reader.lnk -> E:\EPUB File Reader\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk -> C:\Program Files (x86)\DAEMON Tools Lite\DT.gadget ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Sound Blaster X-Fi MB\Creative Audio Control Panel.lnk -> C:\Program Files (x86)\Creative\SB X-Fi MB\AudioCS\CTAudCS.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Sound Blaster X-Fi MB\Creative Console Launcher.lnk -> C:\Program Files (x86)\Creative\SB X-Fi MB\Console Launcher\ConsoLCu.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Sound Blaster X-Fi MB\Volume Panel.lnk -> C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\ALchemy\Creative ALchemy.lnk -> C:\Program Files (x86)\Creative\ALchemy\ALchemy.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chomikuj.pl\ChomikBox.lnk -> C:\Program Files (x86)\ChomikBox\ChomikBox.exe ( )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chomikuj.pl\Odinstaluj ChomikBox.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Uninstall Tool.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\Uninstall Tool\R1\UninstallTool.exe (Autodesk, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Worksharing Monitor for Autodesk Revit 2017.lnk -> C:\Program Files\Autodesk\Worksharing Monitor for Revit 2017\WorksharingMonitor.exe (Autodesk, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Dynamo\Dynamo 0.9.1.lnk -> C:\Program Files\Dynamo 0.9\DynamoSandbox.exe (Autodesk, Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Content Service\Content Service - Configuration Console.lnk -> C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.Admin.exe (Autodesk, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Robot Structural Analysis Professional 2015\Autodesk Robot Structural Analysis Professional 2015.lnk -> E:\Robot\Autodesk Robot Structural Analysis Professional 2015\System\Exe\robot.EXE (Autodesk, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Robot Structural Analysis Professional 2015\Narzędzia\Importuj dane zdefiniowane przez użytkownika przy pomocy poprzedniej wersji.lnk -> C:\Program Files\Common Files\Autodesk Shared\Structural\COM\2015\DBAccess\DbUpdate.exe (Autodesk, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Robot Structural Analysis Professional 2015\Narzędzia\Usuń przygotowane rezultaty.lnk -> E:\Robot\Autodesk Robot Structural Analysis Professional 2015\System\Exe\Autodesk.Common.ABufferClean.exe (Autodesk, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Robot Structural Analysis Professional 2015\Inne programy\Menedżer Obliczeń.lnk -> E:\Robot\Autodesk Robot Structural Analysis Professional 2015\System\Exe\ACalcRMngr.exe (Autodesk, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Robot Structural Analysis Professional 2015\Inne programy\Robot Extensions - Spreadsheet Calculator 2015.lnk -> E:\Robot\Autodesk Robot Structural Analysis Professional 2015\RESC\Esop.exe (Autodesk, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk ReCap\Autodesk ReCap.lnk -> C:\Program Files\Autodesk\Autodesk ReCap\recap.exe (Autodesk)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\InstantBoot\InstantBoot.lnk -> C:\Program Files (x86)\ASRock Utility\InstantBoot\InstantBoot.exe (ASRock)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\InstantBoot\Uninstall InstantBoot.lnk -> C:\Program Files (x86)\ASRock Utility\InstantBoot\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\ASRock eXtreme Tuner\ASRock eXtreme Tuner.lnk -> C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\ASRock eXtreme Tuner\Uninstall ASRock eXtreme Tuner.lnk -> C:\Program Files (x86)\ASRock Utility\AXTU\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\AsrAppCharger\App Charger Feature Description.lnk -> C:\Program Files\ASRock Utility\AsrAppCharger\ASRock APP Charger.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\AsrAppCharger\App Charger Website.lnk -> C:\Program Files\ASRock Utility\AsrAppCharger\ASRock  App Charger.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\AsrAppCharger\Uninstall ASRock App Charger.lnk -> C:\Program Files\ASRock Utility\AsrAppCharger\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\Links\Autodesk 360.lnk -> System Folder
Shortcut: C:\Users\Piotr\Links\Desktop.lnk -> C:\Users\Piotr\Desktop ()
Shortcut: C:\Users\Piotr\Links\Downloads.lnk -> C:\Users\Piotr\Downloads ()
Shortcut: C:\Users\Piotr\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Piotr\Downloads\#shfolderdlg#\Kurs Całki Wielokrotne eTrapez.lnk -> E:\eTrapez\Całki wielokrotnie złożone\uninstall.exe (eTrapez Krystian Karczyński)
Shortcut: C:\Users\Piotr\Downloads\#shfolderdlg#\Kurs Szeregi eTrapez.lnk -> E:\eTrapez\Szeregi\uninstall.exe (eTrapez Krystian Karczyński)
Shortcut: C:\Users\Piotr\Desktop\AdiIRC.lnk -> E:\AdiIRC\AdiIRC.exe (AdiIRC.com)
Shortcut: C:\Users\Piotr\Desktop\NapiProjekt.lnk -> E:\NapiProjekt\napisy.exe ()
Shortcut: C:\Users\Piotr\Desktop\Norton Installation Files.lnk -> C:\Users\Public\Downloads\Norton\{NSBU227100-TTW-FSD00002} ()
Shortcut: C:\Users\Piotr\Desktop\oCam.lnk -> C:\Program Files (x86)\oCam\oCam.exe (oh!soft ( Partner: MediaWave ))
Shortcut: C:\Users\Piotr\Desktop\TaxMachine 2.lnk -> E:\Firma\TaxMachine\tmxp.exe ()
Shortcut: C:\Users\Piotr\Desktop\TaxMachine.lnk -> E:\Firma\TaxMachine\tmxp.exe ()
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soldis\Soldis PROJEKTANT 2016.lnk -> E:\Soldis\soldis.exe ()
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soldis\Uninstall Soldis PROJEKTANT 2016.lnk -> E:\Soldis\uninstall.exe ()
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> E:\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk -> E:\Revo Uninstaller\uninst.exe (VS Revo Group Ltd.)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk -> E:\Revo Uninstaller\Revo Uninstaller.url ()
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton\Norton Installation Files.lnk -> C:\Users\Public\Downloads\Norton\{NSBU227100-TTW-FSD00002} ()
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton\Pliki instalacyjne Norton.lnk -> C:\Users\Public\Downloads\Norton\{N360P216032-SHPD-FSD40014} ()
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AdiIRC.lnk -> E:\AdiIRC\AdiIRC.exe (AdiIRC.com)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ChomikBox.lnk -> C:\Program Files (x86)\ChomikBox\ChomikBox.exe ( )
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PTC Mathcad Prime 3.1.lnk -> E:\Mathcad Prime 3.1\MathcadPrime.exe (PTC)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PTC Mathcad Prime 4.0.lnk -> E:\Prime 4.0\Mathcad Prime 4.0\MathcadPrime.exe (PTC)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Excel 2013.lnk -> C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\MPC-HC x64.lnk -> C:\Program Files\MPC-HC\mpc-hc64.exe (MPC-HC Team)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Soldis PROJEKTANT 2016.lnk -> E:\Soldis\soldis.exe ()
Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Piotr\AppData\Roaming\Autodesk\Autodesk Robot Structural Analysis Professional 2015\CfgUsr\defcfg.lnk -> E:\Robot\Autodesk Robot Structural Analysis Professional 2015\System\Cfg ()
Shortcut: C:\Users\Public\Desktop\Acrobat.com.lnk -> C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe ()
Shortcut: C:\Users\Public\Desktop\Adobe Reader 9.lnk -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\AIMP3.lnk -> E:\AIMP3\AIMP3.exe (AIMP DevTeam)
Shortcut: C:\Users\Public\Desktop\Aplikacja na pulpit firmy Autodesk.lnk -> C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe (Autodesk, Inc.)
Shortcut: C:\Users\Public\Desktop\ASRock eXtreme Tuner.lnk -> C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe ()
Shortcut: C:\Users\Public\Desktop\ASRock InstantBoot.lnk -> C:\Program Files (x86)\ASRock Utility\InstantBoot\InstantBoot.exe (ASRock)
Shortcut: C:\Users\Public\Desktop\Audacity.lnk -> E:\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\Users\Public\Desktop\Autodesk Robot Structural Analysis Professional 2015.lnk -> E:\Robot\Autodesk Robot Structural Analysis Professional 2015\System\Exe\robot.EXE (Autodesk, Inc.)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\ChomikBox.lnk -> C:\Program Files (x86)\ChomikBox\ChomikBox.exe ( )
Shortcut: C:\Users\Public\Desktop\DAEMON Tools Lite.lnk -> C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
Shortcut: C:\Users\Public\Desktop\Dynamo 0.9.1.lnk -> C:\Program Files\Dynamo 0.9\DynamoSandbox.exe (Autodesk, Inc)
Shortcut: C:\Users\Public\Desktop\e-Deklaracje.lnk -> E:\Firma\edeklaracje\e-Deklaracje\e-Deklaracje.exe ()
Shortcut: C:\Users\Public\Desktop\EPUB File Reader.lnk -> E:\EPUB File Reader\epubfilereader.exe ()
Shortcut: C:\Users\Public\Desktop\FIFA 17.lnk -> E:\Program Files (x86)\Origin Games\FIFA 17\FIFA17.exe (Electronic Arts)
Shortcut: C:\Users\Public\Desktop\Grand Theft Auto V.lnk -> E:\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games)
Shortcut: C:\Users\Public\Desktop\i-Menu.lnk -> C:\Program Files (x86)\i-Menu\i-Menu.exe (AOC Monitors.)
Shortcut: C:\Users\Public\Desktop\Kurs Całki Wielokrotne eTrapez.lnk -> E:\eTrapez\Całki wielokrotnie złożone\VideoPlayer.exe ()
Shortcut: C:\Users\Public\Desktop\Kurs Szeregi eTrapez.lnk -> E:\eTrapez\Szeregi\VideoPlayer.exe ()
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Origin.lnk -> E:\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\Public\Desktop\Pazera Free Audio Extractor (32-bit).lnk -> E:\Audio_Extractor_32\AudioExtractor.exe (Brak pliku)
Shortcut: C:\Users\Public\Desktop\PDF Architect 3.lnk -> C:\Program Files (x86)\PDF Architect 3\architect.exe (pdfforge GmbH)
Shortcut: C:\Users\Public\Desktop\PDF Architect 4.lnk -> C:\Program Files\PDF Architect 4\architect.exe (pdfforge GmbH)
Shortcut: C:\Users\Public\Desktop\Przeglądarka Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\Public\Desktop\PTC Mathcad Prime 4.0.lnk -> E:\Prime 4.0\Mathcad Prime 4.0\MathcadPrime.exe (PTC)
Shortcut: C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk -> E:\Revo Uninstaller Pro\RevoUninPro.exe (VS Revo Group)
Shortcut: C:\Users\Public\Desktop\Screen+.lnk -> C:\Program Files\Screen+\ScreenLM64.exe (AOC Corps)
Shortcut: C:\Users\Public\Desktop\WinSCP.lnk -> E:\WinSCP\WinSCP.exe (Martin Prikryl)
Shortcut: C:\Users\Public\Desktop\Worksharing Monitor for Autodesk Revit 2017.lnk -> C:\Program Files\Autodesk\Worksharing Monitor for Revit 2017\WorksharingMonitor.exe (Autodesk, Inc.)
Shortcut: C:\Users\Public\Desktop\XFast USB.LNK -> C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
Shortcut: C:\Users\Public\Desktop\µTorrent.lnk -> C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto V\GTA Online.lnk -> E:\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games) -> -StraightIntoFreemode
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 4\Uninstall or Modify PDF Architect 4.lnk -> C:\ProgramData\PDF Architect 4\Installation\PDFArchitect4Installer.exe (© pdfforge GmbH.) -> /uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 3\Uninstall or Modify PDF Architect 3.lnk -> C:\ProgramData\PDF Architect 3\Installation\PDFArchitect3Installer.exe (© pdfforge GmbH.) -> /uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security\ESET Ochrona bankowości internetowej.lnk -> C:\Program Files\ESET\ESET Security\ecmd.exe (ESET) -> /startprotectedbrowser
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security\Odinstaluj.lnk -> C:\Program Files\ESET\ESET Security\callmsi.exe (ESET) -> /i {F6EFF0FC-2E8F-4BA6-93BC-DEFD0AD5D8C6}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk 360.lnk -> C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) -> /browseLocal
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Revit 2017\Revit 2017.lnk -> C:\Program Files\Autodesk\Revit 2017\Revit.exe (Autodesk, Inc.) -> /language PLK
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Revit 2017\Revit Viewer 2017.lnk -> C:\Program Files\Autodesk\Revit 2017\Revit.exe (Autodesk, Inc.) -> /viewer /language PLK
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Revit 2016\License Transfer Utility - Revit 2016.lnk -> C:\Program Files\Common Files\Autodesk Shared\AdLM\R11\LTU.exe (Autodesk, Inc.) -> 829H1 2016.0.0.F -d SA -l en-US
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Revit 2016\Revit 2016.lnk -> C:\Program Files\Autodesk\Revit 2016\Revit.exe (Autodesk, Inc.) -> /language ENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Revit 2016\Revit Viewer 2016.lnk -> C:\Program Files\Autodesk\Revit 2016\Revit.exe (Autodesk, Inc.) -> /viewer /language ENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Revit 2015 - Polski (Polish)\Narzędzie transferu licencji - Revit 2015.lnk -> C:\Program Files\Common Files\Autodesk Shared\AdLM\R9\LTU.exe (Autodesk, Inc.) -> 829G1 2015.0.0.F -d SA -l pl-PL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Revit 2015 - Polski (Polish)\Revit 2015 - Polski (Polish).lnk -> E:\Revit\Revit 2015\Revit.exe (Autodesk, Inc.) -> /language PLK
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Revit 2015 - Polski (Polish)\Revit Viewer 2015 - Polski (Polish).lnk -> E:\Revit\Revit 2015\Revit.exe (Autodesk, Inc.) -> /viewer /language PLK
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Revit 2015\Revit 2015 - English.lnk -> E:\Revit\Revit 2015\Revit.exe (Autodesk, Inc.) -> /language ENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Revit 2015\Revit Viewer 2015 - English.lnk -> E:\Revit\Revit 2015\Revit.exe (Autodesk, Inc.) -> /viewer /language ENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Robot Structural Analysis Professional 2015\Narzędzie transferu licencji - RSAPRO 2015.lnk -> C:\Program Files\Common Files\Autodesk Shared\AdLM\R9\LTU.exe (Autodesk, Inc.) -> 547G1 2015.0.0.F -d SA -l pl-PL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Robot Structural Analysis Professional 2015\Narzędzia\Autodesk Robot Structural Analysis Professional - rejestracja komponentów.lnk -> E:\Robot\Autodesk Robot Structural Analysis Professional 2015\System\Exe\rsetup.exe (Autodesk, Inc.) -> /ReRegServer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Robot Structural Analysis Professional 2015\Narzędzia\Silnik obliczeniowy - rejestracja komponentu.lnk -> C:\Program Files\Common Files\Autodesk Shared\Autodesk Robot Structural Analysis Engine 2015\System\Exe\rkernel.EXE (Autodesk, Inc.) -> /RegServer /Full
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Pomoc.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Piotr\Desktop\Revit 2017 ENG.lnk -> C:\Program Files\Autodesk\Revit 2017\Revit.exe (Autodesk, Inc.) -> /language ENU
ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk -> E:\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) -> -hunter
ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\SendTo\WinSCP (for upload).lnk -> E:\WinSCP\WinSCP.exe (Martin Prikryl) -> /upload
ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Revit 2017 ENG.lnk -> C:\Program Files\Autodesk\Revit 2017\Revit.exe (Autodesk, Inc.) -> /language ENU
ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Revit 2015 - English.lnk -> E:\Revit\Revit 2015\Revit.exe (Autodesk, Inc.) -> /language ENU
ShortcutWithArgument: C:\Users\Public\Desktop\ESET Ochrona bankowości internetowej.lnk -> C:\Program Files\ESET\ESET Security\ecmd.exe (ESET) -> /startprotectedbrowser
ShortcutWithArgument: C:\Users\Public\Desktop\Revit 2015 - English.lnk -> E:\Revit\Revit 2015\Revit.exe (Autodesk, Inc.) -> /language ENU
ShortcutWithArgument: C:\Users\Public\Desktop\Revit 2015 - Polski (Polish).lnk -> E:\Revit\Revit 2015\Revit.exe (Autodesk, Inc.) -> /language PLK
ShortcutWithArgument: C:\Users\Public\Desktop\Revit 2016.lnk -> C:\Program Files\Autodesk\Revit 2016\Revit.exe (Autodesk, Inc.) -> /language ENU
ShortcutWithArgument: C:\Users\Public\Desktop\Revit 2017.lnk -> C:\Program Files\Autodesk\Revit 2017\Revit.exe (Autodesk, Inc.) -> /language PLK


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Strona WWW programu Revo Uninstaller Pro.url -> URL: hxxp://www.revouninstallerpro.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pazera Free Audio Extractor (32-bit)\Strona WWW programu Pazera Free Audio Extractor (32-bit).url -> URL: hxxp://www.pazera-software.com/products/audio-extractor/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\Strona WWW programu MPC-HC.url -> URL: hxxp://mpc-hc.org/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url -> URL: hxxp://docs.oracle.com/javase/8/docs
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\Piotr\Favorites\Windows Live\Galeria gadżetów Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkID=70742
InternetURL: C:\Users\Piotr\Favorites\Windows Live\Poczta usługi Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\Piotr\Favorites\Windows Live\Programy usługi Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\Piotr\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\Piotr\Favorites\MSN — witryny sieci Web\MSN Gospodarka.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Piotr\Favorites\MSN — witryny sieci Web\MSN Rozrywka.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Piotr\Favorites\MSN — witryny sieci Web\MSN Sport.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Piotr\Favorites\MSN — witryny sieci Web\MSN Technologie.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Piotr\Favorites\MSN — witryny sieci Web\MSN Wideo.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Piotr\Favorites\MSN — witryny sieci Web\Portal MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Piotr\Favorites\Microsoft — witryny sieci Web\Centrum bezpieczeństwa Microsoft.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkID=72887
InternetURL: C:\Users\Piotr\Favorites\Microsoft — witryny sieci Web\Dodatki programu Internet Explorer.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Piotr\Favorites\Microsoft — witryny sieci Web\Microsoft Office Online.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72885
InternetURL: C:\Users\Piotr\Favorites\Microsoft — witryny sieci Web\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Piotr\Favorites\Microsoft — witryny sieci Web\Microsoft Technet.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72886
InternetURL: C:\Users\Piotr\Favorites\Microsoft — witryny sieci Web\Microsoft w Polsce.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\Piotr\Favorites\Microsoft — witryny sieci Web\Oryginalne oprogramowanie firmy Microsoft.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72900
InternetURL: C:\Users\Piotr\Favorites\Microsoft — witryny sieci Web\Strona główna programu Internet Explorer.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Piotr\Favorites\Microsoft — witryny sieci Web\Strona główna systemu Windows.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\Piotr\Favorites\Microsoft — witryny sieci Web\Technologia RSS.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72889
InternetURL: C:\Users\Piotr\Favorites\Microsoft — witryny sieci Web\W domu.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\Piotr\Favorites\Microsoft — witryny sieci Web\W pracy.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72407
InternetURL: C:\Users\Piotr\Favorites\Links for Polska\Bezpieczeństwo w trybie online.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=142211
InternetURL: C:\Users\Piotr\Favorites\Links for Polska\Bezpieczny Internet.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129626
InternetURL: C:\Users\Piotr\Favorites\Links for Polska\Kultura.pl.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129625
InternetURL: C:\Users\Piotr\Favorites\Links for Polska\Pogodynka.pl — oficjalny serwis pogodowy IMGW.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129624
InternetURL: C:\Users\Piotr\Favorites\Links for Polska\Polska.pl.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129622

==================== Koniec  Shortcut.txt =============================
 


Edited by piotrek123, 12 November 2017 - 09:58 AM.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,194 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:57 PM

Posted 13 November 2017 - 08:45 PM

Greetings piotrek123 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like to get the FRST reports in English so that it is easier for me to review. Please right click on the FRST64 icon, select Rename, and rename it to FRST64english. Run a scan then be copy and paste both documents in your reply using multiple posts if necessary.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,194 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:57 PM

Posted 17 November 2017 - 10:11 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 piotrek123

piotrek123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 18 November 2017 - 06:54 PM

Hello,

I'm terrible sorry for the delay with answer, thanks for posting.

 

Here is FRST file

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2017
Ran by Piotr (administrator) on KOMPUTER (19-11-2017 00:12:01)
Running from C:\Users\Piotr\Downloads\FRST64english
Loaded Profiles: Piotr (Available Profiles: Piotr)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Adobe Systems Inc.) E:\Mathcad PDSi\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Macrovision Europe Ltd.) C:\Users\Piotr\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(Creative Labs) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Piotr\Downloads\FRST64english\FRST64english.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2017-01-17] (Autodesk, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [323328 2017-11-10] (ESET)
HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2015-01-19] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CTSyncService] => C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-03-10] (Autodesk, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKU\S-1-5-21-136798832-305523967-369107754-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [1277016 2017-04-15] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254
Tcpip\..\Interfaces\{9AE69636-73F8-4B6D-8E2D-DBAA31D83575}: [DhcpNameServer] 37.8.214.2 31.11.202.254

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-136798832-305523967-369107754-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-136798832-305523967-369107754-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.pl/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-136798832-305523967-369107754-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-20] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\u1uf3m1r.default-1421960799249 [2017-11-19]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-05-06] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: (PDF Architect 3 Creator) - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-06-17] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-10-02] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-10-02] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-20] (Oracle Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-01-19] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-01-19] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1932336 2017-11-10] (ESET)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2123104 2017-10-21] (Electronic Arts)
S2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [3002720 2017-10-21] (Electronic Arts)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2015-01-19] (Creative Labs) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [133856 2017-10-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107336 2017-09-25] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2017-10-05] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50744 2017-09-25] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [81888 2017-09-25] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61040 2017-09-25] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [106312 2017-09-25] (ESET)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2015-01-20] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2015-01-19] (FNet Co., Ltd.)
S2 Kmm4xNT; C:\Windows\SysWow64\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk) [File not signed]
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2016-12-05] (Nicomsoft Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-19 00:10 - 2017-11-19 00:12 - 000000000 ____D C:\Users\Piotr\Downloads\FRST64english
2017-11-12 15:08 - 2017-11-12 15:12 - 000000000 ____D C:\Users\Piotr\Downloads\1
2017-11-12 15:07 - 2017-11-12 15:07 - 000000000 ____D C:\Users\Piotr\Downloads\frst
2017-11-11 11:19 - 2017-11-11 11:21 - 000000000 ____D C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP
2017-11-11 11:19 - 2017-11-11 11:19 - 000000000 ____D C:\Program Files (x86)\Enigma Software Group
2017-11-11 11:06 - 2017-11-12 11:02 - 000068187 _____ C:\Users\Piotr\Downloads\Shortcut.txt
2017-11-11 11:03 - 2017-11-12 11:02 - 000053587 _____ C:\Users\Piotr\Downloads\Addition.txt
2017-11-11 11:02 - 2017-11-12 11:02 - 000023917 _____ C:\Users\Piotr\Downloads\FRST1.txt
2017-11-11 10:52 - 2017-11-11 10:52 - 000002529 _____ C:\Users\Piotr\Desktop\JRT.txt
2017-11-10 21:57 - 2017-11-10 22:00 - 000002158 _____ C:\Users\Piotr\Desktop\Rkill.txt
2017-11-10 21:49 - 2017-11-10 21:51 - 000000000 ____D C:\AdwCleaner
2017-11-10 21:43 - 2017-11-10 21:43 - 000019266 _____ C:\ComboFix.txt
2017-11-10 21:17 - 2017-11-10 21:17 - 002403328 _____ (Farbar) C:\Users\Piotr\Downloads\FRST64.exe
2017-11-10 21:15 - 2017-11-10 21:15 - 001790024 _____ (Malwarebytes) C:\Users\Piotr\Downloads\JRT.exe
2017-11-10 21:14 - 2017-11-10 21:15 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Piotr\Downloads\rkill.exe
2017-11-10 21:14 - 2017-11-10 21:14 - 008261584 _____ (Malwarebytes) C:\Users\Piotr\Downloads\AdwCleaner.exe
2017-11-09 22:30 - 2017-11-09 22:30 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\Piotr\Downloads\SpyHunter-Installer.exe
2017-11-06 20:54 - 2017-11-06 20:54 - 000001943 _____ C:\Users\Public\Desktop\ESET Ochrona bankowości internetowej.lnk
2017-11-06 20:53 - 2017-11-06 20:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-11-06 20:53 - 2017-11-06 20:53 - 000000000 ____D C:\ProgramData\ESET
2017-11-06 20:53 - 2017-11-06 20:53 - 000000000 ____D C:\Program Files\ESET
2017-11-06 20:37 - 2017-11-06 20:45 - 184480376 _____ (ESET) C:\Users\Piotr\Downloads\essp_nt64.exe
2017-10-29 09:51 - 2017-10-29 09:51 - 000118617 _____ C:\Users\Piotr\Downloads\fwdrenumerki.zip
2017-10-29 09:21 - 2017-10-29 09:21 - 000000000 ____D C:\Users\Piotr\Downloads\mm
2017-10-29 08:18 - 2017-10-29 08:18 - 000000725 _____ C:\Users\Public\Desktop\PTC Mathcad Prime 4.0.lnk
2017-10-29 08:18 - 2017-10-29 08:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC Mathcad
2017-10-29 08:18 - 2017-10-29 08:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC
2017-10-29 07:42 - 2015-09-11 14:49 - 000001574 _____ C:\Users\Piotr\Documents\pim_installmgr.log.bak
2017-10-29 07:41 - 2017-10-29 07:42 - 000000000 ____D C:\Users\Piotr\Downloads\prime 4.0
2017-10-29 07:35 - 2017-10-29 07:41 - 1177027153 _____ C:\Users\Piotr\Downloads\MED-60893-CD-240_M010.zip
2017-10-27 21:29 - 2017-10-27 21:29 - 000018642 _____ C:\Users\Piotr\Downloads\printOnUnopenedFiles.dyn
2017-10-26 22:24 - 2017-10-26 22:24 - 000064108 _____ C:\Users\Piotr\Downloads\TR_DETAILS_20171026232440.pdf
2017-10-26 22:22 - 2017-10-26 22:22 - 000010849 _____ C:\Users\Piotr\Downloads\0321638-FV_1060234_2017_OPER_LODC.pdf
2017-10-26 22:16 - 2017-10-26 22:16 - 000063476 _____ C:\Users\Piotr\Downloads\TR_DETAILS_20171026231629.pdf
2017-10-26 22:16 - 2017-10-26 22:16 - 000063367 _____ C:\Users\Piotr\Downloads\TR_DETAILS_20171026231636.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-19 00:12 - 2017-03-22 20:56 - 000000000 ____D C:\FRST
2017-11-19 00:10 - 2016-11-23 17:18 - 000000000 ____D C:\Users\Piotr\AppData\LocalLow\Mozilla
2017-11-18 21:56 - 2009-07-14 05:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-18 21:56 - 2009-07-14 05:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-18 17:50 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-14 22:14 - 2015-01-24 17:58 - 000000000 ____D C:\Users\Piotr\AppData\Local\CrashDumps
2017-11-11 11:18 - 2015-01-22 20:40 - 000000000 ____D C:\Qoobox
2017-11-10 21:31 - 2009-07-14 03:34 - 000000215 _____ C:\Windows\system.ini
2017-11-09 21:12 - 2015-01-21 20:24 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-11-07 19:00 - 2016-05-11 17:06 - 000000000 ____D C:\ProgramData\RevitInterProcess
2017-11-07 18:30 - 2011-04-12 14:21 - 000740098 _____ C:\Windows\system32\perfh015.dat
2017-11-07 18:30 - 2011-04-12 14:21 - 000155672 _____ C:\Windows\system32\perfc015.dat
2017-11-07 18:30 - 2009-07-14 06:13 - 001669190 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-07 18:30 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-10-30 07:13 - 2017-08-13 17:09 - 000000000 ____D C:\Users\Piotr\Documents\FV
2017-10-30 07:13 - 2017-08-07 22:17 - 000000000 ____D C:\Users\Public\Documents\TaxMachine
2017-10-30 07:11 - 2017-08-27 20:27 - 000000632 _____ C:\Users\Piotr\Desktop\TaxMachine 2.lnk
2017-10-30 07:11 - 2017-08-07 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxMachine 2
2017-10-29 23:37 - 2009-07-14 05:45 - 000534952 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-29 09:56 - 2015-03-20 22:24 - 000000600 _____ C:\Users\Piotr\AppData\Roaming\winscp.rnd
2017-10-29 09:13 - 2015-01-19 22:58 - 000146376 _____ C:\Users\Piotr\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-29 08:18 - 2015-09-11 14:06 - 000000000 ____D C:\ProgramData\PTC
2017-10-29 08:06 - 2015-01-20 08:42 - 001640860 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-10-26 22:31 - 2016-04-21 20:40 - 000003888 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1461267634
2017-10-26 22:31 - 2015-01-31 00:46 - 000000000 ____D C:\Program Files (x86)\Opera
2017-10-22 15:53 - 2015-01-25 13:00 - 000000000 ____D C:\ProgramData\Origin
2017-10-22 15:33 - 2016-10-24 16:30 - 000000000 ____D C:\Users\Piotr\AppData\Roaming\Origin

==================== Files in the root of some directories =======

2015-03-20 22:24 - 2017-10-29 09:56 - 000000600 _____ () C:\Users\Piotr\AppData\Roaming\winscp.rnd
2017-05-21 17:46 - 2017-05-21 17:46 - 000007602 _____ () C:\Users\Piotr\AppData\Local\Resmon.ResmonCfg
2017-08-28 23:08 - 2017-08-28 23:08 - 000003250 _____ () C:\Users\Piotr\AppData\Local\unins000.dat
2017-08-28 23:08 - 2017-08-28 23:08 - 000011761 _____ () C:\Users\Piotr\AppData\Local\unins000.msg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-09 21:42

==================== End of FRST.txt ============================

 

 

 

Addition.txt

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2017
Ran by Piotr (19-11-2017 00:12:32)
Running from C:\Users\Piotr\Downloads\FRST64english
Windows 7 Home Premium Service Pack 1 (X64) (2015-01-19 21:17:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-136798832-305523967-369107754-500 - Administrator - Disabled)
Gość (S-1-5-21-136798832-305523967-369107754-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-136798832-305523967-369107754-1002 - Limited - Enabled)
Piotr (S-1-5-21-136798832-305523967-369107754-1000 - Administrator - Enabled) => C:\Users\Piotr

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security Premium (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security Premium (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Zapora (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
AdiIRC (HKLM-x32\...\AdiIRC) (Version: 2.6 - Per Amundsen)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1500, 31.08.2015 - AIMP DevTeam)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Aplikacja na pulpit firmy Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.5.154 - Autodesk)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.54 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.26 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.0.27.1100 - Autodesk)
Autodesk A360 Collaboration for Revit 2017 (HKLM\...\{AA384BE4-1704-0010-0000-97E7D7D00B17}) (Version: 17.0.1117.0 - Autodesk) Hidden
Autodesk A360 Collaboration for Revit 2017 (HKLM\...\Autodesk A360 Collaboration for Revit 2017) (Version: 17.0.1117.0 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk BIM 360 Revit 2015 Add-in 64 bit (HKLM\...\{37E1C3A1-7DBF-4250-9314-46167B68383D}) (Version: 3.32.3357 - Autodesk)
Autodesk BIM 360 Revit 2016 Add-in 64 bit (HKLM\...\{C5A83116-8654-47A3-A3B1-B76905C8A198}) (Version: 4.35.3969 - Autodesk)
Autodesk BIM 360 Revit 2017 Add-in 64 bit (HKLM\...\{A26EBAD5-9591-407F-9D6C-C7A4F3DFE506}) (Version: 4.37.6853 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2015 (HKLM-x32\...\{4FBC9635-AC56-4378-8FDE-C4D3ED072681}) (Version: 5.2.8.100 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2016 (HKLM-x32\...\{FA5DF4D1-CD59-4183-B3D4-779A56498786}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2017 (HKLM-x32\...\{360AC116-6CD4-4E7D-8174-28D47B05E898}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.8.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2017 (HKLM-x32\...\{CB6E007E-701D-42CD-AF0E-4BE9C36C7F7C}) (Version: 15.11.3.0 - Autodesk)
Autodesk ReCap (HKLM\...\{31ABA3F2-0000-1033-0102-111D43815377}) (Version: 1.3.1.39 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
Autodesk Revit 2015 - Polski (Polish) (HKLM\...\Autodesk Revit 2015 - Polski (Polish)) (Version: 15.0.207.0 - Autodesk)
Autodesk Revit 2015 Language Pack - English (HKLM\...\Autodesk Revit 2015 Language Pack - English) (Version: 15.0.136.0 - Autodesk)
Autodesk Revit 2016 (HKLM\...\Autodesk Revit 2016) (Version: 16.0.490.0 - Autodesk)
Autodesk Revit 2017 (HKLM\...\Autodesk Revit 2017) (Version: 17.0.1117.0 - Autodesk)
Autodesk Revit 2017 (HKLM\...\Revit 2017) (Version:  - )
Autodesk Revit 2017.2 (HKLM\...\Autodesk Revit 2017 SP5) (Version: 17.0.1117.0 - Autodesk)
Autodesk Revit 2017.2 Update (HKLM-x32\...\{847e32aa-e899-47d0-a06a-13cf9d58d370}) (Version: 17.0.1117.0 - Autodesk) Hidden
Autodesk Revit Content Libraries 2015 - Polski (Polish) (HKLM\...\Autodesk Revit Content Libraries 2015 - Polski (Polish)) (Version: 15.0.207.0 - Autodesk)
Autodesk Revit Content Libraries 2016 (HKLM\...\Autodesk Revit Content Libraries 2016) (Version: 16.0.490.0 - Autodesk)
Autodesk Revit Content Libraries 2017 - Polski (Polish) (HKLM\...\Autodesk Revit Content Libraries 2017 - Polski (Polish)) (Version: 17.0.416.0 - Autodesk)
Autodesk Revit Content Libraries 2017 - Polski (Polish) (HKLM\...\Revit Content Libraries 2017 - Polski (Polish)) (Version:  - )
Autodesk Revit DB Link 2017 (HKLM\...\{282CD6A9-1700-0010-0000-A6206F57D8FE}) (Version: 17.0.456.0 - Autodesk) Hidden
Autodesk Revit DB Link 2017 (HKLM\...\Autodesk Revit DB Link 2017) (Version: 17.0.456.0 - Autodesk)
Autodesk Revit Extension for Autodesk Fabrication (HKLM\...\{C3153D89-8E9E-4A1E-A0E8-FB913151A78D}) (Version: 3.05.980.0 - Autodesk) Hidden
Autodesk Revit Extension for Autodesk Fabrication (HKLM\...\Autodesk Revit Extension for Autodesk Fabrication) (Version: 3.05.980.0 - Autodesk)
Autodesk Revit MEP Imperial Content v2.0 (HKLM\...\{F2538944-3E07-4E97-B41A-FC48AB53EE9D}) (Version: 2.0 - Autodesk)
Autodesk Revit MEP Metric Content v2.0 (HKLM\...\{DEF775C7-84BF-4730-976A-FE3747F1757C}) (Version: 2.0 - Autodesk)
Autodesk Revit Model Review 2017 (HKLM\...\{715812E8-1700-0010-0000-BBB894911B46}) (Version: 17.0.456.0 - Autodesk) Hidden
Autodesk Revit Model Review 2017 (HKLM\...\Autodesk Revit Model Review 2017) (Version: 17.0.456.0 - Autodesk)
Autodesk Revit Site Designer Extension 2017 (HKLM\...\{48F4AD4C-1702-0010-0000-0A7B3B0A5D16}) (Version: 17.0.1057.0 - Autodesk) Hidden
Autodesk Revit Site Designer Extension 2017 (HKLM\...\Autodesk Revit Site Designer Extension 2017) (Version: 17.0.1057.0 - Autodesk)
Autodesk Robot Structural Analysis Professional 2015 - Polish regional settings (HKLM\...\{D720E343-2FAC-4AE8-838A-28D9CB224471}) (Version: 2015.0.0.5335 - Autodesk) Hidden
Autodesk Robot Structural Analysis Professional 2015 (HKLM\...\{3490656B-EAD3-467A-87BB-FE4C54F6C9E7}) (Version: 2015.0.0.5335 - Autodesk, Inc.) Hidden
Autodesk Robot Structural Analysis Professional 2015 (HKLM\...\Autodesk Robot Structural Analysis Professional 2015) (Version: 2015.0.0.5335 - Autodesk, Inc.)
Autodesk Steel Connections for Revit (HKLM\...\{D1D58D9D-1700-0000-0000-F357167BE193}) (Version: 17.0.451.0 - Autodesk) Hidden
Autodesk Steel Connections for Revit (HKLM\...\Autodesk Steel Connections for Revit) (Version: 17.0.451.0 - Autodesk)
Autodesk Workflows 2015 (HKLM\...\{A90DD6F8-60D2-4803-AFF6-796400E73E1B}) (Version: 5.2.14.100 - Autodesk, Inc.)
Autodesk Workflows 2016 (HKLM\...\{535CDED0-D690-4738-83EE-09056A365BAC}) (Version: 6.3.0.18 - Autodesk, Inc.)
Autodesk Workflows 2017 (HKLM\...\{23A13F78-5B67-441A-ABF9-48BE8B5455DB}) (Version: 15.11.13.0 - Autodesk, Inc.)
Batch Print for Autodesk Revit 2017 (HKLM\...\{82AF00E4-1700-0010-0000-FCE0F87063F9}) (Version: 17.0.456.0 - Autodesk) Hidden
Batch Print for Autodesk Revit 2017 (HKLM\...\Batch Print for Autodesk Revit 2017) (Version: 17.0.456.0 - Autodesk)
Belka v.3.0.27.640 FREE (HKLM-x32\...\Belka FREE_is1) (Version:  - SPECBUD)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Civil Structures for Autodesk Revit 2017 (HKLM\...\{8EFD2115-0569-4291-9536-89A840B1825D}) (Version: 17.0.0.3 - Autodesk)
Dynamo 0.9.1 (HKLM\...\{85626FB3-CAF9-49C1-AA28-E3C75164BD6F}) (Version: 0.9.1.4062 - Autodesk)
Dynamo Core 1.3.1 (HKLM\...\{19F6B758-E5CF-4E91-BBA2-11DFABD5EF4A}) (Version: 1.3.1.1736 - Dynamo)
Dynamo Revit 1.3.1 (HKLM\...\{39E0B8C6-FEFB-4A13-A55B-CFE2C625122D}) (Version: 1.3.1.1736 - Dynamo)
e-Deklaracje Desktop (HKLM-x32\...\{145486BA-033C-7D81-9949-E4BF0C2AD165}) (Version: 9.0.5 - Ministerstwo Finansow) Hidden
e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 9.0.5 - Ministerstwo Finansow)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
ESET Security (HKLM\...\{F6EFF0FC-2E8F-4BA6-93BC-DEFD0AD5D8C6}) (Version: 11.0.144.0 - ESET, spol. s r.o.)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FIFA 17 (HKLM-x32\...\{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}) (Version: 1.0.48.30259 - Electronic Arts)
FormIt 360 Converter For Revit 2017 (HKLM\...\{637211B6-D2E9-474A-BF06-4F61F1254104}) (Version: 1.9.0.0 - Autodesk)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
i-Menu version 4.3.6 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.3.6 - AOC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
IronPython 2.7.3 (HKLM-x32\...\{1EBADAEA-1A0F-40E3-848C-0DD8C5E5A10D}) (Version: 2.7.31000.0 - IronPython Team)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java SE Development Kit 8 Update 141 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180141}) (Version: 8.0.1410.15 - Oracle Corporation)
Kurs Całki Wielokrotne eTrapez (HKLM-x32\...\Kurs Całki Wielokrotne eTrapez) (Version: 2013 - eTrapez Krystian Karczyński)
Kurs Szeregi eTrapez (HKLM-x32\...\Kurs Szeregi eTrapez) (Version: 2013 - eTrapez Krystian Karczyński)
Microsoft .NET Framework 4.6 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 pl) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 pl)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
oCam wersja 344.0 (HKLM-x32\...\oCam_is1) (Version: 344.0 - hxxp://ohsoft.net/)
Opera Stable 48.0.2685.52 (HKLM-x32\...\Opera 48.0.2685.52) (Version: 48.0.2685.52 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.4.63358 - Electronic Arts, Inc.)
Pazera Free Audio Extractor (32-bit) 2.4 (HKLM-x32\...\{6899C238-3E4A-4A04-B251-A0C9EDC7EDBC}_is1) (Version: 2.4 - Jacek Pazera)
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (HKLM-x32\...\{38BA288B-C4F4-4C62-9237-4BFAB374F966}) (Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (HKLM-x32\...\{5183F03D-90FA-493B-A074-F0F78B8486AD}) (Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (HKLM-x32\...\{EB24E9E7-4BC1-4FD7-BF86-BDE07A7A03D7}) (Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{D646643B-56BD-43B2-9932-9C03D7E90FED}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{792B82BA-6895-4719-B603-E198AEE90D68}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{FF4FA406-055A-479E-B025-1AAA7FFAA39F}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.317.1 - Tracker Software Products Ltd)
Personal Accelerator for Revit (HKLM\...\{7C317DB0-F399-4024-A289-92CF4B6FB256}) (Version: 16.0.1205.0 - Autodesk) Hidden
Personal Accelerator for Revit (HKLM\...\Personal Accelerator for Revit) (Version: 16.0.1205.0 - Autodesk)
PTC Diagnostic Tools (HKLM\...\{D5DF50CC-3FFB-4155-96A0-B3530CB3301B}) (Version: 4.0.0.0 - PTC)
PTC Mathcad Prime 3.1 (HKLM\...\{3A4F83E8-C604-4970-8A1F-8963B3507630}) (Version: 3.1.0 - PTC)
PTC Mathcad Prime 4.0 (HKLM\...\{F7F13E1C-A30A-406D-9890-FBD24D507867}) (Version: 4.0.1 - PTC)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Revit 2015 - Polski (Polish) (HKLM\...\{7346B4A0-1500-0510-0000-705C0D862004}) (Version: 15.0.207.0 - Autodesk) Hidden
Revit 2015 Language Pack - English (HKLM\...\{7346B4A0-1500-0511-0409-705C0D862004}) (Version: 15.0.136.0 - Autodesk) Hidden
Revit 2015 Pakiet językowy - Polski (Polish) (HKLM\...\{7346B4A0-1500-0511-0415-705C0D862004}) (Version: 15.0.207.0 - Autodesk) Hidden
Revit 2016 (HKLM\...\{7346B4A0-1600-0510-0000-705C0D862004}) (Version: 16.0.490.0 - Autodesk) Hidden
Revit 2017 (HKLM\...\{7346B4A0-1700-0510-0000-705C0D862004}) (Version: 17.0.1117.0 - Autodesk) Hidden
Revit Content Libraries 2015 - Polski (Polish) (HKLM\...\{941030D0-1500-0410-0000-818BB38A95FC}) (Version: 15.0.207.0 - Autodesk) Hidden
Revit Content Libraries 2016 (HKLM\...\{941030D0-1600-0410-0000-818BB38A95FC}) (Version: 16.0.490.0 - Autodesk) Hidden
Revit Content Libraries 2017 - Polski (Polish) (HKLM\...\{941030D0-1700-0410-0000-818BB38A95FC}) (Version: 17.0.416.0 - Autodesk) Hidden
Revit Extensions for Autodesk Revit 2017 (HKLM\...\{8B2BC096-5AC1-4071-AE6E-A16B81B73996}) (Version: 1.0.0.0 - Autodesk)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
Roombook Areabook Buildingbook for Revit 2017 V1 (HKLM\...\{B6913E65-3BC2-4907-8C1D-712598A69E72}) (Version: 7.00.2513 - Autodesk, Inc.)
Screen+ version Screen+ 1.4.2 (HKLM\...\Screen+_is1) (Version: Screen+ 1.4.2 - AOC)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Soldis PROJEKTANT 2016 (HKLM-x32\...\E94B1101-7675-4E37-9CB2-2E38A872154A) (Version: 8.6 - SOLDIS)
Sound Blaster X-Fi MB (HKLM-x32\...\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}) (Version: 1.0 - Creative Technology Limited)
TaxMachine 2 (HKLM-x32\...\TaxMachine_is1) (Version: 2.8 - NEONET CONSULTING S.C.)
USB Vibration Joystick (BM) (HKLM-x32\...\{61A994FF-D39B-4937-9DB9-87EC4FF1BB88}) (Version: 1.00.0000 - ShanWan)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
WinSCP 5.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7 - Martin Prikryl)
Worksharing Monitor for Autodesk Revit 2017 (HKLM\...\{5063E738-1700-0010-0000-7B7B9AB0B696}) (Version: 17.0.476.0 - Autodesk) Hidden
Worksharing Monitor for Autodesk Revit 2017 (HKLM\...\Worksharing Monitor for Autodesk Revit 2017) (Version: 17.0.476.0 - Autodesk)
Wtyczka e-Deklaracje (HKLM-x32\...\{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1) (Version: 4.3.0 - Ministerstwo Finansów)
XFastUsb (HKLM-x32\...\XFastUsb) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => E:\Mathcad PDSi\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-10-06] (Adobe Systems Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-10] (ESET)
ContextMenuHandlers1-x32: [PDFArchitect3_PDFManagerExt] -> {7519DD38-AA6F-4250-8E81-F1576DA1A05E} => C:\Program Files (x86)\PDF Architect 3\creator-context-menu.dll [2015-04-24] (pdfforge GmbH)
ContextMenuHandlers1-x32: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-01-15] (pdfforge GmbH)
ContextMenuHandlers1-x32: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-10] (ESET)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-09-15] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => E:\Mathcad PDSi\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-10-06] (Adobe Systems Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-10] (ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => E:\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03601735-0D40-48C5-964F-F632929869D8} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {03601735-0D40-48C5-964F-F632929869D8} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {641AADB6-B843-47AB-BCEA-4B8627E39DB5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [2017-04-15] (Adobe Systems Incorporated)
Task: {78149B87-302A-492C-98C8-53DA5D3A0EE4} - System32\Tasks\Opera scheduled Autoupdate 1461267634 => C:\Program Files (x86)\Opera\launcher.exe [2017-10-24] (Opera Software)
Task: {9D427E03-D2C3-4C1E-8E27-DF96249F513D} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {9D427E03-D2C3-4C1E-8E27-DF96249F513D} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {9D427E03-D2C3-4C1E-8E27-DF96249F513D} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {A95B3934-F0AC-4931-AEB2-8316EDCF800F} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {A95B3934-F0AC-4931-AEB2-8316EDCF800F} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {ECDDD548-D751-419F-BF66-7156211476B0} - System32\Tasks\{0F9A5E65-FFB4-4AC5-8177-D093B908AE5E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard\Engine\7.0.0.18\Gear\GEARDIFx.exe" -d C:\Users\Piotr\Downloads -c INSTALL "NBRTWizard" "{A4274214-B468-482e-B2AC-24FCD2365C4B}"
Task: {FBAA22B8-89EF-415C-AD93-883E2A9439E5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-04-21 12:44 - 2015-04-21 12:44 - 000059784 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qoauth_Ad_1.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 000922504 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qca_Ad_2.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 000232328 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qjson_Ad_0.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 000048520 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\QtSolutions_MFCMigrationFramework_Ad_2.dll
2016-05-11 16:52 - 2017-03-10 11:48 - 000061944 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2016-05-11 16:52 - 2017-03-10 11:48 - 000110584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2017-11-18 17:50 - 2017-11-18 17:50 - 000697884 _____ () C:\Users\Piotr\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0010\~df394b.tmp
2017-11-18 17:50 - 2017-11-18 17:50 - 000592896 _____ () C:\Users\Piotr\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0010\~de6248.tmp
2015-01-19 22:45 - 2009-02-06 18:52 - 000073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2015-01-19 22:45 - 2009-04-20 11:55 - 000148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-11-10 21:31 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-136798832-305523967-369107754-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 37.8.214.2 - 31.11.202.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7A2F0740-0339-406F-AA7C-05C0E34FE198}] => (Allow) LPort=50248
FirewallRules: [{7FBFDEE3-5EF2-4F6C-8816-FCB71BDE2594}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8FCDA4D-346C-4416-857B-E1B1DD5E412C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{761A13DD-7E05-42FC-8236-6DA3F66BB0B1}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{067B170B-646F-4F3D-ACF0-08365254A1E8}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7EB60220-30B8-4FB8-B31E-D8801EE631B5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{5CE3FD2B-D732-4389-A127-9530F87A1169}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{5F1902D3-92B4-4814-AE46-2EAC3B74DDA3}E:\rockstar games\grand theft auto v\gta5.exe] => (Allow) E:\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{2A1275CC-DD63-491B-903F-1118660E8ACF}E:\rockstar games\grand theft auto v\gta5.exe] => (Allow) E:\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{A17A4F73-CC18-4B04-96AA-07A849298194}] => (Allow) E:\NapiProjekt\napisy.exe
FirewallRules: [{EDB12B8C-DECE-4964-8E24-41DFAC095F1A}] => (Allow) E:\NapiProjekt\napisy.exe
FirewallRules: [TCP Query User{4D4D815E-126E-45FC-ACAC-2B35EADC3FB4}C:\users\piotr\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\piotr\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3CB88F16-B82D-4F1E-9371-77855C9CE09E}C:\users\piotr\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\piotr\appdata\local\akamai\netsession_win.exe
FirewallRules: [{52F2D5FA-AB85-4599-81B5-FD425CE1D5F9}] => (Block) C:\users\piotr\appdata\local\akamai\netsession_win.exe
FirewallRules: [{DFEDB12E-FF50-467B-9DEA-11C301EC4D73}] => (Block) C:\users\piotr\appdata\local\akamai\netsession_win.exe
FirewallRules: [{E8336CB6-DC6D-4D5D-9738-F1C30D68D007}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F529D1CC-51FE-4522-AB1F-7935F963754A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DFDB66F5-74FA-462B-9B75-5FDBDFA99A10}] => (Allow) LPort=1688
FirewallRules: [{E7183039-992B-4FA6-A6A6-05DC98A145A7}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{1CB83355-2933-414B-80A9-774DCAACA810}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{081F0D77-883D-4083-8D22-F04D36722C94}] => (Allow) C:\Program Files (x86)\Opera\48.0.2685.50\opera.exe
FirewallRules: [{19256581-BAE9-4898-B8EA-AF540D23BD46}] => (Allow) C:\Program Files (x86)\Opera\48.0.2685.52\opera.exe

==================== Restore Points =========================

04-11-2017 19:21:09 Zaplanowany punkt kontrolny
10-11-2017 21:19:01 ComboFix created restore point
11-11-2017 10:49:06 JRT Pre-Junkware Removal
11-11-2017 11:20:51 Removed SpyHunter
18-11-2017 22:55:23 Zaplanowany punkt kontrolny

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2017 12:11:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64english.exe w wersji 18.11.2017.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 1544

Godzina rozpoczęcia: 01d360c271100e3d

Godzina zakończenia: 0

Ścieżka aplikacji: C:\Users\Piotr\Downloads\FRST64english\FRST64english.exe

Identyfikator raportu:

Error: (11/18/2017 05:51:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/18/2017 09:52:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/17/2017 08:39:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2017 08:06:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/15/2017 10:02:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/15/2017 09:11:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/14/2017 10:12:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: CCC.exe, wersja: 4.5.0.0, sygnatura czasowa: 0x53ad0dcc
Nazwa modułu powodującego błąd: amdmantle64.dll_unloaded, wersja: 0.0.0.0, sygnatura czasowa: 0x5417637b
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x000007fed560dee0
Identyfikator procesu powodującego błąd: 0x110c
Godzina uruchomienia aplikacji powodującej błąd: 0x01d35d8d339ad0db
Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Ścieżka modułu powodującego błąd: amdmantle64.dll
Identyfikator raportu: 965c2fcc-c980-11e7-bc44-bc5ff40b7723

Error: (11/14/2017 10:12:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikacja: CCC.exe
Wersja architektury: v4.0.30319
Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
Informacje o wyjątku: kod wyjątku: c0000005, adres wyjątku: 000007FED560DEE0

Error: (11/14/2017 10:09:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (11/18/2017 05:50:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Origin Web Helper Service z powodu następującego błędu:
Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie.

Error: (11/18/2017 05:50:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Origin Web Helper Service.

Error: (11/18/2017 05:50:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Kmm4xNT z powodu następującego błędu:
Nastąpiło zablokowanie ładowania sterownika

Error: (11/18/2017 05:50:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Ładowanie sterownika \SystemRoot\SysWow64\Drivers\Kmm4xNT.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika.

Error: (11/18/2017 09:51:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Origin Web Helper Service z powodu następującego błędu:
Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie.

Error: (11/18/2017 09:51:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Origin Web Helper Service.

Error: (11/18/2017 09:51:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Kmm4xNT z powodu następującego błędu:
Nastąpiło zablokowanie ładowania sterownika

Error: (11/18/2017 09:51:17 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Ładowanie sterownika \SystemRoot\SysWow64\Drivers\Kmm4xNT.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika.

Error: (11/17/2017 08:39:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Origin Web Helper Service z powodu następującego błędu:
Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie.

Error: (11/17/2017 08:39:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Origin Web Helper Service.


CodeIntegrity:
===================================
  Date: 2017-11-10 21:27:33.578
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-10 21:27:33.562
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-08 23:20:43.940
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-08 23:20:43.909
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-08 23:20:43.894
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-08 23:20:43.878
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-22 20:44:53.549
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-22 20:44:53.518
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 27%
Total physical RAM: 8174.68 MB
Available physical RAM: 5912.73 MB
Total Virtual: 16347.57 MB
Available Virtual: 14259.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.87 GB) (Free:123.96 GB) NTFS
Drive d: (Nowy) (Fixed) (Total:345.57 GB) (Free:29.91 GB) NTFS
Drive e: () (Fixed) (Total:292.97 GB) (Free:42.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B15EB200)
Partition 1: (Not Active) - (Size=101 MB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=292.9 GB) - (Type=42)
Partition 4: (Not Active) - (Size=638.4 GB) - (Type=42)

==================== End of Addition.txt ============================

 

 

 

Thank you for your time.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,194 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:57 PM

Posted 20 November 2017 - 11:25 AM

Greetings,

My sincere apologies for the delay in responding. I was never notified of your reply.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-136798832-305523967-369107754-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys
2017-11-11 11:19 - 2017-11-11 11:21 - 000000000 ____D C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP
2017-11-18 17:50 - 2017-11-18 17:50 - 000697884 _____ () C:\Users\Piotr\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0010
File: C:\Windows\SysWow64\Drivers\Kmm4xNT.sys
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 piotrek123

piotrek123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 20 November 2017 - 02:25 PM

Thank you.

 

Here is Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-11-2017
Ran by Piotr (20-11-2017 20:04:19) Run:2
Running from C:\Users\Piotr\Downloads\FRST64english
Loaded Profiles: Piotr (Available Profiles: Piotr)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-136798832-305523967-369107754-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys
2017-11-11 11:19 - 2017-11-11 11:21 - 000000000 ____D C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP
2017-11-18 17:50 - 2017-11-18 17:50 - 000697884 _____ () C:\Users\Piotr\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0010
File: C:\Windows\SysWow64\Drivers\Kmm4xNT.sys
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-136798832-305523967-369107754-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\System\CurrentControlSet\Services\AppMgmt => key removed successfully
AppMgmt => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP => moved successfully
C:\Users\Piotr\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0010 => moved successfully

========================= File: C:\Windows\SysWow64\Drivers\Kmm4xNT.sys ========================

C:\Windows\SysWow64\Drivers\Kmm4xNT.sys
File not signed
MD5: DB8023811FDECAD413CF775EFF576357
Creation and modification date: 2015-06-24 17:57 - 2002-04-26 11:04
Size: 000095484
Attributes: ----A
Company Name: DATOM Dariusz Cielebąk
Internal Name: Kmm4xnt.sys
Original Name: Kmm4xnt.sys
Product: KMM4xNT
Description: Sterownik dla kluczy KMM4x pod WinNT
File Version: 1.03
Product Version: 1.03
Copyright: Copyright © MM Electronics1999-2001
VirusTotal: https://www.virustotal.com/file/e85d70e8ce17bbcea9010e910535c2397374903f54772eb44bfc2c2cdf392914/analysis/1460726107/

====== End of File: ======


========= netsh winsock reset catalog =========


Pomylnie zresetowano Winsock Catalog.
Musisz ponownie uruchomi† komputer, aby ukoäczy† resetowanie.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Resetowanie Globalny - OK!
Resetowanie Interfejs - OK!
Do ukoäczenia tej akcji wymagane jest ponowne uruchomienie komputera.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Konfiguracja IP systemu Windows

Pomylnie opr˘ľniono pami©† podr©cznĄ programu rozpoznawania nazw DNS.

========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-136798832-305523967-369107754-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-136798832-305523967-369107754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-136798832-305523967-369107754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 118982563 B
Java, Flash, Steam htmlcache => 696 B
Windows/system/drivers => 233228977 B
Edge => 0 B
Chrome => 0 B
Firefox => 394638152 B
Opera => 21872372 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 112802 B
Piotr => 20008158 B

RecycleBin => 88402766 B
EmptyTemp: => 844.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:05:34 ====

 

 

But, from that traingle in Windows 7 - Show hidden icons - a few programmes disappeard - like Eset for example. Is that means that ESET is not active?



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,194 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:57 PM

Posted 20 November 2017 - 02:33 PM

It may be because we cleaned out temporary files.

Click Start, then All Programs and check for what is missing. List those that disappeared and you do not find in All Programs.

How is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 piotrek123

piotrek123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 20 November 2017 - 02:53 PM

Every program is on his place. Computer runs a little bit faster. The only remaining problem is Revit 2017, as mentioned in original post, but I'll just reinstall the software.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,194 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:57 PM

Posted 20 November 2017 - 03:08 PM

Very good, let me know if Revit is working properly.

Please run these.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Right click on the icon and select Run as administrator
  • Click Yes to update now
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click Yes on the detection of PUP's pop up window
  • Click Scanner settings at the bottom
  • Select Quarantine detected objects and leave the other default settings
  • Click Scan now
  • Click Malware Scan
  • Click Quarantine selected
  • Once completed click View Report
  • Copy and paste the report in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report
  • Security Analysis report
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 piotrek123

piotrek123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 20 November 2017 - 03:12 PM

Thanks, I'm installing Emisoft software at the moment. I'll post logs right after finishing with the scans.

 

EDIT: One thing, should I turn off ESET while doing scans?


Edited by piotrek123, 20 November 2017 - 03:13 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,194 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:57 PM

Posted 20 November 2017 - 03:41 PM

Should not be necessary.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 piotrek123

piotrek123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 20 November 2017 - 03:45 PM

Situation - Revit works, faster than a few months ago, when I used it for the last time. Computer runs smooth too, thank you very much. By the way, those logs seems (?) to do not show any threat, but the action performed something. I wonder, is my computer clean?

 

Here are the logs:

 

EEK

Emsisoft Emergency Kit - Version 2017.10
Last update: 2017-11-20 21:17:39
User account: Komputer\Piotr
Computer name: KOMPUTER
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:    2017-11-20 21:23:49
C:\ProgramData\pdfforge     detected: Application.AppInstall (A) [226356]
Key: HKEY_USERS\S-1-5-21-136798832-305523967-369107754-1000\SOFTWARE\PDFFORGE     detected: Application.InstallAd (A) [275736]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\PDFFORGE     detected: Application.InstallAd (A) [277556]

Scanned    81858
Found    3

Scan end:    2017-11-20 21:30:54
Scan time:    0:07:05

Key: HKEY_LOCAL_MACHINE\SOFTWARE\PDFFORGE     Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-136798832-305523967-369107754-1000\SOFTWARE\PDFFORGE     Application.InstallAd (A)

Quarantined    2

 

 

RGSA

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 18th Novemeber, 2017
Running from:C:\Users\Piotr\Downloads\rgsa (21:34:28 - 11/20/2017)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
ESET Smart Security Premium (Enabled - up to Date)
ESET Smart Security Premium (Enabled - up to Date)
Windows Defender (Enabled - Not up to Date)
ESET Zapora (Enabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (23.0.0.162) ==> is out of Date
CCleaner (5.22) ==> is out of Date
Java (8.0.1410.15)
Mozilla Firefox (55.0.3) ==> is out of Date
Opera (49.0.2725.39)

***----------------Analysis Complete-------------------------***

 

 

 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,194 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:57 PM

Posted 20 November 2017 - 03:56 PM

Greetings,

Emsisoft quarantined 2 registry keys. Can you tell me if PDF Architect and PDF Creator work properly?

We need to update Adobe Flash Player and if you use CCleaner that program needs to be updated as well.

Please do this.

===================================================

Update Adobe Flash Player

--------------------
  • Download Adobe Flash Player here and save it to your desktop. Uncheck optional offers
  • Close any open browsers
  • Click on Install Now
  • Click Save File and save the file to your Desktop
  • Double click on the FlashPlayer icon on your Desktop and allow the installer to run
  • When completed click Finish
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • PDF programs work?
  • Did Flash Player update?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 piotrek123

piotrek123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 20 November 2017 - 04:17 PM

Adobe Flash Player and CCleaner have been updated.

 

PDF Architect can open PDFs and reads them without problems, but while set as the printer in Revit, it is creating empty PDFs. Printing PDFs with PDF Creator as the printer works fine.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users