Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected by Gen:Variant.Zusy


  • This topic is locked This topic is locked
2 replies to this topic

#1 RPCDR

RPCDR

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 30 December 2017 - 09:52 AM

Sorry my computer is polish so it might be hard to understand this a bit.
 
 
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 26-12-2017
Uruchomiony przez Patryk (administrator)  JAKUBCOMP (30-12-2017 14:30:29)
Uruchomiony z C:\Users\Patryk\Downloads
Załadowane profile: Patryk (Dostępne profile: Patryk)
Platform: Windows 10 Home Wersja 1703 15063.786 (X64) Język: Polish (Poland)
Internet Explorer Wersja 11 (Domyślna przeglądarka: Edge)
Tryb startu: Normal
 
==================== Procesy (filtrowane) =================
 
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microvirt Software Technology Co. Ltd.) C:\Program Files\Microvirt\MEmu\MemuService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
(f.lux Software LLC) C:\Users\Patryk\AppData\Local\FluxSoftware\Flux\flux.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\UNP\UNPCampaignManager.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\HxTsr.exe
 
==================== Rejestr (filtrowane) ===========================
 
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8842496 2016-07-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-07-18] (Realtek Semiconductor)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [196824 2015-01-13] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [65120 2017-11-07] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2105728 2017-05-31] (Sony)
HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1034160 2017-10-10] (McAfee Inc.)
HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\Run: [f.lux] => C:\Users\Patryk\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Asystent menedżera zawartości dla PlayStation®.lnk [2017-01-24]
ShortcutTarget: Asystent menedżera zawartości dla PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
GroupPolicy: Ograniczenia <==== UWAGA
 
==================== Internet (filtrowane) ====================
 
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
 
Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{e2dab8f5-ce13-4f6c-8d31-7e1434023680}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D1%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtGyEyE0FtAtGzy0B0FtAtGyC0AyDtA0AtByCyEyDzy0CyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtCtCtDzyyBtCtAyE%26cr%3D463989555%26a%3Dwbf_andos_17_46%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {69241833-9BA8-4862-9BDD-25774DA4BF18} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtGyEyE0FtAtGzy0B0FtAtGyC0AyDtA0AtByCyEyDzy0CyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtCtCtDzyyBtCtAyE%26cr%3D463989555%26a%3Dwbf_andos_17_46%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_chtengin_17_15&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StCzytBzytN1L2XzutAtFtBzytFtAtFyDzztN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2StA0AtC0C0D0CyD0AtGyC0E0E0BtGyDyD0F0DtGtA0CtAzytG0A0F0ByCtBtCyBtB0C0AzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtGyEyE0FtAtGzy0B0FtAtGyC0AyDtA0AtByCyEyDzy0CyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBtB%26cr%3D2116538692%26a%3Dwbf_chtengin_17_15%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_chtengin_17_15&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StCzytBzytN1L2XzutAtFtBzytFtAtFyDzztN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2StD0Fzz0DtD0BtA0DtGyD0A0CyBtGtDtD0EyDtGtDtD0AtCtG0DyEzyzyyCyDzyyEyE0C0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtGyEyE0FtAtGzy0B0FtAtGyC0AyDtA0AtByCyEyDzy0CyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBtB%26cr%3D169324992%26a%3Dwcg_chtengin_17_15%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {69241833-9BA8-4862-9BDD-25774DA4BF18} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtGyEyE0FtAtGzy0B0FtAtGyC0AyDtA0AtByCyEyDzy0CyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtCtCtDzyyBtCtAyE%26cr%3D463989555%26a%3Dwbf_andos_17_46%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {69241833-9BA8-4862-9BDD-25774DA4BF18} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtGyEyE0FtAtGzy0B0FtAtGyC0AyDtA0AtByCyEyDzy0CyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtCtCtDzyyBtCtAyE%26cr%3D463989555%26a%3Dwbf_andos_17_46%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_chtengin_17_15&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StCzytBzytN1L2XzutAtFtBzytFtAtFyDzztN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2StA0AtC0C0D0CyD0AtGyC0E0E0BtGyDyD0F0DtGtA0CtAzytG0A0F0ByCtBtCyBtB0C0AzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtGyEyE0FtAtGzy0B0FtAtGyC0AyDtA0AtByCyEyDzy0CyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBtB%26cr%3D2116538692%26a%3Dwbf_chtengin_17_15%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_chtengin_17_15&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StCzytBzytN1L2XzutAtFtBzytFtAtFyDzztN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2StD0Fzz0DtD0BtA0DtGyD0A0CyBtGtDtD0EyDtGtDtD0AtCtG0DyEzyzyyCyDzyyEyE0C0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtGyEyE0FtAtGzy0B0FtAtGyC0AyDtA0AtByCyEyDzy0CyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBtB%26cr%3D169324992%26a%3Dwcg_chtengin_17_15%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {69241833-9BA8-4862-9BDD-25774DA4BF18} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtGyEyE0FtAtGzy0B0FtAtGyC0AyDtA0AtByCyEyDzy0CyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtCtCtDzyyBtCtAyE%26cr%3D463989555%26a%3Dwbf_andos_17_46%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3693424755-2941297685-1152701938-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtGyEyE0FtAtGzy0B0FtAtGyC0AyDtA0AtByCyEyDzy0CyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtCtCtDzyyBtCtAyE%26cr%3D463989555%26a%3Dwbf_andos_17_46%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3693424755-2941297685-1152701938-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtGyEyE0FtAtGzy0B0FtAtGyC0AyDtA0AtByCyEyDzy0CyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtCtCtDzyyBtCtAyE%26cr%3D463989555%26a%3Dwbf_andos_17_46%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: 2d4eozdj.default-1491147157290-1504188217706
FF ProfilePath: C:\Users\Patryk\AppData\Roaming\Mozilla\Firefox\Profiles\2d4eozdj.default-1491147157290-1504188217706 [2017-12-20]
FF Homepage: Mozilla\Firefox\Profiles\2d4eozdj.default-1491147157290-1504188217706 -> hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtGyEyE0FtAtGzy0B0FtAtGyC0AyDtA0AtByCyEyDzy0CyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtCtCtDzyyBtCtAyE%26cr%3D463989555%26a%3Dwbf_andos_17_46%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF SearchPlugin: C:\Users\Patryk\AppData\Roaming\Mozilla\Firefox\Profiles\2d4eozdj.default-1491147157290-1504188217706\searchplugins\yahoo! powered.xml [2017-11-19]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-23] [Przestarzałe] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [Brak pliku]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [Brak pliku]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3693424755-2941297685-1152701938-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Patryk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-03-08] (Unity Technologies ApS)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.ie/"
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default [2017-12-30]
CHR Extension: (Slides) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-01]
CHR Extension: (Tampermonkey) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-11-08]
CHR Extension: (Sheets) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (EditThisCookie) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-12-29]
CHR Extension: (Google Docs Offline) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-30]
CHR Extension: (AdBlock) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-01]
CHR Extension: (Chrome Media Router) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-16]
CHR Profile: C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-13]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Usługi (filtrowane) ====================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [434248 2017-11-06] (Avira Operations GmbH & Co. KG)
S4 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [231256 2016-07-13] (Avira Operations GmbH & Co. KG)
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [156640 2017-10-03] (Byte Technologies LLC)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2017-04-17] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-04-13] (Futuremark)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2016-05-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [320944 2017-10-10] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
R2 MEmusvc; C:\Program Files\Microvirt\MEmu\MemuService.exe [269480 2017-05-26] (Microvirt Software Technology Co. Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2155328 2017-12-29] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3025224 2017-12-29] (Electronic Arts)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2016-07-18] (Realtek Semiconductor)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2017-11-21] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-09-28] (Razer Inc.)
S2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2017-11-07] (Avira Operations GmbH & Co. KG)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [252520 2016-05-24] (Synaptics Incorporated)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2017-10-09] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2017-10-09] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2017-10-09] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2017-05-31] (Sony)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [Brak podpisu cyfrowego]
 
===================== Sterowniki (filtrowane) ======================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [82696 2015-07-31] (Advanced Micro Devices, Inc.)
S3 ampa; C:\WINDOWS\system32\ampa.sys [19568 2015-11-10] () [Brak podpisu cyfrowego]
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [19568 2015-11-10] () [Brak podpisu cyfrowego]
R0 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1019880 2017-10-13] (BitDefender S.R.L. Bucharest, ROMANIA)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4317112 2016-05-24] (Qualcomm Atheros Communications, Inc.)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1763744 2017-10-09] (BitDefender)
S3 bcmsmbsp; C:\WINDOWS\System32\drivers\bcmsmbsp.sys [54048 2015-09-10] (Broadcom Corporation.)
R0 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [155488 2017-11-17] (Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2017-12-16] (Bluestack System Inc. )
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-07-03] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-07-03] (Disc Soft Ltd)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [250504 2017-10-09] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [187688 2017-05-11] (BitDefender LLC)
R2 memudrv; C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-06-20] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2584792 2015-01-13] (Realtek Semiconductor Corp.)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-08-10] (Razer, Inc.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [63592 2016-05-24] (Synaptics Incorporated)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (filtrowane) ===================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
 
==================== Jeden miesiąc - utworzone pliki i foldery ========
 
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
 
2017-12-30 14:30 - 2017-12-30 14:33 - 000029887 _____ C:\Users\Patryk\Downloads\FRST.txt
2017-12-30 14:28 - 2017-12-30 14:30 - 000000000 ____D C:\FRST
2017-12-30 14:27 - 2017-12-30 14:27 - 002391552 _____ (Farbar) C:\Users\Patryk\Downloads\FRST64.exe
2017-12-29 21:08 - 2017-12-29 21:08 - 000000000 ____D C:\ProgramData\PopCap Games
2017-12-29 21:07 - 2017-12-29 21:07 - 000001354 _____ C:\Users\Public\Desktop\Plants vs. Zombies.lnk
2017-12-29 21:07 - 2017-12-29 21:07 - 000000000 ____D C:\ProgramData\EA Logs
2017-12-29 20:53 - 2017-12-29 20:56 - 000000000 ____D C:\Program Files (x86)\Origin Games
2017-12-29 20:47 - 2017-12-29 20:47 - 000001068 _____ C:\Users\Public\Desktop\Origin.lnk
2017-12-29 20:47 - 2017-12-29 20:47 - 000000000 ____D C:\Program Files (x86)\Origin
2017-12-29 20:41 - 2017-12-29 20:41 - 000000000 ____D C:\Users\Patryk\.QtWebEngineProcess
2017-12-29 20:41 - 2017-12-29 20:41 - 000000000 ____D C:\Users\Patryk\.Origin
2017-12-29 20:40 - 2017-12-29 20:54 - 000000000 ____D C:\Users\Patryk\AppData\Local\Origin
2017-12-29 20:39 - 2017-12-29 20:40 - 065718528 _____ (Electronic Arts) C:\Users\Patryk\Downloads\OriginThinSetup.exe
2017-12-29 20:16 - 2017-12-29 20:17 - 195129034 _____ C:\Users\Patryk\Downloads\PlantsVS.Zombies.Game.Of.The.Year.Editio.rar
2017-12-22 19:16 - 2017-12-22 19:16 - 000822328 _____ (Roblox Corporation) C:\Users\Patryk\Downloads\RobloxPlayerLauncher.exe
2017-12-22 15:44 - 2017-12-22 15:44 - 000002231 _____ C:\Users\Patryk\Desktop\Videoshop.lnk
2017-12-22 14:33 - 2017-12-22 14:33 - 000001521 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-12-22 14:28 - 2017-12-22 14:30 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2017-12-22 14:23 - 2017-12-22 14:26 - 275584208 _____ (BlueStack Systems Inc.) C:\Users\Patryk\Downloads\BlueStacks-Installer_BS3_native_7a1bd6651d562eba892466b28d6688e0.exe
2017-12-22 13:11 - 2017-12-22 13:11 - 000076101 _____ C:\Users\Patryk\Downloads\SYNAPSE CRACKED.zip
2017-12-14 14:31 - 2017-12-02 02:25 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-14 14:31 - 2017-12-02 02:25 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 12:23 - 2017-11-30 03:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-13 12:23 - 2017-11-30 03:00 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-13 12:23 - 2017-11-30 02:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-13 12:23 - 2017-11-30 02:58 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-13 12:23 - 2017-11-30 02:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-13 12:23 - 2017-11-30 02:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-13 12:23 - 2017-11-30 02:44 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-13 12:23 - 2017-11-30 02:44 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-13 12:23 - 2017-11-30 02:44 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-13 12:23 - 2017-11-30 02:43 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-13 12:23 - 2017-11-30 02:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-13 12:23 - 2017-11-30 02:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 12:23 - 2017-11-30 02:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 12:23 - 2017-11-30 02:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 12:23 - 2017-11-30 02:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-13 12:23 - 2017-11-30 02:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 12:23 - 2017-11-30 02:40 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-13 12:23 - 2017-11-30 02:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 12:23 - 2017-11-30 02:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 12:23 - 2017-11-30 02:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 12:23 - 2017-11-30 02:38 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-13 12:23 - 2017-11-30 02:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-12-13 12:23 - 2017-11-30 02:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-12-13 12:23 - 2017-11-30 02:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-13 12:23 - 2017-11-30 02:37 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-13 12:23 - 2017-11-30 02:37 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-13 12:23 - 2017-11-30 02:36 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-13 12:23 - 2017-11-30 02:36 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-13 12:23 - 2017-11-30 02:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-12-13 12:23 - 2017-11-30 02:36 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-13 12:23 - 2017-11-30 02:36 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-13 12:23 - 2017-11-30 02:35 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-13 12:23 - 2017-11-30 02:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-12-13 12:23 - 2017-11-17 09:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-12-13 12:23 - 2017-11-17 09:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-13 12:22 - 2017-11-30 03:33 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-13 12:22 - 2017-11-30 03:33 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-13 12:22 - 2017-11-30 03:29 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-13 12:22 - 2017-11-30 03:26 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-13 12:22 - 2017-11-30 03:24 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-13 12:22 - 2017-11-30 03:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-13 12:22 - 2017-11-30 03:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-13 12:22 - 2017-11-30 02:59 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-13 12:22 - 2017-11-30 02:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 12:22 - 2017-11-30 02:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-12-13 12:22 - 2017-11-30 02:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 12:22 - 2017-11-30 02:42 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-13 12:22 - 2017-11-30 02:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 12:22 - 2017-11-30 02:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-12-13 12:22 - 2017-11-30 02:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-13 12:22 - 2017-11-30 02:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-13 12:22 - 2017-11-30 02:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 12:22 - 2017-11-30 02:40 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-13 12:22 - 2017-11-30 02:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-13 12:22 - 2017-11-30 02:39 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-13 12:22 - 2017-11-30 02:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-13 12:22 - 2017-11-30 02:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-12-13 12:22 - 2017-11-30 02:38 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-13 12:22 - 2017-11-30 02:37 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-13 12:22 - 2017-11-30 02:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-12-13 12:22 - 2017-11-30 02:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-12-13 12:22 - 2017-11-30 02:36 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-13 12:22 - 2017-11-30 02:36 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-13 12:22 - 2017-11-17 09:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-13 12:22 - 2017-11-17 09:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 12:22 - 2017-11-17 09:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-13 12:22 - 2017-11-17 09:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 12:22 - 2017-11-17 09:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-13 12:22 - 2017-11-17 09:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-13 12:22 - 2017-11-17 09:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-13 12:22 - 2017-11-17 09:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-13 12:22 - 2017-11-17 09:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-12-13 12:22 - 2017-11-17 09:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 12:22 - 2017-11-17 09:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-13 12:22 - 2017-11-17 09:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-13 12:22 - 2017-11-17 09:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-13 12:22 - 2017-11-17 09:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-12-13 12:22 - 2017-11-17 09:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-12-13 12:22 - 2017-11-17 09:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-13 12:22 - 2017-11-17 09:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-13 12:22 - 2017-11-17 09:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-13 12:22 - 2017-11-17 08:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-13 12:22 - 2017-11-17 08:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-13 12:21 - 2017-11-30 02:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 12:21 - 2017-11-30 02:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 12:21 - 2017-11-30 02:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-11 15:15 - 2017-12-11 16:19 - 000121249 _____ C:\Users\Patryk\Desktop\scripts2.rar
2017-12-11 12:31 - 2017-12-22 19:15 - 000000000 ____D C:\Users\Patryk\Desktop\Scripts
2017-12-11 12:05 - 2017-12-11 12:05 - 000000000 ____D C:\coalexploit
2017-12-10 20:32 - 2017-12-10 20:32 - 000131550 ____T C:\WINDOWS\mndE78C.diagerr.mdmp
2017-12-10 11:50 - 2017-12-10 11:54 - 000563620 _____ C:\WINDOWS\Minidump\121017-33718-01.dmp
2017-12-09 19:24 - 2017-12-09 19:24 - 002465021 _____ C:\Users\Patryk\Desktop\Oblivion_Release.zip
2017-12-09 17:04 - 2017-12-22 19:15 - 000000000 ____D C:\Users\Patryk\Desktop\New folder
2017-12-09 16:18 - 2017-12-25 15:40 - 000000000 ____D C:\Users\Patryk\Desktop\file
2017-12-08 16:56 - 2017-12-08 17:01 - 000563588 _____ C:\WINDOWS\Minidump\120817-47859-01.dmp
 
==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
 
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
 
2017-12-30 14:32 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-30 14:29 - 2017-11-05 16:47 - 000004216 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4F2878E2-2694-49F5-AA4E-07C7DC5824AF}
2017-12-30 14:29 - 2017-10-09 15:14 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-12-30 14:26 - 2017-11-05 16:39 - 002736654 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-30 14:26 - 2017-03-20 03:59 - 001753988 _____ C:\WINDOWS\system32\perfh015.dat
2017-12-30 14:26 - 2017-03-20 03:59 - 000578630 _____ C:\WINDOWS\system32\perfc015.dat
2017-12-30 14:23 - 2016-06-14 13:27 - 000000000 __SHD C:\Users\Patryk\IntelGraphicsProfiles
2017-12-30 14:21 - 2017-11-11 09:56 - 000000000 ____D C:\Users\Public\Speedup Sessions
2017-12-30 14:19 - 2017-11-05 16:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-29 21:07 - 2016-06-26 06:20 - 000000000 ____D C:\Users\Patryk\AppData\Roaming\Origin
2017-12-29 21:07 - 2016-06-26 06:18 - 000000000 ____D C:\ProgramData\Electronic Arts
2017-12-29 20:53 - 2016-06-26 06:19 - 000000000 ____D C:\ProgramData\Origin
2017-12-29 20:41 - 2017-11-05 16:17 - 000000000 ____D C:\Users\Patryk
2017-12-29 19:13 - 2016-06-14 13:58 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-29 15:39 - 2017-03-18 11:40 - 000131072 _____ C:\WINDOWS\system32\config\ELAM
2017-12-29 15:08 - 2017-11-05 16:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-29 02:37 - 2017-11-19 13:12 - 000000000 ____D C:\Program Files\ByteFence
2017-12-22 19:15 - 2017-07-23 14:56 - 000000000 ____D C:\Users\Patryk\Desktop\Nowy folder
2017-12-22 14:33 - 2017-08-22 09:13 - 000001521 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-12-22 14:33 - 2017-08-22 09:09 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2017-12-22 14:33 - 2017-08-22 09:09 - 000000000 ____D C:\ProgramData\BlueStacks
2017-12-22 14:29 - 2017-08-22 09:08 - 000000000 ____D C:\Users\Patryk\AppData\Local\Bluestacks
2017-12-20 15:57 - 2017-04-02 15:30 - 000000000 ____D C:\Users\Patryk\AppData\LocalLow\Mozilla
2017-12-20 15:10 - 2016-09-22 18:11 - 000000000 ____D C:\Users\Patryk\AppData\Local\Roblox
2017-12-20 14:46 - 2016-09-22 18:11 - 000000000 ____D C:\Users\Patryk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-12-19 11:27 - 2016-08-01 17:13 - 000002280 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-19 11:05 - 2016-08-01 15:39 - 000000000 ____D C:\Users\Patryk\AppData\Roaming\Browsers
2017-12-16 12:53 - 2017-03-18 21:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-14 17:37 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\rescache
2017-12-14 14:28 - 2017-11-05 16:09 - 000234008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-14 14:27 - 2017-03-18 11:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-12-14 14:26 - 2017-07-08 11:18 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-14 14:26 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-12-14 14:26 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-14 14:26 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-12-14 14:26 - 2017-03-18 21:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-14 11:45 - 2016-06-13 09:05 - 000000000 ____D C:\Users\Patryk\AppData\Local\Packages
2017-12-14 11:40 - 2016-12-03 16:44 - 000001274 _____ C:\Users\Patryk\Desktop\nativelog.txt
2017-12-14 11:33 - 2016-06-15 06:55 - 000000000 ____D C:\Users\Patryk\AppData\Roaming\.minecraft
2017-12-13 12:53 - 2017-03-18 20:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-13 12:43 - 2016-06-13 17:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 12:31 - 2017-10-12 16:42 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 12:31 - 2016-06-13 17:04 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-13 11:20 - 2017-11-05 16:47 - 000004590 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-13 11:20 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-13 11:18 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-11 19:57 - 2017-08-30 12:35 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-11 19:05 - 2017-11-05 16:57 - 000024768 _____ C:\WINDOWS\diagwrn.xml
2017-12-11 19:05 - 2017-11-05 16:57 - 000024768 _____ C:\WINDOWS\diagerr.xml
2017-12-11 16:37 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\Registration
2017-12-11 16:35 - 2017-09-30 15:09 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-10 11:50 - 2017-11-07 16:31 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-10 11:50 - 2017-04-06 17:10 - 694041993 _____ C:\WINDOWS\MEMORY.DMP
2017-12-08 18:54 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-03 08:34 - 2017-11-05 16:47 - 000003208 _____ C:\WINDOWS\System32\Tasks\Avira SystrayStartTrigger
2017-12-03 08:34 - 2016-06-14 13:37 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-03 08:34 - 2016-06-14 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
 
==================== Pliki w katalogu głównym wybranych folderów =======
 
2017-08-02 16:22 - 2017-08-02 16:22 - 000000128 ____H () C:\Users\Patryk\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2016-06-20 18:36 - 2016-07-02 00:25 - 000000113 _____ () C:\Users\Patryk\AppData\Roaming\WB.CFG
2017-04-28 16:04 - 2017-04-28 16:05 - 000000021 _____ () C:\Users\Patryk\AppData\Local\Autosofted License.txt
2017-10-04 11:47 - 2017-10-04 11:47 - 049979264 _____ (Sony) C:\Users\Patryk\AppData\Local\pcc.exe
 
Niektóre pliki w TEMP:
====================
2017-11-19 13:10 - 2017-11-19 13:10 - 001214528 _____ (Andy OS, inc.) C:\Users\Patryk\AppData\Local\Temp\SetAPK.exe
 
==================== Bamital & volsnap ======================
 
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
 
C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo
C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo
 
LastRegBack: 2017-12-26 14:19
 
==================== Koniec  FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 26-12-2017
Uruchomiony przez Patryk (30-12-2017 14:37:52)
Uruchomiony z C:\Users\Patryk\Downloads
Windows 10 Home Wersja 1703 15063.786 (X64) (2017-11-05 17:02:11)
Tryb startu: Normal
==========================================================
 
 
==================== Konta użytkowników: =============================
 
Administrator (S-1-5-21-3693424755-2941297685-1152701938-500 - Administrator - Disabled)
Gość (S-1-5-21-3693424755-2941297685-1152701938-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3693424755-2941297685-1152701938-1005 - Limited - Enabled)
Konto domyślne (S-1-5-21-3693424755-2941297685-1152701938-503 - Limited - Disabled)
Patryk (S-1-5-21-3693424755-2941297685-1152701938-1001 - Administrator - Enabled) => C:\Users\Patryk
 
==================== Centrum zabezpieczeń ========================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Zainstalowane programy ======================
 
(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)
 
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{306823F5-9E3B-6FEA-77B0-C9F9B725D7C4}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Andy OS (HKLM\...\Andy OS) (Version: 46.16 - Andy OS, Inc)
Apowersoft Online Launcher version 1.7.0 (HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.0 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Asystent menedżera zawartości dla PlayStation® (HKLM-x32\...\{E5C1C342-5E78-4D91-85BE-40C716B09391}) (Version: 3.55.7671.0901 - Sony Computer Entertainment Inc.)
Asystent uaktualnienia do systemu Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17323 - Microsoft Corporation)
Avira (HKLM-x32\...\{4BC30143-FC17-4BA0-96C3-11F21F026099}) (Version: 1.2.100.18354 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{638c58eb-e71e-4b96-8f16-c5a7dbc4293f}) (Version: 1.2.100.18354 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 1.3.1.30415 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.2.1.6365 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.8.33 - Bitdefender)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.54.65.1755 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.16.0.1 - Byte Technologies LLC) <==== UWAGA
ChomikBox (HKLM-x32\...\{71736AF6-BA4B-4F3C-8496-C325B97869BA}) (Version: 2.0.8.1 - Chomikuj.pl)
Chromium (HKLM-x32\...\{A8874047-F807-91C7-4987-E147990732C7}) (Version:  - )
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 4.00 - NCH Software)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{98CB551E-EDB1-4535-82A6-E3258597F64E}) (Version: 2.7.1000.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.36 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{92F651D9-4431-469E-9B11-299D007AF656}) (Version: 2.0.2.1835 - Dell Inc.)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
f.lux (HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\Flux) (Version:  - f.lux Software LLC)
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
Futuremark SystemInfo (HKLM-x32\...\{5052D282-C9AE-48CC-A9F5-17058BEEAA50}) (Version: 4.45.590.0 - Futuremark)
Galeria fotografii (HKLM-x32\...\{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
iSpring Free Cam 8 (HKLM-x32\...\{9E6D2789-25C1-4884-ACAA-32F187F96410}) (Version: 8.3.15297 - iSpring Solutions Inc.)
League of Legends (HKLM-x32\...\{2A3DD76D-BB24-4C4B-BC36-FB25D8902946}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
McAfee Safe Connect (HKLM-x32\...\{F210DAEC-9E43-467E-87E8-B02DA469CFFC}) (Version: 1.4.1.150 - McAfee, Inc)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
MEmu (HKLM-x32\...\MEmu) (Version: 3.1.2.4 - Microvirt Software Technology Co. Ltd.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Monosnap (HKLM-x32\...\{2CE96D70-718B-495D-9C58-C48CD89F7797}) (Version: 3.0.6.40 - Monosnap)
Movie Maker (HKLM-x32\...\{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Firefox 55.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.3 (x64 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.8.17910 - Electronic Arts, Inc.)
Pakiet sterowników systemu Windows - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 2.4.0.64869 - Grinding Gear Games) Hidden
Path of Exile (HKLM-x32\...\{94427be8-df6b-4739-b212-7b285532cfbb}) (Version: 2.4.0.64869 - Grinding Gear Games)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Podstawowe programy Windows Live (HKLM-x32\...\{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
PowerXpressHybrid (HKLM-x32\...\{51FDC2DE-0917-46B7-EAEC-5377504701DE}) (Version: 1.00.0000 - Nazwa firmy) Hidden
PX Profile Update (HKLM-x32\...\{D459963A-7ADF-87DF-140D-A94A04B57C6A}) (Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7878 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10296 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Roblox Studio for Patryk (HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - Roblox Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Unity Web Player (HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\UnityWebPlayer) (Version: 5.3.8f1 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{17515373-7495-4995-9089-B7D6DF455C38}) (Version: 2.6.0.0 - Microsoft Corporation)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.03 - NCH Software)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{058506CE-4E1C-4087-878E-61D8B5F8F47A}) (Version: 1.7.2.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{65415473-2761-4ee3-85c1-5fdf086444c6}) (Version: 1.7.2.0 - Sony)
Xperia Companion Service (HKLM\...\{86C9336F-6376-4E86-A09A-EA7177DEC3D5}) (Version: 1.7.2.0 - Sony) Hidden
 
==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
CustomCLSID: HKU\S-1-5-21-3693424755-2941297685-1152701938-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-12-10] (Cyberlink)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Users\Patryk\Desktop\games\The escapists\rarext64.dll -> Brak pliku
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Users\Patryk\Desktop\games\The escapists\rarext.dll -> Brak pliku
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-12-10] (Cyberlink)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-12] (Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Users\Patryk\Desktop\games\The escapists\rarext64.dll -> Brak pliku
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Users\Patryk\Desktop\games\The escapists\rarext.dll -> Brak pliku
 
==================== Zaplanowane zadania (filtrowane) =============
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
Task: {04AF0997-B458-48BE-A8F9-0C8C6565B803} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-10-03] (Byte Technologies LLC) <==== UWAGA
Task: {0F36CB95-A27F-49E2-9108-5ECBAEFDDD7A} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-06-21] (Bitdefender)
Task: {123C1F71-3DBE-4D94-BE7E-68E3135E6AF5} - System32\Tasks\{52A41711-6533-46DD-A7DE-C01A112C13B7} => C:\WINDOWS\system32\pcalua.exe -a G:\Baldur.exe -d G:\
Task: {1B9E9D18-13A6-42EA-903E-94440E4A6340} - System32\Tasks\{757FF215-9464-4B4C-9800-F8EB908CD91D} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Diablo II\Diablo II.exe" -d "C:\Program Files (x86)\Diablo II\"
Task: {25F664F0-4D90-4F03-8DEC-767F2B6940A8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {2C1C9E47-CC68-4048-9CA3-1D0D44AA0FA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-01] (Google Inc.)
Task: {369C5475-B230-4960-A7FA-EF56B7AE58B9} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-07-18] (Realtek Semiconductor)
Task: {4E542956-7395-497B-A493-59A202D69CB9} - System32\Tasks\{C898B764-DFFF-4AED-A869-432940A56D50} => C:\WINDOWS\system32\pcalua.exe -a "F:\gry\BG II CD1\Baldur.exe" -d "F:\gry\BG II CD1"
Task: {51DC7506-5103-48D9-BAAE-05C2991E2E8D} - System32\Tasks\{2D5E4CA6-EE24-4938-9171-344D5485FBAF} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\
Task: {54A58FEE-0DAD-42D4-AA00-597BBAD1D9DC} - \WPD\SqmUpload_S-1-5-21-3693424755-2941297685-1152701938-1001 -> Brak pliku <==== UWAGA
Task: {59931B88-3207-4621-A81A-EC10B2FEFA23} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {7693F1AA-467D-44A6-91AC-88EC4D4D2881} - System32\Tasks\Booking_helper => C:\PROGRA~2\Booking.com\BOOKIN~2.EXE
Task: {7B7D0389-55EB-4D4D-903B-62CC98ECF184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-01] (Google Inc.)
Task: {833C6AC8-FF07-4227-9418-E717A2C46A58} - System32\Tasks\{9E0CBF17-E99B-4D47-960E-EBFEF2E1C00C} => C:\WINDOWS\system32\pcalua.exe -a G:\Baldur.exe -d G:\
Task: {83407353-F708-4252-8266-1187CCD80B58} - System32\Tasks\Yahoo! Powered nicof => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\{7550B033-FF12-3AF5-79D4-A4B7E3962F79}\tise.txt" "68747470733a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b37353530423033332d464631322d334146352d373944342d4134423745333936324637397d5c666f646f726f" "433a5c50726f6772616d446174615c7b37353530423033332d464631322d334146352d3739 (dane wartości zawierają 80 znaków więcej). <==== UWAGA
Task: {89226F7A-5E1D-4792-8C46-A225247FFF86} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-11-07] (Avira Operations GmbH & Co. KG)
Task: {894FCC7B-F6EE-4288-B4B7-3470E51CA949} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {9329CFCE-8606-4A5D-8B74-392A96F95B9C} - \SystemToolsDailyTest -> Brak pliku <==== UWAGA
Task: {998EC7F0-732E-446F-97B0-3231B1BBBFDF} - \PCDoctorBackgroundMonitorTask -> Brak pliku <==== UWAGA
Task: {9FD32FE6-750A-4684-B0AD-12095B715B90} - \PCDEventLauncherTask -> Brak pliku <==== UWAGA
Task: {AA2FE4D9-5110-454A-9751-F2D1CBFFBDEA} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2017-11-18] (Avira Operations GmbH & Co. KG )
Task: {BF96D904-DB60-4B9B-81F0-4E9250B7E883} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Patryk) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {D9596259-6251-4E43-9C54-740CFE812F78} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-11-07] (Avira Operations GmbH & Co. KG)
Task: {DE55BC2A-8EBD-4DF3-A5E8-DF200494BCA1} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {E49D9574-C326-4022-A169-24C64EAA1E43} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== UWAGA
Task: {F7946FB3-5812-40F5-A5D6-B748C48A8D07} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
 
(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)
 
Task: C:\WINDOWS\Tasks\Booking_helper.job => C:\PROGRA~2\Booking.com\BOOKIN~2.EXE
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Patryk).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\Yahoo! Powered nicof.job => Wscript.exe  C:\ProgramData\{7550B033-FF12-3AF5-79D4-A4B7E3962F79}\tise.txt <==== UWAGA
 
==================== Skróty & WMI ========================
 
(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)
 
 
Shortcut: C:\Users\Patryk\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\Patryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоoglе Сhrоme.lnk -> C:\Users\Patryk\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Patryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internеt Ехрlorer Вrоwser.lnk -> C:\Users\Patryk\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <==== Cyrillic
 
==================== Załadowane moduły (filtrowane) ==============
 
2017-03-16 15:08 - 2017-03-16 15:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 15:08 - 2017-03-16 15:08 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-24 22:20 - 2016-09-24 22:21 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-11-04 05:07 - 2012-04-25 02:43 - 000254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2017-11-21 16:31 - 2017-11-21 16:32 - 000302920 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
2017-10-09 15:34 - 2017-11-23 20:00 - 000280576 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2017-10-09 15:35 - 2017-02-07 11:29 - 001008448 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2017-10-09 15:35 - 2017-02-07 11:29 - 000541952 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2017-10-09 15:35 - 2017-02-07 11:29 - 003243920 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2017-10-09 15:35 - 2017-02-07 11:29 - 001544568 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2017-11-21 16:31 - 2017-11-21 16:32 - 000620872 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
2017-03-18 20:58 - 2017-03-18 20:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-19 11:27 - 2017-12-14 02:49 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libglesv2.dll
2017-12-19 11:27 - 2017-12-14 02:49 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libegl.dll
2017-12-12 10:41 - 2017-12-12 10:42 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-12-12 10:41 - 2017-12-12 10:42 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-12 10:41 - 2017-12-12 10:42 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-12-12 10:41 - 2017-12-12 10:42 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-12 10:41 - 2017-12-12 10:41 - 000671744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-03-18 20:59 - 2017-03-20 04:01 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-06 15:25 - 2017-12-06 15:27 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-11-01 09:35 - 2017-11-01 09:36 - 001919680 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2013-11-04 05:05 - 2012-06-08 03:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-08-07 13:27 - 2013-08-07 13:27 - 000110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-11-29 16:58 - 2017-11-29 16:58 - 000016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\875cc5c4b1278917845c6c87411dde28\PSIClient.ni.dll
2013-11-04 04:51 - 2012-06-25 18:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (filtrowane) =========
 
(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)
 
 
==================== Tryb awaryjny (filtrowane) ===================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)
 
 
==================== Powiązania plików (filtrowane) ===============
 
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)
 
 
==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)
 
 
==================== Hosts - zawartość: ==========================
 
(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)
 
2012-07-26 05:26 - 2017-12-30 14:19 - 000002131 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
 
==================== Inne obszary ============================
 
(Obecnie brak automatycznej naprawy dla tej sekcji.)
 
HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Patryk\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dsc03289.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Zapora systemu Windows [funkcja włączona]
 
==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==
 
MSCONFIG\Services: Avira.ServiceHost => 2
MSCONFIG\Services: AviraPhantomVPN => 2
MSCONFIG\Services: rtop => 2
MSCONFIG\Services: ServiceLayer => 3
HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\StartupApproved\Run: => "ALLUpdate"
HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\StartupApproved\Run: => "ALLPlayer WiFi Remote"
HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\StartupApproved\Run: => "ChomikBox"
HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\StartupApproved\Run: => "Napisy24.pl"
HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\StartupApproved\Run: => "Napisy24Update"
HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\...\StartupApproved\Run: => "uTorrent"
 
==================== Reguły Zapory systemu Windows (filtrowane) ===============
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
FirewallRules: [{5060EAC3-D56A-4902-89DE-76C1CDF01824}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BloonsTD5\BTD5-Win.exe
FirewallRules: [{B9BF0ED3-809B-4DD0-A66F-666961925A1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BloonsTD5\BTD5-Win.exe
FirewallRules: [{ACE0CCF2-5387-48FC-8204-0B1A7E4BA153}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TerraTech Beta\TerraTechWin64.exe
FirewallRules: [{082F9528-7451-4A44-9C71-7AD23187C43F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TerraTech Beta\TerraTechWin64.exe
FirewallRules: [{900E8AD1-BE24-437D-A802-5E448C2EA00E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{F83AECFE-288B-4CA9-B40B-37A6BCB77469}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{72F3AB9C-A46A-4697-9C8C-726100FF9504}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{6CA4B138-C9EB-44B3-8E20-EADE8EE2306C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{074F5ACC-B598-4830-B1A3-C180002D7189}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{7D15EFD5-AA41-4CDE-94C0-2FB085B4E21B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{6AB39EA8-7965-4829-8388-0BE96EAC5880}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{972BDAF1-14FA-4224-9A5E-55E350C89896}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{08D48BA4-C602-4C38-BB91-8A7F8CBEB10F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3B4D7DAA-1A3E-41C9-A8B5-5164AF039289}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1D2BB996-94ED-4DED-88FB-FF2C631968C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [UDP Query User{91091E86-2F50-4DB9-BB42-3FDA28B94312}C:\users\patryk\appdata\local\roblox\versions\version-0e0f1b65440542cf\robloxstudiobeta.exe] => (Block) C:\users\patryk\appdata\local\roblox\versions\version-0e0f1b65440542cf\robloxstudiobeta.exe
FirewallRules: [TCP Query User{C83E45C4-B8BD-4B0A-A72C-10078D8E810E}C:\users\patryk\appdata\local\roblox\versions\version-0e0f1b65440542cf\robloxstudiobeta.exe] => (Block) C:\users\patryk\appdata\local\roblox\versions\version-0e0f1b65440542cf\robloxstudiobeta.exe
FirewallRules: [{F3404F79-15C0-4ACE-8254-5D1C5A9B89CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ball 3D\Ball 3D.exe
FirewallRules: [{C910508C-D968-4391-83E9-A975D37E2B64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ball 3D\Ball 3D.exe
FirewallRules: [{95BC75F1-FD40-4F57-A2D2-E0E7C049E3F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{8FC52E70-2179-470C-B9B2-C5CC4F0A0D42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{72866023-6008-47C3-96B5-EF4BEA06BFCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Soda Dungeon\dungeon.exe
FirewallRules: [{8918C5EF-4042-4910-8909-78701E408A38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Soda Dungeon\dungeon.exe
FirewallRules: [{3B440878-D6D3-4CBA-B89D-44EEDCD0CD3D}] => (Allow) C:\Users\Patryk\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{F26CA1FF-A917-488B-BF09-8E120146B3C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
FirewallRules: [{BFB631D6-D7C9-4B11-B867-02E5A122A402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
FirewallRules: [{D2342457-1B9C-4481-BD7C-858ABBE5E399}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C0C1BCC-135D-4140-9582-1746B29E23C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EB82FEA-BC5F-4864-87F1-B24C482DF195}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{DDF9F56E-D530-48FA-81FE-5B79391E45DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [UDP Query User{420600C9-D332-4995-97AA-C90BF6883B96}E:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Block) E:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [TCP Query User{C517598E-0D55-427A-BC06-54D781A9D6D0}E:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Block) E:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [UDP Query User{1B0C7C48-CC10-48F8-9EC6-532D5C4BBF6F}E:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) E:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [TCP Query User{A73C19B4-DCA9-4FDD-97AF-37CA49FF70AD}E:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) E:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [{F242DBE7-E38B-496E-B096-0C1371A80A9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{772FE82A-9AC6-4B80-AE83-7CB56ACC0636}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{1E76FEC8-C699-4994-AD19-5E5B16899D16}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7D0F9421-42B2-4718-A0B0-A7AE3BE69071}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{96AA7FBB-82E6-4AB6-8F86-96DB1B30550B}E:\gry\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) E:\gry\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E2374E69-14FF-47A3-A990-66791CCE275A}E:\gry\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) E:\gry\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{78297C50-832A-401A-8623-207C6D34A409}E:\gry\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) E:\gry\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{4802933E-EA59-434D-BF07-8EABF26DEEEB}E:\gry\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) E:\gry\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [{5277051F-86BD-4A49-8456-A63EDC821635}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowverse\Shadowverse.exe
FirewallRules: [{588E04D5-6477-488A-BC0B-7DE7A77E154C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowverse\Shadowverse.exe
FirewallRules: [UDP Query User{617EBC3B-D4E5-4210-A4D7-B6A992253D84}C:\users\patryk\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\patryk\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{5C55A230-D73C-4952-90E3-66ABB2F6F24B}C:\users\patryk\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\patryk\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{80B75DDB-E910-4BC6-8CF2-C7667E04FC16}C:\users\patryk\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\patryk\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{1BDE0E3D-A922-43B8-9512-5263BC479549}C:\users\patryk\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\patryk\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1D180D96-A64F-40B2-8B3E-C4B4C15C6EC4}E:\the lord of the rings online\lotroclient.exe] => (Allow) E:\the lord of the rings online\lotroclient.exe
FirewallRules: [TCP Query User{E78AE82C-61F8-4E14-880B-05B523B90492}E:\the lord of the rings online\lotroclient.exe] => (Allow) E:\the lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{4C84894A-62A1-4BE9-BDB5-8B2A24AECFBF}C:\users\patryk\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\patryk\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{3DD08247-B7DA-4E22-88F8-1163B8163C7F}C:\users\patryk\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\patryk\appdata\local\akamai\netsession_win.exe
FirewallRules: [{F8158C51-5E2B-4636-B9FA-227BD2852DCD}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{2CC53891-07E7-4348-BA41-0AC70CB0584F}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{1EF41964-856F-4009-B137-2C8F3DCC5D13}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{D3EABF7D-552B-4FC7-825B-52732BE009EC}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [UDP Query User{E1D78362-B26F-4409-A926-A28772EB1250}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{9C5AA3A8-B2CA-40BF-A814-1E5ADE21A766}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{06105789-D2A1-4E0B-9AC6-AB7DAB719AC5}C:\users\patryk\downloads\downloader_diablo2_plpl.exe] => (Allow) C:\users\patryk\downloads\downloader_diablo2_plpl.exe
FirewallRules: [TCP Query User{03D3942B-46D6-4D71-98E7-98FA1EBE9B77}C:\users\patryk\downloads\downloader_diablo2_plpl.exe] => (Allow) C:\users\patryk\downloads\downloader_diablo2_plpl.exe
FirewallRules: [UDP Query User{689936B9-2E75-432E-872C-A7D7AE288B23}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{043154E2-51A2-4EAF-9D2B-0EBBFBE121BE}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{8E610524-19FE-431B-90F3-E47C6F25EB3E}C:\program files (x86)\steam\steamapps\common\world of fishing\worldoffishing.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\world of fishing\worldoffishing.exe
FirewallRules: [TCP Query User{840A913B-8CB4-4A2F-ADBA-A33F6860B5F7}C:\program files (x86)\steam\steamapps\common\world of fishing\worldoffishing.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\world of fishing\worldoffishing.exe
FirewallRules: [UDP Query User{66D91DCB-2DE5-44E9-BEFB-FD668FD2C724}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe
FirewallRules: [TCP Query User{6E53EA47-BA76-4E09-8B50-A1AD1107B013}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe
FirewallRules: [{68DDA914-9388-4A8D-9FD6-919B60329BA4}] => (Allow) LPort=1900
FirewallRules: [{B45807A8-3AA1-49D0-9D3A-4FE66AFEFB64}] => (Allow) LPort=2869
FirewallRules: [{5EE387C9-5B39-49DA-974C-0A9CDBFF1F7A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A6105C8B-AA6D-4B48-A6A1-99F21B65A6B3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{7095F9D5-EFDA-4C3B-A33B-82079AE49EA8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{68499F1C-0E3D-4EFE-9781-D165864BEAB7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3924C808-01D6-419E-9A25-CB453726989B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D525316E-04E4-4E7A-AA1A-2508BD8A058B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4952791F-DC7D-4505-ADB3-6B192D403993}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{5CC4D015-7EB3-45CC-9D58-EBF799B434BA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{46E6D1E5-8046-40CE-8EC6-31997F77068E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{745FCDCC-33ED-4ABB-ABAF-E1DD9C9D9EE6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{502579F2-F78B-41B8-9A7E-B566F203E9F8}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{72EBD420-F221-4CFD-9B8F-B87A53505377}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe
FirewallRules: [UDP Query User{4F2851A5-B912-45E2-B621-D98DC9223773}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe
FirewallRules: [{A66EB995-969F-4B24-A870-8E0A883BF42C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{997E9693-2BF4-489E-A8C2-DE85D288189D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{88B8C093-75A8-4C82-B81A-79F12968493A}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{990E3788-9715-466F-BA4D-0A667B8231FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{F4DF3A0F-DB24-48AB-8BDD-869A5B826609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [TCP Query User{76A9350B-1DAF-4372-A3EF-3D4ED7A074AA}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{C5D1D839-823C-4E1D-8008-A585534F487B}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{D1038F11-5B59-458B-A82C-1E8BDEB877B6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [TCP Query User{65692F84-9FF2-49A0-B368-DBCE977C31DE}C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe
FirewallRules: [UDP Query User{20FCB65D-E801-4CB0-B2BF-92FD478554DC}C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe
FirewallRules: [TCP Query User{B1A290C9-561E-424C-9810-61C9FE2D328E}C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe
FirewallRules: [UDP Query User{857A7FF1-46B0-4C25-84EA-2E246ECE209D}C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe
FirewallRules: [TCP Query User{B7BE9708-F403-4711-9EF5-282DB3515550}E:\outlast_outlast whistleblower\binaries\win64\olgame.exe] => (Allow) E:\outlast_outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{0E785C31-9F99-409D-B71E-6AEF96CABD10}E:\outlast_outlast whistleblower\binaries\win64\olgame.exe] => (Allow) E:\outlast_outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [{D52D97DA-A73E-4A40-BC0C-D70D97172F66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\WhosYourDaddy.exe
FirewallRules: [{010ACA7B-55DC-4C16-9C22-D4AC0E529ABB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\WhosYourDaddy.exe
FirewallRules: [{5501BD56-B462-4AF7-9524-2C1DDFE64EBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{2E0418BC-E097-4E52-9DB9-D55FCA7FECD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{5741F448-8A55-464E-AAB0-613DD13AD62D}] => (Allow) C:\Users\Patryk\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{481FEE27-3A16-44DF-B0B2-8DFC43AF868D}] => (Allow) C:\Users\Patryk\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{B9545245-1AA2-4056-B777-C52A6DA1DC75}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{B7097BDB-898D-4DDA-B047-AA76D33C6199}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{F61A8486-FFFB-40E9-9186-7DEF0C424A0D}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{27DAD116-17AD-48F4-8776-285D584455A9}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{0B81CE36-6B45-44BF-9140-3F29B9340403}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{0C95B71B-FDA3-4542-B872-3A814049436F}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{74B12A76-25B6-4106-AADE-92BBAC8EDC45}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{1AAB3072-D6C2-4D39-81F4-16917347B000}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{6FD57C56-125F-46B5-98AF-7B628607AAA4}] => (Allow) C:\Users\Patryk\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{128CD766-C268-41FC-91D9-2CD3D619B47D}] => (Allow) C:\Users\Patryk\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{FA6081A4-DB6F-400D-815A-07EF89FC445C}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{1C35B2DB-2704-4029-8EAA-44B3A6AB3378}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{B38C00EA-082D-4905-811D-E59189D55FE8}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{C00CF399-6F19-468A-88D7-E954A0B5AF66}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{EBDA9FB4-884F-4548-9BBF-D2E48875B195}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{764E1748-F1E0-4D2F-BE55-1A93B1EB5CB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C3C5D6E0-DCCA-4BE0-ADE0-5FD682ACD9BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exe
FirewallRules: [{69D65B84-1C6A-4B3F-A041-F42FB1178507}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exe
FirewallRules: [{C20E33B7-7352-4A1D-8FF7-00F358F6C074}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F4569F5F-30BC-46E4-9FD0-58B576AA3B9E}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{74620FAE-EEBA-4EB4-B7E4-3E2626DA385C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{5C3DAF1D-1EB3-4A29-989C-38611D43BC0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{ADB7A66F-FBD3-4F4E-BED0-6BDE83D0D139}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{6351E185-1BD8-44C5-8508-AE8157E03AD4}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
 
==================== Punkty Przywracania systemu =========================
 
23-12-2017 03:25:08 Windows Update
26-12-2017 12:13:06 Windows Update
30-12-2017 14:34:35 Windows Update
 
==================== Wadliwe urządzenia w Menedżerze urządzeń =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Błędy w Dzienniku zdarzeń: =========================
 
Dziennik Aplikacja:
==================
Error: (12/30/2017 02:28:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.15063.332 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 7f4
 
Start Time: 01d3817964c8b5f2
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
 
Report Id: 460e724d-f117-4d4b-bc4b-8abe7392ed8c
 
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: CortanaUI
 
Error: (12/30/2017 02:23:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JAKUBCOMP)
Description: Package Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
 
Error: (12/30/2017 02:22:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McAfee Safe Connect.exe, version: 1.4.1.150, time stamp: 0x59ddaf4d
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x32774c02
Exception code: 0xe0434352
Fault offset: 0x000ecbb2
Faulting process ID: 0x205c
Faulting application start time: 0x01d3817984cd61a4
Faulting application path: C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 7be5b6a1-4b00-405a-969b-d27a7b559978
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/30/2017 02:22:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: McAfee Safe Connect.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at MSC.UI.App+<OnStartup>d__4.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+<>c.<ThrowAsync>b__6_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at MSC.UI.App.Main()
 
Error: (12/30/2017 02:22:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JAKUBCOMP)
Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/30/2017 02:20:34 PM) (Source: Avira System Speedup) (EventID: 0) (User: )
Description: Assembly verification failed, stopping service
 
Error: (12/30/2017 02:20:34 PM) (Source: Avira File Signature Verification) (EventID: 0) (User: )
Description: WinVerifyTrust failed with error code 2148081667 (last error: -2146885629) for file C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Tools.exe
 
Error: (12/29/2017 09:02:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, Nieprawidłowe dojście.
.
 
 
Operacja:
   Wykonywanie operacji asynchronicznej
 
Kontekst:
   Stan bieżący: DoSnapshotSet
 
Error: (12/29/2017 08:56:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JAKUBCOMP)
Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/29/2017 06:56:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JAKUBCOMP)
Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
Dziennik System:
=============
Error: (12/30/2017 02:25:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Optymalizacja dostarczania service did not respond on starting.
 
Error: (12/30/2017 02:21:46 PM) (Source: DCOM) (EventID: 10010) (User: ZARZĄDZANIE NT)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (12/30/2017 02:21:41 PM) (Source: DCOM) (EventID: 10010) (User: ZARZĄDZANIE NT)
Description: The server {A1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F} did not register with DCOM within the required timeout.
 
Error: (12/30/2017 02:20:08 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT)
Description: The właściwe dla aplikacji permission settings do not grant Lokalny Aktywacja permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user ZARZĄDZANIE NT\USŁUGA LOKALNA SID (S-1-5-19) from address LocalHost (użycie LRPC) running in the application container Niedostępny SID (Niedostępny). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/30/2017 02:20:08 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT)
Description: The właściwe dla aplikacji permission settings do not grant Lokalny Aktywacja permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user ZARZĄDZANIE NT\USŁUGA LOKALNA SID (S-1-5-19) from address LocalHost (użycie LRPC) running in the application container Niedostępny SID (Niedostępny). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/30/2017 02:19:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (12/30/2017 02:19:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 21:26:41 on ‎29.‎12.‎2017 was unexpected.
 
Error: (12/29/2017 07:13:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/29/2017 07:13:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (12/29/2017 03:13:18 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT)
Description: The właściwe dla aplikacji permission settings do not grant Lokalny Aktywacja permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ZARZĄDZANIE NT\SYSTEM SID (S-1-5-18) from address LocalHost (użycie LRPC) running in the application container Niedostępny SID (Niedostępny). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-27 01:11:42.287
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-27 01:11:42.046
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-27 01:11:41.475
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-27 01:11:41.284
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-27 00:43:27.218
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\Patryk\AppData\Local\Temp\andy-x64\tools\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-27 00:43:27.099
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\Patryk\AppData\Local\Temp\andy-x64\tools\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-27 00:43:26.786
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\Patryk\AppData\Local\Temp\andy-x64\tools\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-27 00:43:26.661
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\Patryk\AppData\Local\Temp\andy-x64\tools\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-18 02:03:38.961
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-18 02:03:38.808
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Statystyki pamięci =========================== 
 
Procesor: Intel® Core™ i3-3217U CPU @ 1.80GHz
Procent pamięci w użyciu: 68%
Całkowita pamięć fizyczna: 3977.27 MB
Dostępna pamięć fizyczna: 1241.85 MB
Całkowita pamięć wirtualna: 6153.27 MB
Dostępna pamięć wirtualna: 2709.48 MB
 
==================== Dyski ================================
 
Drive c: (OS) (Fixed) (Total:199.07 GB) (Free:21.92 GB) NTFS
Drive e: () (Fixed) (Total:252.03 GB) (Free:152.16 GB) NTFS
 
==================== MBR & Tablica partycji ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D3306DA7)
 
Partition: GPT.
 
==================== Koniec  Addition.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
Extra info: I force shutdowned my computer since it seemed like it was overheating and lagging insanely, gen:variant.zusy's activity is gone atleast for now.

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:47 AM

Posted 30 December 2017 - 02:24 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.16.0.1 - Byte Technologies LLC) <==== UWAGA
---


Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
GroupPolicy: Ograniczenia <==== UWAGA
HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D1%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2... (long line)
SearchScopes: HKLM -> DefaultScope {69241833-9BA8-4862-9BDD-25774DA4BF18} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0B... (long line)
SearchScopes: HKLM -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_chtengin_17_15&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StCzytBzytN1L2XzutAtFtBzytFtAtFyDzztN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2StA0AtC0C0D0CyD0AtGyC0E0E0BtGyDyD0F0DtGtA0CtAzytG0A0F0ByCtBtCyBtB0C0AzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtG... (long line)
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_chtengin_17_15&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StCzytBzytN1L2XzutAtFtBzytFtAtFyDzztN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2StD0Fzz0DtD0BtA0DtGyD0A0CyBtGtDtD0EyDtGtDtD0AtCtG0DyEzyzyyCyDzyyEyE0C0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtG... (long line)
SearchScopes: HKLM -> {69241833-9BA8-4862-9BDD-25774DA4BF18} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtGyEyE0Ft... (long line)
SearchScopes: HKLM-x32 -> DefaultScope {69241833-9BA8-4862-9BDD-25774DA4BF18} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtG... (long line)
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_chtengin_17_15&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StCzytBzytN1L2XzutAtFtBzytFtAtFyDzztN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2StD0Fzz0DtD0BtA0DtGyD0A0CyBtGtDtD0EyDtGtDtD0AtCtG0DyEzyzyyCyDzyyEyE0C0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB... (long line)
SearchScopes: HKLM-x32 -> {69241833-9BA8-4862-9BDD-25774DA4BF18} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtDyBtGyE0BtB0AtGyEy... (long line)
SearchScopes: HKU\S-1-5-21-3693424755-2941297685-1152701938-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D4%26b%3DIE%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1... (long line)
FF Homepage: Mozilla\Firefox\Profiles\2d4eozdj.default-1491147157290-1504188217706 -> hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_andos_17_46&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Die%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0AyE0E0DyB0DyByEtB0BzztN0D0Tzu0StBtCyEzytN1L2XzuyEtFtCyBtFtCtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByE0B0BtAyBtBzztGyEzyyDyCtGyDzytB0FtGtDyCtA0BtGtBtD0F0CtD0CtCtBtCzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyDyByB0FtD... (long line)
FF SearchPlugin: C:\Users\Patryk\AppData\Roaming\Mozilla\Firefox\Profiles\2d4eozdj.default-1491147157290-1504188217706\searchplugins\yahoo! powered.xml [2017-11-19]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [Brak pliku]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [Brak pliku]
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Extension: (EditThisCookie) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-12-29]
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3693424755-2941297685-1152701938-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [156640 2017-10-03] (Byte Technologies LLC)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2017-11-21] ()

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Users\Patryk\Desktop\games\The escapists\rarext64.dll -> Brak pliku
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Users\Patryk\Desktop\games\The escapists\rarext.dll -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Users\Patryk\Desktop\games\The escapists\rarext64.dll -> Brak pliku
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Users\Patryk\Desktop\games\The escapists\rarext.dll -> Brak pliku
Task: {04AF0997-B458-48BE-A8F9-0C8C6565B803} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-10-03] (Byte Technologies LLC) <==== UWAGA
Task: {54A58FEE-0DAD-42D4-AA00-597BBAD1D9DC} - \WPD\SqmUpload_S-1-5-21-3693424755-2941297685-1152701938-1001 -> Brak pliku <==== UWAGA
Task: {9329CFCE-8606-4A5D-8B74-392A96F95B9C} - \SystemToolsDailyTest -> Brak pliku <==== UWAGA
Task: {998EC7F0-732E-446F-97B0-3231B1BBBFDF} - \PCDoctorBackgroundMonitorTask -> Brak pliku <==== UWAGA
Task: {9FD32FE6-750A-4684-B0AD-12095B715B90} - \PCDEventLauncherTask -> Brak pliku <==== UWAGA
Task: {BF96D904-DB60-4B9B-81F0-4E9250B7E883} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Patryk) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {E49D9574-C326-4022-A169-24C64EAA1E43} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Patryk).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\Yahoo! Powered nicof.job => Wscript.exe  C:\ProgramData\{7550B033-FF12-3AF5-79D4-A4B7E3962F79}\tise.txt <==== UWAGA
Shortcut: C:\Users\Patryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogl? ?hr?me.lnk -> C:\Users\Patryk\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Patryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Intern?t ???lorer ?r?wser.lnk -> C:\Users\Patryk\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <==== Cyrillic

C:\Windows\System32\Tasks\ByteFence
C:\Program Files\ByteFence
C:\Windows\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Patryk)
C:\Program Files\SlimCleaner Plus
C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Patryk).job

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

:step1: Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2: Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:47 AM

Posted 05 January 2018 - 07:54 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users