Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

onclickrev.com redirect on certain websites


  • This topic is locked This topic is locked
13 replies to this topic

#1 Daractive

Daractive

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 20 April 2018 - 08:02 PM

Since several days ago I've started getting redirects on certain websites (Wikia and Cookie Clicker are notable examples). Upon clicking anything on the site I get a new card (Chrome) or window (Firefox) opened, that launches onclickrev.com which quickly opens some kind of add (seem to be completely random). It happens regardless of the used browser. RKill, AVG, Malwarebytes, ADWCleaner and HitmanPro all seem to have failed in detecting anything. Any help would be greatly apreciated.

For whatever reason program for creating logs seems to have picked my system language - polish. If this makes it harder to read I might try to provide ones in english.

 

FRST.txt

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 19.04.2018

Uruchomiony przez Bartosz Kuryło (administrator)  KOMP-BARTKA (20-04-2018 20:41:29)

Uruchomiony z C:\Users\Bartosz Kuryło\Downloads

Załadowane profile: Bartosz Kuryło (Dostępne profile: Bartosz Kuryło)

Platform: Windows 8.1 (Update) (X64) Język: Polski (Polska)

Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)

Tryb startu: Normal

Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Procesy (filtrowane) =================

 

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

 

(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\Antivirus\AVGSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe

(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe

(National Instruments Corporation) D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

(National Instruments Corporation) D:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe

(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe

(National Instruments Corporation) D:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe

(National Instruments Corporation) D:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\Antivirus\AVGUI.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Valve Corporation) D:\Program Files\Steam\Steam.exe

(Valve Corporation) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Valve Corporation) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Valve Corporation) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Discord Inc.) C:\Users\Bartosz Kuryło\AppData\Local\Discord\app-0.0.300\Discord.exe

(Discord Inc.) C:\Users\Bartosz Kuryło\AppData\Local\Discord\app-0.0.300\Discord.exe

(Discord Inc.) C:\Users\Bartosz Kuryło\AppData\Local\Discord\app-0.0.300\Discord.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

 

==================== Rejestr (filtrowane) ===========================

 

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

 

HKLM\...\Run: [AVGUI.exe] => D:\Program Files\AVG\Antivirus\AvLaunch.exe [291056 2018-04-13] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [NI Update Service] => D:\Program Files\National Instruments\Shared\Update Service\NIUpdateService.exe [851592 2012-08-02] (National Instruments)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-14] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\Run: [Steam] => D:\Program Files\Steam\steam.exe [3199776 2018-04-03] (Valve Corporation)

HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\Run: [GalaxyClient] => D:\Program Files\GOG Galaxy\GalaxyClient.exe [6110792 2018-02-11] (GOG.com)

HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\Run: [Discord] => C:\Users\Bartosz Kuryło\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)

HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\MountPoints2: {b238d2a2-f0f0-11e7-829a-606c66a8e7f5} - "F:\LGAutoRun.exe"

AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [181280 2017-01-25] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [158392 2017-01-25] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2017-05-21]

ShortcutTarget: NI Error Reporting.lnk -> D:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)

 

==================== Internet (filtrowane) ====================

 

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

 

Winsock: Catalog5 08 D:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320 2012-05-31] (National Instruments Corporation)

Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368 2012-05-31] (National Instruments Corporation)

Tcpip\Parameters: [DhcpNameServer] 109.169.85.7 8.8.8.8

Tcpip\..\Interfaces\{0B0FD7E5-31D9-46E1-998E-409BAA3594CC}: [DhcpNameServer] 192.168.137.1

Tcpip\..\Interfaces\{8DDC1DF5-0631-450D-9EFC-75976E2A18C5}: [DhcpNameServer] 109.169.85.7 8.8.8.8

 

Internet Explorer:

==================

HKU\S-1-5-21-611351038-3661164438-333302154-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.pl/?gws_rd=ssl

SearchScopes: HKU\S-1-5-21-611351038-3661164438-333302154-1001 -> DefaultScope {61CE8A7B-8A4A-469E-8BDD-9B811A55F7F7} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKU\S-1-5-21-611351038-3661164438-333302154-1001 -> {61CE8A7B-8A4A-469E-8BDD-9B811A55F7F7} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

BHO: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> D:\Program Files\StatSoft2\STATISTICA 122\StaBHO.dll [2014-11-10] (StatSoft, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)

BHO-x32: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> D:\Program Files\StatSoft2\STATISTICA 122\Support\StaBHO.dll [2014-11-10] (StatSoft, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)

 

FireFox:

========

FF DefaultProfile: ygedji0l.default

FF ProfilePath: C:\Users\Bartosz Kuryło\AppData\Roaming\Mozilla\Firefox\Profiles\ygedji0l.default [2018-04-20]

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin HKU\S-1-5-21-611351038-3661164438-333302154-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bartosz Kuryło\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)

 

==================== Usługi (filtrowane) ====================

 

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

 

R2 AVG Antivirus; D:\Program Files\AVG\Antivirus\AVGSvc.exe [314688 2018-04-12] (AVG Technologies CZ, s.r.o.)

R3 avgbIDSAgent; D:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [7653992 2018-04-12] (AVG Technologies CZ, s.r.o.)

S3 GalaxyClientService; D:\Program Files\GOG Galaxy\GalaxyClientService.exe [662600 2018-02-11] (GOG.com)

S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8410184 2018-01-31] (GOG.com)

R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation)

R2 LkCitadelServer; C:\WINDOWS\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)

R2 lkClassAds; C:\WINDOWS\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)

R2 lkTimeSync; C:\WINDOWS\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)

S3 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)

R2 NIApplicationWebServer; D:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)

S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)

R2 NIDomainService; D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)

S3 NILM License Manager; D:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)

R2 nimDNSResponder; D:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)

R2 niSvcLoc; D:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)

S3 OverwolfUpdater; D:\Program Files\Overwolf\OverwolfUpdater.exe [1453384 2018-04-08] (Overwolf LTD)

S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [187904 2017-09-28] (Microsoft Corporation) [Brak podpisu cyfrowego]

S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-23] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

 

===================== Sterowniki (filtrowane) ======================

 

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

 

S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)

S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)

S3 andnetndis; C:\WINDOWS\system32\DRIVERS\lgandnetndis64.sys [93696 2015-01-21] (LG Electronics Inc.)

R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [189032 2018-04-13] (AVG Technologies CZ, s.r.o.)

R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166064 2018-04-12] (AVG Technologies CZ, s.r.o.)

R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [220600 2018-04-12] (AVG Technologies CZ, s.r.o.)

R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192536 2018-04-12] (AVG Technologies CZ, s.r.o.)

R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336848 2018-04-12] (AVG Technologies CZ, s.r.o.)

R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [50776 2018-04-12] (AVG Technologies CZ, s.r.o.)

S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39352 2018-04-13] (AVG Technologies CZ, s.r.o.)

R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [139608 2018-04-15] (AVG Technologies CZ, s.r.o.)

R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [103744 2018-04-13] (AVG Technologies CZ, s.r.o.)

R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76760 2018-04-13] (AVG Technologies CZ, s.r.o.)

R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1019088 2018-04-12] (AVG Technologies CZ, s.r.o.)

R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [452904 2018-04-13] (AVG Technologies CZ, s.r.o.)

R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [198368 2018-04-13] (AVG Technologies CZ, s.r.o.)

R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [372920 2018-04-13] (AVG Technologies CZ, s.r.o.)

R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

 

==================== NetSvcs (filtrowane) ===================

 

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

 

 

==================== Jeden miesiąc - utworzone pliki i foldery ========

 

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

 

2018-04-20 20:41 - 2018-04-20 20:42 - 000014580 _____ C:\Users\Bartosz Kuryło\Downloads\FRST.txt

2018-04-20 20:41 - 2018-04-20 20:41 - 000000000 ____D C:\FRST

2018-04-20 19:28 - 2018-04-20 19:28 - 002404352 _____ (Farbar) C:\Users\Bartosz Kuryło\Downloads\FRST64.exe

2018-04-20 18:34 - 2018-04-20 18:34 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Bartosz Kuryło\Downloads\rkill.exe

2018-04-20 18:34 - 2018-04-20 18:34 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\Bartosz Kuryło\Downloads\rkill64.exe

2018-04-20 18:32 - 2018-04-20 18:33 - 000008751 _____ C:\Users\Bartosz Kuryło\Desktop\Nowy dokument tekstowy (3).txt

2018-04-19 17:34 - 2018-04-20 20:37 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\LocalLow\Mozilla

2018-04-19 17:34 - 2018-04-19 17:39 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Local\Mozilla

2018-04-19 17:34 - 2018-04-19 17:34 - 000000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

2018-04-19 17:34 - 2018-04-19 17:34 - 000000938 _____ C:\Users\Public\Desktop\Firefox.lnk

2018-04-19 17:34 - 2018-04-19 17:34 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Roaming\Mozilla

2018-04-19 17:34 - 2018-04-19 17:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2018-04-19 17:33 - 2018-04-19 17:34 - 000000000 ____D C:\Program Files\Mozilla Firefox

2018-04-19 13:56 - 2018-04-19 13:56 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\LocalLow\BitTorrent

2018-04-18 05:33 - 2018-04-19 15:46 - 000000000 ____D C:\Users\Bartosz Kuryło\Documents\Spore

2018-04-15 09:05 - 2018-04-15 09:07 - 000000000 ____D C:\AdwCleaner

2018-04-15 09:05 - 2018-04-15 09:05 - 007256272 _____ (Malwarebytes) C:\Users\Bartosz Kuryło\Downloads\adwcleaner_7.1.0.0.exe

2018-04-15 08:09 - 2018-04-15 08:09 - 000000955 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2018-04-15 08:09 - 2018-04-15 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2018-04-15 08:09 - 2018-04-15 08:09 - 000000000 ____D C:\ProgramData\Malwarebytes

2018-04-15 08:09 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys

2018-04-15 08:07 - 2018-04-15 08:08 - 073208032 _____ (Malwarebytes ) C:\Users\Bartosz Kuryło\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4720.exe

2018-04-15 07:30 - 2018-04-15 07:30 - 000000000 ____D C:\Users\Bartosz Kuryło\Documents\MM6 SAVES

2018-04-15 06:59 - 2018-04-15 07:23 - 000000000 ____D C:\ProgramData\HitmanPro

2018-04-15 06:58 - 2018-04-15 06:58 - 011605440 _____ (SurfRight B.V.) C:\Users\Bartosz Kuryło\Downloads\HitmanPro_x64.exe

2018-04-14 06:06 - 2018-04-13 10:06 - 000377584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe

2018-04-08 23:46 - 2018-04-08 23:46 - 000000000 ____D C:\Users\Bartosz Kuryło\Desktop\Temp

2018-04-08 11:14 - 2018-04-08 11:14 - 000091504 _____ C:\Users\Bartosz Kuryło\Downloads\SI_Skrypty.rar

2018-03-26 13:13 - 2018-03-26 13:13 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Roaming\Oracle SQL Developer Data Modeler

2018-03-26 13:13 - 2018-03-26 13:13 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Roaming\datamodeler

2018-03-26 12:51 - 2018-03-26 12:51 - 000000000 ____D C:\Users\Bartosz Kuryło\Downloads\datamodeler-x64-17.4.0.355.2121

 

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

 

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

 

2018-04-20 18:58 - 2017-03-10 15:54 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-611351038-3661164438-333302154-1001

2018-04-20 17:47 - 2017-03-10 15:58 - 000004032 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6266CACB-42E0-4BF2-B866-D8154A5DB74D}

2018-04-19 17:21 - 2017-08-01 01:25 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Local\Deployment

2018-04-19 16:01 - 2017-03-11 03:44 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Roaming\discord

2018-04-19 15:59 - 2017-03-11 04:41 - 000000000 __RDO C:\Users\Bartosz Kuryło\OneDrive

2018-04-19 15:58 - 2017-03-11 00:30 - 000000000 ____D C:\ProgramData\NVIDIA

2018-04-19 15:58 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2018-04-19 15:57 - 2017-03-10 15:48 - 000000000 ____D C:\Users\Bartosz Kuryło

2018-04-19 15:57 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI

2018-04-19 15:54 - 2017-03-11 03:09 - 000004162 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update

2018-04-19 15:38 - 2017-03-12 14:41 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Roaming\BitTorrent

2018-04-19 02:21 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf

2018-04-17 13:01 - 2017-03-13 18:06 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Local\CrashDumps

2018-04-17 11:37 - 2017-03-20 01:12 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Local\Battle.net

2018-04-15 11:38 - 2017-03-14 02:03 - 000000000 ____D C:\Users\Bartosz Kuryło\Documents\Studia

2018-04-15 11:31 - 2014-11-21 06:46 - 001817498 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2018-04-15 11:31 - 2014-11-21 06:07 - 000801022 _____ C:\WINDOWS\system32\perfh015.dat

2018-04-15 11:31 - 2014-11-21 06:07 - 000160728 _____ C:\WINDOWS\system32\perfc015.dat

2018-04-15 02:08 - 2017-03-11 03:09 - 000139608 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys

2018-04-13 10:06 - 2017-11-30 08:30 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys

2018-04-13 10:06 - 2017-03-11 03:09 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys

2018-04-13 10:06 - 2017-03-11 03:09 - 000372920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys

2018-04-13 10:06 - 2017-03-11 03:09 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys

2018-04-13 10:06 - 2017-03-11 03:09 - 000103744 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys

2018-04-13 10:06 - 2017-03-11 03:09 - 000076760 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys

2018-04-13 10:06 - 2017-03-11 03:09 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys

2018-04-12 14:05 - 2017-03-11 03:09 - 001019088 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys

2018-04-12 14:04 - 2017-03-11 03:09 - 000336848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys

2018-04-12 14:04 - 2017-03-11 03:09 - 000220600 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys

2018-04-12 14:04 - 2017-03-11 03:09 - 000192536 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys

2018-04-12 14:04 - 2017-03-11 03:09 - 000166064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys

2018-04-12 14:04 - 2017-03-11 03:09 - 000050776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys

2018-04-09 12:47 - 2017-11-27 06:59 - 000000000 ____D C:\Users\Bartosz Kuryło\Documents\Visual Studio 2017

2018-04-04 16:00 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\NDF

2018-03-31 14:17 - 2018-02-18 05:37 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Roaming\TEdit

 

Niektóre pliki w TEMP:

====================

2017-04-02 21:18 - 2010-01-11 10:54 - 000149352 ____R (Microsoft Corporation) C:\Users\Bartosz Kuryło\AppData\Local\Temp\ose00000.exe

 

==================== Bamital & volsnap ======================

 

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

 

C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo

C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo

C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo

C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo

C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo

C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo

C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo

C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo

C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo

C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo

C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo

C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo

C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo

C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo

C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

 

LastRegBack: 2018-04-15 03:41

 

==================== Koniec  FRST.txt ============================

 

Addition.txt

 

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 19.04.2018

Uruchomiony przez Bartosz Kuryło (20-04-2018 20:43:01)

Uruchomiony z C:\Users\Bartosz Kuryło\Downloads

Windows 8.1 (Update) (X64) (2017-03-10 13:48:41)

Tryb startu: Normal

==========================================================

 

 

==================== Konta użytkowników: =============================

 

Administrator (S-1-5-21-611351038-3661164438-333302154-500 - Administrator - Disabled)

Bartosz Kuryło (S-1-5-21-611351038-3661164438-333302154-1001 - Administrator - Enabled) => C:\Users\Bartosz Kuryło

Gość (S-1-5-21-611351038-3661164438-333302154-501 - Limited - Disabled)

 

==================== Centrum zabezpieczeń ========================

 

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}

AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}

AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Zainstalowane programy ======================

 

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

 

Application Verifier x64 External Package (HKLM\...\{D9908CED-5ABB-FEE9-FC84-743F4D38637C}) (Version: 10.1.16299.15 - Microsoft) Hidden

AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.3.3051 - AVG Technologies)

BitTorrent (HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\BitTorrent) (Version: 7.10.3.44359 - BitTorrent Inc.)

Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)

DiagnosticsHub_CollectionService (HKLM\...\{311C382C-6FDC-45ED-A04C-629A852D6148}) (Version: 15.0.26823 - Microsoft Corporation) Hidden

Discord (HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)

Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.7.0.9 - GOG.com)

GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)

Gothic II Złota Edycja (HKLM-x32\...\{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}) (Version: 2.6 - JoWood)

Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)

Gwent (HKLM-x32\...\1971477531_is1) (Version: 0.9.22.6.421.2 - GOG.com)

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Heroes of Might and Magic III - Złota Edycja (HKLM-x32\...\{8B743AA0-53B2-11D2-808A-00600895FB43}) (Version: 1.0 - )

Heroes of Might and Magic® III: Horn of the Abyss (HKLM-x32\...\HotA_is1) (Version: 1.4.2 - HotA Crew)

HI-TECH C Compiler for the PIC10/12/16 MCUs V9.82PL0 (HKLM-x32\...\PICC 9.82) (Version: 9.82 - HI-TECH Software)

HI-TECH C51-lite V9.60PL0 (HKLM-x32\...\HC51 9.60PL0) (Version: 9.60 - HI-TECH Software)

icecap_collection_neutral (HKLM-x32\...\{743913D7-41D9-48C0-977D-FC87743A9BEC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

icecap_collection_x64 (HKLM\...\{6BC73140-3CB6-486A-8350-BF35F54EFA19}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

icecap_collectionresources (HKLM-x32\...\{67941F0C-2930-4C3F-983C-1089D2759B42}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

icecap_collectionresources (HKLM-x32\...\{8859396F-6D99-4700-9336-3416C67452D4}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

icecap_collectionresourcesx64 (HKLM-x32\...\{304B71E2-BA3A-419C-B632-3DFBB4AFE42B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

icecap_collectionresourcesx64 (HKLM-x32\...\{61786DC5-BD88-474A-A66E-DA4B7F5584E4}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)

Java 8 Update 152 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180152F0}) (Version: 8.0.1520.16 - Oracle Corporation)

Java SE Development Kit 8 Update 152 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180152}) (Version: 8.0.1520.16 - Oracle Corporation)

Kits Configuration Installer (HKLM-x32\...\{86E59C8F-61D5-1782-A3CE-60AE7E4D7791}) (Version: 10.1.16299.15 - Microsoft) Hidden

League of Legends (HKLM-x32\...\{EA8630BD-0DCC-4154-B972-AAA6C8989E1A}) (Version: 4.2.1 - Riot Games) Hidden

League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)

LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)

LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)

Malwarebytes (wersja 3.4.5.2467) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)

Math Kernel Libraries (64-bit) (HKLM\...\{E3EB4126-0930-4926-B135-1F85452E7975}) (Version: 1.0.23.0 - National Instruments) Hidden

Math Kernel Libraries (HKLM-x32\...\{4C16E76C-7A4D-48E7-9E5E-B76B357C014E}) (Version: 1.0.23.0 - National Instruments) Hidden

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)

Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.12.111.1002 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Mozilla Firefox 59.0.2 (x64 pl) (HKLM\...\Mozilla Firefox 59.0.2 (x64 pl)) (Version: 59.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)

MSI Development Tools (HKLM-x32\...\{973CACA2-E018-065B-0580-F2784802E299}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version:  - National Instruments)

NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)

NI .NET Framework 4.0 (HKLM-x32\...\{5CC95D76-A798-4722-AE76-E494D9664907}) (Version: 4.01.49152 - National Instruments) Hidden

NI ActiveX Container (64-bit) (HKLM\...\{86F88524-6AF8-4D10-9F3C-AFB0DA2A3F39}) (Version: 12.0.14.0 - National Instruments) Hidden

NI ActiveX Container (HKLM-x32\...\{4C146083-2C71-4C64-A4AD-5E340E177E63}) (Version: 12.0.14.0 - National Instruments) Hidden

NI Authentication 12.0.0 (64-bit) (HKLM\...\{B618335B-11D2-4780-B5CE-AA2D111DB693}) (Version: 12.0.367.0 - National Instruments) Hidden

NI Authentication 12.0.0 (HKLM-x32\...\{E9592CCE-3058-4308-B52A-5AEA08E54F13}) (Version: 12.0.367.0 - National Instruments) Hidden

NI Circuit Design Suite 12.0.1 Core (HKLM-x32\...\{3A06B1D8-C3FE-4F94-BA6E-4BCCD57E7276}) (Version: 12.0.923 - National Instruments) Hidden

NI Circuit Design Suite 12.0.1 Pro (HKLM-x32\...\{85CA7665-5129-4BC7-A53E-2AE598D34E63}) (Version: 12.0.923 - National Instruments) Hidden

NI Circuit Design Suite 12.0.1 Pro Licenses (HKLM-x32\...\{FC0BE5F5-D9A2-412C-AEF2-D3597903497F}) (Version: 12.0.923 - National Instruments) Hidden

NI Curl 12.0.0 (64-bit) (HKLM\...\{AFE7987B-E282-42CE-AD5A-E333BE31E204}) (Version: 12.0.412.0 - National Instruments) Hidden

NI Curl 12.0.0 (HKLM-x32\...\{59DA8C21-C667-47D0-A259-AA942C9A9717}) (Version: 12.0.412.0 - National Instruments) Hidden

NI Error Reporting 2012 (HKLM-x32\...\{D31122C9-86AC-4ACD-859E-4B1D340E1D14}) (Version: 12.0.172.0 - National Instruments) Hidden

NI EulaDepot (HKLM-x32\...\{6044C32B-88A6-411F-A9A0-8BB05ACDCED2}) (Version: 3.10.392 - National Instruments) Hidden

NI Example Finder 12.0 (HKLM-x32\...\{8FF8CB08-4E26-4425-9032-BE381589E25A}) (Version: 12.0.291.0 - National Instruments) Hidden

NI GMP Windows 32-bit Installer 12.0.0 (HKLM-x32\...\{EAC44648-E378-45C7-BEF3-3DD68980E465}) (Version: 12.0.46.0 - National Instruments) Hidden

NI GMP Windows 64-bit Installer 12.0.0 (HKLM\...\{00606A59-716C-484A-AE64-5F7E3F23B3BD}) (Version: 12.0.46.0 - National Instruments) Hidden

NI Help Assistant (64bit) (HKLM\...\{E3867DF9-81D4-40BC-880C-1F134FECF995}) (Version: 1.0.11 - National Instruments) Hidden

NI Help Assistant (HKLM-x32\...\{2ADC660A-77C9-4A6C-9D4B-5E48A27BCA10}) (Version: 1.0.11 - National Instruments) Hidden

NI LabVIEW 2011 Real-Time NBFifo (HKLM-x32\...\{7C6869BF-6CBE-4CB0-8869-2743B419343C}) (Version: 11.0.250.0 - National Instruments) Hidden

NI LabVIEW 2012 Deployment Framework (HKLM-x32\...\{27B67D4C-407D-43FF-BCDE-B9E3208070E3}) (Version: 12.0.369.0 - National Instruments) Hidden

NI LabVIEW 2012 Real-Time NBFifo (HKLM-x32\...\{B4A772D4-ED42-4484-8C0E-663A52D07A2F}) (Version: 12.0.219.0 - National Instruments) Hidden

NI LabVIEW 2012 Run-Time Engine Web Server (HKLM-x32\...\{28D398A0-EA5E-462F-94D0-3176B11F83AD}) (Version: 12.0.406.0 - National Instruments) Hidden

NI LabVIEW Run-Time Engine 2011 SP1 (HKLM-x32\...\{1D78A81A-58D9-46F7-BFF6-ADF7247803F9}) (Version: 11.0.448.0 - National Instruments) Hidden

NI LabVIEW Run-Time Engine 2012 (HKLM-x32\...\{D50044F6-0436-4DCF-9A62-A05950C2CF9C}) (Version: 12.0.381.0 - National Instruments) Hidden

NI LabVIEW Run-Time Engine Interop 2011 (HKLM-x32\...\{6B9F789C-1D28-44D5-BCCE-7CCDBFB14B79}) (Version: 11.0.449.0 - National Instruments) Hidden

NI LabVIEW Run-Time Engine Interop 2012 (HKLM-x32\...\{73BD4467-2A1E-48F6-A732-1C8B2BD2BF94}) (Version: 12.0.150.0 - National Instruments) Hidden

NI LabVIEW Web Server for Run-Time Engine (HKLM-x32\...\{BCC373FE-227D-46D9-827F-05BA296E2602}) (Version: 11.0.375.0 - National Instruments) Hidden

NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (HKLM\...\{DABB1D70-482A-4B92-8B24-052AD650A2B0}) (Version: 10.0.1434 - National Instruments) Hidden

NI LabWindows/CVI 2010 SP1 Analysis Library (HKLM-x32\...\{94AEBDCC-159F-4CBB-ABDE-B16483D2CF6C}) (Version: 10.0.1434 - National Instruments) Hidden

NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (HKLM-x32\...\{2B1D39F8-477A-4B40-B062-F5E0C4D42B9B}) (Version: 10.0.1434 - National Instruments) Hidden

NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (HKLM-x32\...\{74DBB98D-B4A7-4DD9-9E13-C51FDB1105D0}) (Version: 10.0.1434 - National Instruments) Hidden

NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (HKLM\...\{0C2486A3-EF0D-4C6C-9947-C63D6E8C6E4C}) (Version: 10.0.1434 - National Instruments) Hidden

NI LabWindows/CVI 2010 SP1 Network Variable Library (HKLM-x32\...\{7FB07065-F547-448A-A1C3-1F2EF5EB834F}) (Version: 10.0.1434 - National Instruments) Hidden

NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (HKLM\...\{176468CE-41AB-4A9A-AC38-45A146D39688}) (Version: 10.0.1434 - National Instruments) Hidden

NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (HKLM\...\{25DECAB0-6580-4B9C-8174-5AC6C9E2D823}) (Version: 10.0.1434 - National Instruments) Hidden

NI LabWindows/CVI 2010 SP1 TDM Streaming Library (HKLM-x32\...\{A06A7065-FCA1-4D3C-BE65-2837ACCB135D}) (Version: 10.0.1434 - National Instruments) Hidden

NI LabWindows/CVI Run-Time Engine 2010 SP1 (HKLM-x32\...\{41F6CA61-82CB-4615-9A97-252C5D58FA4B}) (Version: 10.0.1434 - National Instruments) Hidden

NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (HKLM-x32\...\{075CA8A9-25A1-4EA7-885C-8A92AED7DB3A}) (Version: 10.0.1434 - National Instruments) Hidden

NI License Manager (HKLM-x32\...\{0426182B-4CE3-4F93-93ED-22C1B99B794D}) (Version: 3.7.44 - National Instruments) Hidden

NI Logos 5.4 (64-bit) (HKLM\...\{8CF8CB9F-1FF7-4029-8B3D-9A40100B4A09}) (Version: 5.4.303.0 - National Instruments) Hidden

NI Logos 5.4 (HKLM-x32\...\{39E63436-773B-4294-9C19-E4E5941A6C69}) (Version: 5.4.303.0 - National Instruments) Hidden

NI Logos XT Support (HKLM-x32\...\{88A77AEA-B52C-4D59-858E-51DD450848DE}) (Version: 5.4.295.0 - National Instruments) Hidden

NI Logos64 XT Support (HKLM\...\{5A59ABAE-5F06-4241-B607-6376C29F9F31}) (Version: 5.4.295.0 - National Instruments) Hidden

NI Math Kernel Libraries (64-bit) (HKLM\...\{58A9B4F6-2E67-464A-9F71-95F6D7159702}) (Version: 1.0.10.0 - National Instruments) Hidden

NI Math Kernel Libraries (HKLM-x32\...\{231D0E11-0313-49FD-95CE-1D0264C7F1F5}) (Version: 1.0.10.0 - National Instruments) Hidden

NI Math Kernel Libraries (HKLM-x32\...\{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}) (Version: 1.0.861.0 - National Instruments) Hidden

NI MAX Remote Configuration 64-bit Installer 5.0 (HKLM\...\{899576E7-3569-417F-8EFE-EB881BE22EDE}) (Version: 5.00.49153 - National Instruments) Hidden

NI MAX Remote Configuration Installer 5.0 (HKLM-x32\...\{268B0789-E2BF-4836-BF05-A6140B4983CA}) (Version: 5.00.49153 - National Instruments) Hidden

NI MDF Support (HKLM-x32\...\{0F4EAF80-522A-4D89-8E62-7AEFF54E811E}) (Version: 3.10.392 - National Instruments) Hidden

NI mDNS Responder 2.1 for Windows 64-bit (HKLM\...\{4DD08E99-6FC1-4188-9A2E-0AF968279E41}) (Version: 2.10.49152 - National Instruments) Hidden

NI mDNS Responder 2.1.0 (HKLM-x32\...\{6F7B933C-55A2-4F8A-BFA5-BF98CBD61C24}) (Version: 2.10.49152 - National Instruments) Hidden

NI MetaSuite Installer (HKLM-x32\...\{94C3324A-2DF8-44F0-9FF9-204E9C936527}) (Version: 3.10.393 - National Instruments) Hidden

NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (HKLM-x32\...\{38300A40-AB90-444D-A823-17EB95A5C731}) (Version: 11.0.302.0 - National Instruments) Hidden

NI NI LabVIEW 2012 Run-Time Engine Non-English Support. (HKLM-x32\...\{36D68CEE-1AC5-47E1-A269-791683DE53D0}) (Version: 12.0.363.0 - National Instruments) Hidden

NI SSL LabVIEW RTE 2012 Support (HKLM-x32\...\{5DA2E9EF-3CAA-495F-AB2C-55F39FF9EA39}) (Version: 12.0.125.0 - National Instruments) Hidden

NI SSL Support (64-bit) (HKLM\...\{ACA45A9D-5C68-429F-AE87-0F2917136FCC}) (Version: 12.0.408.0 - National Instruments) Hidden

NI SSL Support (HKLM-x32\...\{526FED3E-499E-4989-B9F9-207E2FE425AA}) (Version: 12.0.408.0 - National Instruments) Hidden

NI System State Publisher (64-bit) (HKLM\...\{197B80EB-D791-4DA4-9398-B5F029738E22}) (Version: 12.0.218.0 - National Instruments) Hidden

NI System State Publisher (HKLM-x32\...\{AED17FC7-86C3-47BE-84F9-9F078F522770}) (Version: 12.0.358.0 - National Instruments) Hidden

NI System Web Server 12.0 (HKLM-x32\...\{570AFAC0-96B1-4491-B24B-6D251C52AFA4}) (Version: 12.0.414.0 - National Instruments) Hidden

NI System Web Server Base 12.0.0 (64-bit) (HKLM\...\{9C10623C-BF56-4D66-8F1F-B2D667E44986}) (Version: 12.0.407.0 - National Instruments) Hidden

NI System Web Server Base 12.0.0 (HKLM-x32\...\{C9690FF6-AD3E-43B0-A7FD-6D8A4C929D2C}) (Version: 12.0.407.0 - National Instruments) Hidden

NI TDM Streaming 2.4 (64-bit) (HKLM\...\{000A570E-F926-4808-956C-A57EE91B75F6}) (Version: 2.4.55.0 - National Instruments) Hidden

NI TDM Streaming 2.4 (HKLM-x32\...\{5A6C68D9-FDCB-4675-A95A-CD908D103614}) (Version: 2.4.55.0 - National Instruments) Hidden

NI Trace Engine (64-bit) (HKLM\...\{BD432073-6A5D-4F0F-8952-43B3C21A31C3}) (Version: 12.0.401.0 - National Instruments) Hidden

NI Trace Engine (HKLM-x32\...\{4C7AB285-CE33-459F-AB26-0E2DBCCDA2D7}) (Version: 12.0.401.0 - National Instruments) Hidden

NI Uninstaller (HKLM-x32\...\{42E578FB-55B2-4430-8223-E1080FF5EE1C}) (Version: 3.10.392 - National Instruments) Hidden

NI Update Service 2.2.1 (HKLM-x32\...\{498754EF-6CB0-4E13-9C5F-2DBD4A6D7482}) (Version: 2.21.7.0 - National Instruments) Hidden

NI USI 2.0.0 (HKLM-x32\...\{3F0B4C33-6958-43B9-8493-C6E6D4A3565B}) (Version: 2.0.04901 - National Instruments) Hidden

NI USI 2.0.0 64-Bit (HKLM\...\{41B541B6-3518-4343-8A67-46FF9A4AA1A3}) (Version: 2.0.04901 - National Instruments) Hidden

NI VC2005MSMs x64 (HKLM\...\{E3E3E625-8F74-44CE-A6D2-C31CB43DA23D}) (Version: 8.05.0 - National Instruments) Hidden

NI VC2005MSMs x86 (HKLM-x32\...\{4B877FC6-F44C-4B39-B0B6-CE15ADC63997}) (Version: 8.05.0 - National Instruments) Hidden

NI VC2008MSMs x64 (HKLM\...\{07E00E94-7A78-40FA-9BEF-71C190E98041}) (Version: 9.0.401 - National Instruments) Hidden

NI VC2008MSMs x86 (HKLM-x32\...\{E84997A1-4D6F-4C0B-B60D-F85B360D2666}) (Version: 9.0.401 - National Instruments) Hidden

NI VC2010MSMs x64 (HKLM\...\{79253283-47EB-4A67-9014-0CBEC8AE4D0C}) (Version: 10.0.001 - National Instruments) Hidden

NI VC2010MSMs x86 (HKLM-x32\...\{6FFB1B16-0930-421B-9F2C-E4CB91E3B22D}) (Version: 10.0.001 - National Instruments) Hidden

NI Web Application Server 12.0 (64-bit) (HKLM\...\{3F7CDE88-3B1B-42C1-ACDF-05720E0B04BB}) (Version: 12.0.422.0 - National Instruments) Hidden

NI Web Application Server 12.0 (HKLM-x32\...\{036C09F0-1423-4097-9720-D9E034CFF50A}) (Version: 12.0.422.0 - National Instruments) Hidden

NI Web Pipeline 2.0.1 (HKLM-x32\...\{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}) (Version: 2.0.128.0 - National Instruments) Hidden

NI Web Pipeline 2.0.1 64-bit support (HKLM\...\{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}) (Version: 2.0.122.0 - National Instruments) Hidden

NI-Mesa (HKLM\...\{D754C95D-A80F-471C-819B-EEEDD07C9B0A}) (Version: 11.0.11.0 - National Instruments) Hidden

NI-Mesa (HKLM-x32\...\{7888F38C-E534-473D-B029-562173EEA2C8}) (Version: 11.0.11.0 - National Instruments) Hidden

Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)

NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)

NVIDIA Sterownik graficzny 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)

Octave 4.2.1 (HKLM-x32\...\Octave-4.2.1) (Version: 4.2.1 - GNU Octave)

Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)

Overwolf (HKLM-x32\...\Overwolf) (Version: 0.112.1.25 - Overwolf Ltd.)

Panel sterowania NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden

Psychonauts (HKLM-x32\...\1207658807_is1) (Version: 2.1.0.12 - GOG.com)

SPIDI LICZY (HKLM-x32\...\SPIDI LICZY) (Version:  - )

STATISTICA PL 12.5.192.18 (64-bit) (HKLM\...\{3E47BC12-A817-42AE-B95E-3D32ADFC3B7F}) (Version: 12.5.192.18 - StatSoft, Inc.)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

SWI-Prolog (remove only) (HKLM\...\SWI-Prolog) (Version:  - )

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)

Unity Web Player (HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)

Universal CRT Extension SDK (HKLM-x32\...\{A5FA2886-1925-133F-0D41-B9A8ECEA0A2D}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

Universal CRT Headers Libraries and Sources (HKLM-x32\...\{B739B4C5-EEEC-8E70-0276-38C4779AF398}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

Universal CRT Tools x64 (HKLM\...\{E053089E-7953-3219-814F-F485FC151C54}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

Universal CRT Tools x86 (HKLM-x32\...\{B9424F08-0617-C4F6-A798-5A9250C1A738}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

Universal General MIDI DLS Extension SDK (HKLM-x32\...\{D261CEA1-AB8D-9CFA-4407-BCEFC78661AC}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

vcpp_crt.redist.clickonce (HKLM-x32\...\{54C30BE4-C223-44B1-A495-A0529602064A}) (Version: 14.11.25325 - Microsoft Corporation) Hidden

vcpp_crt.redist.clickonce (HKLM-x32\...\{C36E80D0-EED5-481F-9852-1EBB0DD122B6}) (Version: 14.11.25325 - Microsoft Corporation) Hidden

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)

VS JIT Debugger (HKLM\...\{75068E51-7C37-4003-84C2-C67461C8D60A}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden

VS Script Debugging Common (HKLM\...\{A9ED1B56-3819-4B14-A929-89DD3E16E216}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden

vs_communitymsi (HKLM-x32\...\{52100697-9C66-44F3-BA20-68F8148CDF9B}) (Version: 15.0.26711 - Microsoft Corporation) Hidden

vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_communitymsires (HKLM-x32\...\{CEF65212-694E-4F0B-ADB5-17CE0C2AE213}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden

vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden

vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_Graphics_Singletonx64 (HKLM\...\{134E1F55-10CB-4837-9F43-C8145933AA3E}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_Graphics_Singletonx86 (HKLM-x32\...\{5A528FAB-6AD3-4F9A-9A1C-566A5C02C3D6}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_minshellinteropmsi (HKLM-x32\...\{D0772A03-7FC2-4B20-AC1F-B278299AA9C7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_minshellmsi (HKLM-x32\...\{66555B06-A474-4F98-A9D4-D753E5EBABE8}) (Version: 15.0.26906 - Microsoft Corporation) Hidden

vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_minshellmsires (HKLM-x32\...\{871BE104-8114-4C84-9809-D3F2DAB18E06}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

vs_tipsmsi (HKLM-x32\...\{032E21D1-556F-49D6-9518-CF53202AF63B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden

Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

WinAppDeploy (HKLM-x32\...\{9690D51C-4435-1C20-7819-66CCAB0F03F9}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)

Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation)

Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)

WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

WinRT Intellisense Desktop - en-us (HKLM-x32\...\{385A1387-A488-9E90-3635-086129610034}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{D7DD3171-DA58-52A1-95B2-4769640855AF}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

WinRT Intellisense IoT - en-us (HKLM-x32\...\{7336279F-8F8F-5530-A543-3BE963846C0A}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E414A474-0A87-4F66-C409-A4D9857CFD34}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

WinRT Intellisense Mobile - en-us (HKLM-x32\...\{CE760B86-975B-F514-5673-0ED4332B801B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

WinRT Intellisense PPI - en-us (HKLM-x32\...\{5E67F8BE-D8D2-257F-CE19-419A2D5125C7}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A2AA063E-AF50-A1F5-8925-A06EB1556644}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

WinRT Intellisense UAP - en-us (HKLM-x32\...\{7D4C7F4A-02A9-E434-6451-C8787DF28C1F}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{BC467065-9374-5345-DA3F-FCF073304A25}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

XAMPP (HKLM-x32\...\xampp) (Version: 7.1.8-0 - Bitnami)

 

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

 

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

 

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Program Files\Notepad++\NppShell_06.dll [2017-06-18] ()

ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVG\Antivirus\ashShA64.dll [2018-04-13] (AVG Technologies CZ, s.r.o.)

ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => D:\Program Files\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => D:\Program Files\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)

ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2013-10-01] (Intel Corporation)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)

ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVG\Antivirus\ashShA64.dll [2018-04-13] (AVG Technologies CZ, s.r.o.)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)

ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => D:\Program Files\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

 

==================== Zaplanowane zadania (filtrowane) =============

 

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

 

Task: {79B6C60D-F9FB-420C-818B-CABE5A3B0280} - System32\Tasks\Overwolf Updater Task => D:\Program Files\Overwolf\OverwolfUpdater.exe [2018-04-08] (Overwolf LTD)

Task: {AE691FE0-3588-4299-B931-BC575A21833C} - System32\Tasks\Antivirus Emergency Update => D:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-04-13] (AVG Technologies CZ, s.r.o.)

Task: {C70AAB67-71C9-4E5B-8C84-71AB7ED07D48} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe

Task: {CBEC7068-CE6C-4E6E-BBA0-8F414EA927B4} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-04-18] (AVG Technologies CZ, s.r.o.)

Task: {E0D4E494-F3A5-4F2B-80C5-769C995E1D15} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy

 

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

 

 

==================== Skróty & WMI ========================

 

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

 

 

==================== Załadowane moduły (filtrowane) ==============

 

2017-03-11 00:30 - 2016-12-29 15:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-10-01 14:02 - 2013-10-01 14:02 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2017-03-10 16:51 - 2017-03-10 16:52 - 000183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll

2018-04-13 10:05 - 2018-04-13 10:05 - 000283888 _____ () D:\Program Files\AVG\Antivirus\tasks_core.dll

2018-03-13 13:39 - 2018-03-13 13:39 - 067127976 _____ () D:\Program Files\AVG\Antivirus\libcef.dll

2018-04-13 10:05 - 2018-04-13 10:05 - 000348400 _____ () D:\Program Files\AVG\Antivirus\streamback_avast.dll

2018-04-13 10:05 - 2018-04-13 10:05 - 000296688 _____ () D:\Program Files\AVG\Antivirus\streamback.dll

2018-03-22 15:56 - 2018-01-11 04:05 - 000784672 _____ () D:\Program Files\Steam\SDL2.dll

2017-03-11 17:49 - 2016-09-01 03:02 - 004969248 _____ () D:\Program Files\Steam\v8.dll

2018-04-04 18:25 - 2018-04-03 01:34 - 002631968 _____ () D:\Program Files\Steam\video.dll

2017-03-11 17:49 - 2016-09-01 03:02 - 001563936 _____ () D:\Program Files\Steam\icui18n.dll

2017-03-11 17:49 - 2016-09-01 03:02 - 001195296 _____ () D:\Program Files\Steam\icuuc.dll

2018-03-22 15:56 - 2017-12-20 03:43 - 005137696 _____ () D:\Program Files\Steam\libavcodec-57.dll

2018-03-22 15:56 - 2017-12-20 03:43 - 000695584 _____ () D:\Program Files\Steam\libavformat-57.dll

2018-03-22 15:56 - 2017-12-20 03:43 - 000351520 _____ () D:\Program Files\Steam\libavresample-3.dll

2018-03-22 15:56 - 2017-12-20 03:43 - 000847136 _____ () D:\Program Files\Steam\libavutil-55.dll

2018-03-22 15:56 - 2017-12-20 03:43 - 000783648 _____ () D:\Program Files\Steam\libswscale-4.dll

2018-04-04 18:25 - 2018-04-03 01:34 - 000977184 _____ () D:\Program Files\Steam\bin\chromehtml.DLL

2017-03-11 17:48 - 2016-07-05 00:17 - 000266560 _____ () D:\Program Files\Steam\openvr_api.dll

2017-10-11 11:11 - 2017-09-07 04:04 - 000678400 _____ () D:\Program Files\Steam\bin\cef\cef.win7\SDL2.dll

2018-03-22 15:56 - 2017-12-13 23:16 - 071471392 _____ () D:\Program Files\Steam\bin\cef\cef.win7\libcef.dll

2017-03-11 17:48 - 2015-09-25 01:52 - 000119208 _____ () D:\Program Files\Steam\winh264.dll

2018-03-22 15:56 - 2017-12-13 23:16 - 002020128 _____ () D:\Program Files\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll

2018-03-22 15:56 - 2017-12-13 23:16 - 000114464 _____ () D:\Program Files\Steam\bin\cef\cef.win7\swiftshader\libegl.dll

2018-01-06 23:55 - 2018-01-08 18:52 - 001891832 _____ () C:\Users\Bartosz Kuryło\AppData\Local\Discord\app-0.0.300\ffmpeg.dll

2018-01-07 16:26 - 2018-02-08 05:59 - 001780216 _____ () \\?\C:\Users\Bartosz Kuryło\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node

2018-01-06 23:55 - 2018-01-08 18:52 - 001937912 _____ () C:\Users\Bartosz Kuryło\AppData\Local\Discord\app-0.0.300\libglesv2.dll

2018-01-06 23:55 - 2018-01-08 18:52 - 000095736 _____ () C:\Users\Bartosz Kuryło\AppData\Local\Discord\app-0.0.300\libegl.dll

2018-01-07 16:26 - 2018-01-07 16:26 - 002662904 _____ () \\?\C:\Users\Bartosz Kuryło\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node

2018-01-07 16:26 - 2018-03-21 09:12 - 009623896 _____ () \\?\C:\Users\Bartosz Kuryło\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node

2018-01-07 16:26 - 2018-01-31 15:16 - 001508344 _____ () \\?\C:\Users\Bartosz Kuryło\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node

2018-01-07 16:26 - 2018-01-07 16:26 - 000513016 _____ () \\?\C:\Users\Bartosz Kuryło\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node

2018-01-07 16:26 - 2018-03-13 09:35 - 001517560 _____ () \\?\C:\Users\Bartosz Kuryło\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node

2018-01-07 16:27 - 2018-03-08 02:20 - 002749944 _____ () \\?\C:\Users\Bartosz Kuryło\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node

 

==================== Alternate Data Streams (filtrowane) =========

 

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)

 

 

==================== Tryb awaryjny (filtrowane) ===================

 

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

 

==================== Powiązania plików (filtrowane) ===============

 

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)

 

 

==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

 

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)

 

 

==================== Hosts - zawartość: ===============================

 

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

 

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

 

 

==================== Inne obszary ============================

 

(Obecnie brak automatycznej naprawy dla tej sekcji.)

 

HKU\S-1-5-21-611351038-3661164438-333302154-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bartosz Kuryło\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\lordi_wallpaper_by_kittiikat.jpg

DNS Servers: 109.169.85.7 - 8.8.8.8

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Zapora systemu Windows [funkcja włączona]

 

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

 

HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting.lnk"

HKLM\...\StartupApproved\Run32: => "NI Update Service"

HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\StartupApproved\Run: => "GalaxyClient"

 

==================== Reguły Zapory systemu Windows (filtrowane) ===============

 

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

 

FirewallRules: [{DFD2A47B-B3E3-4524-8DCF-A4FDA7580B71}] => (Allow) D:\Program Files\Steam\Steam.exe

FirewallRules: [{3E666FAC-1FCE-4DF2-9EBE-9AAE98B7C26C}] => (Allow) D:\Program Files\Steam\Steam.exe

FirewallRules: [{D131BDCD-E69D-46CA-9D39-105D460A757F}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{DBCE09BA-EEEF-4B52-B455-901BA29C2454}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{EC750265-07F3-4723-AD20-AF672D486830}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{EAF818F8-BBF2-4F70-882E-2D16FC038357}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{E8AB1A95-820A-4CD0-93D5-D589044ACAB0}] => (Allow) C:\Users\Bartosz Kuryło\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{61A82CEA-5CD5-4271-AACE-919DC23BE730}] => (Allow) C:\Users\Bartosz Kuryło\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{2300C734-1C4B-4AC4-88B6-719105D3D2B7}] => (Allow) C:\Users\Bartosz Kuryło\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{110BEE08-1415-41D3-826A-BEF1484BD2B7}] => (Allow) C:\Users\Bartosz Kuryło\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{964BCC5B-1B4F-4C1E-8A64-F5A99EB9A410}] => (Allow) C:\Users\Bartosz Kuryło\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{5B03FD5D-CA18-4D89-B9DA-B730458D3DF4}] => (Allow) C:\Users\Bartosz Kuryło\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [TCP Query User{FBFAA278-78F0-4D46-A823-7C6E6FB16B73}D:\program files\hearthstone\hearthstone.exe] => (Allow) D:\program files\hearthstone\hearthstone.exe

FirewallRules: [UDP Query User{CE4FC9D3-2D1D-4169-9F91-E0279E107F45}D:\program files\hearthstone\hearthstone.exe] => (Allow) D:\program files\hearthstone\hearthstone.exe

FirewallRules: [{D50D072C-1977-4FBC-817D-3AE2F98FCE37}] => (Allow) D:\Program Files\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{F5C50ECC-32CE-4D8D-9866-BA2F6D1F0BC4}] => (Allow) D:\Program Files\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{03918771-85F8-4967-A106-F85145AD1474}] => (Allow) D:\Program Files\Steam\steamapps\common\Saints Row 2\SR2_pc.exe

FirewallRules: [{95F9EC80-9796-4BF5-BD2A-C7CE13DF74AB}] => (Allow) D:\Program Files\Steam\steamapps\common\Saints Row 2\SR2_pc.exe

FirewallRules: [{021FA8F4-8833-4780-8026-ABB1FDA3060F}] => (Allow) D:\Program Files\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{E2890DE3-886B-4E22-BF6C-28E52EF4D00F}] => (Allow) D:\Program Files\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}] => (Allow) D:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe

FirewallRules: [{22EC3136-CADE-4416-9D77-F40268D55AD2}] => (Allow) D:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe

FirewallRules: [{C229CA86-D1D2-4089-A45B-2E31E803BAF1}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe

FirewallRules: [{4F08CF52-B016-4A68-944C-1304C9C0BE35}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe

FirewallRules: [{CD4A55A3-AC69-4910-B11D-11764353D2A1}] => (Allow) D:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe

FirewallRules: [{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}] => (Allow) D:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe

FirewallRules: [TCP Query User{4A4C5344-6B6D-46FB-9125-E2DECAED60B4}D:\program files\overwatch\overwatch.exe] => (Allow) D:\program files\overwatch\overwatch.exe

FirewallRules: [UDP Query User{09233BBB-6C21-43A2-A05E-AA441B2AE8B4}D:\program files\overwatch\overwatch.exe] => (Allow) D:\program files\overwatch\overwatch.exe

FirewallRules: [{6953EEE5-0A2D-4552-AF75-811361DC4E5E}] => (Allow) D:\Program Files\Steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{D1D406A2-C571-4098-98D8-D0C0C43AFBF9}] => (Allow) D:\Program Files\Steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{8408CEED-DCE9-4368-9180-940A2D8FFCCF}] => (Allow) D:\Program Files\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe

FirewallRules: [{E19E960C-DE0B-4667-8EB2-96B1C4C71D33}] => (Allow) D:\Program Files\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe

FirewallRules: [TCP Query User{95279938-2AED-413A-8A05-200404BA29E0}D:\program files\netbeans 8.2\bin\netbeans64.exe] => (Allow) D:\program files\netbeans 8.2\bin\netbeans64.exe

FirewallRules: [UDP Query User{5B2B9BAE-9A1F-4DF8-86C0-CD52A0CEE2FD}D:\program files\netbeans 8.2\bin\netbeans64.exe] => (Allow) D:\program files\netbeans 8.2\bin\netbeans64.exe

FirewallRules: [{CD698ECF-5BA1-412D-BBD0-D59AE35B8E68}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win64\starbound.exe

FirewallRules: [{83C23EBB-7FB7-444A-9E01-DB47E116CB12}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win64\starbound.exe

FirewallRules: [{9BA6FC95-2679-4E1D-8CAF-CDE04385EB4F}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win64\starbound_server.exe

FirewallRules: [{579E6850-AAC3-466A-B2B3-C52B6BC15706}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win64\starbound_server.exe

FirewallRules: [{1CA5A775-DA69-4F34-BDB2-FE26D0EF7403}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win64\mod_uploader.exe

FirewallRules: [{574DE705-F8C3-4B2D-ADEA-F08C7C59D1D0}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win64\mod_uploader.exe

FirewallRules: [{D96CF217-2E18-4190-AA46-797F2E425FD9}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win32\starbound.exe

FirewallRules: [{FC539590-6D26-4A5B-96EA-D05FEC5F335E}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win32\starbound.exe

FirewallRules: [{9E5F68C9-A240-4D53-9664-6C581518C4E1}] => (Allow) D:\Program Files\Steam\steamapps\common\Worms Armageddon\WA.exe

FirewallRules: [{BB45CD0C-C4B2-4AC4-9A13-383393BF1C19}] => (Allow) D:\Program Files\Steam\steamapps\common\Worms Armageddon\WA.exe

FirewallRules: [TCP Query User{4B19773C-D481-4F5E-8C44-B45D6744D7E2}D:\program files\xampp\mysql\bin\mysqld.exe] => (Allow) D:\program files\xampp\mysql\bin\mysqld.exe

FirewallRules: [UDP Query User{FC1ED799-BEBF-49D0-8B95-502A787C9640}D:\program files\xampp\mysql\bin\mysqld.exe] => (Allow) D:\program files\xampp\mysql\bin\mysqld.exe

FirewallRules: [TCP Query User{E41370AC-F6D0-46B7-AA7B-B2A230C861E5}D:\program files\xampp\apache\bin\httpd.exe] => (Allow) D:\program files\xampp\apache\bin\httpd.exe

FirewallRules: [UDP Query User{8D4B26B2-55F8-47E2-B380-CE94885E1FC5}D:\program files\xampp\apache\bin\httpd.exe] => (Allow) D:\program files\xampp\apache\bin\httpd.exe

FirewallRules: [TCP Query User{CA6C5124-6310-42FE-A75A-65900F9E7C35}D:\program files\xampp\php\php.exe] => (Allow) D:\program files\xampp\php\php.exe

FirewallRules: [UDP Query User{3D09CE34-6990-47C3-A272-1B5428550693}D:\program files\xampp\php\php.exe] => (Allow) D:\program files\xampp\php\php.exe

FirewallRules: [{75B289E6-68FA-42A5-9FEC-EA6AE673E330}] => (Allow) D:\Program Files\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe

FirewallRules: [{8B02F5C9-4999-4CF8-9AF7-86A0EF09BC07}] => (Allow) D:\Program Files\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe

FirewallRules: [{D23ADD96-CB06-47E2-BD23-F7C58BDF8CE0}] => (Allow) D:\Program Files\Steam\steamapps\common\BrutalLegend\BrutalLegend.exe

FirewallRules: [{8E795F59-7ACB-47E5-BD18-6A08C33F9078}] => (Allow) D:\Program Files\Steam\steamapps\common\BrutalLegend\BrutalLegend.exe

FirewallRules: [TCP Query User{90E9E901-EB06-40E1-81E0-A1AD254F6A51}D:\program files\lg electronics\lg pc suite\smartsharera.exe] => (Block) D:\program files\lg electronics\lg pc suite\smartsharera.exe

FirewallRules: [UDP Query User{0ED5DD41-AB9C-497E-8B8E-917C0F576F53}D:\program files\lg electronics\lg pc suite\smartsharera.exe] => (Block) D:\program files\lg electronics\lg pc suite\smartsharera.exe

FirewallRules: [{9FDD3C35-9FC0-42B8-B693-F8D2985B6BDC}] => (Allow) D:\Program Files\Steam\steamapps\common\Ultimate Chicken Horse\UltimateChickenHorse.exe

FirewallRules: [{FE13B832-191A-4EDC-B839-850152BA74B3}] => (Allow) D:\Program Files\Steam\steamapps\common\Ultimate Chicken Horse\UltimateChickenHorse.exe

FirewallRules: [{3085AC38-EFD3-468F-8BAE-781F627565AF}] => (Allow) D:\Program Files\Steam\steamapps\common\Portal 2\portal2.exe

FirewallRules: [{96757C4E-20BF-4CD5-AAFF-C595D0169318}] => (Allow) D:\Program Files\Steam\steamapps\common\Portal 2\portal2.exe

FirewallRules: [TCP Query User{638414C7-BAEF-4154-AC5E-0FF0FA0AD0D5}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe

FirewallRules: [UDP Query User{316B7741-FC45-4107-852E-B5ECE310ED6A}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe

FirewallRules: [{693EC7AC-FBE0-4225-BCC0-ADE3A77FCCB1}] => (Allow) D:\Program Files\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe

FirewallRules: [{6CACD1EA-1AFF-40D4-B5E3-58FC36A66A39}] => (Allow) D:\Program Files\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe

FirewallRules: [{941CFFDB-0917-416C-A6CB-F5887C4FFADF}] => (Allow) D:\Program Files\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe

FirewallRules: [{3D20FC83-538B-4239-A65E-ABAC39BF40B6}] => (Allow) D:\Program Files\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe

FirewallRules: [TCP Query User{986CB8E7-551C-4B8C-9F82-8A8DFBD3B27C}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe

FirewallRules: [UDP Query User{6DA532D9-B15D-4AAA-8CD0-EA133265FB0B}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe

FirewallRules: [TCP Query User{CB8A80F5-A6CB-408C-B3EC-AD48B5B35C15}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe

FirewallRules: [UDP Query User{7A5D47BC-21E4-44E8-9F51-58F6A1CD051E}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe

FirewallRules: [TCP Query User{CF78A924-C28E-45C8-88B4-A730FB83039C}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe

FirewallRules: [UDP Query User{B5C46117-A9D5-45B5-9502-28DB76695367}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe

FirewallRules: [{1F51858D-A6AD-42C4-AF21-E2344C6EA13D}] => (Allow) D:\Program Files\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe

FirewallRules: [{A3F09D88-97DD-468A-9BE7-D4D8AD69D278}] => (Allow) D:\Program Files\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe

FirewallRules: [{0A90EA20-FEA6-4CD9-8E92-B51E2BF1B1F1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{1C85E1FD-32CA-4DC3-AC37-C20A8B2D816D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{C2D9091B-4618-4DD6-BBFF-0B80D41FF15B}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe

FirewallRules: [UDP Query User{3E3772D0-A848-4E70-87F0-89571C13154A}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe

 

==================== Punkty Przywracania systemu =========================

 

29-03-2018 05:24:16 Zaplanowany punkt kontrolny

07-04-2018 05:18:04 Zaplanowany punkt kontrolny

10-04-2018 07:20:43 Zainstalowany program DirectX

15-04-2018 07:13:37 Punkt przywracania utworzony przez HitmanPro

 

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Urządzenie PCI

Description: Urządzenie PCI

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Kontroler PCI gromadzenia danych i przetwarzania sygnałów

Description: Kontroler PCI gromadzenia danych i przetwarzania sygnałów

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Błędy w Dzienniku zdarzeń: =========================

 

Dziennik Aplikacja:

==================

Error: (04/20/2018 06:58:42 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Nie można wygenerować kontekstu aktywacji dla „D:\Program Files\LG Electronics\LG PC Suite\LGPCSuite.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu .

Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.

Składniki powodujące konflikt:

Składnik 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Składnik 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

 

Error: (04/19/2018 04:27:22 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Nie można wygenerować kontekstu aktywacji dla „D:\Program Files\LG Electronics\LG PC Suite\LGPCSuite.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu .

Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.

Składniki powodujące konflikt:

Składnik 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Składnik 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

 

Error: (04/19/2018 03:54:47 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Program LiveComm.exe w wersji 17.5.9600.20911 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania.

 

Identyfikator procesu: 30c

 

Godzina rozpoczęcia: 01d3d7e4d82d4f34

 

Godzina zakończenia: 4294967295

 

Ścieżka aplikacji: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

 

Identyfikator raportu: ced24c4a-43d8-11e8-82b8-606c66a8e7f5

 

Pełna nazwa pakietu powodującego błąd: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

 

Identyfikator aplikacji względem pakietu powodującego błąd: ppleae38af2e007f4358a809ac99a64a67c1

 

Error: (04/19/2018 03:46:35 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Program LiveComm.exe w wersji 17.5.9600.20911 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania.

 

Identyfikator procesu: 794

 

Godzina rozpoczęcia: 01d3d7e40f447639

 

Godzina zakończenia: 4294967295

 

Ścieżka aplikacji: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

 

Identyfikator raportu: 028f215d-43d8-11e8-82b8-606c66a8e7f5

 

Pełna nazwa pakietu powodującego błąd: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

 

Identyfikator aplikacji względem pakietu powodującego błąd: ppleae38af2e007f4358a809ac99a64a67c1

 

Error: (04/19/2018 01:45:25 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Nie można wygenerować kontekstu aktywacji dla „D:\Program Files\LG Electronics\LG PC Suite\LGPCSuite.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu .

Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.

Składniki powodujące konflikt:

Składnik 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Składnik 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

 

Error: (04/19/2018 07:05:02 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Program LiveComm.exe w wersji 17.5.9600.20911 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania.

 

Identyfikator procesu: a54

 

Godzina rozpoczęcia: 01d3d79b330e8884

 

Godzina zakończenia: 4294967295

 

Ścieżka aplikacji: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

 

Identyfikator raportu: 2959fa2e-438f-11e8-82b7-606c66a8e7f5

 

Pełna nazwa pakietu powodującego błąd: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

 

Identyfikator aplikacji względem pakietu powodującego błąd: ppleae38af2e007f4358a809ac99a64a67c1

 

Error: (04/18/2018 03:33:37 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Nie można wygenerować kontekstu aktywacji dla „D:\Program Files\LG Electronics\LG PC Suite\LGPCSuite.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu .

Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.

Składniki powodujące konflikt:

Składnik 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Składnik 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

 

Error: (04/17/2018 01:01:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nazwa aplikacji powodującej błąd: payday2_win32_release.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x5abd019b

Nazwa modułu powodującego błąd: ucrtbase.DLL, wersja: 10.0.10586.9, sygnatura czasowa: 0x5642c5f8

Kod wyjątku: 0xc0000409

Przesunięcie błędu: 0x0008468b

Identyfikator procesu powodującego błąd: 0x1938

Godzina uruchomienia aplikacji powodującej błąd: 0x01d3d63b16967370

Ścieżka aplikacji powodującej błąd: D:\Program Files\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

Ścieżka modułu powodującego błąd: C:\WINDOWS\SYSTEM32\ucrtbase.DLL

Identyfikator raportu: a04c4b4b-422e-11e8-82b4-606c66a8e7f5

Pełna nazwa pakietu powodującego błąd:

Identyfikator aplikacji względem pakietu powodującego błąd:

 

 

Dziennik System:

=============

Error: (04/19/2018 03:58:10 PM) (Source: BTHUSB) (EventID: 30) (User: )

Description: Lokalny adapter nie obsługuje ważnego stanu kontrolera funkcji Low Energy. Minimalna wymagana obsługiwana maska stanu to 0x1f7fffff, a uzyskano 0x1f3fffff. Funkcja Low Energy zostanie wyłączona.

 

Error: (04/19/2018 03:40:23 PM) (Source: BTHUSB) (EventID: 30) (User: )

Description: Lokalny adapter nie obsługuje ważnego stanu kontrolera funkcji Low Energy. Minimalna wymagana obsługiwana maska stanu to 0x1f7fffff, a uzyskano 0x1f3fffff. Funkcja Low Energy zostanie wyłączona.

 

Error: (04/19/2018 03:40:30 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Poprzednie zamknięcie systemu przy 15:10:00 na ‎2018-‎04-‎19 było nieoczekiwane.

 

Error: (04/19/2018 06:58:52 AM) (Source: BTHUSB) (EventID: 30) (User: )

Description: Lokalny adapter nie obsługuje ważnego stanu kontrolera funkcji Low Energy. Minimalna wymagana obsługiwana maska stanu to 0x1f7fffff, a uzyskano 0x1f3fffff. Funkcja Low Energy zostanie wyłączona.

 

Error: (04/19/2018 06:58:55 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: Poprzednie zamknięcie systemu przy 06:15:34 na ‎2018-‎04-‎19 było nieoczekiwane.

 

Error: (04/19/2018 02:55:30 AM) (Source: BTHUSB) (EventID: 30) (User: )

Description: Lokalny adapter nie obsługuje ważnego stanu kontrolera funkcji Low Energy. Minimalna wymagana obsługiwana maska stanu to 0x1f7fffff, a uzyskano 0x1f3fffff. Funkcja Low Energy zostanie wyłączona.

 

Error: (04/19/2018 02:54:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Usługa Wstępne ładowanie do pamięci zakończyła działanie; wystąpił następujący błąd:

Usługa nie została uruchomiona.

 

Error: (04/19/2018 02:17:47 AM) (Source: BTHUSB) (EventID: 30) (User: )

Description: Lokalny adapter nie obsługuje ważnego stanu kontrolera funkcji Low Energy. Minimalna wymagana obsługiwana maska stanu to 0x1f7fffff, a uzyskano 0x1f3fffff. Funkcja Low Energy zostanie wyłączona.

 

 

Windows Defender:

===================================

Date: 2017-03-10 23:35:39.815

Description:

Funkcja ochrony w czasie rzeczywistym produktu Windows Defender napotkała błąd i jej uruchomienie nie powiodło się.

Funkcja: System inspekcji sieci

Kod błędu: 0x80070002

Opis błędu: Nie można odnaleźć określonego pliku.

Przyczyna: Ochrona przed złośliwym oprogramowaniem przestała działać z nieznanego powodu. W niektórych przypadkach ponowne uruchomienie usługi może rozwiązać problem.

 

Date: 2017-03-10 15:45:41.232

Description:

Funkcja ochrony w czasie rzeczywistym produktu Windows Defender napotkała błąd i jej uruchomienie nie powiodło się.

Funkcja: System inspekcji sieci

Kod błędu: 0x80070002

Opis błędu: Nie można odnaleźć określonego pliku.

Przyczyna: W systemie brakuje aktualizacji wymaganych do uruchomienia systemu inspekcji sieci. Zainstaluj wymagane aktualizacje i ponownie uruchom komputer.

 

Date: 2017-03-10 14:47:44.124

Description:

Funkcja ochrony w czasie rzeczywistym produktu Windows Defender napotkała błąd i jej uruchomienie nie powiodło się.

Funkcja: System inspekcji sieci

Kod błędu: 0x80070002

Opis błędu: Nie można odnaleźć określonego pliku.

Przyczyna: W systemie brakuje aktualizacji wymaganych do uruchomienia systemu inspekcji sieci. Zainstaluj wymagane aktualizacje i ponownie uruchom komputer.

 

Date: 2017-03-10 13:54:44.773

Description:

Funkcja ochrony w czasie rzeczywistym produktu Windows Defender napotkała błąd i jej uruchomienie nie powiodło się.

Funkcja: System inspekcji sieci

Kod błędu: 0x80070002

Opis błędu: Nie można odnaleźć określonego pliku.

Przyczyna: W systemie brakuje aktualizacji wymaganych do uruchomienia systemu inspekcji sieci. Zainstaluj wymagane aktualizacje i ponownie uruchom komputer.

 

CodeIntegrity:

===================================

 

Date: 2018-02-11 22:58:05.547

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

 

Date: 2018-02-11 22:58:05.342

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

 

Date: 2018-02-11 22:58:05.178

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

 

Date: 2018-02-11 22:58:05.004

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

 

Date: 2018-02-11 22:58:04.822

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

 

Date: 2018-02-11 22:58:04.608

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

 

Date: 2018-02-11 22:58:04.405

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

 

Date: 2018-02-11 22:58:04.206

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

 

==================== Statystyki pamięci ===========================

 

Procesor: Intel® Core™ i5-3317U CPU @ 1.70GHz

Procent pamięci w użyciu: 55%

Całkowita pamięć fizyczna: 3981.54 MB

Dostępna pamięć fizyczna: 1787.64 MB

Całkowita pamięć wirtualna: 6402.85 MB

Dostępna pamięć wirtualna: 3696.35 MB

 

==================== Dyski ================================

 

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:133.72 GB) NTFS

Drive d: (DATA) (Fixed) (Total:258.15 GB) (Free:44.54 GB) NTFS

 

\\?\Volume{fddb56f4-1302-4d76-87cc-e965b2aff5c4}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.52 GB) NTFS

\\?\Volume{5c476232-29b5-4467-b6ca-51a0ed610d68}\ (Restore) (Fixed) (Total:20.01 GB) (Free:8.84 GB) NTFS

 

==================== MBR & Tablica partycji ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 337AEAFE)

 

Partition: GPT.

 

==================== Koniec  Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 AM

Posted 21 April 2018 - 07:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Tcpip\Parameters: [DhcpNameServer] 109.169.85.7 8.8.8.8
Tcpip\..\Interfaces\{8DDC1DF5-0631-450D-9EFC-75976E2A18C5}: [DhcpNameServer] 109.169.85.7 8.8.8.8
SearchScopes: HKU\S-1-5-21-611351038-3661164438-333302154-1001 -> DefaultScope {61CE8A7B-8A4A-469E-8BDD-9B811A55F7F7} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-611351038-3661164438-333302154-1001 -> {61CE8A7B-8A4A-469E-8BDD-9B811A55F7F7} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.
===

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

====

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 152 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180152F0}) (Version: 8.0.1520.16 - Oracle Corporation)
Java SE Development Kit 8 Update 152 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180152}) (Version: 8.0.1520.16 - Oracle Corporation)

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the logs and let me know if the problem persists.

#3 Daractive

Daractive
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 21 April 2018 - 04:04 PM

Java updated througt software itself. FRST used acording to instructions. IE and Firefox refreshed. Problem persists.

 

Logs:
 

Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 19.04.2018

Uruchomiony przez Bartosz Kuryło (21-04-2018 00:24:28) Run:1

Uruchomiony z C:\Users\Bartosz Kuryło\Downloads

Załadowane profile: Bartosz Kuryło (Dostępne profile: Bartosz Kuryło)

Tryb startu: Normal

==============================================

 

fixlist - zawartość:

*****************

start

 

CreateRestorePoint:

EmptyTemp:

CloseProcesses:

 

Tcpip\Parameters: [DhcpNameServer] 109.169.85.7 8.8.8.8

Tcpip\..\Interfaces\{8DDC1DF5-0631-450D-9EFC-75976E2A18C5}: [DhcpNameServer] 109.169.85.7 8.8.8.8

SearchScopes: HKU\S-1-5-21-611351038-3661164438-333302154-1001 -> DefaultScope {61CE8A7B-8A4A-469E-8BDD-9B811A55F7F7} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKU\S-1-5-21-611351038-3661164438-333302154-1001 -> {61CE8A7B-8A4A-469E-8BDD-9B811A55F7F7} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku

ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku

 

cmd: ipconfig /flushdns

cmd: IPCONFIG /release

cmd: IPCONFIG /renew

 

End

*****************

 

Punkt przywracania został pomyślnie utworzony.

Procesy zostały pomyślnie zamknięte.

"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => pomyślnie usunięto

"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8DDC1DF5-0631-450D-9EFC-75976E2A18C5}\\DhcpNameServer" => pomyślnie usunięto

"HKU\S-1-5-21-611351038-3661164438-333302154-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => pomyślnie usunięto

"HKU\S-1-5-21-611351038-3661164438-333302154-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{61CE8A7B-8A4A-469E-8BDD-9B811A55F7F7}" => pomyślnie usunięto

HKLM\Software\Classes\CLSID\{61CE8A7B-8A4A-469E-8BDD-9B811A55F7F7} => nie znaleziono

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => pomyślnie usunięto

HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => nie znaleziono

"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => pomyślnie usunięto

HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => nie znaleziono

 

========= ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= Koniec  CMD: =========

 

 

========= IPCONFIG /release =========

 

 

Windows IP Configuration

 

No operation can be performed on PoĄczenie lokalne* 2 while it has its media disconnected.

No operation can be performed on PoĄczenie sieciowe Bluetooth while it has its media disconnected.

No operation can be performed on Wi-Fi while it has its media disconnected.

 

Wireless LAN adapter PoĄczenie lokalne* 2:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

 

Ethernet adapter PoĄczenie sieciowe Bluetooth:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

 

Wireless LAN adapter Wi-Fi:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : mshome.net

 

Ethernet adapter Ethernet:

 

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::88d3:ab2:3821:54cc%3

   Default Gateway . . . . . . . . . :

 

Tunnel adapter isatap.{8DDC1DF5-0631-450D-9EFC-75976E2A18C5}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

 

========= Koniec  CMD: =========

 

 

========= IPCONFIG /renew =========

 

 

Windows IP Configuration

 

No operation can be performed on PoĄczenie lokalne* 2 while it has its media disconnected.

No operation can be performed on PoĄczenie sieciowe Bluetooth while it has its media disconnected.

No operation can be performed on Wi-Fi while it has its media disconnected.

 

Wireless LAN adapter PoĄczenie lokalne* 2:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

 

Ethernet adapter PoĄczenie sieciowe Bluetooth:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

 

Wireless LAN adapter Wi-Fi:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : mshome.net

 

Ethernet adapter Ethernet:

 

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::88d3:ab2:3821:54cc%3

   IPv4 Address. . . . . . . . . . . : 192.168.1.100

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 192.168.1.254

 

========= Koniec  CMD: =========

 

 

=========== EmptyTemp: ==========

 

BITS transfer queue => 16777216 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17500750 B

Java, Flash, Steam htmlcache => 379085636 B

Windows/system/drivers => 964003913 B

Edge => 0 B

Chrome => 0 B

Firefox => 392899198 B

Opera => 0 B

 

Temp, IE cache, history, cookies, recent:

Default => 0 B

Users => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 128 B

systemprofile32 => 128 B

LocalService => 567144 B

NetworkService => 10340 B

Bartosz Kuryło => 4591317795 B

 

RecycleBin => 12818916 B

EmptyTemp: => 5.9 GB danych tymczasowych Usunięto.

 

================================

 

 

System wymagał restartu.

 

==== Koniec  Fixlog 00:28:23 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 AM

Posted 22 April 2018 - 06:51 AM

Hi,

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#5 Daractive

Daractive
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 22 April 2018 - 09:32 AM

Hello again.
 

RogueKiller used, detections deleted (seems to only affect homepage I've set for IE), problem persists.

Logs:

RogueKiller V12.12.13.0 (x64) [Apr 16 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Bartosz Kury?o [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 04/22/2018 07:17:04 (Duration : 00:30:33)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-611351038-3661164438-333302154-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-611351038-3661164438-333302154-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] 2fcceb8386be3a1c6a351bad777dd455
[BSP] 07ff70eed4a6a23ed0acddb9550ff3ef : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 300 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 616448 | Size: 900 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2459648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2721792 | Size: 190776 MB
4 - Basic data partition | Offset (sectors): 393431040 | Size: 264345 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 934809600 | Size: 20490 MB
User = LL1 ... OK
User = LL2 ... OK

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 AM

Posted 22 April 2018 - 10:54 AM



Hi,

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===


Restart the computer when done.

Run the Farbar probram and post a fresh FRST.txt log for my review.

p.s.
Is the problem persisting on IE and Chrome?

#7 Daractive

Daractive
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 24 April 2018 - 02:27 PM

Hello.
Problem originally manifested on both IE (set as main browser) and Chrome (actually used one). Upon completelly deleting Chrome and installing Firefox it got affected as well.
Reseted IE (couldn't do the developer tools cache wipe due to too new IE), just in case refreshed Firefox.
Problem actually seems to have stopped. If it returns I'll probably necro.

Thank you for help.

Logs:

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 23.04.2018
Uruchomiony przez Bartosz Kuryło (administrator)  KOMP-BARTKA (24-04-2018 08:39:13)
Uruchomiony z D:\Program Files\FRST
Załadowane profile: Bartosz Kuryło (Dostępne profile: Bartosz Kuryło)
Platform: Windows 8.1 (Update) (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\Antivirus\AVGSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(National Instruments Corporation) D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) D:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) D:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) D:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Discord Inc.) C:\Users\Bartosz Kuryło\AppData\Local\Discord\app-0.0.300\Discord.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\Antivirus\AVGUI.exe
(Discord Inc.) C:\Users\Bartosz Kuryło\AppData\Local\Discord\app-0.0.300\Discord.exe
(Discord Inc.) C:\Users\Bartosz Kuryło\AppData\Local\Discord\app-0.0.300\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [AVGUI.exe] => D:\Program Files\AVG\Antivirus\AvLaunch.exe [291056 2018-04-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [NI Update Service] => D:\Program Files\National Instruments\Shared\Update Service\NIUpdateService.exe [851592 2012-08-02] (National Instruments)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\Run: [Steam] => D:\Program Files\Steam\steam.exe [3199776 2018-04-03] (Valve Corporation)
HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\Run: [GalaxyClient] => D:\Program Files\GOG Galaxy\GalaxyClient.exe [6110792 2018-02-11] (GOG.com)
HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\Run: [Discord] => C:\Users\Bartosz Kuryło\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\MountPoints2: {b238d2a2-f0f0-11e7-829a-606c66a8e7f5} - "F:\LGAutoRun.exe"
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [181280 2017-01-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [158392 2017-01-25] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2017-05-21]
ShortcutTarget: NI Error Reporting.lnk -> D:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Winsock: Catalog5 08 D:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320 2012-05-31] (National Instruments Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368 2012-05-31] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.32.1 62.93.32.67
Tcpip\..\Interfaces\{0B0FD7E5-31D9-46E1-998E-409BAA3594CC}: [DhcpNameServer] 192.168.137.1
Tcpip\..\Interfaces\{8DDC1DF5-0631-450D-9EFC-75976E2A18C5}: [DhcpNameServer] 192.168.32.1 62.93.32.67

Internet Explorer:
==================
BHO: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> D:\Program Files\StatSoft2\STATISTICA 122\StaBHO.dll [2014-11-10] (StatSoft, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> D:\Program Files\StatSoft2\STATISTICA 122\Support\StaBHO.dll [2014-11-10] (StatSoft, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: gsy55bzs.default-1524551624682
FF ProfilePath: C:\Users\Bartosz Kuryło\AppData\Roaming\Mozilla\Firefox\Profiles\gsy55bzs.default-1524551624682 [2018-04-24]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin HKU\S-1-5-21-611351038-3661164438-333302154-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bartosz Kuryło\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AVG Antivirus; D:\Program Files\AVG\Antivirus\AVGSvc.exe [314688 2018-04-12] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; D:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [7653992 2018-04-12] (AVG Technologies CZ, s.r.o.)
S3 GalaxyClientService; D:\Program Files\GOG Galaxy\GalaxyClientService.exe [662600 2018-02-11] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8410184 2018-01-31] (GOG.com)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation)
R2 LkCitadelServer; C:\WINDOWS\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)
R2 lkClassAds; C:\WINDOWS\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)
R2 lkTimeSync; C:\WINDOWS\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)
S3 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 NIApplicationWebServer; D:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)
R2 NIDomainService; D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)
S3 NILM License Manager; D:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; D:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)
R2 niSvcLoc; D:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)
S3 OverwolfUpdater; D:\Program Files\Overwolf\OverwolfUpdater.exe [1453384 2018-04-08] (Overwolf LTD)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [187904 2017-09-28] (Microsoft Corporation) [Brak podpisu cyfrowego]
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-23] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
S3 andnetndis; C:\WINDOWS\system32\DRIVERS\lgandnetndis64.sys [93696 2015-01-21] (LG Electronics Inc.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [189032 2018-04-13] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166064 2018-04-12] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [220600 2018-04-12] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192536 2018-04-12] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336848 2018-04-12] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [50776 2018-04-12] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39352 2018-04-13] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [139608 2018-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [103744 2018-04-13] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76760 2018-04-13] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1019088 2018-04-12] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [452904 2018-04-13] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [198368 2018-04-13] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [372920 2018-04-13] (AVG Technologies CZ, s.r.o.)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2018-04-22 21:25 - 2018-04-22 21:25 - 000000000 ____D C:\Users\Bartosz Kuryło\Documents\My Spore Creations
2018-04-22 21:25 - 2018-04-22 21:25 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Roaming\Spore
2018-04-22 20:47 - 2018-04-22 20:47 - 000000909 _____ C:\Users\Public\Desktop\SPORE™ Collection.lnk
2018-04-22 20:47 - 2018-04-22 20:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPORE™ Collection [GOG.com]
2018-04-22 20:45 - 2018-04-22 20:45 - 000000000 ____D C:\WINDOWS\SysWOW64\SPORE [GOG.com]
2018-04-22 17:07 - 2018-04-22 18:38 - 000000000 ____D C:\Users\Bartosz Kuryło\Downloads\SPORE Collection v3.1.0.22 (10834) [GOG]
2018-04-22 07:58 - 2018-04-22 07:58 - 000000824 _____ C:\Users\Bartosz Kuryło\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2018-04-22 07:17 - 2018-04-22 07:17 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-04-22 07:16 - 2018-04-22 07:50 - 000000000 ____D C:\ProgramData\RogueKiller
2018-04-22 07:16 - 2018-04-22 07:48 - 000000000 ____D C:\Program Files\RogueKiller
2018-04-22 07:16 - 2018-04-22 07:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-04-22 07:10 - 2018-04-22 07:12 - 036543568 _____ (Adlice Software ) C:\Users\Bartosz Kuryło\Downloads\RogueKiller_setup_ref3.exe
2018-04-22 07:08 - 2018-04-22 07:10 - 053707712 _____ C:\Users\Bartosz Kuryło\Downloads\torbrowser-install-7.5.3_en-US.exe
2018-04-21 00:21 - 2018-04-21 00:21 - 000000000 ____D C:\Program Files\Java
2018-04-20 20:41 - 2018-04-24 08:39 - 000000000 ____D C:\FRST
2018-04-20 18:34 - 2018-04-20 18:34 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Bartosz Kuryło\Downloads\rkill.exe
2018-04-20 18:34 - 2018-04-20 18:34 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\Bartosz Kuryło\Downloads\rkill64.exe
2018-04-20 18:32 - 2018-04-20 18:33 - 000008751 _____ C:\Users\Bartosz Kuryło\Desktop\Nowy dokument tekstowy (3).txt
2018-04-19 17:34 - 2018-04-24 08:34 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\LocalLow\Mozilla
2018-04-19 17:34 - 2018-04-19 17:39 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Local\Mozilla
2018-04-19 17:34 - 2018-04-19 17:34 - 000000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-04-19 17:34 - 2018-04-19 17:34 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Roaming\Mozilla
2018-04-19 17:34 - 2018-04-19 17:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-19 17:33 - 2018-04-19 17:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-04-18 05:33 - 2018-04-19 15:46 - 000000000 ____D C:\Users\Bartosz Kuryło\Documents\Spore
2018-04-15 09:05 - 2018-04-15 09:07 - 000000000 ____D C:\AdwCleaner
2018-04-15 09:05 - 2018-04-15 09:05 - 007256272 _____ (Malwarebytes) C:\Users\Bartosz Kuryło\Downloads\adwcleaner_7.1.0.0.exe
2018-04-15 08:09 - 2018-04-15 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-15 08:09 - 2018-04-15 08:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-15 08:09 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-15 08:07 - 2018-04-15 08:08 - 073208032 _____ (Malwarebytes ) C:\Users\Bartosz Kuryło\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4720.exe
2018-04-15 07:30 - 2018-04-15 07:30 - 000000000 ____D C:\Users\Bartosz Kuryło\Documents\MM6 SAVES
2018-04-15 06:59 - 2018-04-15 07:23 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-15 06:58 - 2018-04-15 06:58 - 011605440 _____ (SurfRight B.V.) C:\Users\Bartosz Kuryło\Downloads\HitmanPro_x64.exe
2018-04-14 06:06 - 2018-04-13 10:06 - 000377584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2018-04-08 11:14 - 2018-04-08 11:14 - 000091504 _____ C:\Users\Bartosz Kuryło\Downloads\SI_Skrypty.rar
2018-03-26 13:13 - 2018-03-26 13:13 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Roaming\Oracle SQL Developer Data Modeler
2018-03-26 13:13 - 2018-03-26 13:13 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Roaming\datamodeler
2018-03-26 12:51 - 2018-03-26 12:51 - 000000000 ____D C:\Users\Bartosz Kuryło\Downloads\datamodeler-x64-17.4.0.355.2121

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2018-04-24 08:36 - 2017-03-11 04:41 - 000000000 __RDO C:\Users\Bartosz Kuryło\OneDrive
2018-04-24 08:36 - 2017-03-11 00:30 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-24 08:36 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-24 08:35 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-04-24 08:00 - 2017-10-20 21:45 - 000000000 ___RD C:\Users\Bartosz Kuryło\Documents\Marika
2018-04-24 07:50 - 2017-03-14 02:03 - 000000000 ____D C:\Users\Bartosz Kuryło\Documents\Studia
2018-04-24 07:18 - 2017-03-10 15:58 - 000004032 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6266CACB-42E0-4BF2-B866-D8154A5DB74D}
2018-04-23 10:04 - 2017-03-13 18:06 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Local\CrashDumps
2018-04-23 04:36 - 2017-03-10 15:54 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-611351038-3661164438-333302154-1001
2018-04-22 20:32 - 2017-03-12 14:41 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Roaming\BitTorrent
2018-04-22 07:59 - 2017-03-11 04:51 - 000000000 ____D C:\Users\Bartosz Kuryło\Desktop\Programy
2018-04-22 07:59 - 2017-03-11 04:51 - 000000000 ____D C:\Users\Bartosz Kuryło\Desktop\Gry i komunikatory
2018-04-22 07:47 - 2013-08-22 17:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-04-21 00:25 - 2017-11-27 17:38 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\LocalLow\Temp
2018-04-21 00:22 - 2017-10-18 02:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-04-21 00:22 - 2017-10-18 02:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-04-21 00:21 - 2017-10-18 02:41 - 000111048 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-04-19 17:21 - 2017-08-01 01:25 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Local\Deployment
2018-04-19 16:01 - 2017-03-11 03:44 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Roaming\discord
2018-04-19 15:57 - 2017-03-10 15:48 - 000000000 ____D C:\Users\Bartosz Kuryło
2018-04-19 15:54 - 2017-03-11 03:09 - 000004162 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2018-04-19 02:21 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2018-04-17 11:37 - 2017-03-20 01:12 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Local\Battle.net
2018-04-15 11:31 - 2014-11-21 06:46 - 001817498 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-15 11:31 - 2014-11-21 06:07 - 000801022 _____ C:\WINDOWS\system32\perfh015.dat
2018-04-15 11:31 - 2014-11-21 06:07 - 000160728 _____ C:\WINDOWS\system32\perfc015.dat
2018-04-15 02:08 - 2017-03-11 03:09 - 000139608 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2018-04-13 10:06 - 2017-11-30 08:30 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2018-04-13 10:06 - 2017-03-11 03:09 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2018-04-13 10:06 - 2017-03-11 03:09 - 000372920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2018-04-13 10:06 - 2017-03-11 03:09 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2018-04-13 10:06 - 2017-03-11 03:09 - 000103744 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2018-04-13 10:06 - 2017-03-11 03:09 - 000076760 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2018-04-13 10:06 - 2017-03-11 03:09 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2018-04-12 14:05 - 2017-03-11 03:09 - 001019088 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2018-04-12 14:04 - 2017-03-11 03:09 - 000336848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2018-04-12 14:04 - 2017-03-11 03:09 - 000220600 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2018-04-12 14:04 - 2017-03-11 03:09 - 000192536 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2018-04-12 14:04 - 2017-03-11 03:09 - 000166064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2018-04-12 14:04 - 2017-03-11 03:09 - 000050776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2018-04-09 12:47 - 2017-11-27 06:59 - 000000000 ____D C:\Users\Bartosz Kuryło\Documents\Visual Studio 2017
2018-04-04 16:00 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-31 14:17 - 2018-02-18 05:37 - 000000000 ____D C:\Users\Bartosz Kuryło\AppData\Roaming\TEdit

Niektóre pliki w TEMP:
====================
2018-04-22 07:16 - 2016-08-13 09:40 - 001737080 _____ (Microsoft Corporation) C:\Users\Bartosz Kuryło\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo
C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

LastRegBack: 2018-04-24 08:08

==================== Koniec  FRST.txt ============================

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 23.04.2018
Uruchomiony przez Bartosz Kuryło (24-04-2018 08:40:57)
Uruchomiony z D:\Program Files\FRST
Windows 8.1 (Update) (X64) (2017-03-10 13:48:41)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Administrator (S-1-5-21-611351038-3661164438-333302154-500 - Administrator - Disabled)
Bartosz Kuryło (S-1-5-21-611351038-3661164438-333302154-1001 - Administrator - Enabled) => C:\Users\Bartosz Kuryło
Gość (S-1-5-21-611351038-3661164438-333302154-501 - Limited - Disabled)

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

Application Verifier x64 External Package (HKLM\...\{D9908CED-5ABB-FEE9-FC84-743F4D38637C}) (Version: 10.1.16299.15 - Microsoft) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.3.3051 - AVG Technologies)
BitTorrent (HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\BitTorrent) (Version: 7.10.3.44359 - BitTorrent Inc.)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
DiagnosticsHub_CollectionService (HKLM\...\{311C382C-6FDC-45ED-A04C-629A852D6148}) (Version: 15.0.26823 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.7.0.9 - GOG.com)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Gothic II Złota Edycja (HKLM-x32\...\{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}) (Version: 2.6 - JoWood)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
Gwent (HKLM-x32\...\1971477531_is1) (Version: 0.9.22.6.421.2 - GOG.com)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Might and Magic III - Złota Edycja (HKLM-x32\...\{8B743AA0-53B2-11D2-808A-00600895FB43}) (Version: 1.0 - )
Heroes of Might and Magic® III: Horn of the Abyss (HKLM-x32\...\HotA_is1) (Version: 1.4.2 - HotA Crew)
HI-TECH C Compiler for the PIC10/12/16 MCUs V9.82PL0 (HKLM-x32\...\PICC 9.82) (Version: 9.82 - HI-TECH Software)
HI-TECH C51-lite V9.60PL0 (HKLM-x32\...\HC51 9.60PL0) (Version: 9.60 - HI-TECH Software)
icecap_collection_neutral (HKLM-x32\...\{743913D7-41D9-48C0-977D-FC87743A9BEC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{6BC73140-3CB6-486A-8350-BF35F54EFA19}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{67941F0C-2930-4C3F-983C-1089D2759B42}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{8859396F-6D99-4700-9336-3416C67452D4}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{304B71E2-BA3A-419C-B632-3DFBB4AFE42B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{61786DC5-BD88-474A-A66E-DA4B7F5584E4}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java SE Development Kit 8 Update 152 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180152}) (Version: 8.0.1520.16 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{86E59C8F-61D5-1782-A3CE-60AE7E4D7791}) (Version: 10.1.16299.15 - Microsoft) Hidden
League of Legends (HKLM-x32\...\{EA8630BD-0DCC-4154-B972-AAA6C8989E1A}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Malwarebytes (wersja 3.4.5.2467) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Math Kernel Libraries (64-bit) (HKLM\...\{E3EB4126-0930-4926-B135-1F85452E7975}) (Version: 1.0.23.0 - National Instruments) Hidden
Math Kernel Libraries (HKLM-x32\...\{4C16E76C-7A4D-48E7-9E5E-B76B357C014E}) (Version: 1.0.23.0 - National Instruments) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.12.111.1002 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 pl) (HKLM\...\Mozilla Firefox 59.0.2 (x64 pl)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
MSI Development Tools (HKLM-x32\...\{973CACA2-E018-065B-0580-F2784802E299}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version:  - National Instruments)
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
NI .NET Framework 4.0 (HKLM-x32\...\{5CC95D76-A798-4722-AE76-E494D9664907}) (Version: 4.01.49152 - National Instruments) Hidden
NI ActiveX Container (64-bit) (HKLM\...\{86F88524-6AF8-4D10-9F3C-AFB0DA2A3F39}) (Version: 12.0.14.0 - National Instruments) Hidden
NI ActiveX Container (HKLM-x32\...\{4C146083-2C71-4C64-A4AD-5E340E177E63}) (Version: 12.0.14.0 - National Instruments) Hidden
NI Authentication 12.0.0 (64-bit) (HKLM\...\{B618335B-11D2-4780-B5CE-AA2D111DB693}) (Version: 12.0.367.0 - National Instruments) Hidden
NI Authentication 12.0.0 (HKLM-x32\...\{E9592CCE-3058-4308-B52A-5AEA08E54F13}) (Version: 12.0.367.0 - National Instruments) Hidden
NI Circuit Design Suite 12.0.1 Core (HKLM-x32\...\{3A06B1D8-C3FE-4F94-BA6E-4BCCD57E7276}) (Version: 12.0.923 - National Instruments) Hidden
NI Circuit Design Suite 12.0.1 Pro (HKLM-x32\...\{85CA7665-5129-4BC7-A53E-2AE598D34E63}) (Version: 12.0.923 - National Instruments) Hidden
NI Circuit Design Suite 12.0.1 Pro Licenses (HKLM-x32\...\{FC0BE5F5-D9A2-412C-AEF2-D3597903497F}) (Version: 12.0.923 - National Instruments) Hidden
NI Curl 12.0.0 (64-bit) (HKLM\...\{AFE7987B-E282-42CE-AD5A-E333BE31E204}) (Version: 12.0.412.0 - National Instruments) Hidden
NI Curl 12.0.0 (HKLM-x32\...\{59DA8C21-C667-47D0-A259-AA942C9A9717}) (Version: 12.0.412.0 - National Instruments) Hidden
NI Error Reporting 2012 (HKLM-x32\...\{D31122C9-86AC-4ACD-859E-4B1D340E1D14}) (Version: 12.0.172.0 - National Instruments) Hidden
NI EulaDepot (HKLM-x32\...\{6044C32B-88A6-411F-A9A0-8BB05ACDCED2}) (Version: 3.10.392 - National Instruments) Hidden
NI Example Finder 12.0 (HKLM-x32\...\{8FF8CB08-4E26-4425-9032-BE381589E25A}) (Version: 12.0.291.0 - National Instruments) Hidden
NI GMP Windows 32-bit Installer 12.0.0 (HKLM-x32\...\{EAC44648-E378-45C7-BEF3-3DD68980E465}) (Version: 12.0.46.0 - National Instruments) Hidden
NI GMP Windows 64-bit Installer 12.0.0 (HKLM\...\{00606A59-716C-484A-AE64-5F7E3F23B3BD}) (Version: 12.0.46.0 - National Instruments) Hidden
NI Help Assistant (64bit) (HKLM\...\{E3867DF9-81D4-40BC-880C-1F134FECF995}) (Version: 1.0.11 - National Instruments) Hidden
NI Help Assistant (HKLM-x32\...\{2ADC660A-77C9-4A6C-9D4B-5E48A27BCA10}) (Version: 1.0.11 - National Instruments) Hidden
NI LabVIEW 2011 Real-Time NBFifo (HKLM-x32\...\{7C6869BF-6CBE-4CB0-8869-2743B419343C}) (Version: 11.0.250.0 - National Instruments) Hidden
NI LabVIEW 2012 Deployment Framework (HKLM-x32\...\{27B67D4C-407D-43FF-BCDE-B9E3208070E3}) (Version: 12.0.369.0 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (HKLM-x32\...\{B4A772D4-ED42-4484-8C0E-663A52D07A2F}) (Version: 12.0.219.0 - National Instruments) Hidden
NI LabVIEW 2012 Run-Time Engine Web Server (HKLM-x32\...\{28D398A0-EA5E-462F-94D0-3176B11F83AD}) (Version: 12.0.406.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2011 SP1 (HKLM-x32\...\{1D78A81A-58D9-46F7-BFF6-ADF7247803F9}) (Version: 11.0.448.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2012 (HKLM-x32\...\{D50044F6-0436-4DCF-9A62-A05950C2CF9C}) (Version: 12.0.381.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2011 (HKLM-x32\...\{6B9F789C-1D28-44D5-BCCE-7CCDBFB14B79}) (Version: 11.0.449.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2012 (HKLM-x32\...\{73BD4467-2A1E-48F6-A732-1C8B2BD2BF94}) (Version: 12.0.150.0 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (HKLM-x32\...\{BCC373FE-227D-46D9-827F-05BA296E2602}) (Version: 11.0.375.0 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (HKLM\...\{DABB1D70-482A-4B92-8B24-052AD650A2B0}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (HKLM-x32\...\{94AEBDCC-159F-4CBB-ABDE-B16483D2CF6C}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (HKLM-x32\...\{2B1D39F8-477A-4B40-B062-F5E0C4D42B9B}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (HKLM-x32\...\{74DBB98D-B4A7-4DD9-9E13-C51FDB1105D0}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (HKLM\...\{0C2486A3-EF0D-4C6C-9947-C63D6E8C6E4C}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (HKLM-x32\...\{7FB07065-F547-448A-A1C3-1F2EF5EB834F}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (HKLM\...\{176468CE-41AB-4A9A-AC38-45A146D39688}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (HKLM\...\{25DECAB0-6580-4B9C-8174-5AC6C9E2D823}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (HKLM-x32\...\{A06A7065-FCA1-4D3C-BE65-2837ACCB135D}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (HKLM-x32\...\{41F6CA61-82CB-4615-9A97-252C5D58FA4B}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (HKLM-x32\...\{075CA8A9-25A1-4EA7-885C-8A92AED7DB3A}) (Version: 10.0.1434 - National Instruments) Hidden
NI License Manager (HKLM-x32\...\{0426182B-4CE3-4F93-93ED-22C1B99B794D}) (Version: 3.7.44 - National Instruments) Hidden
NI Logos 5.4 (64-bit) (HKLM\...\{8CF8CB9F-1FF7-4029-8B3D-9A40100B4A09}) (Version: 5.4.303.0 - National Instruments) Hidden
NI Logos 5.4 (HKLM-x32\...\{39E63436-773B-4294-9C19-E4E5941A6C69}) (Version: 5.4.303.0 - National Instruments) Hidden
NI Logos XT Support (HKLM-x32\...\{88A77AEA-B52C-4D59-858E-51DD450848DE}) (Version: 5.4.295.0 - National Instruments) Hidden
NI Logos64 XT Support (HKLM\...\{5A59ABAE-5F06-4241-B607-6376C29F9F31}) (Version: 5.4.295.0 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (HKLM\...\{58A9B4F6-2E67-464A-9F71-95F6D7159702}) (Version: 1.0.10.0 - National Instruments) Hidden
NI Math Kernel Libraries (HKLM-x32\...\{231D0E11-0313-49FD-95CE-1D0264C7F1F5}) (Version: 1.0.10.0 - National Instruments) Hidden
NI Math Kernel Libraries (HKLM-x32\...\{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}) (Version: 1.0.861.0 - National Instruments) Hidden
NI MAX Remote Configuration 64-bit Installer 5.0 (HKLM\...\{899576E7-3569-417F-8EFE-EB881BE22EDE}) (Version: 5.00.49153 - National Instruments) Hidden
NI MAX Remote Configuration Installer 5.0 (HKLM-x32\...\{268B0789-E2BF-4836-BF05-A6140B4983CA}) (Version: 5.00.49153 - National Instruments) Hidden
NI MDF Support (HKLM-x32\...\{0F4EAF80-522A-4D89-8E62-7AEFF54E811E}) (Version: 3.10.392 - National Instruments) Hidden
NI mDNS Responder 2.1 for Windows 64-bit (HKLM\...\{4DD08E99-6FC1-4188-9A2E-0AF968279E41}) (Version: 2.10.49152 - National Instruments) Hidden
NI mDNS Responder 2.1.0 (HKLM-x32\...\{6F7B933C-55A2-4F8A-BFA5-BF98CBD61C24}) (Version: 2.10.49152 - National Instruments) Hidden
NI MetaSuite Installer (HKLM-x32\...\{94C3324A-2DF8-44F0-9FF9-204E9C936527}) (Version: 3.10.393 - National Instruments) Hidden
NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (HKLM-x32\...\{38300A40-AB90-444D-A823-17EB95A5C731}) (Version: 11.0.302.0 - National Instruments) Hidden
NI NI LabVIEW 2012 Run-Time Engine Non-English Support. (HKLM-x32\...\{36D68CEE-1AC5-47E1-A269-791683DE53D0}) (Version: 12.0.363.0 - National Instruments) Hidden
NI SSL LabVIEW RTE 2012 Support (HKLM-x32\...\{5DA2E9EF-3CAA-495F-AB2C-55F39FF9EA39}) (Version: 12.0.125.0 - National Instruments) Hidden
NI SSL Support (64-bit) (HKLM\...\{ACA45A9D-5C68-429F-AE87-0F2917136FCC}) (Version: 12.0.408.0 - National Instruments) Hidden
NI SSL Support (HKLM-x32\...\{526FED3E-499E-4989-B9F9-207E2FE425AA}) (Version: 12.0.408.0 - National Instruments) Hidden
NI System State Publisher (64-bit) (HKLM\...\{197B80EB-D791-4DA4-9398-B5F029738E22}) (Version: 12.0.218.0 - National Instruments) Hidden
NI System State Publisher (HKLM-x32\...\{AED17FC7-86C3-47BE-84F9-9F078F522770}) (Version: 12.0.358.0 - National Instruments) Hidden
NI System Web Server 12.0 (HKLM-x32\...\{570AFAC0-96B1-4491-B24B-6D251C52AFA4}) (Version: 12.0.414.0 - National Instruments) Hidden
NI System Web Server Base 12.0.0 (64-bit) (HKLM\...\{9C10623C-BF56-4D66-8F1F-B2D667E44986}) (Version: 12.0.407.0 - National Instruments) Hidden
NI System Web Server Base 12.0.0 (HKLM-x32\...\{C9690FF6-AD3E-43B0-A7FD-6D8A4C929D2C}) (Version: 12.0.407.0 - National Instruments) Hidden
NI TDM Streaming 2.4 (64-bit) (HKLM\...\{000A570E-F926-4808-956C-A57EE91B75F6}) (Version: 2.4.55.0 - National Instruments) Hidden
NI TDM Streaming 2.4 (HKLM-x32\...\{5A6C68D9-FDCB-4675-A95A-CD908D103614}) (Version: 2.4.55.0 - National Instruments) Hidden
NI Trace Engine (64-bit) (HKLM\...\{BD432073-6A5D-4F0F-8952-43B3C21A31C3}) (Version: 12.0.401.0 - National Instruments) Hidden
NI Trace Engine (HKLM-x32\...\{4C7AB285-CE33-459F-AB26-0E2DBCCDA2D7}) (Version: 12.0.401.0 - National Instruments) Hidden
NI Uninstaller (HKLM-x32\...\{42E578FB-55B2-4430-8223-E1080FF5EE1C}) (Version: 3.10.392 - National Instruments) Hidden
NI Update Service 2.2.1 (HKLM-x32\...\{498754EF-6CB0-4E13-9C5F-2DBD4A6D7482}) (Version: 2.21.7.0 - National Instruments) Hidden
NI USI 2.0.0 (HKLM-x32\...\{3F0B4C33-6958-43B9-8493-C6E6D4A3565B}) (Version: 2.0.04901 - National Instruments) Hidden
NI USI 2.0.0 64-Bit (HKLM\...\{41B541B6-3518-4343-8A67-46FF9A4AA1A3}) (Version: 2.0.04901 - National Instruments) Hidden
NI VC2005MSMs x64 (HKLM\...\{E3E3E625-8F74-44CE-A6D2-C31CB43DA23D}) (Version: 8.05.0 - National Instruments) Hidden
NI VC2005MSMs x86 (HKLM-x32\...\{4B877FC6-F44C-4B39-B0B6-CE15ADC63997}) (Version: 8.05.0 - National Instruments) Hidden
NI VC2008MSMs x64 (HKLM\...\{07E00E94-7A78-40FA-9BEF-71C190E98041}) (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (HKLM-x32\...\{E84997A1-4D6F-4C0B-B60D-F85B360D2666}) (Version: 9.0.401 - National Instruments) Hidden
NI VC2010MSMs x64 (HKLM\...\{79253283-47EB-4A67-9014-0CBEC8AE4D0C}) (Version: 10.0.001 - National Instruments) Hidden
NI VC2010MSMs x86 (HKLM-x32\...\{6FFB1B16-0930-421B-9F2C-E4CB91E3B22D}) (Version: 10.0.001 - National Instruments) Hidden
NI Web Application Server 12.0 (64-bit) (HKLM\...\{3F7CDE88-3B1B-42C1-ACDF-05720E0B04BB}) (Version: 12.0.422.0 - National Instruments) Hidden
NI Web Application Server 12.0 (HKLM-x32\...\{036C09F0-1423-4097-9720-D9E034CFF50A}) (Version: 12.0.422.0 - National Instruments) Hidden
NI Web Pipeline 2.0.1 (HKLM-x32\...\{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}) (Version: 2.0.128.0 - National Instruments) Hidden
NI Web Pipeline 2.0.1 64-bit support (HKLM\...\{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}) (Version: 2.0.122.0 - National Instruments) Hidden
NI-Mesa (HKLM\...\{D754C95D-A80F-471C-819B-EEEDD07C9B0A}) (Version: 11.0.11.0 - National Instruments) Hidden
NI-Mesa (HKLM-x32\...\{7888F38C-E534-473D-B029-562173EEA2C8}) (Version: 11.0.11.0 - National Instruments) Hidden
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
Octave 4.2.1 (HKLM-x32\...\Octave-4.2.1) (Version: 4.2.1 - GNU Octave)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.112.1.25 - Overwolf Ltd.)
Panel sterowania NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden
Psychonauts (HKLM-x32\...\1207658807_is1) (Version: 2.1.0.12 - GOG.com)
RogueKiller version 12.12.13.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.13.0 - Adlice Software)
SPIDI LICZY (HKLM-x32\...\SPIDI LICZY) (Version:  - )
SPORE™ Collection (HKLM-x32\...\1948823323_is1) (Version: 3.1.0.22 - GOG.com)
STATISTICA PL 12.5.192.18 (64-bit) (HKLM\...\{3E47BC12-A817-42AE-B95E-3D32ADFC3B7F}) (Version: 12.5.192.18 - StatSoft, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWI-Prolog (remove only) (HKLM\...\SWI-Prolog) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{A5FA2886-1925-133F-0D41-B9A8ECEA0A2D}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{B739B4C5-EEEC-8E70-0276-38C4779AF398}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{E053089E-7953-3219-814F-F485FC151C54}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B9424F08-0617-C4F6-A798-5A9250C1A738}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{D261CEA1-AB8D-9CFA-4407-BCEFC78661AC}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{54C30BE4-C223-44B1-A495-A0529602064A}) (Version: 14.11.25325 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{C36E80D0-EED5-481F-9852-1EBB0DD122B6}) (Version: 14.11.25325 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VS JIT Debugger (HKLM\...\{75068E51-7C37-4003-84C2-C67461C8D60A}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A9ED1B56-3819-4B14-A929-89DD3E16E216}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{52100697-9C66-44F3-BA20-68F8148CDF9B}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{CEF65212-694E-4F0B-ADB5-17CE0C2AE213}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{134E1F55-10CB-4837-9F43-C8145933AA3E}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{5A528FAB-6AD3-4F9A-9A1C-566A5C02C3D6}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{D0772A03-7FC2-4B20-AC1F-B278299AA9C7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{66555B06-A474-4F98-A9D4-D753E5EBABE8}) (Version: 15.0.26906 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{871BE104-8114-4C84-9809-D3F2DAB18E06}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{032E21D1-556F-49D6-9518-CF53202AF63B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinAppDeploy (HKLM-x32\...\{9690D51C-4435-1C20-7819-66CCAB0F03F9}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{385A1387-A488-9E90-3635-086129610034}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{D7DD3171-DA58-52A1-95B2-4769640855AF}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7336279F-8F8F-5530-A543-3BE963846C0A}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E414A474-0A87-4F66-C409-A4D9857CFD34}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{CE760B86-975B-F514-5673-0ED4332B801B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{5E67F8BE-D8D2-257F-CE19-419A2D5125C7}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A2AA063E-AF50-A1F5-8925-A06EB1556644}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{7D4C7F4A-02A9-E434-6451-C8787DF28C1F}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{BC467065-9374-5345-DA3F-FCF073304A25}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
XAMPP (HKLM-x32\...\xampp) (Version: 7.1.8-0 - Bitnami)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Program Files\Notepad++\NppShell_06.dll [2017-06-18] ()
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVG\Antivirus\ashShA64.dll [2018-04-13] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => D:\Program Files\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => D:\Program Files\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2013-10-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVG\Antivirus\ashShA64.dll [2018-04-13] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => D:\Program Files\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {79B6C60D-F9FB-420C-818B-CABE5A3B0280} - System32\Tasks\Overwolf Updater Task => D:\Program Files\Overwolf\OverwolfUpdater.exe [2018-04-08] (Overwolf LTD)
Task: {AE691FE0-3588-4299-B931-BC575A21833C} - System32\Tasks\Antivirus Emergency Update => D:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-04-13] (AVG Technologies CZ, s.r.o.)
Task: {C70AAB67-71C9-4E5B-8C84-71AB7ED07D48} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {CBEC7068-CE6C-4E6E-BBA0-8F414EA927B4} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-04-18] (AVG Technologies CZ, s.r.o.)
Task: {E0D4E494-F3A5-4F2B-80C5-769C995E1D15} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)


==================== Skróty & WMI ========================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)


==================== Załadowane moduły (filtrowane) ==============

2017-03-11 00:30 - 2016-12-29 15:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-10 16:51 - 2017-03-10 16:52 - 000183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-10-01 14:02 - 2013-10-01 14:02 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-01-06 23:55 - 2018-01-08 18:52 - 001891832 _____ () C:\Users\Bartosz Kuryło\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-01-07 16:26 - 2018-02-08 05:59 - 001780216 _____ () \\?\C:\Users\Bartosz Kuryło\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2018-04-13 10:05 - 2018-04-13 10:05 - 000283888 _____ () D:\Program Files\AVG\Antivirus\tasks_core.dll
2018-03-13 13:39 - 2018-03-13 13:39 - 067127976 _____ () D:\Program Files\AVG\Antivirus\libcef.dll
2018-04-13 10:05 - 2018-04-13 10:05 - 000348400 _____ () D:\Program Files\AVG\Antivirus\streamback_avast.dll
2018-04-13 10:05 - 2018-04-13 10:05 - 000296688 _____ () D:\Program Files\AVG\Antivirus\streamback.dll
2018-01-06 23:55 - 2018-01-08 18:52 - 001937912 _____ () C:\Users\Bartosz Kuryło\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-06 23:55 - 2018-01-08 18:52 - 000095736 _____ () C:\Users\Bartosz Kuryło\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-01-07 16:26 - 2018-01-07 16:26 - 002662904 _____ () \\?\C:\Users\Bartosz Kuryło\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-07 16:26 - 2018-03-21 09:12 - 009623896 _____ () \\?\C:\Users\Bartosz Kuryło\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-07 16:26 - 2018-01-31 15:16 - 001508344 _____ () \\?\C:\Users\Bartosz Kuryło\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-07 16:26 - 2018-01-07 16:26 - 000513016 _____ () \\?\C:\Users\Bartosz Kuryło\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-07 16:26 - 2018-03-13 09:35 - 001517560 _____ () \\?\C:\Users\Bartosz Kuryło\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-01-07 16:27 - 2018-03-08 02:20 - 002749944 _____ () \\?\C:\Users\Bartosz Kuryło\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)


==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Powiązania plików (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-611351038-3661164438-333302154-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bartosz Kuryło\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\lordi_wallpaper_by_kittiikat.jpg
DNS Servers: 192.168.32.1 - 62.93.32.67
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting.lnk"
HKLM\...\StartupApproved\Run32: => "NI Update Service"
HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-611351038-3661164438-333302154-1001\...\StartupApproved\Run: => "GalaxyClient"

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [{DFD2A47B-B3E3-4524-8DCF-A4FDA7580B71}] => (Allow) D:\Program Files\Steam\Steam.exe
FirewallRules: [{3E666FAC-1FCE-4DF2-9EBE-9AAE98B7C26C}] => (Allow) D:\Program Files\Steam\Steam.exe
FirewallRules: [{D131BDCD-E69D-46CA-9D39-105D460A757F}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DBCE09BA-EEEF-4B52-B455-901BA29C2454}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EC750265-07F3-4723-AD20-AF672D486830}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{EAF818F8-BBF2-4F70-882E-2D16FC038357}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E8AB1A95-820A-4CD0-93D5-D589044ACAB0}] => (Allow) C:\Users\Bartosz Kuryło\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{61A82CEA-5CD5-4271-AACE-919DC23BE730}] => (Allow) C:\Users\Bartosz Kuryło\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2300C734-1C4B-4AC4-88B6-719105D3D2B7}] => (Allow) C:\Users\Bartosz Kuryło\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{110BEE08-1415-41D3-826A-BEF1484BD2B7}] => (Allow) C:\Users\Bartosz Kuryło\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{964BCC5B-1B4F-4C1E-8A64-F5A99EB9A410}] => (Allow) C:\Users\Bartosz Kuryło\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5B03FD5D-CA18-4D89-B9DA-B730458D3DF4}] => (Allow) C:\Users\Bartosz Kuryło\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{FBFAA278-78F0-4D46-A823-7C6E6FB16B73}D:\program files\hearthstone\hearthstone.exe] => (Allow) D:\program files\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{CE4FC9D3-2D1D-4169-9F91-E0279E107F45}D:\program files\hearthstone\hearthstone.exe] => (Allow) D:\program files\hearthstone\hearthstone.exe
FirewallRules: [{D50D072C-1977-4FBC-817D-3AE2F98FCE37}] => (Allow) D:\Program Files\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{F5C50ECC-32CE-4D8D-9866-BA2F6D1F0BC4}] => (Allow) D:\Program Files\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{03918771-85F8-4967-A106-F85145AD1474}] => (Allow) D:\Program Files\Steam\steamapps\common\Saints Row 2\SR2_pc.exe
FirewallRules: [{95F9EC80-9796-4BF5-BD2A-C7CE13DF74AB}] => (Allow) D:\Program Files\Steam\steamapps\common\Saints Row 2\SR2_pc.exe
FirewallRules: [{021FA8F4-8833-4780-8026-ABB1FDA3060F}] => (Allow) D:\Program Files\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{E2890DE3-886B-4E22-BF6C-28E52EF4D00F}] => (Allow) D:\Program Files\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}] => (Allow) D:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{22EC3136-CADE-4416-9D77-F40268D55AD2}] => (Allow) D:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{C229CA86-D1D2-4089-A45B-2E31E803BAF1}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{4F08CF52-B016-4A68-944C-1304C9C0BE35}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{CD4A55A3-AC69-4910-B11D-11764353D2A1}] => (Allow) D:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
FirewallRules: [{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}] => (Allow) D:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
FirewallRules: [TCP Query User{4A4C5344-6B6D-46FB-9125-E2DECAED60B4}D:\program files\overwatch\overwatch.exe] => (Allow) D:\program files\overwatch\overwatch.exe
FirewallRules: [UDP Query User{09233BBB-6C21-43A2-A05E-AA441B2AE8B4}D:\program files\overwatch\overwatch.exe] => (Allow) D:\program files\overwatch\overwatch.exe
FirewallRules: [{6953EEE5-0A2D-4552-AF75-811361DC4E5E}] => (Allow) D:\Program Files\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{D1D406A2-C571-4098-98D8-D0C0C43AFBF9}] => (Allow) D:\Program Files\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{8408CEED-DCE9-4368-9180-940A2D8FFCCF}] => (Allow) D:\Program Files\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [{E19E960C-DE0B-4667-8EB2-96B1C4C71D33}] => (Allow) D:\Program Files\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [TCP Query User{95279938-2AED-413A-8A05-200404BA29E0}D:\program files\netbeans 8.2\bin\netbeans64.exe] => (Allow) D:\program files\netbeans 8.2\bin\netbeans64.exe
FirewallRules: [UDP Query User{5B2B9BAE-9A1F-4DF8-86C0-CD52A0CEE2FD}D:\program files\netbeans 8.2\bin\netbeans64.exe] => (Allow) D:\program files\netbeans 8.2\bin\netbeans64.exe
FirewallRules: [{CD698ECF-5BA1-412D-BBD0-D59AE35B8E68}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{83C23EBB-7FB7-444A-9E01-DB47E116CB12}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{9BA6FC95-2679-4E1D-8CAF-CDE04385EB4F}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{579E6850-AAC3-466A-B2B3-C52B6BC15706}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{1CA5A775-DA69-4F34-BDB2-FE26D0EF7403}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{574DE705-F8C3-4B2D-ADEA-F08C7C59D1D0}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{D96CF217-2E18-4190-AA46-797F2E425FD9}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{FC539590-6D26-4A5B-96EA-D05FEC5F335E}] => (Allow) D:\Program Files\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{9E5F68C9-A240-4D53-9664-6C581518C4E1}] => (Allow) D:\Program Files\Steam\steamapps\common\Worms Armageddon\WA.exe
FirewallRules: [{BB45CD0C-C4B2-4AC4-9A13-383393BF1C19}] => (Allow) D:\Program Files\Steam\steamapps\common\Worms Armageddon\WA.exe
FirewallRules: [TCP Query User{4B19773C-D481-4F5E-8C44-B45D6744D7E2}D:\program files\xampp\mysql\bin\mysqld.exe] => (Allow) D:\program files\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{FC1ED799-BEBF-49D0-8B95-502A787C9640}D:\program files\xampp\mysql\bin\mysqld.exe] => (Allow) D:\program files\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{E41370AC-F6D0-46B7-AA7B-B2A230C861E5}D:\program files\xampp\apache\bin\httpd.exe] => (Allow) D:\program files\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{8D4B26B2-55F8-47E2-B380-CE94885E1FC5}D:\program files\xampp\apache\bin\httpd.exe] => (Allow) D:\program files\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{CA6C5124-6310-42FE-A75A-65900F9E7C35}D:\program files\xampp\php\php.exe] => (Allow) D:\program files\xampp\php\php.exe
FirewallRules: [UDP Query User{3D09CE34-6990-47C3-A272-1B5428550693}D:\program files\xampp\php\php.exe] => (Allow) D:\program files\xampp\php\php.exe
FirewallRules: [{75B289E6-68FA-42A5-9FEC-EA6AE673E330}] => (Allow) D:\Program Files\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{8B02F5C9-4999-4CF8-9AF7-86A0EF09BC07}] => (Allow) D:\Program Files\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{D23ADD96-CB06-47E2-BD23-F7C58BDF8CE0}] => (Allow) D:\Program Files\Steam\steamapps\common\BrutalLegend\BrutalLegend.exe
FirewallRules: [{8E795F59-7ACB-47E5-BD18-6A08C33F9078}] => (Allow) D:\Program Files\Steam\steamapps\common\BrutalLegend\BrutalLegend.exe
FirewallRules: [TCP Query User{90E9E901-EB06-40E1-81E0-A1AD254F6A51}D:\program files\lg electronics\lg pc suite\smartsharera.exe] => (Block) D:\program files\lg electronics\lg pc suite\smartsharera.exe
FirewallRules: [UDP Query User{0ED5DD41-AB9C-497E-8B8E-917C0F576F53}D:\program files\lg electronics\lg pc suite\smartsharera.exe] => (Block) D:\program files\lg electronics\lg pc suite\smartsharera.exe
FirewallRules: [{9FDD3C35-9FC0-42B8-B693-F8D2985B6BDC}] => (Allow) D:\Program Files\Steam\steamapps\common\Ultimate Chicken Horse\UltimateChickenHorse.exe
FirewallRules: [{FE13B832-191A-4EDC-B839-850152BA74B3}] => (Allow) D:\Program Files\Steam\steamapps\common\Ultimate Chicken Horse\UltimateChickenHorse.exe
FirewallRules: [{3085AC38-EFD3-468F-8BAE-781F627565AF}] => (Allow) D:\Program Files\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{96757C4E-20BF-4CD5-AAFF-C595D0169318}] => (Allow) D:\Program Files\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [TCP Query User{638414C7-BAEF-4154-AC5E-0FF0FA0AD0D5}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{316B7741-FC45-4107-852E-B5ECE310ED6A}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [{693EC7AC-FBE0-4225-BCC0-ADE3A77FCCB1}] => (Allow) D:\Program Files\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{6CACD1EA-1AFF-40D4-B5E3-58FC36A66A39}] => (Allow) D:\Program Files\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{941CFFDB-0917-416C-A6CB-F5887C4FFADF}] => (Allow) D:\Program Files\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{3D20FC83-538B-4239-A65E-ABAC39BF40B6}] => (Allow) D:\Program Files\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{986CB8E7-551C-4B8C-9F82-8A8DFBD3B27C}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [UDP Query User{6DA532D9-B15D-4AAA-8CD0-EA133265FB0B}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [TCP Query User{CB8A80F5-A6CB-408C-B3EC-AD48B5B35C15}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{7A5D47BC-21E4-44E8-9F51-58F6A1CD051E}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [TCP Query User{CF78A924-C28E-45C8-88B4-A730FB83039C}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [UDP Query User{B5C46117-A9D5-45B5-9502-28DB76695367}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [{1F51858D-A6AD-42C4-AF21-E2344C6EA13D}] => (Allow) D:\Program Files\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{A3F09D88-97DD-468A-9BE7-D4D8AD69D278}] => (Allow) D:\Program Files\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{0A90EA20-FEA6-4CD9-8E92-B51E2BF1B1F1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1C85E1FD-32CA-4DC3-AC37-C20A8B2D816D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C2D9091B-4618-4DD6-BBFF-0B80D41FF15B}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3E3772D0-A848-4E70-87F0-89571C13154A}D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) D:\program files\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe

==================== Punkty Przywracania systemu =========================

07-04-2018 05:18:04 Zaplanowany punkt kontrolny
10-04-2018 07:20:43 Zainstalowany program DirectX
15-04-2018 07:13:37 Punkt przywracania utworzony przez HitmanPro
21-04-2018 00:24:33 Restore Point Created by FRST
22-04-2018 20:46:10 Zainstalowany program DirectX

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Urządzenie PCI
Description: Urządzenie PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Kontroler PCI gromadzenia danych i przetwarzania sygnałów
Description: Kontroler PCI gromadzenia danych i przetwarzania sygnałów
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (04/23/2018 10:04:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: SporeApp.exe, wersja: 3.1.0.22, sygnatura czasowa: 0x58b22844
Nazwa modułu powodującego błąd: SporeApp.exe, wersja: 3.1.0.22, sygnatura czasowa: 0x58b22844
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00965d23
Identyfikator procesu powodującego błąd: 0x5b0
Godzina uruchomienia aplikacji powodującej błąd: 0x01d3dacd0c3c5a06
Ścieżka aplikacji powodującej błąd: D:\Program Files\SPORE\SporebinEP1\SporeApp.exe
Ścieżka modułu powodującego błąd: D:\Program Files\SPORE\SporebinEP1\SporeApp.exe
Identyfikator raportu: ecaf47a3-46cc-11e8-82bb-606c66a8e7f5
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (04/23/2018 08:33:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: SporeApp.exe, wersja: 3.1.0.22, sygnatura czasowa: 0x58b22844
Nazwa modułu powodującego błąd: SporeApp.exe, wersja: 3.1.0.22, sygnatura czasowa: 0x58b22844
Kod wyjątku: 0xc000041d
Przesunięcie błędu: 0x00965d23
Identyfikator procesu powodującego błąd: 0x18b0
Godzina uruchomienia aplikacji powodującej błąd: 0x01d3daca92971c6a
Ścieżka aplikacji powodującej błąd: D:\Program Files\SPORE\SporebinEP1\SporeApp.exe
Ścieżka modułu powodującego błąd: D:\Program Files\SPORE\SporebinEP1\SporeApp.exe
Identyfikator raportu: 4742cb13-46c0-11e8-82bb-606c66a8e7f5
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (04/23/2018 08:33:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: SporeApp.exe, wersja: 3.1.0.22, sygnatura czasowa: 0x58b22844
Nazwa modułu powodującego błąd: SporeApp.exe, wersja: 3.1.0.22, sygnatura czasowa: 0x58b22844
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00965d23
Identyfikator procesu powodującego błąd: 0x18b0
Godzina uruchomienia aplikacji powodującej błąd: 0x01d3daca92971c6a
Ścieżka aplikacji powodującej błąd: D:\Program Files\SPORE\SporebinEP1\SporeApp.exe
Ścieżka modułu powodującego błąd: D:\Program Files\SPORE\SporebinEP1\SporeApp.exe
Identyfikator raportu: 443ae123-46c0-11e8-82bb-606c66a8e7f5
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (04/22/2018 05:12:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „D:\Program Files\LG Electronics\LG PC Suite\LGPCSuite.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu .
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Składnik 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Error: (04/22/2018 08:02:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „D:\Program Files\LG Electronics\LG PC Suite\LGPCSuite.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu .
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Składnik 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Error: (04/22/2018 07:47:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: wmiprvse.exe, wersja: 6.3.9600.18264, sygnatura czasowa: 0x56e1bc63
Nazwa modułu powodującego błąd: ProtectionManagement.dll, wersja: 4.8.207.0, sygnatura czasowa: 0x55933dc7
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x000000000000f674
Identyfikator procesu powodującego błąd: 0xde8
Godzina uruchomienia aplikacji powodującej błąd: 0x01d3d9fd5098ac7d
Ścieżka aplikacji powodującej błąd: C:\WINDOWS\system32\wbem\wmiprvse.exe
Ścieżka modułu powodującego błąd: C:\Program Files\Windows Defender\ProtectionManagement.dll
Identyfikator raportu: a6d7bd02-45f0-11e8-82bb-606c66a8e7f5
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (04/21/2018 06:28:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „D:\Program Files\LG Electronics\LG PC Suite\LGPCSuite.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu .
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Składnik 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Error: (04/21/2018 04:46:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KOMP-BARTKA)
Description: Aktywacja aplikacji microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail nie powiodła się. Błąd: -2144927142. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa.


Dziennik System:
=============
Error: (04/24/2018 08:36:01 AM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Lokalny adapter nie obsługuje ważnego stanu kontrolera funkcji Low Energy. Minimalna wymagana obsługiwana maska stanu to 0x1f7fffff, a uzyskano 0x1f3fffff. Funkcja Low Energy zostanie wyłączona.

Error: (04/23/2018 03:36:57 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: System wykrył konflikt adresów między adresem IP 192.168.1.100 a komputerem o sieciowym
adresie sprzętowym C8-3A-35-0C-35-82. W rezultacie mogą być zakłócone operacje sieciowe na
tym komputerze.

Error: (04/21/2018 12:36:03 AM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Lokalny adapter nie obsługuje ważnego stanu kontrolera funkcji Low Energy. Minimalna wymagana obsługiwana maska stanu to 0x1f7fffff, a uzyskano 0x1f3fffff. Funkcja Low Energy zostanie wyłączona.

Error: (04/21/2018 12:34:54 AM) (Source: DCOM) (EventID: 10010) (User: KOMP-BARTKA)
Description: Serwer {9AA46009-3CE0-458A-A354-715610A075E6} nie zarejestrował się w modelu DCOM w wymaganym czasie.

Error: (04/21/2018 12:29:51 AM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Lokalny adapter nie obsługuje ważnego stanu kontrolera funkcji Low Energy. Minimalna wymagana obsługiwana maska stanu to 0x1f7fffff, a uzyskano 0x1f3fffff. Funkcja Low Energy zostanie wyłączona.

Error: (04/21/2018 12:28:36 AM) (Source: DCOM) (EventID: 10010) (User: KOMP-BARTKA)
Description: Serwer {9BA05972-F6A8-11CF-A442-00A0C90A8F39} nie zarejestrował się w modelu DCOM w wymaganym czasie.

Error: (04/21/2018 12:25:36 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie:
Jedno wystąpienie usługi już działa.
.

Error: (04/21/2018 12:25:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa NI System Web Server niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.


Windows Defender:
===================================
Date: 2017-03-10 23:35:39.815
Description:
Funkcja ochrony w czasie rzeczywistym produktu Windows Defender napotkała błąd i jej uruchomienie nie powiodło się.
Funkcja: System inspekcji sieci
Kod błędu: 0x80070002
Opis błędu: Nie można odnaleźć określonego pliku.
Przyczyna: Ochrona przed złośliwym oprogramowaniem przestała działać z nieznanego powodu. W niektórych przypadkach ponowne uruchomienie usługi może rozwiązać problem.

Date: 2017-03-10 15:45:41.232
Description:
Funkcja ochrony w czasie rzeczywistym produktu Windows Defender napotkała błąd i jej uruchomienie nie powiodło się.
Funkcja: System inspekcji sieci
Kod błędu: 0x80070002
Opis błędu: Nie można odnaleźć określonego pliku.
Przyczyna: W systemie brakuje aktualizacji wymaganych do uruchomienia systemu inspekcji sieci. Zainstaluj wymagane aktualizacje i ponownie uruchom komputer.

Date: 2017-03-10 14:47:44.124
Description:
Funkcja ochrony w czasie rzeczywistym produktu Windows Defender napotkała błąd i jej uruchomienie nie powiodło się.
Funkcja: System inspekcji sieci
Kod błędu: 0x80070002
Opis błędu: Nie można odnaleźć określonego pliku.
Przyczyna: W systemie brakuje aktualizacji wymaganych do uruchomienia systemu inspekcji sieci. Zainstaluj wymagane aktualizacje i ponownie uruchom komputer.

Date: 2017-03-10 13:54:44.773
Description:
Funkcja ochrony w czasie rzeczywistym produktu Windows Defender napotkała błąd i jej uruchomienie nie powiodło się.
Funkcja: System inspekcji sieci
Kod błędu: 0x80070002
Opis błędu: Nie można odnaleźć określonego pliku.
Przyczyna: W systemie brakuje aktualizacji wymaganych do uruchomienia systemu inspekcji sieci. Zainstaluj wymagane aktualizacje i ponownie uruchom komputer.

CodeIntegrity:
===================================

Date: 2018-02-11 22:58:05.547
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-11 22:58:05.342
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-11 22:58:05.178
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-11 22:58:05.004
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-11 22:58:04.822
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-11 22:58:04.608
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-11 22:58:04.405
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-11 22:58:04.206
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Statystyki pamięci ===========================

Procesor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Procent pamięci w użyciu: 37%
Całkowita pamięć fizyczna: 3981.54 MB
Dostępna pamięć fizyczna: 2496.38 MB
Całkowita pamięć wirtualna: 5709.54 MB
Dostępna pamięć wirtualna: 4366.44 MB

==================== Dyski ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:133.47 GB) NTFS
Drive d: (DATA) (Fixed) (Total:258.15 GB) (Free:38.74 GB) NTFS

\\?\Volume{fddb56f4-1302-4d76-87cc-e965b2aff5c4}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.52 GB) NTFS
\\?\Volume{5c476232-29b5-4467-b6ca-51a0ed610d68}\ (Restore) (Fixed) (Total:20.01 GB) (Free:8.84 GB) NTFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 337AEAFE)

Partition: GPT.

==================== Koniec  Addition.txt ============================



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 AM

Posted 25 April 2018 - 08:58 AM


Hi,

In your previous FRST log this IP address was to be suspecious. 109.169.85.7

Tcpip\Parameters: [DhcpNameServer] 109.169.85.7 8.8.8.8
Tcpip\..\Interfaces\{8DDC1DF5-0631-450D-9EFC-75976E2A18C5}: [DhcpNameServer] 109.169.85.7 8.8.8.8

Now your last log reported this and I suspect 62.93.32.67 to be bad.

Tcpip\Parameters: [DhcpNameServer] 192.168.32.1 62.93.32.67
Tcpip\..\Interfaces\{8DDC1DF5-0631-450D-9EFC-75976E2A18C5}: [DhcpNameServer] 192.168.32.1 62.93.32.67

You can check the IP here.
https://who.is/whois-ip/ip-address/109.169.85.7

If the problem persists I suggest you check with your Internet Provider if the IP in bold are required.

p.s.
It's possible that your router has been compromised.

This following information may be of same help if confirmed by your Internet Provider.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

Keep me posted.

#9 Daractive

Daractive
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 27 April 2018 - 10:54 AM

Hello.
Different IPs are most likelly caused by one log being created at home and one at student dorm. But at the moment I returned home so did the problem. Should I follow this whole router reseting thing ?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 AM

Posted 27 April 2018 - 01:21 PM

Hi,

Does the problem persists at both locations?

Both of the IP are from

OrgName: RIPE Network Coordination Centre
OrgId: RIPE
Address: P.O. Box 10096
City: Amsterdam


Is Amsterdam in your area?

#11 Daractive

Daractive
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 27 April 2018 - 02:48 PM

Hello.
Redirects seem to happen only when using home internet. Amsterdam is nowhere close (living in Polland).



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 AM

Posted 28 April 2018 - 12:06 PM

Hi,

Reset your router at home. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 AM

Posted 05 May 2018 - 08:12 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#14 Daractive

Daractive
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 05 May 2018 - 11:46 AM

Hello.
I contacted my internet provider (since my router is locked in a metal box thingy making me unable to reset it) and he confirmed that the router itself is compromised. Somehow around next friday we'll attempt repair.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users