Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 Ran by Ja at 2015-05-25 20:34:58 Running from G:\groch Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2473729197-2336158867-2275122229-500 - Administrator - Enabled) => C:\Users\Administrator Gość (S-1-5-21-2473729197-2336158867-2275122229-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2473729197-2336158867-2275122229-1003 - Limited - Enabled) Ja (S-1-5-21-2473729197-2336158867-2275122229-1001 - Administrator - Enabled) => C:\Users\Ja ja1 (S-1-5-21-2473729197-2336158867-2275122229-1004 - Administrator - Enabled) UpdatusUser (S-1-5-21-2473729197-2336158867-2275122229-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) AutoCAD 2012 - Polski (HKLM\...\AutoCAD 2012 - Polski) (Version: 18.2.51.0 - Autodesk) AutoCAD 2012 - Polski (Version: 18.2.51.0 - Autodesk) Hidden AutoCAD 2012 Language Pack - Polski (Version: 18.2.51.0 - Autodesk) Hidden Autodesk Download Manager (HKLM-x32\...\{C897D9EC-13C6-4A22-ABF7-33F2126A7DB6}) (Version: 3.0.8.0 - Autodesk, Inc.) Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.) Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.) Hidden Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79 - Autodesk, Inc.) Hidden Autodesk Inventor Fusion 2013 R1 (HKLM\...\Autodesk Inventor Fusion 2013 R1) (Version: 3.0.0.5 - Autodesk, Inc.) Autodesk Inventor Fusion 2013 R1 (Version: 3.0.0.5 - Autodesk, Inc.) Hidden Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\Dodatek Autodesk Inventor Fusion dla programu AutoCAD 2012) (Version: 0.0.1.138 - Autodesk) Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk) Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.14 - Autodesk) Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk) Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.14 - Autodesk) Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk) Autodesk Robot Structural Analysis Professional 2014 - Polish regional settings (Version: 2014.0.0.4556 - Autodesk) Hidden Autodesk Robot Structural Analysis Professional 2014 (HKLM\...\Autodesk Robot Structural Analysis Professional 2014) (Version: 2014.0.0.4556 - Autodesk, Inc.) Autodesk Robot Structural Analysis Professional 2014 (Version: 2014.0.0.4556 - Autodesk, Inc.) Hidden Autodesk Simulation Mechanical 2014 (HKLM\...\Autodesk Simulation Mechanical 2014) (Version: 2014.00.00.0513 - Autodesk, Inc.) Autodesk Simulation Mechanical 2014 (Version: 2014.00.00.0513 - Autodesk, Inc.) Hidden Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2300 - Broadcom Corporation) Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Dodatek Autodesk Inventor Fusion dla programu AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden Dodatek Autodesk Inventor Fusion Language Pack dla programu AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden Dropbox (HKU\S-1-5-21-2473729197-2336158867-2275122229-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo) Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation) Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel(R) Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2300 - Broadcom Corporation) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0098 - Realtek Semiconductor Corp.) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden Lenovo R.I.C. (Robust Intelligent Companion) (HKLM\...\Lenovo R.I.C. (Robust Intelligent Companion)) (Version: 1.0.10.1220 - Lenovo) Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.) Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden Malwarebytes Anti-Malware wersja 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Mathcad 15 F000 (HKLM-x32\...\{DC8F6C78-7231-44A2-B66E-6C4FCB3A3364}) (Version: 15.0.0.0 - PTC) Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems) Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NVIDIA 3D Vision Controller Driver 266.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 266.34 - NVIDIA Corporation) NVIDIA Sterownik graficzny 268.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.44 - NVIDIA Corporation) Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.8 - Lenovo) Onekey Theater (x32 Version: 2.0.2.8 - Lenovo) Hidden Oprogramowanie Intel(R) PROSet/Wireless WiFi (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation) Oracle VM VirtualBox 4.1.12 (HKLM\...\{7492BCA7-9F62-4265-A727-DC26A9E3DF10}) (Version: 4.1.12 - Oracle Corporation) Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo) Panel sterowania NVIDIA 268.44 (Version: 268.44 - NVIDIA Corporation) Hidden PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podręcznik użytkownika (x32 Version: 1.0.0.6 - Lenovo) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.) 'PTC Places' Namespace Shell Extension (HKLM-x32\...\{C65ABF2A-1B82-4F34-8C74-E4FE373F3BE4}) (Version: 1.1.11 - PTC) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6339 - Realtek Semiconductor Corp.) Registry Life version 3.06 (HKLM-x32\...\Registry Life_is1) (Version: 3.06 - ChemTable Software) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden SRS Control Panel (HKLM\...\{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}) (Version: 1.11.0200 - SRS Labs, Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.3 - Synaptics Incorporated) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) Usługa Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk) VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.0126 - Lenovo) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windchill ProductPoint Client Manager (HKLM-x32\...\{129024FF-A6C9-4696-91BC-570C6C05193A}) (Version: 1.1.187 - PTC) WinRAR 5.01 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - Polski\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - Polski\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - Polski\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - Polski\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2012 - Polski\acadficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-05-22 21:50 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {15938069-304D-4297-BC76-80FBED03E6E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {1C733902-C7E2-4BD7-B240-C71EF2D5CCE2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink) Task: {20237C39-47F7-4F27-8ED5-C0FCF739922A} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe Task: {34A034AC-4714-4084-B30C-E2C656A12E78} - System32\Tasks\{5D3891FE-7BEC-4678-A293-CE2D64F0729E} => pcalua.exe -a F:\setup.exe -d F:\ Task: {3B089F23-C806-4304-A5A7-F66047BFB21B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {43257C47-A6C4-4B0E-8BD7-DC8E79476AB9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated) Task: {7DCDF79E-3235-4086-93EE-6C4808105C63} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {BC6A0641-F08C-4210-AFEC-8076539CF144} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cisED6A.exe <==== ATTENTION Task: {CE8A6F82-5EC3-4CE1-8C02-F60DC697BD9C} - System32\Tasks\{97D50C8C-14DF-4F62-9155-08864565B48F} => pcalua.exe -a C:\Users\Ja\Downloads\Autodesk_Robot_Structural_Analysis_Professional_2012_Multilingual_Win_32-64bit.exe -d C:\Users\Ja\Downloads Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2011-05-02 15:41 - 2011-05-02 15:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2012-04-10 10:15 - 2012-04-10 10:15 - 00027648 _____ () C:\windows\System32\ssb7mlm.dll 2011-02-02 14:08 - 2011-02-02 14:08 - 00018656 _____ () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe 2011-02-16 19:56 - 2011-02-16 19:56 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll 2011-02-16 20:01 - 2011-02-16 20:01 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2011-10-08 08:23 - 2011-03-26 02:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-05-02 15:41 - 2011-05-02 15:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2008-12-20 05:20 - 2011-10-08 09:18 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2008-12-20 05:20 - 2011-10-08 09:18 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2011-10-08 09:08 - 2011-10-08 09:08 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe 2015-05-24 10:12 - 2015-05-24 10:12 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll 2011-10-08 08:21 - 2011-01-12 19:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2011-02-16 19:51 - 2011-02-16 19:51 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll 2011-02-16 19:53 - 2011-02-16 19:53 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll 2015-05-25 20:30 - 2015-05-25 20:30 - 00043008 _____ () c:\users\ja\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphr4ioc.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Ja\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Ja\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Ja\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Ja\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2011-10-08 09:09 - 2011-10-08 09:09 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\windows\system32\aaclient.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\acmigration.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\aeinv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\aelupsvc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\aepdu.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\aepic.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\aitstatic.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\apphelp.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\appinfo.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\appraiser.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\authui.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\charmap.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\conhost.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\consent.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\csrsrv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DCompiler_33.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DCompiler_34.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DCompiler_35.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DCompiler_36.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DCompiler_37.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DCompiler_38.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DCompiler_39.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DCompiler_40.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DCompiler_41.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DCompiler_42.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DCompiler_43.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dcsx_42.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dcsx_43.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx10.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx10_33.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx10_34.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx10_35.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx10_36.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx10_37.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx10_38.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx10_39.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx10_40.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx10_41.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx10_43.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx11_42.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx11_43.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx9_24.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx9_25.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx9_26.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx9_27.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx9_28.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx9_29.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx9_30.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx9_31.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx9_33.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx9_34.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx9_35.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3dx9_36.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DX9_37.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DX9_38.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DX9_39.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DX9_40.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DX9_41.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DX9_42.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\D3DX9_43.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\devinv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\DWrite.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\FntCache.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\gdi32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\generaltel.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\IMJP10K.DLL:$CmdTcID AlternateDataStreams: C:\windows\system32\invagent.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\kernel32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msctf.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msi.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msihnd.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mstsc.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\mstscax.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msxml3.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msxml3r.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ncsi.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nlasvc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ntdll.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\packager.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\pku2u.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\rastls.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\rdpcorekmts.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\rdpwsx.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\rdrmemptylst.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\rstrui.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\scesrv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\sdbinst.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\shell32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\shimeng.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\smss.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\srclient.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\srcore.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\tzres.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ubpm.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\winlogon.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\WinSetupUI.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\winsrv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\winsta.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wow64.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wow64cpu.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wow64win.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wpdshext.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\WSManHTTPConfig.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\WSManMigrationPlugin.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\WsmAuto.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\WsmSvc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\WsmWmiPl.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wu.upgrade.ps.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wuapi.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wuapp.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\wuauclt.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\wuaueng.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wucltux.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wudriver.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wups.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wups2.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\x3daudio1_0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\x3daudio1_1.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\X3DAudio1_2.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\X3DAudio1_3.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\X3DAudio1_4.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\X3DAudio1_5.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\X3DAudio1_6.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\X3DAudio1_7.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine2_0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine2_1.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine2_10.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine2_2.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine2_3.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine2_4.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine2_5.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine2_6.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine2_7.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine2_8.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine2_9.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine3_0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine3_1.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine3_2.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine3_3.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine3_4.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine3_5.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine3_6.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xactengine3_7.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XAPOFX1_0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XAPOFX1_1.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XAPOFX1_2.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XAPOFX1_3.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XAPOFX1_4.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XAPOFX1_5.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XAudio2_0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XAudio2_1.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XAudio2_2.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XAudio2_3.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XAudio2_4.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XAudio2_5.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XAudio2_6.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XAudio2_7.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xinput1_1.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xinput1_2.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xinput1_3.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\aaclient.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\apphelp.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\authui.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\charmap.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dcsx_42.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dcsx_43.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx10.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx10_33.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx10_34.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx10_35.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx10_36.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx10_37.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx10_38.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx10_39.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx10_40.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx10_43.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx11_42.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx11_43.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx9_24.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx9_25.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx9_26.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx9_27.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx9_28.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx9_29.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx9_30.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx9_31.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx9_33.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx9_34.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3dx9_36.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DX9_37.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DX9_38.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DX9_39.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DX9_40.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DX9_41.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DX9_42.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\D3DX9_43.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\DWrite.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\gdi32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\IMJP10K.DLL:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\instnm.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\kernel32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msctf.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msihnd.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mstsc.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mstscax.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msxml3.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msxml3r.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ncsi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ntdll.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ntkrnlpa.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\packager.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\pku2u.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\rastls.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\scesrv.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\sdbinst.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\setup16.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\shell32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\shimeng.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\srclient.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\tzres.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ubpm.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\user.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\winsta.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wow32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wpdshext.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\WsmAuto.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\WsmSvc.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\WsmWmiPl.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wuapi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wuapp.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wudriver.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wups.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\x3daudio1_0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\x3daudio1_1.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine2_0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine2_1.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine2_10.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine2_2.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine2_3.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine2_4.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine2_5.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine2_6.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine2_7.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine2_8.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine2_9.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine3_0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine3_1.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine3_2.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine3_3.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine3_4.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine3_5.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine3_6.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xactengine3_7.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\XAudio2_0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\XAudio2_1.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\XAudio2_2.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\XAudio2_3.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\XAudio2_4.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\XAudio2_6.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\XAudio2_7.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xinput1_1.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xinput1_2.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xinput1_3.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\cng.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\http.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\mbam.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\mbamchameleon.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\mrxdav.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\mwac.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\rdpwd.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\tdx.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\tssecsrv.sys:$CmdTcID AlternateDataStreams: C:\ProgramData\Temp:A1454082 AlternateDataStreams: C:\Users\Ja\Desktop\1-wiązar.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\10688342_822779261135675_7399232152411231867_o.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\10981999_861391987236017_6608059906047403953_n.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11026055_860104750698074_6899737453313696968_n.png:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11067603_742510432528830_1601264871_o.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11215647_771646559615217_1553363308_o (1).jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11215647_771646559615217_1553363308_o.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11227271_771646579615215_2050672287_o.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11229447_771646546281885_956588841_o (1).jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11229447_771646546281885_956588841_o.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11229514_771646569615216_1136451254_o.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11230063_771646542948552_1715971407_o.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11260439_771646556281884_1049355859_o (1).jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11260439_771646556281884_1049355859_o.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11264948_771646539615219_1041487754_o.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11265841_771646566281883_1786517636_o (1).jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11265841_771646566281883_1786517636_o.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11267765_771646562948550_1164303440_o (1).jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11267765_771646562948550_1164303440_o (2).jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\11267765_771646562948550_1164303440_o.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\20131217101624zal._3.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\2015-05-13 (1).rar:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\2015-05-13.rar:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\2315_format_pracy_magisterskiej_bud.doc:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\2911903_100001741418 (1).pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\2911903_100001741418.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\AT-15-8500_2010 Sika Unitherm Steel S_itb_2010.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\AutodeskDownloadManagerSetup.exe:$CmdTcID AlternateDataStreams: C:\Users\Ja\Downloads\AutodeskDownloadManagerSetup.exe:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\Budownictwo ogólne dla architektów - Przemysław Markiewicz.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\ccsetup505.zip:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\dane_dla_stali.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\DiM sem.1 pomocnicze rys.dwg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\Dop- Igniver_PL.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\drewno_2 (1).xmcd:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\drewno_2 (2).xmcd:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\Halicka Franczak - Projektowanie Zbiorników Żelbetowych t. 2 Zbiorniki na ciecze.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\hdht.xmcd:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\HijackThis.exe:$CmdTcID AlternateDataStreams: C:\Users\Ja\Downloads\HijackThis.exe:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\KT_Igniver (1).pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\KT_Igniver (2).pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\KT_Igniver.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\l3 (1).pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\l3.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\Mathcad - praca domowa - przenikanie ciepła.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\MJCS_algorytm zbiornik4 - moj.xmcd:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\MJCS_p.poz.stal.xmcd:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\MJCS_Zeszyt1xx_dobre.xlsx:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\mur_algorytm.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\niespodzianka.rar:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\P1.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\P2.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\P3.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\pankowski (1).docx:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\pankowski.docx:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\pankowski.xmcd:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\PDFill.exe:$CmdTcID AlternateDataStreams: C:\Users\Ja\Downloads\PDFill.exe:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\pisanki.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\plytyPrzykladyKolokwium1.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\Powloki ogniochronne Sika Unitherm_pl.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\Praca domowa - przenikanie ciepła.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\praca inżynierska SK.docx:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\Praca_inż_jednostr.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\prasa inżynierska.dwg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\projekt-drewno-KM (1).xmcd:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\projekt-drewno-KM.xmcd:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\Rompała_ściana.rar:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\Scan.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\Scan.rar:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\Sika - ochrona konstrukcji stalowych przed korozja_pl.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\STAL_KASIA (1).rar:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\STAL_KASIA.rar:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\stylowi_pl_moda-damska_4053285.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\słup (1).dwg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\słup.dwg:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\temat_2.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\Wniosek o dopisanie do spisu wyborców.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\Wtornik_170039523.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\Z.-Kączkowski-Płyty.-Obliczenia-statyczne.pdf:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\zad.rar:$CmdZnID AlternateDataStreams: C:\Users\Ja\Downloads\~1067603_742510432528830_1601264871_o.tmp:$CmdZnID ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2473729197-2336158867-2275122229-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: Media is not connected to internet. ==================== MSCONFIG/TASK MANAGER Error getting == (Currently there is no automatic fix for this section.) MSCONFIG\Services: FLEXnet Licensing Service 64 => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{43A69835-7715-4FDF-AC7F-CA2AFF5EA829}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{5889E370-E920-48B7-8F9B-56F41DCFD6EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{402D57F2-FA20-4C0B-9D8C-A295159C3D43}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{A00DBE68-A9AD-4F74-92B8-FF1E304EBDE9}] => (Allow) C:\Program Files\Lenovo\Bluetooth Software\EasyBits Games\Backgammon.exe FirewallRules: [{6E4F7C6C-4C87-4719-926E-CE2F97E5583B}] => (Allow) C:\Program Files\Lenovo\Bluetooth Software\EasyBits Games\Checkers.exe FirewallRules: [{C85E87F9-EFAC-42D3-8550-C956E6858EA9}] => (Allow) C:\Program Files\Lenovo\Bluetooth Software\EasyBits Games\Chess.exe FirewallRules: [{BC500B30-CBD7-40D3-9B8F-34BD4387D53F}] => (Allow) C:\Program Files\Lenovo\Bluetooth Software\EasyBits Games\EasyChat.exe FirewallRules: [{241CEBB6-0A4D-420F-B937-B40D15DACB0F}] => (Allow) C:\Program Files\Lenovo\Bluetooth Software\EasyBits Games\SeaBattle.exe FirewallRules: [{2057242F-AD42-4D8D-9410-B2D5E61680C6}] => (Allow) C:\Program Files\Lenovo\Bluetooth Software\EasyBits Games\TicTacToe.exe FirewallRules: [{E3BE28B6-B27A-44C0-8499-39726FDF3077}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe FirewallRules: [{55B3495B-3091-4022-9668-461EB2E6A2F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{99C32D54-7BEE-4214-AAEC-FD4BD04549E3}] => (Allow) LPort=2869 FirewallRules: [{C54CE9E4-E5F7-4C24-A75B-20688FF63C53}] => (Allow) LPort=1900 FirewallRules: [{B8990C3C-1A9A-445E-A9A0-6B7E017C37A8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{BBF6B253-5116-44CE-8785-E281C26E4DFF}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{CE006641-080D-4521-904C-1CB5C2D2BB73}] => (Allow) C:\Users\Ja\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{A79354D0-0276-4DBA-ADC1-593266B7E322}] => (Allow) C:\Users\Ja\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{3A85DACE-161E-4E4B-A68A-A099A63A3DAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/25/2015 08:30:05 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Nie można utworzyć punktu przywracania (Proces = C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Opis = Zaplanowany punkt kontrolny; Błąd = 0x80070422). Error: (05/25/2015 07:43:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2015 04:15:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2015 04:10:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: acad.exe, wersja: 24.2.51.0, sygnatura czasowa: 0x4d4b756f Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18798, sygnatura czasowa: 0x5507b87a Kod wyjątku: 0xc000041d Przesunięcie błędu: 0x000000000001aaad Identyfikator procesu powodującego błąd: 0x110c Godzina uruchomienia aplikacji powodującej błąd: 0xacad.exe0 Ścieżka aplikacji powodującej błąd: acad.exe1 Ścieżka modułu powodującego błąd: acad.exe2 Identyfikator raportu: acad.exe3 Error: (05/25/2015 03:58:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2015 03:43:43 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: Nie można uruchomić usługi ochrony oprogramowania. 0x80070002 6.1.7601.17514 Error: (05/25/2015 03:25:10 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: Nie można uruchomić usługi ochrony oprogramowania. 0x80070002 6.1.7601.17514 Error: (05/25/2015 03:24:17 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: Nie można uruchomić usługi ochrony oprogramowania. 0x80070002 6.1.7601.17514 Error: (05/25/2015 03:21:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2015 03:19:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: taskhost.exe, wersja: 6.1.7601.18010, sygnatura czasowa: 0x50aee9f3 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000007fefd8d018c Identyfikator procesu powodującego błąd: 0x1ae0 Godzina uruchomienia aplikacji powodującej błąd: 0xtaskhost.exe0 Ścieżka aplikacji powodującej błąd: taskhost.exe1 Ścieżka modułu powodującego błąd: taskhost.exe2 Identyfikator raportu: taskhost.exe3 System errors: ============= Error: (05/25/2015 08:31:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi MBAMScheduler. Error: (05/25/2015 08:30:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi MBAMScheduler. Error: (05/25/2015 04:14:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error: (05/25/2015 04:14:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error: (05/25/2015 04:14:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error: (05/25/2015 04:14:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error: (05/25/2015 04:14:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error: (05/25/2015 04:14:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error: (05/25/2015 04:14:09 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (05/25/2015 04:14:09 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Microsoft Office: ========================= Error: (05/25/2015 08:30:05 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationZaplanowany punkt kontrolny0x80070422 Error: (05/25/2015 07:43:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2015 04:15:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2015 04:10:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: acad.exe24.2.51.04d4b756fKERNELBASE.dll6.1.7601.187985507b87ac000041d000000000001aaad110c01d096f3a87f0f21C:\Program Files\Autodesk\AutoCAD 2012 - Polski\acad.exeC:\windows\system32\KERNELBASE.dllbd073d00-02e7-11e5-869b-b870f44b675a Error: (05/25/2015 03:58:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2015 03:43:43 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: 0x800700026.1.7601.17514 Error: (05/25/2015 03:25:10 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: 0x800700026.1.7601.17514 Error: (05/25/2015 03:24:17 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: 0x800700026.1.7601.17514 Error: (05/25/2015 03:21:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2015 03:19:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: taskhost.exe6.1.7601.1801050aee9f3unknown0.0.0.000000000c0000005000007fefd8d018c1ae001d096ece74f8b40C:\windows\system32\taskhost.exeunknowna97c9640-02e0-11e5-98a4-b870f44b675a CodeIntegrity Errors: =================================== Date: 2015-05-23 16:12:06.057 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-23 16:12:05.637 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-23 16:01:05.329 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-23 16:01:04.971 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-22 21:50:22.248 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-22 21:50:22.216 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-21 21:45:38.381 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-21 21:45:38.308 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-21 21:45:38.229 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-21 21:45:38.098 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz Percentage of memory in use: 25% Total physical RAM: 8135.86 MB Available physical RAM: 6070.39 MB Total Pagefile: 16269.91 MB Available Pagefile: 14045.15 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:225.99 GB) (Free:145.03 GB) NTFS Drive d: (ARCHIWUM) (Fixed) (Total:224.82 GB) (Free:70.54 GB) NTFS Drive e: (W7.SP1.IE9.PL.All.Versions.Int) (CDROM) (Total:4.35 GB) (Free:0 GB) UDF Drive g: (KINGSTON) (Removable) (Total:3.75 GB) (Free:0.61 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 60A1C708) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=226 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=224.8 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12) ======================================================== Disk: 1 (Size: 3.8 GB) (Disk ID: 0002B3B4) Partition 1: (Active) - (Size=3.8 GB) - (Type=0B) ==================== End of log ============================