Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 21-12-2016 Uruchomiony przez MRC (23-12-2016 12:03:35) Uruchomiony z G:\Pobrane Windows 7 Home Premium Service Pack 1 (X64) (2016-12-19 19:28:21) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-337221987-1678989969-2118012739-500 - Administrator - Disabled) Gość (S-1-5-21-337221987-1678989969-2118012739-501 - Limited - Disabled) MRC (S-1-5-21-337221987-1678989969-2118012739-1000 - Administrator - Enabled) => C:\Users\MRC ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Panda Protection (Enabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0} AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Panda Protection (Enabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D} FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89} FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) . . . (Version: 2.1.28.3 - Intel) Hidden . . . (x32 Version: 2.6.2.4 - Intel) Hidden Ansel (Version: 376.33 - NVIDIA Corporation) Hidden Brother MFL-Pro Suite DCP-J125 (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.) Clover V3.2 (HKLM-x32\...\Clover) (Version: 3.2.5.12091 - 易捷科技) COMODO Firewall (HKLM\...\{C7C71F0C-4CC1-4B17-943C-96E5196DDA74}) (Version: 8.4.0.5165 - COMODO Security Solutions Inc.) f.lux (HKU\S-1-5-21-337221987-1678989969-2118012739-1000\...\Flux) (Version: - ) Intel(R) USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.0.32 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel) KatMouse (remove only) (HKLM-x32\...\KatMouse) (Version: - ) KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl) Malwarebytes (wersja 3.0.5.1299) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes) Microsoft .NET Framework 4.6.2 (HKLM\...\{63DF5C4B-E3BF-3346-A033-C57B22F44C9E}) (Version: 4.6.01590 - Microsoft Corporation) Microsoft .NET Framework 4.6.2 (PLK) (HKLM\...\{0B3D240E-C151-31E7-8E2E-9626B3FCBB0C}) (Version: 4.6.01590 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 50.1.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 pl)) (Version: 50.1.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden NVIDIA Oprogramowanie systemu PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NVIDIA Sterownik graficzny 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation) Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden Panda Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.00.00.0000 - Panda Security) Panda Protection (Version: 8.85.00 - Panda Security) Hidden Panel sterowania NVIDIA 376.33 (Version: 376.33 - NVIDIA Corporation) Hidden Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.) ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.4.1 - ShareX Team) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0415-1000-0000000FF1CE}_Office15.PROPLUS_{67847964-08E2-4A8F-B09D-B08D5CE69250}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-012B-0415-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version: - Microsoft) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs) WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {5C5C6907-2CE9-4C46-A3E4-6BBAEB64FCDA} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO) Task: {6835AC8A-C7F4-48B1-BFE0-EBB244E0B826} - \AutoKMS -> Brak pliku <==== UWAGA Task: {72303B90-4A8B-4079-864A-E6341F388FF8} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation) Task: {AEEA864D-BDB5-44DB-8317-BD842D314FB3} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO) Task: {D789D91A-7069-481A-B998-0A235FC09F19} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2016-12-20] (Microsoft Corporation) Task: {FA75C709-6C6D-4DC6-9AE0-82A6096BB360} - \USER_ESRV_SVC_QUEENCREEK -> Brak pliku <==== UWAGA Task: {FE3D3D3D-AFAA-467E-85DD-AB7857279FBD} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-14] (COMODO) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2016-12-20 00:25 - 2016-12-11 19:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-04-17 14:42 - 2011-04-17 14:42 - 00043520 _____ () C:\Program Files (x86)\KatMouse\KatMouseS64.dll 2016-11-17 22:05 - 2016-11-17 22:05 - 00156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe 2014-02-01 14:09 - 2016-12-20 13:11 - 01581056 _____ () C:\Program Files (x86)\KatMouse\KatMouse.exe 2014-02-01 14:28 - 2016-12-20 13:11 - 00005120 _____ () C:\Program Files (x86)\KatMouse\KatMouse64.exe 2016-12-22 13:46 - 2016-11-17 22:16 - 00805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe 2016-12-22 13:46 - 2016-11-17 22:18 - 01981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll 2016-12-22 13:46 - 2016-11-17 22:11 - 00247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll 2016-12-22 13:46 - 2016-11-17 22:10 - 00212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll 2016-12-22 13:46 - 2016-11-17 22:11 - 00174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll 2016-12-22 13:46 - 2016-11-17 22:10 - 00203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll 2016-12-22 13:46 - 2016-11-17 22:09 - 00206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll 2016-12-22 13:46 - 2016-11-17 22:09 - 00336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll 2016-12-22 13:46 - 2016-11-17 22:06 - 00147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll 2016-12-22 13:46 - 2016-11-17 22:11 - 00213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll 2016-12-22 13:46 - 2016-11-17 22:07 - 00229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll 2016-12-22 13:46 - 2016-11-17 22:08 - 00224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll 2016-12-22 13:46 - 2016-11-17 22:06 - 00211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll 2016-12-22 13:46 - 2016-11-17 22:08 - 00219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll 2015-12-15 18:17 - 2015-12-15 18:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll 2014-02-01 14:09 - 2014-02-01 14:09 - 00034816 _____ () C:\Program Files (x86)\KatMouse\KatMouseS.dll 2014-02-08 11:33 - 2014-02-08 11:33 - 01630720 _____ () C:\Program Files (x86)\KatMouse\KatMouseH.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Windows\RtlExUpd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\audioLibVc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\AudysseyEfx.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\BrUsi09c.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BrWi209c.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Caf64api.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\CAF64APO2.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\CX64APO.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\CX64Proxy.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DAX3APOProp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DAX3APOv251.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DDPA64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DDPA64F3.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DDPD64A.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DDPD64AF3.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DDPO64A.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DDPO64AF3.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DDPP64A.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DDPP64AF3.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DolbyDAX2APOProp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DolbyDAX2APOv201.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DolbyDAX2APOv211.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DolbyDAX2APOvlldp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSU2PGFX64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSU2PLFX64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSU2PREC64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\FM20ENU.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\HarmanAudioInterface.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\HiFiDAX2API.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\HiFiDAX2APIPCLL.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\HMAPO.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\HMClariFi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\HMEQ.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\HMEQ_Voice.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\HMHVS.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\HMLimiter.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\HMUI.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ICEsoundAPO64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\IntelSSTAPO.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\IntelSstCApoPropPage.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\KAAPORT64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO4064.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO5064.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO6064.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO7064.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxAudioCapture64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxAudioRender64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxAudioRenderAVX64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxSpeechAPO64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO2064.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO3064.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO4064.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MISS_APO.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\NAHIMICAPOlfx.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\NahimicAPONSControl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\NAHIMICV2apo.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\NAHIMICV3apo.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\R4EEA64A.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\R4EED64A.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\R4EEG64A.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\R4EEL64A.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\R4EEP64A.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RCoInstII64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RltkAPO64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RtDataProc64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RtkCoLDR64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SEAPO64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SECOMN64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SEHDHF64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SEHDRA64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SFAPO64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SFCOM64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SFNHK64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\sl3apo64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\slcnt64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\slprp64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\sltech64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SRAPO64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SRCOM.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SRCOM64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SRRPTR64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\tadefxapo.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\tadefxapo264.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\tbb_waves.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\tepeqapo64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\tosade.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\tosasfapo64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\toseaeapo64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\tossaeapo64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\tossaemaxapo64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\VEN2232.OLB:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WavesGUILib64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\YamahaAE.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\YamahaAE2.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\YamahaAE3.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\BrDctF2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BrDctF2L.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BrDctF2S.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BroSNMP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\brprtink.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\NSSearch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\RltkAPO.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\SECOMN32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\SEHDHF32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\SFCOM.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\SRCOM.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\BazisVirtualCDBus.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\iusb3hub.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\iusb3xhc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\mbae64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\NNSNAHSL.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\MRC\Desktop\comment_0zNk37J8bDJkYUhx6aR8HOIlY4F6dGAd.jpg:$CmdZnID [26] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-337221987-1678989969-2118012739-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MRC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.100.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja wyłączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{7B93F623-D830-4DF2-BD29-4E2625E371CF}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{89CEDF18-7A31-44C3-A55B-6BD0FE0C9DC7}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Punkty Przywracania systemu ========================= 20-12-2016 00:47:10 Instalacja pakietu sterownika urządzenia: COMODO Usługa sieciowa 20-12-2016 02:04:51 Instalacja pakietu sterownika urządzenia: SysProgs.org Kontrolery magazynu 20-12-2016 02:21:49 Installed Microsoft Office Professional Plus 2013 20-12-2016 02:21:55 PROPLUS 20-12-2016 10:47:41 Windows Update 20-12-2016 19:46:41 Zainstalowane Realtek High Definition Audio Driver 21-12-2016 01:14:37 Windows Update 21-12-2016 16:34:24 Windows Update 22-12-2016 10:56:26 Zainstalowane Brother Software Suite 22-12-2016 13:46:30 Intel® Driver Update Utility ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Kontroler pamięci PCI Description: Kontroler pamięci PCI Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Kontroler magistrali zarządzania systemem Description: Kontroler magistrali zarządzania systemem Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Kontroler PCI gromadzenia danych i przetwarzania sygnałów Description: Kontroler PCI gromadzenia danych i przetwarzania sygnałów Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Kontroler PCI Simple Communications Description: Kontroler PCI Simple Communications Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (12/23/2016 11:46:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/23/2016 11:35:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/23/2016 10:18:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: mbamservice.exe, wersja: 3.1.0.388, sygnatura czasowa: 0x58320f73 Nazwa modułu powodującego błąd: mbae-api-na.dll_unloaded, wersja: 0.0.0.0, sygnatura czasowa: 0x5851a4f1 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000007fee562fb66 Identyfikator procesu powodującego błąd: 0x1474 Godzina uruchomienia aplikacji powodującej błąd: 0x01d25cfd0322b063 Ścieżka aplikacji powodującej błąd: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Ścieżka modułu powodującego błąd: mbae-api-na.dll Identyfikator raportu: cfc02853-c8f0-11e6-9b9b-7085c204fd7e Error: (12/23/2016 08:43:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: AutoKMS.exe, wersja: 2.6.2.0, sygnatura czasowa: 0x57f3a909 Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.23572, sygnatura czasowa: 0x57fd0696 Kod wyjątku: 0xe0434352 Przesunięcie błędu: 0x000000000001a06d Identyfikator procesu powodującego błąd: 0x768 Godzina uruchomienia aplikacji powodującej błąd: 0x01d25cf0395974a0 Ścieżka aplikacji powodującej błąd: C:\Windows\AutoKMS\AutoKMS.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\KERNELBASE.dll Identyfikator raportu: 7ef270c1-c8e3-11e6-9b9b-7085c204fd7e Error: (12/23/2016 08:43:29 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplikacja: AutoKMS.exe Wersja architektury: v4.0.30319 Opis: proces został przerwany z powodu nieobsłużonego wyjątku. Informacje o wyjątku: System.ComponentModel.Win32Exception w System.Diagnostics.Process.StartWithCreateProcess(System.Diagnostics.ProcessStartInfo) w System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo) w ..(System.String, Boolean, Boolean) w ..(., System.String, Boolean, System.String, Int32, System.String, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String) w ..(System.String, Int32, Boolean, Boolean, ., System.String, System.String, System.String, Boolean, Boolean, Boolean, Boolean, System.String, Boolean) w ..(.) w ..() Error: (12/23/2016 08:43:19 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/23/2016 08:33:27 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: AutoKMS.exe, wersja: 2.6.2.0, sygnatura czasowa: 0x57f3a909 Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.23572, sygnatura czasowa: 0x57fd0696 Kod wyjątku: 0xe0434352 Przesunięcie błędu: 0x000000000001a06d Identyfikator procesu powodującego błąd: 0x76c Godzina uruchomienia aplikacji powodującej błąd: 0x01d25ceed29cf800 Ścieżka aplikacji powodującej błąd: C:\Windows\AutoKMS\AutoKMS.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\KERNELBASE.dll Identyfikator raportu: 174a1d21-c8e2-11e6-aa3b-7085c204fd7e Error: (12/23/2016 08:33:25 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplikacja: AutoKMS.exe Wersja architektury: v4.0.30319 Opis: proces został przerwany z powodu nieobsłużonego wyjątku. Informacje o wyjątku: System.ComponentModel.Win32Exception w System.Diagnostics.Process.StartWithCreateProcess(System.Diagnostics.ProcessStartInfo) w System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo) w ..(System.String, Boolean, Boolean) w ..(., System.String, Boolean, System.String, Int32, System.String, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String) w ..(System.String, Int32, Boolean, Boolean, ., System.String, System.String, System.String, Boolean, Boolean, Boolean, Boolean, System.String, Boolean) w ..(.) w ..() Error: (12/23/2016 08:33:17 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/22/2016 09:06:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: AutoKMS.exe, wersja: 2.6.2.0, sygnatura czasowa: 0x57f3a909 Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.23572, sygnatura czasowa: 0x57fd0696 Kod wyjątku: 0xe0434352 Przesunięcie błędu: 0x000000000001a06d Identyfikator procesu powodującego błąd: 0x678 Godzina uruchomienia aplikacji powodującej błąd: 0x01d25c8ed394b780 Ścieżka aplikacji powodującej błąd: C:\Windows\AutoKMS\AutoKMS.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\KERNELBASE.dll Identyfikator raportu: 184d36e1-c882-11e6-ae8e-7085c204fd7e Dziennik System: ============= Error: (12/23/2016 10:18:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Malwarebytes Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (12/21/2016 02:35:19 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Wykonywanie kopii w tle woluminu D: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error: (12/21/2016 11:27:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%16405 Error: (12/20/2016 01:50:48 PM) (Source: Disk) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error: (12/20/2016 01:50:47 PM) (Source: Disk) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error: (12/20/2016 01:50:46 PM) (Source: Disk) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error: (12/19/2016 10:38:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Wstępne ładowanie do pamięci zakończyła działanie; wystąpił następujący błąd: Usługa nie została uruchomiona. Error: (12/19/2016 09:23:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: Uruchomienie usługi zależności lub grupy nie powiodło się. Error: (12/19/2016 09:23:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: Uruchomienie usługi zależności lub grupy nie powiodło się. Error: (12/19/2016 09:23:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: Uruchomienie usługi zależności lub grupy nie powiodło się. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz Procent pamięci w użyciu: 19% Całkowita pamięć fizyczna: 8147.41 MB Dostępna pamięć fizyczna: 6564.93 MB Całkowita pamięć wirtualna: 16293 MB Dostępna pamięć wirtualna: 14597.66 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:65.2 GB) NTFS Drive d: (W7 HD500J) (Fixed) (Total:116.44 GB) (Free:4.45 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive e: (Filmy) (Fixed) (Total:116.44 GB) (Free:8.75 GB) NTFS Drive f: (Gry) (Fixed) (Total:116.44 GB) (Free:21.04 GB) NTFS Drive g: (Seriale) (Fixed) (Total:116.44 GB) (Free:0.36 GB) NTFS Drive h: () (Fixed) (Total:70.51 GB) (Free:62.42 GB) NTFS Drive i: () (Fixed) (Total:430.5 GB) (Free:389.54 GB) NTFS Drive j: () (Fixed) (Total:430.5 GB) (Free:430.36 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 0F1C0B56) Partition 1: (Not Active) - (Size=70.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=861 GB) - (Type=OF Extended) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F4ABF4AB) Partition 1: (Active) - (Size=116.4 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=349.3 GB) - (Type=OF Extended) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D44CA2A6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================