Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 Ran by Pawel at 2015-05-06 16:18:33 Running from C:\Users\Pawel\Desktop\logi Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1842237910-1240745531-855619827-500 - Administrator - Disabled) Gość (S-1-5-21-1842237910-1240745531-855619827-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1842237910-1240745531-855619827-1002 - Limited - Enabled) Pawel (S-1-5-21-1842237910-1240745531-855619827-1000 - Administrator - Enabled) => C:\Users\Pawel ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC} FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) «City Car Driving» version 1.4.0 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version: 1.4.0 - Forward Development) µTorrent (HKU\S-1-5-21-1842237910-1240745531-855619827-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1479, 06.02.2015 - AIMP DevTeam) ALLPlayer Pilot (HKLM-x32\...\{146BDBDD-ACD9-4B04-A286-C27471841E8E}_is1) (Version: 1.2 - ALLPlayer Group, Ltd.) ALLPlayer V6.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.) Ashampoo Burning Studio 2015 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.3 - Ashampoo GmbH & Co. KG) CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform) COMODO Internet Security Premium (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.) CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) DriverEasy 4.9.0 (HKLM\...\DriverEasy_is1) (Version: 4.9.0.0 - Easeware) Dzielenie i łączenie plików v1.2.2 (HKLM-x32\...\Dzielenie i łączenie plików_is1) (Version: - Michał Bąbik) Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.0.5 - SCS Software) Fifa 12 (c) Electronic Arts version 1 (HKLM-x32\...\Fifa 12 (c) Electronic Arts_is1) (Version: 1 - ) FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory) Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) inSSIDer Office (HKLM-x32\...\{446DB5C2-FADA-477E-AB67-0FE58C0228F3}) (Version: 4.2.5.13 - MetaGeek, LLC) inSSIDer Office (HKLM-x32\...\{8C127DE3-EC36-4BA3-A6EE-6DC4A9B6C526}) (Version: 3.1.1.6 - MetaGeek, LLC) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.33 - Intel Corporation) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) K-Lite Codec Pack 10.9.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.0 - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden Mafia II (HKLM-x32\...\Mafia II_is1) (Version: - ) Malwarebytes Anti-Malware wersja 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 37.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 pl)) (Version: 37.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7203 - Realtek Semiconductor Corp.) Setup - FIFA 14 Ultimate Edition ... (HKLM-x32\...\Setup - FIFA 14 Ultimate Edition ...) (Version: ... - Electronic Arts) Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.5.201504081732 - Sony Mobile Communications Inc.) Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony) Speccy (HKLM\...\Speccy) (Version: 1.27 - Piriform) UnLock Root Pro 4.12 (HKLM-x32\...\UnLock Root Pro) (Version: 4.12 - Unlcokroot) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WinRAR 5.11 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1842237910-1240745531-855619827-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Restore Points ========================= 19-04-2015 13:59:37 Installed Sony Mobile Drivers 28-04-2015 16:55:14 Zaplanowany punkt kontrolny ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-01-06 17:55 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 validation.sls.microsoft.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {472C8C5E-0974-40B2-A407-306C85267FE9} - System32\Tasks\{67256472-9A96-4C92-A349-3626F72E8C3A} => E:\City Car Driving Home Edition\bin\win32\starter.exe [2015-02-07] () Task: {4CD2864A-6124-4FF1-BA72-8226A46ECC34} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-21] (COMODO) Task: {56D84D3B-95B9-4DD7-99BE-C1FC7B8593D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.) Task: {6201896C-A65A-4ED4-B652-46570C63962A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.) Task: {715E2EC7-ACAB-4523-A95C-47A5813080FB} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2015-01-17] () Task: {758EB265-2D01-4BF5-B5AB-E203850B08A3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-14] (Piriform Ltd) Task: {7C92B92F-C96A-4211-9CBC-8B84670F7F48} - System32\Tasks\{C8BE0F77-3E0D-43B2-B227-CD05114A1A32} => pcalua.exe -a "F:\Autorun\APP\Identity Card v2\MOD01APP5200400005\Setup.exe" -d "F:\Autorun\APP\Identity Card v2\MOD01APP5200400005" Task: {A219EE83-7B70-4A78-A4D5-193B40744165} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-21] (COMODO) Task: {B8C8EB27-DA35-4012-A3EB-3D4DEF4F6AC4} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-21] (COMODO) Task: {D8EA2DF5-4C38-4ABA-BCBD-23478DABC52F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-21] (COMODO) Task: {DB47F1F2-D546-4C58-8861-9231DC3D2323} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated) Task: {F34B9BAF-8358-4E67-88DA-C00DED565427} - System32\Tasks\{15CEB64F-FB0F-4897-8FF8-EA6F4FBB0BD1} => E:\FIFA 14 Ultimate Edition\Game\fifa14.exe Task: {F5D25CDD-474A-4CF3-B5A6-5977851ED52F} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-21] (COMODO) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2015-01-06 18:13 - 2013-10-01 11:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe 2013-04-15 18:39 - 2015-01-09 00:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2015-04-19 13:12 - 2013-06-12 14:15 - 00245795 _____ () C:\Users\Pawel\AppData\Roaming\Adobe\Flash Player\Cache\libcurl.dll 2015-04-19 13:12 - 2013-06-12 14:15 - 00100864 _____ () C:\Users\Pawel\AppData\Roaming\Adobe\Flash Player\Cache\zlib1.dll 2015-01-27 22:21 - 2013-12-10 01:27 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audio.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audio.dll:$CmdZnID AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\unrar64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\audio.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\audio.dll:$CmdZnID AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\unrar.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\btfilter.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Desktop\vold.fstab:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\AdwCleaner(1).exe:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\AdwCleaner(1).exe:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\AdwCleaner.exe:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\adwcleaner_4.202.exe:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\adwcleaner_4.202.exe:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Anroid-L-Theme-v1.1.apk:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Anroid-L-Theme-v1.1.apk:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\B.R.O feat. Bezczel - Karma (prod. B.R.O).mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\B.R.O feat. Bezczel - Karma (prod. B.R.O).mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Bobi - Jesteś ideałem (NOWOŚĆ 2014 - Official Video).mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Bobi - Jesteś ideałem (NOWOŚĆ 2014 - Official Video).mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\ccsetup503.exe:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\ccsetup503.exe:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\ccsetup504.exe:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\ccsetup504.exe:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\ChromeSetup.exe:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\ChromeSetup.exe:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\cpu-z_1.72-en.exe:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\cpu-z_1.72-en.exe:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Czarny HIFI feat. Pezet - Niedopowiedzenia.mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Czarny HIFI feat. Pezet - Niedopowiedzenia.mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\de.robv.android.xposed.installer_v32_de4f0d.apk:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\de.robv.android.xposed.installer_v32_de4f0d.apk:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\FFSetup3.6.0.0_www.INSTALKI.pl.zip:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\FFSetup3.6.0.0_www.INSTALKI.pl.zip:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Flo Rida - GDFR feat. Sage The Gemini and Lookas [Audio].mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Flo Rida - GDFR feat. Sage The Gemini and Lookas [Audio].mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Gang Albanii - Albański raj.mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Gang Albanii - Albański raj.mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Gang Albanii - Kokainowy baron.mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Gang Albanii - Kokainowy baron.mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Gang Albanii - Napad na Bank.mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Gang Albanii - Napad na Bank.mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\HWVendorDetection(1).exe:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\HWVendorDetection(1).exe:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\HWVendorDetection.exe:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\HWVendorDetection.exe:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\jxpiinstall.exe:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\jxpiinstall.exe:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\KaeN - Nie wszystko stracone (audio).mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\KaeN - Nie wszystko stracone (audio).mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Mark Ronson - Uptown Funk ft. Bruno Mars.mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Mark Ronson - Uptown Funk ft. Bruno Mars.mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Microsoft Office 2010 Pro ACTIVATOR TOOLKIT 2.2.3 (only crack).rar:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Microsoft Office 2010 Pro ACTIVATOR TOOLKIT 2.2.3 (only crack).rar:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Mirage Ty jesteś inna.mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Mirage Ty jesteś inna.mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\New Electro & House 2015 Best Of EDM Mix.mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\New Electro & House 2015 Best Of EDM Mix.mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Pawbeats ft. Quebonafide, Kasia Grzesiek - Euforia.mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Pawbeats ft. Quebonafide, Kasia Grzesiek - Euforia.mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Rozbójnik Alibaba & Bezczel - By_a_ serca biciem.mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Rozbójnik Alibaba & Bezczel - By_a_ serca biciem.mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Rozbójnik Alibaba feat. Borixon - Magnes.mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Rozbójnik Alibaba feat. Borixon - Magnes.mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Setup_FileViewPro_2015.exe:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Setup_FileViewPro_2015.exe:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Unlock.Root.Pro.v4.1.2.Incl.Serial-P2P.zip:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Unlock.Root.Pro.v4.1.2.Incl.Serial-P2P.zip:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\vold.fstab(1).zip:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\vold.fstab(1).zip:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\vold.fstab.zip:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\vold.fstab.zip:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\Will Sparks - Ah Yeah So What (feat. Wiley & Elen Levon) [FULL VERSION].mp3:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\Will Sparks - Ah Yeah So What (feat. Wiley & Elen Levon) [FULL VERSION].mp3:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\XBlast Tools-Xposed v1.8.7 MOD.apk:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\XBlast Tools-Xposed v1.8.7 MOD.apk:$CmdZnID AlternateDataStreams: C:\Users\Pawel\Downloads\XposedInstaller_2.3-beta1.apk:$CmdTcID AlternateDataStreams: C:\Users\Pawel\Downloads\XposedInstaller_2.3-beta1.apk:$CmdZnID AlternateDataStreams: C:\Users\Pawel\AppData\Roaming\unlockrootpro4setup.exe:$CmdTcID ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1842237910-1240745531-855619827-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pawel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ALLPlayer WiFi Remote => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe MSCONFIG\startupreg: ALLUpdate => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" MSCONFIG\startupreg: RGSC => E:\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe /silent MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: uTorrent => "C:\Users\Pawel\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [{85E8E508-EC81-4451-88B9-AB99B38A9DD4}] => (Allow) C:\Users\Pawel\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2FA21FCF-FBFA-4CE9-A5E8-446800F34249}] => (Allow) C:\Users\Pawel\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{7D0448DB-7225-4410-960C-47107E43DFC2}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [UDP Query User{550455CB-8A34-4ED4-BF14-59F079627C30}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [TCP Query User{273FFD64-478D-4B36-9FA7-EFEC42479AED}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [UDP Query User{58300641-9672-4558-B0CF-4A296527707D}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [TCP Query User{7534CFB7-BF26-4985-9384-3ADF822517D3}E:\fifa 12\game\fifa.exe] => (Allow) E:\fifa 12\game\fifa.exe FirewallRules: [UDP Query User{BD76D4C5-DA23-4EF6-AE12-A1911DF11469}E:\fifa 12\game\fifa.exe] => (Allow) E:\fifa 12\game\fifa.exe FirewallRules: [{F506D7D1-65C7-4514-9A51-A6BB8F1F22FB}] => (Block) E:\fifa 12\game\fifa.exe FirewallRules: [{9C86F26B-009C-4608-A54F-E7C9451EDDAF}] => (Block) E:\fifa 12\game\fifa.exe FirewallRules: [{83D8B32E-6B18-438A-920B-BA0095A2A97D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AEB17D4C-B0FE-4A5C-A33B-615DBD4DD484}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BC06EE5C-3F55-4D73-8D00-8B7BE20FF844}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{B9FD8300-19A3-4C42-96E2-4E77D0FDA72D}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{BE2E8289-C572-4E1E-B8C2-2F3B28A13B7B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/06/2015 04:08:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/06/2015 03:30:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/06/2015 02:56:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/05/2015 08:45:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/05/2015 05:28:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/05/2015 05:16:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/05/2015 03:36:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/05/2015 02:31:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/05/2015 09:38:00 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/04/2015 06:15:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/05/2015 02:30:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 z powodu następującego błędu: %%1053 Error: (05/05/2015 02:30:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0. Error: (05/05/2015 09:36:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 z powodu następującego błędu: %%1053 Error: (05/05/2015 09:36:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0. Error: (05/04/2015 06:14:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 z powodu następującego błędu: %%1053 Error: (05/04/2015 06:14:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0. Error: (05/03/2015 07:43:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (05/03/2015 07:43:53 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Usługa Windows Search zakończyła działanie; wystąpił specyficzny dla niej błąd %%-1073473535. Error: (05/03/2015 09:14:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 z powodu następującego błędu: %%1053 Error: (05/03/2015 09:14:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0. Microsoft Office Sessions: ========================= Error: (05/06/2015 04:08:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/06/2015 03:30:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/06/2015 02:56:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/05/2015 08:45:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/05/2015 05:28:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/05/2015 05:16:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/05/2015 03:36:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/05/2015 02:31:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/05/2015 09:38:00 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/04/2015 06:15:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel(R) Pentium(R) 3556U @ 1.70GHz Percentage of memory in use: 43% Total physical RAM: 3991.36 MB Available physical RAM: 2253.04 MB Total Pagefile: 7980.91 MB Available Pagefile: 5911.39 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:146.39 GB) (Free:101.13 GB) NTFS Drive d: (Data) (Fixed) (Total:147.4 GB) (Free:141.8 GB) NTFS Drive e: (Gry) (Fixed) (Total:166.02 GB) (Free:96.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 58F15BDF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=147.4 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=166 GB) - (Type=07 NTFS) ==================== End Of Log ============================