Witam. Mam pewien problem. Mianowicie ostatnio wlaczam komputer a wszyskie moje zdjecia, filmy, pliki tekstowe itd. sa zaszyfrowane. Kiedy wlaczam plik z notatkami to mam w nim zamiast notatki cos w rodzaju chinskich znakow czy ciagu liczb i liter. przy kazdym pliku/folderze z plikami, utworzyly sie 4 pliki o nazwie "help_decrypt". Dwa jako pliki skrotowe do strony internetowej, jeden jako dokument tekstowy i jeden jako obraz PNG. W kazdym z nich sa jakies instrukcje, opisy itd. po angielsku. Cos o jakims CryptoWall 3.0... dysk komputera jest w porzadku, mialem jakies wirusy przez nieuzywanie antywirusa ale tez je pousuwalem. Nie potrafie tylko odszyfrowac tych plikow. Poprzednich wersji ani kopii zapasowej rowniez nie mam. Moje pytanie brzmi czy da sie jakos odszyfrowac te pliki czy sa one pouszkadzane? Z gory dziekuje za pomoc. Pozdrawiam!
PS: Zeskanowalem system programem FRST. Moze to byc istotne wiec wklejam to co mi wyskoczylo
Plik FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01
Ran by Krzysztof (administrator) on JAKUB-KOMPUTER on 29-05-2015 15:30:35
Running from C:\Users\Krzysztof\Downloads
Loaded Profiles: Krzysztof (Available Profiles: Jakub & Krzysztof & Tomasz)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321\maintainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKU\S-1-5-21-3547090968-3412655250-3130215973-1003\...\MountPoints2: {67198115-8111-11df-af53-806e6f6e6963} - E:\LoaderPrawko.exe
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files\Windows Live\Installer\wlstart.exe [785744 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2014-09-18] (Microsoft Corporation)
Startup: C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-04-02] ()
Startup: C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-04-02] ()
InternetURL: C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/1cp42gh
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3547090968-3412655250-3130215973-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3547090968-3412655250-3130215973-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\acsydatp.default
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\acsydatp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-23]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.NCRQS4RW6I56DRW6FLRPVY7VLQ - C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1848680 2015-02-17] (LogMeIn Inc.)
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-02-16] (LogMeIn, Inc.)
R2 MaintainerSvc6.89.573444; C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321\maintainer.exe [128240 2015-05-29] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998640 2015-03-25] (Overwolf LTD)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 SAService; C:\windows\system32\SAsrv.exe [445496 2010-03-25] (Conexant Systems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 305c2e03; "C:\windows\system32\rundll32.exe" "c:\Program Files\IncludeSystem\IncludeSystem.dll",serv
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation)
S3 Bridge0; C:\windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [54800 2010-06-26] ()
R3 hamachi; C:\windows\System32\DRIVERS\hamachi.sys [26176 2015-02-16] (LogMeIn, Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R3 pfc; C:\windows\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 usbsmi; C:\windows\System32\DRIVERS\SMIksdrv.sys [171776 2009-10-16] (SMI)
R3 wdmirror; C:\windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows ® Codename Longhorn DDK provider)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
S1 ccnfd_1_10_0_4; system32\drivers\ccnfd_1_10_0_4.sys [X]
S1 coacfunv; \??\C:\windows\system32\drivers\coacfunv.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-29 15:27 - 2015-05-29 15:30 - 00010969 _____ () C:\Users\Krzysztof\Downloads\FRST.txt
2015-05-29 15:27 - 2015-05-29 15:30 - 00000000 ____D () C:\FRST
2015-05-29 15:26 - 2015-05-29 15:26 - 01147392 _____ (Farbar) C:\Users\Krzysztof\Downloads\FRST.exe
2015-05-29 15:16 - 2015-05-29 15:26 - 00000853 _____ () C:\Users\Krzysztof\Desktop\Nowy dokument tekstowy.txt
2015-05-23 16:26 - 2010-11-20 14:17 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\utilman.exe
2015-05-23 15:40 - 2015-05-23 15:40 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-23 15:34 - 2015-05-23 15:40 - 00001912 _____ () C:\windows\epplauncher.mif
2015-05-23 15:29 - 2015-05-23 15:29 - 00008646 _____ () C:\Users\Krzysztof\HELP_DECRYPT.HTML
2015-05-23 15:27 - 2015-05-23 15:40 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-23 15:26 - 2015-05-23 15:26 - 00008646 _____ () C:\Users\Krzysztof\AppData\Roaming\HELP_DECRYPT.HTML
2015-05-23 15:26 - 2015-05-23 15:26 - 00008646 _____ () C:\Users\Krzysztof\AppData\HELP_DECRYPT.HTML
2015-05-23 15:25 - 2015-05-23 15:25 - 00008646 _____ () C:\Users\Krzysztof\AppData\Local\HELP_DECRYPT.HTML
2015-05-23 15:21 - 2015-05-23 15:21 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-23 15:21 - 2015-05-23 15:21 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-23 15:21 - 2015-05-23 15:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-23 15:21 - 2015-05-23 15:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-23 15:17 - 2015-05-23 15:26 - 00000000 ____D () C:\Users\Krzysztof\AppData\Roaming\Mozilla
2015-05-23 15:17 - 2015-05-23 15:18 - 00000000 ____D () C:\Users\Krzysztof\AppData\Local\Mozilla
2015-05-23 15:17 - 2015-05-23 15:17 - 00000000 ____D () C:\ProgramData\Mozilla
2015-05-23 14:50 - 2015-05-23 14:50 - 00000000 __SHD () C:\found.002
2015-05-23 14:42 - 2015-05-23 14:42 - 00000000 ____D () C:\windows\pss
2015-05-23 14:40 - 2015-05-23 14:45 - 00000000 ____D () C:\AdwCleaner
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-29 15:29 - 2010-06-26 13:00 - 01137171 _____ () C:\windows\WindowsUpdate.log
2015-05-29 15:10 - 2009-07-14 06:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-29 15:10 - 2009-07-14 06:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 15:01 - 2010-06-09 11:05 - 00752844 _____ () C:\windows\system32\perfh015.dat
2015-05-29 15:01 - 2010-06-09 11:05 - 00159900 _____ () C:\windows\system32\perfc015.dat
2015-05-29 15:01 - 2010-06-09 03:36 - 01695538 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-29 14:56 - 2014-11-17 17:17 - 00000000 ____D () C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321
2015-05-29 14:55 - 2015-04-02 16:35 - 00001018 _____ () C:\windows\Tasks\uElkiLDzkiHO9pBEeuS5UDX.job
2015-05-29 14:55 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-29 14:55 - 2009-07-14 06:39 - 00076719 _____ () C:\windows\setupact.log
2015-05-23 16:04 - 2015-03-21 19:43 - 00000000 ____D () C:\Users\Krzysztof\AppData\Local\LogMeIn Hamachi
2015-05-23 15:54 - 2015-04-01 13:33 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-05-23 15:54 - 2014-09-19 10:39 - 00001058 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3547090968-3412655250-3130215973-1000UA.job
2015-05-23 15:54 - 2010-06-09 03:47 - 01375438 _____ () C:\windows\PFRO.log
2015-05-23 15:29 - 2015-04-07 17:18 - 00004266 _____ () C:\Users\Krzysztof\HELP_DECRYPT.TXT
2015-05-23 15:29 - 2015-04-07 17:18 - 00000296 _____ () C:\Users\Krzysztof\HELP_DECRYPT.URL
2015-05-23 15:29 - 2014-11-17 16:43 - 00000000 ____D () C:\Users\Krzysztof\Documents\Optimizer Pro
2015-05-23 15:29 - 2014-09-21 21:10 - 00000000 ____D () C:\Users\Krzysztof
2015-05-23 15:29 - 2014-09-21 21:08 - 00000000 ____D () C:\Users\Krzysztof\Desktop\Pliki
2015-05-23 15:26 - 2015-04-07 03:57 - 00004266 _____ () C:\Users\Krzysztof\AppData\Roaming\HELP_DECRYPT.TXT
2015-05-23 15:26 - 2015-04-07 03:57 - 00004266 _____ () C:\Users\Krzysztof\AppData\HELP_DECRYPT.TXT
2015-05-23 15:26 - 2015-04-07 03:57 - 00000296 _____ () C:\Users\Krzysztof\AppData\Roaming\HELP_DECRYPT.URL
2015-05-23 15:26 - 2015-04-07 03:57 - 00000296 _____ () C:\Users\Krzysztof\AppData\HELP_DECRYPT.URL
2015-05-23 15:25 - 2015-04-07 03:57 - 00004266 _____ () C:\Users\Krzysztof\AppData\Local\HELP_DECRYPT.TXT
2015-05-23 15:25 - 2015-04-07 03:57 - 00000296 _____ () C:\Users\Krzysztof\AppData\Local\HELP_DECRYPT.URL
2015-05-23 15:25 - 2014-09-21 21:10 - 00000000 ____D () C:\Users\Krzysztof\AppData\Local\VirtualStore
2015-05-23 15:22 - 2014-11-17 19:56 - 00000266 __RSH () C:\ProgramData\ntuser.pol
2015-05-23 14:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-23 14:32 - 2015-04-02 17:34 - 00000004 _____ () C:\windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-05-23 13:45 - 2015-01-19 13:48 - 00000000 ____D () C:\Users\Krzysztof\AppData\Roaming\LibreOffice
2015-05-23 13:45 - 2015-01-06 10:34 - 00000000 ____D () C:\Users\Krzysztof\Desktop\Nestopia - NES emulator
2015-05-23 13:45 - 2015-01-06 10:32 - 00000000 ____D () C:\Users\Krzysztof\Desktop\NES romy PL i emulator
2015-05-23 13:45 - 2015-01-06 10:21 - 00000000 ____D () C:\Users\Krzysztof\Desktop\ultimate_stuntman
2015-05-23 13:45 - 2015-01-05 00:07 - 00000000 ____D () C:\Users\Krzysztof\AppData\Roaming\Maxthon3
2015-05-23 13:45 - 2014-12-28 23:36 - 00000000 ____D () C:\Users\Krzysztof\AppData\Roaming\TS3Client
2015-05-23 13:45 - 2014-12-22 01:53 - 00000000 ____D () C:\Users\Krzysztof\AppData\Roaming\Image-Line
2015-05-23 13:45 - 2014-12-18 16:21 - 00000000 ____D () C:\Users\Krzysztof\Documents\VirtualDJ
2015-05-23 13:45 - 2014-12-10 14:53 - 00000000 ____D () C:\Users\Krzysztof\AppData\Roaming\PCFixKit
2015-05-23 13:45 - 2014-11-20 05:08 - 00000000 ____D () C:\Users\Krzysztof\AppData\Roaming\Tibia
2015-05-23 13:21 - 2015-03-17 16:28 - 00000000 ___HD () C:\Users\Jakub\AppData\Roaming\5CEAAF67
2015-05-23 13:21 - 2015-03-13 18:59 - 00000000 ____D () C:\Users\Jakub\AppData\Local\LogMeIn Hamachi
2015-05-23 13:21 - 2015-03-13 01:05 - 00000000 ____D () C:\Users\Jakub\Desktop\Nowy folder
2015-05-23 13:21 - 2015-03-03 18:08 - 00000000 ____D () C:\Users\Jakub\Desktop\mapy tibia
2015-05-23 13:21 - 2015-03-01 02:02 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\mxnitro
2015-05-23 13:21 - 2015-02-28 13:57 - 00000000 ____D () C:\Users\Jakub\AppData\Local\Overwolf
2015-05-23 13:21 - 2015-02-15 10:56 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\uTorrent
2015-05-23 13:21 - 2015-02-06 22:43 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\LibreOffice
2015-05-23 13:21 - 2015-02-01 19:48 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\TeamViewer
2015-05-23 13:21 - 2015-01-28 22:31 - 00000000 ___HD () C:\Users\Jakub\AppData\Roaming\GoldenGate
2015-05-23 13:21 - 2015-01-18 00:39 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Wise Registry Cleaner
2015-05-23 13:21 - 2015-01-10 21:23 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\OpenFM
2015-05-23 13:21 - 2015-01-05 00:05 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\GG
2015-05-23 13:21 - 2015-01-05 00:05 - 00000000 ____D () C:\Users\Jakub\AppData\Local\GG
2015-05-23 13:21 - 2014-12-26 02:26 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\TS3Client
2015-05-23 13:21 - 2014-12-14 13:09 - 00000000 ____D () C:\Users\Jakub\Desktop\smieci
2015-05-23 13:21 - 2014-11-20 02:39 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Opera Software
2015-05-23 13:21 - 2014-11-17 16:42 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Tibia
2015-05-23 13:21 - 2014-10-08 23:07 - 00000000 ____D () C:\Users\Jakub\AppData\Local\Microsoft Games
2015-05-23 13:21 - 2014-09-20 17:41 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Skype
2015-05-23 13:21 - 2014-09-20 17:41 - 00000000 ____D () C:\Users\Jakub\AppData\Local\Skype
2015-05-23 13:21 - 2014-09-20 17:36 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\.minecraft
2015-05-23 13:21 - 2014-09-19 16:20 - 00000000 ____D () C:\Users\Jakub\AppData\Local\PunkBuster
2015-05-23 13:21 - 2014-09-19 10:36 - 00000000 ____D () C:\Users\Jakub\AppData\Local\Google
2015-05-23 13:21 - 2014-09-18 10:29 - 00000000 ____D () C:\Users\Jakub\AppData\Local\VirtualStore
2015-05-23 13:20 - 2015-02-16 14:36 - 00000000 ____D () C:\Users\Jakub\Desktop\XenoBot10.54
2015-05-23 13:20 - 2015-02-01 18:29 - 00000000 __RSD () C:\Users\Jakub\Documents\My Stationery
2015-05-23 13:20 - 2015-01-05 00:06 - 00000000 ___SD () C:\Users\Jakub\GG dysk
2015-05-23 13:20 - 2014-12-14 00:39 - 00000000 ____D () C:\Users\Jakub\Documents\Image-Line
2015-05-23 13:20 - 2014-12-12 21:54 - 00000000 ____D () C:\Users\Jakub\Documents\Action!
2015-05-23 13:20 - 2014-09-18 10:29 - 00000000 ____D () C:\Users\Jakub
==================== Files in the root of some directories =======
2015-05-23 15:26 - 2015-05-23 15:26 - 0008646 _____ () C:\Users\Krzysztof\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-07 03:57 - 2015-05-23 15:26 - 0045690 _____ () C:\Users\Krzysztof\AppData\Roaming\HELP_DECRYPT.PNG
2015-04-07 03:57 - 2015-05-23 15:26 - 0004266 _____ () C:\Users\Krzysztof\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-07 03:57 - 2015-05-23 15:26 - 0000296 _____ () C:\Users\Krzysztof\AppData\Roaming\HELP_DECRYPT.URL
2015-05-23 15:25 - 2015-05-23 15:25 - 0008646 _____ () C:\Users\Krzysztof\AppData\Local\HELP_DECRYPT.HTML
2015-04-07 03:57 - 2015-05-23 15:25 - 0045690 _____ () C:\Users\Krzysztof\AppData\Local\HELP_DECRYPT.PNG
2015-04-07 03:57 - 2015-05-23 15:25 - 0004266 _____ () C:\Users\Krzysztof\AppData\Local\HELP_DECRYPT.TXT
2015-04-07 03:57 - 2015-05-23 15:25 - 0000296 _____ () C:\Users\Krzysztof\AppData\Local\HELP_DECRYPT.URL
2015-01-19 15:58 - 2015-01-19 15:58 - 0613057 _____ (CMI Limited) C:\Users\Krzysztof\AppData\Local\nsiB276.tmp
2015-01-21 13:09 - 2015-01-21 13:09 - 0613057 _____ (CMI Limited) C:\Users\Krzysztof\AppData\Local\nsnC96F.tmp
2015-05-23 14:35 - 2015-05-23 14:35 - 0011696 _____ () C:\Users\Krzysztof\AppData\Local\Temp-log.txt
2015-04-02 16:41 - 2015-04-02 16:41 - 0008598 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-02 16:41 - 2015-04-02 16:41 - 0045706 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-04-02 16:41 - 2015-04-02 16:41 - 0004242 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-02 16:41 - 2015-04-02 16:41 - 0000280 _____ () C:\ProgramData\HELP_DECRYPT.URL
Some files in TEMP:
====================
C:\Users\Jakub\AppData\Local\Temp\5B18CF01-1AE8-8494-4B49-C7DF16C81CF5.dll
C:\Users\Jakub\AppData\Local\Temp\AutoRun.exe
C:\Users\Jakub\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Jakub\AppData\Local\Temp\bbgcabfccbd.exe
C:\Users\Jakub\AppData\Local\Temp\bcdcabfcccd.exe
C:\Users\Jakub\AppData\Local\Temp\bcgcabfccca.exe
C:\Users\Jakub\AppData\Local\Temp\bcicabfccbii.exe
C:\Users\Jakub\AppData\Local\Temp\bcicabfcccbe.exe
C:\Users\Jakub\AppData\Local\Temp\cbdcabfcebeg.exe
C:\Users\Jakub\AppData\Local\Temp\cbdcabfcebhe.exe
C:\Users\Jakub\AppData\Local\Temp\cicabfccbje.exe
C:\Users\Jakub\AppData\Local\Temp\cicabfccje.exe
C:\Users\Jakub\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Jakub\AppData\Local\Temp\dsrsetup.exe
C:\Users\Jakub\AppData\Local\Temp\flstudio_10.0.8_online.exe
C:\Users\Jakub\AppData\Local\Temp\FreeVideoEditor.exe
C:\Users\Jakub\AppData\Local\Temp\ggdrive-menu.exe
C:\Users\Jakub\AppData\Local\Temp\ggdrive-overlay.exe
C:\Users\Jakub\AppData\Local\Temp\ICReinstall_Wise-Registry-Cleaner(13347)-dp.exe
C:\Users\Jakub\AppData\Local\Temp\installstats.exe
C:\Users\Jakub\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Jakub\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Jakub\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Jakub\AppData\Local\Temp\optprosetup.exe
C:\Users\Jakub\AppData\Local\Temp\res.dll
C:\Users\Jakub\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Jakub\AppData\Local\Temp\setup.exe
C:\Users\Jakub\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jakub\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
C:\Users\Jakub\AppData\Local\Temp\Softonic_PL_1-5-11_PL-Production_10_CleanRelease.exe
C:\Users\Jakub\AppData\Local\Temp\SpOrder.dll
C:\Users\Jakub\AppData\Local\Temp\tu17p84.exe
C:\Users\Jakub\AppData\Local\Temp\uninstall.exe
C:\Users\Jakub\AppData\Local\Temp\utils.dll
C:\Users\Jakub\AppData\Local\Temp\{6BB99CED-A690-46F6-BF2E-6AF81365A2FB}-37.0.2062.124_37.0.2062.120_chrome_updater.exe
C:\Users\Krzysztof\AppData\Local\Temp\appshat_generic.exe
C:\Users\Krzysztof\AppData\Local\Temp\AutoRun.exe
C:\Users\Krzysztof\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Krzysztof\AppData\Local\Temp\bbjcabfccbji.exe
C:\Users\Krzysztof\AppData\Local\Temp\bcbcabfccbic.exe
C:\Users\Krzysztof\AppData\Local\Temp\dsrsetup.exe
C:\Users\Krzysztof\AppData\Local\Temp\flstudio_10.0.8_online.exe
C:\Users\Krzysztof\AppData\Local\Temp\InstallGenieo.exe
C:\Users\Krzysztof\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Krzysztof\AppData\Local\Temp\optprosetup.exe
C:\Users\Krzysztof\AppData\Local\Temp\Quarantine.exe
C:\Users\Krzysztof\AppData\Local\Temp\res.dll
C:\Users\Krzysztof\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\Krzysztof\AppData\Local\Temp\sqlite3.dll
C:\Users\Krzysztof\AppData\Local\Temp\tu17p84.exe
C:\Users\Krzysztof\AppData\Local\Temp\Ultimate Stuntman__3435_il391377.exe
C:\Users\Krzysztof\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Krzysztof\AppData\Local\Temp\UpdateYTD_amodcG20141226.exe
C:\Users\Krzysztof\AppData\Local\Temp\ytdieamo_amodc_setup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-28 18:11
==================== End of log ============================
Plik Addition:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-05-2015 01
Ran by Krzysztof at 2015-05-29 15:34:29
Running from C:\Users\Krzysztof\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3547090968-3412655250-3130215973-500 - Administrator - Disabled)
Gość (S-1-5-21-3547090968-3412655250-3130215973-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3547090968-3412655250-3130215973-1002 - Limited - Enabled)
Jakub (S-1-5-21-3547090968-3412655250-3130215973-1000 - Administrator - Enabled) => C:\Users\Jakub
Krzysztof (S-1-5-21-3547090968-3412655250-3130215973-1003 - Administrator - Enabled) => C:\Users\Krzysztof
Tomasz (S-1-5-21-3547090968-3412655250-3130215973-1004 - Limited - Enabled) => C:\Users\Tomasz
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Pepper (HKLM\...\Adobe Flash Player Pepper) (Version: 15.0.0.215 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Asystent rejestracji usługi Windows Live (HKLM\...\{51958BA7-21E4-4A8B-9098-CD8375BD17B2}) (Version: 5.000.818.5 - Microsoft Corporation)
Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.02 - Broadcom Corporation)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5067 - CDBurnerXP)
Cinemax (HKLM\...\Cinemax) (Version: 1.35.12.18 - SBG) <==== ATTENTION
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
Counter-Strike 1.6 v48 (HKLM\...\Counter-Strike 1.6) (Version: v48 - CSSetti.pl)
EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.1015 - Lenovo)
ElfBot NG 4.5.9 (HKLM\...\ElfBot NG_is1) (Version: - NGSoft, LLC)
Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.3.1.5 - Lenovo)
FL Studio 11 (HKLM\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM\...\FlowStone) (Version: - )
Galeria fotografii usługi Windows Live (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Gunzodus 10.75 10.75 (HKLM\...\Gunzodus 10.75 10.75) (Version: 10.75 - GunzOT)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.7.1 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.7.1 - )
Lenovo EasyCamera (HKLM\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.8.0.12 - Silicon Motion)
Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
LibreOffice 4.3.5.2 (HKLM\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Maxthon Nitro (HKLM\...\MxNitro) (Version: 1.0.0.700 - Maxthon International Limited)
Memsoria 8.6 wersja 8.6 (HKLM\...\{1CA6A4DC-07FE-478D-A500-F695D396A5CA}_is1) (Version: 8.6 - Memsoria)
Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Polski (HKLM\...\{90140011-0066-0415-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Moduł Szybka instalacja pakietu Microsoft Office 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Moduł Szybka instalacja pakietu Microsoft Office 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 pl) (HKLM\...\Mozilla Firefox 26.0 (x86 pl)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
Narzędzie do przekazywania usługi Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Overwolf (HKLM\...\Overwolf) (Version: 0.84.92.0 - Overwolf Ltd.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Poczta usługi Windows Live (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Podstawowe programy Windows Live (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Mario Bros. X version 1.3 (HKLM\...\{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1) (Version: 1.3 - SuperMarioBrothers.org)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Testy CDplus 5.1.3.81 (HKLM\...\{56F1DD5E-63AD-410D-935D-D124188C20BF}_is1) (Version: 5.1.3.81 - Grupa IMAGE sp. z o.o.)
Tibia (HKLM\...\Tibia_is1) (Version: 10.58 - CipSoft GmbH)
Ventrilo (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 2.1.4 - Flagship Industries, Inc.)
VirtualDJ 8 (HKLM\...\{85E12659-D3A1-4583-BA1C-95DF53C3C632}) (Version: 8.0.2087.0 - Atomix Productions)
Windows Live Sync (HKLM\...\{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 5.20 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wise Registry Cleaner 8.31 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Program Files\Maxthon\Bin\Maxthon.exe No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Jakub\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Jakub\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Jakub\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Jakub\AppData\Local\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Jakub\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Krzysztof\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
==================== Restore Points =========================
23-05-2015 15:47:52 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {11FFFF07-8EEB-4B27-A13A-994F0DE39244} - System32\Tasks\uElkiLDzkiHO9pBEeuS5UDX => C:\Users\Jakub\AppData\Roaming\uElkiLDzkiHO9pBEeuS5UDX.exe [2015-04-03] () <==== ATTENTION
Task: {2337289C-9295-4224-B58A-C45F8B30244F} - System32\Tasks\{4B38F1ED-BDBE-4842-9BCA-F0EF1024B711} => pcalua.exe -a C:\Users\Jakub\Downloads\MinecraftZyczu.exe -d C:\Users\Jakub\Downloads
Task: {2DD38E17-E45E-4108-B389-F544CA72B2F7} - System32\Tasks\Overwolf Updater Task => C:\Program Files\Overwolf\OverwolfUpdater.exe [2015-03-25] (Overwolf LTD)
Task: {3557E97E-B8C7-43F8-AB65-F1C9CFB41747} - System32\Tasks\{D0F16977-63CA-4192-9D18-55FAB169FCF9} => C:\Program Files\Adobe\Audition 1.5\Audition.exe
Task: {4887CE3E-0256-49CE-A776-CA4395D30250} - System32\Tasks\{5F2DF555-E6F2-4A07-9746-091BD9CC0A0F} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {5E8CA9D2-DD74-4962-B105-FD0D96571396} - System32\Tasks\{E53D2C34-B562-4B7F-AD53-985AA8992A10} => pcalua.exe -a C:\Users\Jakub\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== ATTENTION
Task: {62AECD1F-DF14-4EA0-B309-8C3902DF3548} - System32\Tasks\{788E6C57-DC24-4B82-9FBA-272EFD0455C5} => C:\Program Files\Adobe\Audition 1.5\Audition.exe
Task: {712BA005-057D-4B58-A774-E3F5BD402518} - System32\Tasks\{32C20742-608F-4A32-BBB7-CC6E2B7AE3B4} => C:\Program Files\ElfBot NG\loader.exe [2010-03-18] ()
Task: {769626B4-AFA7-4449-8939-5CBF993E91D8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7B9AC52F-EA75-4A28-89CC-D63FCA31FB67} - System32\Tasks\{84DFBC8F-DA7B-424F-A8AB-A4A3457DC525} => C:\Program Files\ElfBot NG\loader.exe [2010-03-18] ()
Task: {89FBEC03-9B95-4535-8AE0-46BCC460F20A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8C48A66D-1242-4F3A-9CB1-52C0C388D57F} - System32\Tasks\{4364465A-F0C3-44C0-9B10-3CA49E86A2CB} => C:\Users\Krzysztof\Desktop\tibia1072.exe [2015-01-19] (CipSoft GmbH )
Task: {933073BE-F063-459F-9C76-3CCD7FD3106A} - System32\Tasks\{A43F6A8D-6E58-46BF-9B5B-205CF60C18AB} => C:\Users\Krzysztof\Desktop\tibia1072.exe [2015-01-19] (CipSoft GmbH )
Task: {959A9F49-AAE1-4270-A1B4-B3CB05D6AB39} - System32\Tasks\{CEE586A8-6718-4541-935B-0C486070D006} => C:\Users\Krzysztof\Desktop\tibia1072.exe [2015-01-19] (CipSoft GmbH )
Task: {A8808D8E-3402-467F-B5ED-637B75311D0F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {B05D621E-7F60-496D-9E20-5DE8D42CFADF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3547090968-3412655250-3130215973-1000UA => C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
Task: {D6C2EABA-820B-4A5F-82F1-4F01E1BE6EDE} - System32\Tasks\{591F906E-FD97-428F-9EAA-C51D1376C230} => pcalua.exe -a C:\Users\Jakub\Desktop\MinecraftZyczu.exe -d C:\Users\Jakub\Desktop
Task: {DA98DB1E-A268-4DC4-94DA-57B0F43367F3} - System32\Tasks\{FB2997E8-A7FA-4DCB-90EF-21DDBB5746F0} => C:\Program Files\Adobe\Audition 1.5\Audition.exe
Task: {EAC5753A-4871-4EA1-8BC2-211850EC55B4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F0C13E8C-54C2-4F2D-AA11-9759DBFB5E40} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2014-12-25] (WiseCleaner.com)
Task: {F5E5BF45-E81D-4E73-9F39-ABE460A0C9FC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3547090968-3412655250-3130215973-1000Core => C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3547090968-3412655250-3130215973-1000Core.job => C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3547090968-3412655250-3130215973-1000UA.job => C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\uElkiLDzkiHO9pBEeuS5UDX.job => C:\Users\Jakub\AppData\Roaming\uElkiLDzkiHO9pBEeuS5UDX.exe <==== ATTENTION
Task: C:\windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
==================== Loaded Modules (Whitelisted) ==============
2010-06-26 13:11 - 2008-12-20 05:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2010-06-26 13:11 - 2008-12-20 05:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2014-11-17 12:29 - 2015-05-29 14:56 - 00128240 _____ () C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321\maintainer.exe
2015-05-23 15:21 - 2013-12-05 21:36 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:6BE50C2B
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3547090968-3412655250-3130215973-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Krzysztof^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HELP_DECRYPT.PNG => C:\windows\pss\HELP_DECRYPT.PNG.Startup
MSCONFIG\startupfolder: C:^Users^Krzysztof^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HELP_DECRYPT.TXT => C:\windows\pss\HELP_DECRYPT.TXT.Startup
MSCONFIG\startupfolder: C:^Users^Krzysztof^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HELP_DECRYPT.URL => C:\windows\pss\HELP_DECRYPT.URL.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: bitsmuid => C:\Users\KRZYSZ~1\AppData\Local\Temp\aviccic.exe
MSCONFIG\startupreg: gmsd_pl_27 => "C:\Program Files\gmsd_pl_27\gmsd_pl_27.exe"
MSCONFIG\startupreg: gmsd_pl_28 => "C:\Program Files\gmsd_pl_28\gmsd_pl_28.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MxDock => C:\Program Files\Maxthon\Modules\MxDock\MxDock.exe
MSCONFIG\startupreg: SPDriver => C:\Program Files\ShopperPro\JSDriver\1461.0.0.0\jsdrv.exe
MSCONFIG\startupreg: YTDownloader => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{78C833ED-154B-464D-BDD6-F3AB2E46531C}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FC76B2F3-B6E1-4868-BB35-E91DEFE1A8C3}] => (Allow) svchost.exe
FirewallRules: [{893AAFC3-62B4-4413-BB45-1F2AF159869E}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{5333E00B-81E4-4CBE-B276-CC2C6785B7D2}] => (Allow) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{E78BFA4B-DA06-4828-AF51-02A1F9BDB3BA}] => (Allow) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{5DED20B0-D96F-417F-9EF7-FA48099C0FF9}] => (Allow) C:\windows\System32\IgrsSvcs.exe
FirewallRules: [{2C59D7BB-9213-4F67-8FBC-F02CFDDBE4C1}] => (Allow) C:\windows\System32\IgrsSvcs.exe
FirewallRules: [{15428514-1DE0-45D2-A038-D348A1698F2D}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
FirewallRules: [{7E85A663-B1E4-4E61-AFA5-9C3F151BC4DE}] => (Allow) C:\Program Files\Lenovo\ReadyComm\Projectionist.exe
FirewallRules: [{976F39A6-10B1-4DD5-96BB-A1D687E76A9D}] => (Allow) C:\Program Files\Lenovo\ReadyComm\Projectionist.exe
FirewallRules: [{8A8AEFFA-083E-408A-B734-DEA5112AA9F6}] => (Allow) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
FirewallRules: [{AE4C1B2A-FC7E-46E3-998B-879B816EF5AA}] => (Allow) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
FirewallRules: [{5FBA402B-8F5C-456F-B6DD-F5F5209CF7D7}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
FirewallRules: [{29023185-7738-4E9C-8AC6-9810A1ACA8CD}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
FirewallRules: [{17C8D95C-BB75-4DED-95C7-BF2EF4E92128}] => (Allow) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{D7EE6B8A-41E1-4E5D-B34A-A0ADF2BA0708}] => (Allow) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{8D67E699-405D-4AA9-9915-9353D066F6E4}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{90CEA0BC-24A9-4855-B342-5DEBD70D3064}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{4E73BB8D-0200-4A30-A24B-0EA8FE755A62}C:\program files\elfbot ng\navserv.exe] => (Block) C:\program files\elfbot ng\navserv.exe
FirewallRules: [UDP Query User{22A60B05-6E2A-4D52-BEA3-4B4A19BA0E47}C:\program files\elfbot ng\navserv.exe] => (Block) C:\program files\elfbot ng\navserv.exe
FirewallRules: [TCP Query User{EB52F83D-E5B9-4910-9212-7AEBFE401FCF}D:\gry\counter-strike 1.6\hl.exe] => (Block) D:\gry\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{FD4F4A33-C23F-4550-A84C-6FFA7A818516}D:\gry\counter-strike 1.6\hl.exe] => (Block) D:\gry\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{878D4448-AE19-4495-A604-99E9449D7C34}D:\gry\counter-strike 1.6\hl.exe] => (Allow) D:\gry\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{6D957607-3028-4A19-801B-0B44B94260E4}D:\gry\counter-strike 1.6\hl.exe] => (Allow) D:\gry\counter-strike 1.6\hl.exe
FirewallRules: [{A35FDB3F-D30B-4240-98CD-DD5ACF164715}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{B2511482-A21E-454A-9543-6CD7B0311C44}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{CFD80F58-8143-41A3-A666-4BA81D5A0332}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{C5463491-D6E5-4473-9CB9-75CF2DB71E4F}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{F92732FD-1372-4C1C-810E-231DEEBC42D4}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{F3971148-1197-4F8B-9FF9-9809FB4CA92B}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{526E7F93-6E1E-4209-9729-254B3D46480D}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{5EE2A2FA-32FC-4698-93E5-8A929A915316}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{0238DE60-BDCB-4A9C-B723-8C55DFAA2544}] => (Allow) C:\Users\Jakub\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F021395B-8DE2-4B55-AF62-1ABDAF34FD6E}] => (Allow) C:\Users\Jakub\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4C2DB091-2466-4C08-B440-D464E9E325F1}] => (Allow) C:\Users\Jakub\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF9B8263-E372-43CE-93CC-F127E2D09801}] => (Allow) C:\Users\Jakub\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7085498E-6317-40AA-B2B0-E0A0EA0C60D1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{75A1359A-CEC4-457E-9AF8-34E0765D878F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{110AE83C-982F-4F03-B182-B8EEF4A39A32}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{35A461A7-8A77-4F0A-B8FA-611E1B8065CE}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{5D51D9D2-048A-4C96-9B79-5C401DACA542}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{65601FEF-8026-4B0D-8399-9EF341C434CE}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{864B53A0-D982-47A8-B4BD-CFB764495558}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{289BA3CC-965C-4CB3-99C6-9588F05595C8}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{D9554914-890D-4C49-8A8A-8D46076F545D}C:\users\jakub\appdata\roaming\utorrent\updates\3.4.2_39586.exe] => (Block) C:\users\jakub\appdata\roaming\utorrent\updates\3.4.2_39586.exe
FirewallRules: [UDP Query User{2E9F12EE-BDC5-43FB-B9D6-C5218BE95268}C:\users\jakub\appdata\roaming\utorrent\updates\3.4.2_39586.exe] => (Block) C:\users\jakub\appdata\roaming\utorrent\updates\3.4.2_39586.exe
==================== Faulty Device Manager Devices =============
Name: ccnfd_1_10_0_4
Description: ccnfd_1_10_0_4
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccnfd_1_10_0_4
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Karta tunelowania Teredo firmy Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/29/2015 03:31:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program WINWORDC.EXE w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.
Identyfikator procesu: d30
Godzina rozpoczęcia: 01d09a13b274c52f
Godzina zakończenia: 15
Ścieżka aplikacji: Q:\140066.plk\Office14\WINWORDC.EXE
Identyfikator raportu: 060e3cd7-0607-11e5-9b8c-88ae1d35b691
Error: (05/29/2015 03:29:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST.exe w wersji 27.5.2015.1 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.
Identyfikator procesu: 8c8
Godzina rozpoczęcia: 01d09a132feb98cc
Godzina zakończenia: 16
Ścieżka aplikacji: C:\Users\Krzysztof\Downloads\FRST.exe
Identyfikator raportu: b04fd214-0606-11e5-9b8c-88ae1d35b691
Error: (05/29/2015 03:01:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Tylko informacje.
(Stream product id=0x0066): Streaming Failed
Error: (05/29/2015 02:59:13 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Tylko informacje.
Too many failures while downloading ranges: 2
Error: (05/23/2015 04:43:06 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Tylko informacje.
Error: Obecnie nie ma aktywnych połączeń sieciowych. Usługa inteligentnego transferu w tle (BITS) ponowni próbę po podłączeniu karty.
ErrorCode: 14007(0x36b7).
Error: (05/23/2015 04:07:08 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Tylko informacje.
(Stream product id=0x0066): Streaming Failed
Error: (05/23/2015 04:06:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Tylko informacje.
Too many failures while downloading ranges: 2
Error: (05/23/2015 03:57:27 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Tylko informacje.
Too many failures while downloading ranges: 2
Error: (05/23/2015 03:41:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: ZARZĄDZANIE NT)
Description: Występująca w rejestrze wartość ciągu nazwy licznika wydajności jest niepoprawnie sformatowana. Wadliwie sformułowany ciąg to 9544. Pierwszy wpis DWORD w sekcji danych (Data) zawiera wartość indeksu wadliwie sformułowanego ciągu, a drugi i trzeci wpis DWORD w sekcji danych zawiera ostatnie prawidłowe wartości indeksu.
Error: (05/23/2015 03:41:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: ZARZĄDZANIE NT)
Description: Występująca w rejestrze wartość ciągu nazwy licznika wydajności jest niepoprawnie sformatowana. Wadliwie sformułowany ciąg to 9544. Pierwszy wpis DWORD w sekcji danych (Data) zawiera wartość indeksu wadliwie sformułowanego ciągu, a drugi i trzeci wpis DWORD w sekcji danych zawiera ostatnie prawidłowe wartości indeksu.
System errors:
=============
Error: (05/29/2015 03:35:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu:
%%-2140993535
Error: (05/29/2015 03:35:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd:
%%-2140993535
Error: (05/29/2015 03:35:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu:
%%-2140993535
Error: (05/29/2015 03:35:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd:
%%-2140993535
Error: (05/29/2015 03:35:31 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (05/29/2015 03:35:31 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (05/29/2015 03:33:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd:
%%-2140993535
Error: (05/29/2015 03:33:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu:
%%-2140993535
Error: (05/29/2015 03:33:36 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (05/29/2015 03:33:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd:
%%-2140993535
Microsoft Office:
=========================
Error: (05/29/2015 03:31:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORDC.EXE0.0.0.0d3001d09a13b274c52f15Q:\140066.plk\Office14\WINWORDC.EXE060e3cd7-0607-11e5-9b8c-88ae1d35b691
Error: (05/29/2015 03:29:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe27.5.2015.18c801d09a132feb98cc16C:\Users\Krzysztof\Downloads\FRST.exeb04fd214-0606-11e5-9b8c-88ae1d35b691
Error: (05/29/2015 03:01:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed
Error: (05/29/2015 02:59:13 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2
Error: (05/23/2015 04:43:06 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Obecnie nie ma aktywnych połączeń sieciowych. Usługa inteligentnego transferu w tle (BITS) ponowni próbę po podłączeniu karty.
ErrorCode: 14007(0x36b7).
Error: (05/23/2015 04:07:08 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed
Error: (05/23/2015 04:06:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2
Error: (05/23/2015 03:57:27 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2
Error: (05/23/2015 03:41:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: ZARZĄDZANIE NT)
Description: 954416482500004625000047250000B8010000
Error: (05/23/2015 03:41:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: ZARZĄDZANIE NT)
Description: 954416482500004625000047250000B8010000
==================== Memory info ===========================
Processor: Celeron® Dual-Core CPU T3300 @ 2.00GHz
Percentage of memory in use: 79%
Total physical RAM: 2008.6 MB
Available physical RAM: 413.52 MB
Total Pagefile: 4017.2 MB
Available Pagefile: 1944.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.54 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.66 GB) (Free:27.07 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:28.83 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 5C765CA1)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
==================== End of log ============================
