złośliwe oprogramowanie + virus w przeglądarkach

Wszystko co dotyczy bezpieczeństwa systemów oraz walki z malware, w szczególności analiza logów
Matej

Użytkownik
Posty: 16
Rejestracja: 04 mar 2016, 21:20

złośliwe oprogramowanie + virus w przeglądarkach

Post17 sty 2017, 16:48

złośliwe oprogramowanie + virus w przeglądarkach

Witam,
Ostatnio pomogliście mi w marcu, od tego czasu nie robiłem nic z komputerem i znowu zaczęły się "problemy".
Czy jest szansa na ponowne pozbycie się problemu?
Wklejam logi z FRST
Dostępne tylko dla zarejestrowanych użytkowników add
Dostępne tylko dla zarejestrowanych użytkowników frst
Dostępne tylko dla zarejestrowanych użytkowników shortcut

-- 17 sty 2017, 16:48 --

up

electrolux

Ekspert
Posty: 319
Rejestracja: 06 lut 2017, 00:26

złośliwe oprogramowanie + virus w przeglądarkach

Post06 lut 2017, 12:58

Po tylu dniach to pewnie temat już dawno nieaktualny?

Otwórz Notatnik i wklej w nim:
FirewallRules: [{A986877E-D3E8-439A-A4FD-DF74BD41AE6E}] => c:\users\maciek\appdata\roaming\tencent\天涯明月刀\33e94092660edd0b74eeed3681fdc933\teniodl\teniodl.exe
FirewallRules: [{26C812AA-5E33-436C-9445-B5A27750F284}] => c:\users\maciek\appdata\roaming\tencent\天涯明月刀\33e94092660edd0b74eeed3681fdc933\teniodl\teniodl.exe
FirewallRules: [TCP Query User{A2226C1B-DF5E-4A38-96C1-4A8F167DE0D7}C:\users\maciek\appdata\local\akamai\netsession_win.exe] => C:\users\maciek\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{63D9AF9F-E7EE-4C79-854D-0B6900A19C01}C:\users\maciek\appdata\local\akamai\netsession_win.exe] => C:\users\maciek\appdata\local\akamai\netsession_win.exe
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 1 0 <===== Cyrillic
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> 3 0 <===== Cyrillic
Shortcut: C:\Users\Maciek\Desktop\Игровой Центр 101XP.lnk -> D:\gry\Game Center 101XP\launcher101xp.exe (101XP) <===== Cyrillic
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Users\Maciek\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Users\Maciek\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Users\Maciek\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <===== Cyrillic
Task: {BBA436C9-98A9-460B-AB91-65898FAE0877} - System32\Tasks\{63A539A5-9719-4375-B5CD-AB7924FCC9EF} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{9C049499-055C-4a0c-A916-1D12314F45EB}\Install.exe" -c -uninst -l0x9
Task: {401B8351-6776-4DF4-8781-0424E27F3C39} - System32\Tasks\{7B3E27C3-A610-4610-AD44-46875874B2A1} => pcalua.exe -a "C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\Driver\SetDrv.exe" -d "C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\Driver"
C:\ProgramData\Ament.ini
c:\users\maciek\appdata\roaming\tencent
C:\users\maciek\appdata\local\akamai\netsession_win.exe
C:\ProgramData\mntemp
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
U3 WZCSVC; no ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 TesMon; C:\Windows\system32\TesMon.sys [60472 2016-10-20] (Tencent)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [1135288 2016-10-20] (TENCENT)
C:\Windows\system32\TesSafe.sys
C:\Windows\system32\TesMon.sys
S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
FF user.js: detected! => C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\xrz4cmpk.default\user.js [2016-11-18]
GroupPolicy: Restriction <======= ATTENTION
HKU\S-1-5-21-3516207580-795487630-1224567326-1000\...\Run: [safe_urls768] => C:\Users\Maciek\AppData\Roaming\Browser-Security\s768.exe [2548944 2016-07-08] ()
C:\Users\Maciek\AppData\Roaming\Browser-Security
HKU\S-1-5-21-3516207580-795487630-1224567326-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Maciek\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3516207580-795487630-1224567326-1000\...\Run: [SimpleNoteApp3] => C:\Users\Maciek\AppData\Roaming\SimpleNotepad3\SimpleNoteApp3.exe [1313792 2016-10-12] (YUGHEOGEN LOEJIO) <===== ATTENTION
C:\Users\Maciek\AppData\Roaming\HPSewil
HOSTS:
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
.

Matej

Użytkownik
Posty: 16
Rejestracja: 04 mar 2016, 21:20

złośliwe oprogramowanie + virus w przeglądarkach

Post16 mar 2017, 22:18

Otóż dalej aktualny, tylko po jakimś czasie przestałem sprawdzać. Byłbym wdzięczny za dalszą pomoc
fix log
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Maciek (16-03-2017 21:10:06) Run:2
Running from C:\Users\Maciek\Desktop\FRST
Loaded Profiles: Maciek (Available Profiles: Maciek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FirewallRules: [{A986877E-D3E8-439A-A4FD-DF74BD41AE6E}] => c:\users\maciek\appdata\roaming\tencent\?????\33e94092660edd0b74eeed3681fdc933\teniodl\teniodl.exe
FirewallRules: [{26C812AA-5E33-436C-9445-B5A27750F284}] => c:\users\maciek\appdata\roaming\tencent\?????\33e94092660edd0b74eeed3681fdc933\teniodl\teniodl.exe
FirewallRules: [TCP Query User{A2226C1B-DF5E-4A38-96C1-4A8F167DE0D7}C:\users\maciek\appdata\local\akamai\netsession_win.exe] => C:\users\maciek\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{63D9AF9F-E7EE-4C79-854D-0B6900A19C01}C:\users\maciek\appdata\local\akamai\netsession_win.exe] => C:\users\maciek\appdata\local\akamai\netsession_win.exe
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 1 0 <===== Cyrillic
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t ???l?r?r.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> 3 0 <===== Cyrillic
Shortcut: C:\Users\Maciek\Desktop\??????? ????? 101XP.lnk -> D:\gry\Game Center 101XP\launcher101xp.exe (101XP) <===== Cyrillic
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk -> C:\Users\Maciek\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk -> C:\Users\Maciek\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\G??gl? ?hr?m?.lnk -> C:\Users\Maciek\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <===== Cyrillic
Task: {BBA436C9-98A9-460B-AB91-65898FAE0877} - System32\Tasks\{63A539A5-9719-4375-B5CD-AB7924FCC9EF} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{9C049499-055C-4a0c-A916-1D12314F45EB}\Install.exe" -c -uninst -l0x9
Task: {401B8351-6776-4DF4-8781-0424E27F3C39} - System32\Tasks\{7B3E27C3-A610-4610-AD44-46875874B2A1} => pcalua.exe -a "C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\Driver\SetDrv.exe" -d "C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\Driver"
C:\ProgramData\Ament.ini
c:\users\maciek\appdata\roaming\tencent
C:\users\maciek\appdata\local\akamai\netsession_win.exe
C:\ProgramData\mntemp
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
U3 WZCSVC; no ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 TesMon; C:\Windows\system32\TesMon.sys [60472 2016-10-20] (Tencent)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [1135288 2016-10-20] (TENCENT)
C:\Windows\system32\TesSafe.sys
C:\Windows\system32\TesMon.sys
S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
FF user.js: detected! => C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\xrz4cmpk.default\user.js [2016-11-18]
GroupPolicy: Restriction <======= ATTENTION
HKU\S-1-5-21-3516207580-795487630-1224567326-1000\...\Run: [safe_urls768] => C:\Users\Maciek\AppData\Roaming\Browser-Security\s768.exe [2548944 2016-07-08] ()
C:\Users\Maciek\AppData\Roaming\Browser-Security
HKU\S-1-5-21-3516207580-795487630-1224567326-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Maciek\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3516207580-795487630-1224567326-1000\...\Run: [SimpleNoteApp3] => C:\Users\Maciek\AppData\Roaming\SimpleNotepad3\SimpleNoteApp3.exe [1313792 2016-10-12] (YUGHEOGEN LOEJIO) <===== ATTENTION
C:\Users\Maciek\AppData\Roaming\HPSewil
HOSTS:
EmptyTemp:
*****************

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A986877E-D3E8-439A-A4FD-DF74BD41AE6E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26C812AA-5E33-436C-9445-B5A27750F284} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A2226C1B-DF5E-4A38-96C1-4A8F167DE0D7}C:\users\maciek\appdata\local\akamai\netsession_win.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{63D9AF9F-E7EE-4C79-854D-0B6900A19C01}C:\users\maciek\appdata\local\akamai\netsession_win.exe => value removed successfully
C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk => Could not remove or repair shortcut argument. The shortcut could be damaged.
C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t ???l?r?r.lnk => Could not remove or repair shortcut argument. The shortcut could be damaged.
"C:\Users\Maciek\Desktop\??????? ????? 101XP.lnk" => Could not move.
"C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk" => Could not move.
"C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk" => Could not move.
"C:\Users\Public\Desktop\G??gl? ?hr?m?.lnk" => Could not move.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBA436C9-98A9-460B-AB91-65898FAE0877} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBA436C9-98A9-460B-AB91-65898FAE0877} => key removed successfully
C:\Windows\System32\Tasks\{63A539A5-9719-4375-B5CD-AB7924FCC9EF} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{63A539A5-9719-4375-B5CD-AB7924FCC9EF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{401B8351-6776-4DF4-8781-0424E27F3C39} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{401B8351-6776-4DF4-8781-0424E27F3C39} => key removed successfully
C:\Windows\System32\Tasks\{7B3E27C3-A610-4610-AD44-46875874B2A1} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7B3E27C3-A610-4610-AD44-46875874B2A1} => key removed successfully
C:\ProgramData\Ament.ini => moved successfully
c:\users\maciek\appdata\roaming\tencent => moved successfully
"C:\users\maciek\appdata\local\akamai\netsession_win.exe" => not found.
C:\ProgramData\mntemp => moved successfully
HKLM\System\CurrentControlSet\Services\gdrv => key removed successfully
gdrv => service removed successfully
WZCSVC => service not found.
HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully
xhunter1 => service removed successfully
HKLM\System\CurrentControlSet\Services\TesMon => key removed successfully
TesMon => service removed successfully
HKLM\System\CurrentControlSet\Services\TesSafe => key removed successfully
TesSafe => service removed successfully
C:\Windows\system32\TesSafe.sys => moved successfully
C:\Windows\system32\TesMon.sys => moved successfully
HKLM\System\CurrentControlSet\Services\GalaxyClientService => key removed successfully
GalaxyClientService => service removed successfully
C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\xrz4cmpk.default\user.js => moved successfully
C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\xrz4cmpk.default\user.js => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-3516207580-795487630-1224567326-1000\Software\Microsoft\Windows\CurrentVersion\Run\\safe_urls768 => value removed successfully
C:\Users\Maciek\AppData\Roaming\Browser-Security => moved successfully
HKU\S-1-5-21-3516207580-795487630-1224567326-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value removed successfully
HKU\S-1-5-21-3516207580-795487630-1224567326-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SimpleNoteApp3 => value removed successfully
"C:\Users\Maciek\AppData\Roaming\HPSewil" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 153107631 B
Java, Flash, Steam htmlcache => 1756 B
Windows/system/drivers => 32019688 B
Edge => 0 B
Chrome => 97662046 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 263668 B
Maciek => 2784634227 B

RecycleBin => 201605394 B
EmptyTemp: => 3.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:11:33 ====

electrolux

Ekspert
Posty: 319
Rejestracja: 06 lut 2017, 00:26

złośliwe oprogramowanie + virus w przeglądarkach

Post16 mar 2017, 23:28

W takim razie zrób nowe logi FRST.
Przed skanem zaznacz "Addition.txt" oraz "Shortcut.txt"
.

Matej

Użytkownik
Posty: 16
Rejestracja: 04 mar 2016, 21:20

złośliwe oprogramowanie + virus w przeglądarkach

Post18 mar 2017, 17:03

Additional
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Maciek (18-03-2017 16:01:53)
Running from C:\Users\Maciek\Desktop\FRST
Windows 7 Home Premium Service Pack 1 (X64) (2015-08-01 19:58:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3516207580-795487630-1224567326-500 - Administrator - Disabled)
Guest (S-1-5-21-3516207580-795487630-1224567326-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3516207580-795487630-1224567326-1006 - Limited - Enabled)
Maciek (S-1-5-21-3516207580-795487630-1224567326-1000 - Administrator - Enabled) => C:\Users\Maciek

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Advanced Archive Password Recovery (HKLM-x32\...\{6E356EEF-203C-451B-9144-CBF099E3738A}) (Version: 4.54.55.1642 - Elcomsoft Co. Ltd.)
ALLPlayer V6.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.)
ASUS USB-N10 WLAN Card Utilities & Driver (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.0.0.5 - ASUS)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )
BLESS (HKU\S-1-5-21-3516207580-795487630-1224567326-1000\...\Game 101XP 3) (Version: - 101XP)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser-Security (HKLM-x32\...\Browser-Security) (Version: 1.2.0.0 - Vondos Media GmbH) <==== ATTENTION
Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
Epic Games Launcher (HKLM-x32\...\{C8E7C575-FCFA-46B2-8FC0-E8AC65501350}) (Version: 1.1.78.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FormatFactory 3.7.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.7.0.0 - Format Factory)
Game Center 101XP (HKLM-x32\...\Game Center 101XP) (Version: - 101XP)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
K-Lite Codec Pack 12.5.5 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.5.5 - KLCP)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.558 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.558 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware wersja 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3516207580-795487630-1224567326-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-3516207580-795487630-1224567326-1000\...\MyComGames) (Version: 3.189 - My.com B.V.)
Napisy24 (HKLM-x32\...\{D1985DBC-F09E-4317-91B8-932AD0FD4A27}_is1) (Version: 1.3 - Napisy24.pl)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{E0ED9630-38E3-418F-A615-A9B2B5758BE5}) (Version: 4.12.9782 - Apache Software Foundation)
OpenVPN 2.4.0-I601 (HKLM\...\OpenVPN) (Version: 2.4.0-I601 - OpenVPN Technologies, Inc.)
Orcs Must Die! Unchained (HKLM-x32\...\{8EBA33AF-48E0-4207-A4EE-96029415AD76}_is1) (Version: - Gameforge 4D GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revelation Online (HKU\S-1-5-21-3516207580-795487630-1224567326-1000\...\Revelation Online) (Version: 1.23 - My.com B.V.)
SimpleNotepad3 (HKU\S-1-5-21-3516207580-795487630-1224567326-1000\...\SimpleNotepad3) (Version: - ) <==== ATTENTION
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.21 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3516207580-795487630-1224567326-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Maciek\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3516207580-795487630-1224567326-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5697A9DD-03CE-4386-B21A-24D5D5803A5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {68A45E0F-A57F-44E3-8179-00911DEEF7F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {88E1849A-DCAC-4AA5-8994-178435437FEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {ACCE173A-5B0C-4C94-BE62-A99E4317131D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3516207580-795487630-1224567326-1000
Task: {C58DE258-FA54-4CF8-AB24-1401C252AF74} - System32\Tasks\{2423D97F-6BEB-4C4D-A821-97101549B10D} => pcalua.exe -a "D:\gry\Game Center 101XP\launcher101xp_agent.exe" -c send uninstall=3

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Maciek\Desktop\Игровой Центр 101XP.lnk -> D:\gry\Game Center 101XP\launcher101xp.exe (101XP) <===== Cyrillic
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Users\Maciek\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Users\Maciek\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Users\Maciek\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <===== Cyrillic

ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 1 0 <===== Cyrillic
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> 3 0 <===== Cyrillic
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c7ce92988e5465d0\101XP Launcher.lnk -> D:\gry\Game Center 101XP\launcher101xp.exe (101XP) -> --user-data-dir="C:\Users\Maciek\AppData\Local\101XP Launcher\User Data" --profile-directory=Default --app-id=lelfganfcipdjofcdoibbjcmcnppdgfa
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-03-11 07:42 - 2017-03-08 13:29 - 03207160 _____ () D:\gry\LOL\RADS\projects\league_client\releases\0.0.0.57\deploy\LeagueClient.exe
2015-08-01 20:06 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 53018112 _____ () C:\Program Files (x86)\GalaxyClient\libcef.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 00507968 _____ () C:\Program Files (x86)\GalaxyClient\PocoUtil.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 00520768 _____ () C:\Program Files (x86)\GalaxyClient\PocoXML.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 00152128 _____ () C:\Program Files (x86)\GalaxyClient\expat.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 01589312 _____ () C:\Program Files (x86)\GalaxyClient\PocoFoundation.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 00425536 _____ () C:\Program Files (x86)\GalaxyClient\pcre.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 00104000 _____ () C:\Program Files (x86)\GalaxyClient\zlib.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 00330816 _____ () C:\Program Files (x86)\GalaxyClient\PocoJSON.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 01076800 _____ () C:\Program Files (x86)\GalaxyClient\PocoNet.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 01854528 _____ () C:\Program Files (x86)\GalaxyClient\PocoData.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 00393280 _____ () C:\Program Files (x86)\GalaxyClient\PocoDataSQLite.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 00680000 _____ () C:\Program Files (x86)\GalaxyClient\sqlite.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 00307776 _____ () C:\Program Files (x86)\GalaxyClient\PocoNetSSL.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 00157760 _____ () C:\Program Files (x86)\GalaxyClient\PocoCrypto.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 00272448 _____ () C:\Program Files (x86)\GalaxyClient\PocoZip.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 01738752 _____ () C:\Program Files (x86)\GalaxyClient\libglesv2.dll
2017-03-16 20:55 - 2017-03-16 21:08 - 00078848 _____ () C:\Program Files (x86)\GalaxyClient\libegl.dll
2017-02-06 22:06 - 2017-02-01 09:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 22:06 - 2017-02-01 09:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-03-14 18:59 - 2017-03-14 18:59 - 17784920 _____ () C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\PepperFlash\25.0.0.127\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2017-03-16 21:10 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3516207580-795487630-1224567326-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8D6630B0-A760-4909-B783-3E99C868B29A}] => (Allow) C:\Users\Maciek\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9012E145-86CA-4316-BC94-EB6907127FEE}] => (Allow) C:\Users\Maciek\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{57A924EF-62A8-415E-90CB-B5CDEBDCAAD6}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B44A5B5C-F099-49A5-9B5A-16EF2CC82860}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{73C876F3-CA57-48F3-B96E-7629556C9AAD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{60B183D8-9380-4B34-B28B-384CDF8368E6}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{F8362AE7-F8F8-493F-BC7B-1190D322D008}] => (Allow) LPort=1542
FirewallRules: [{14FC08B0-779C-4EB3-9C4B-4F4882173C9D}] => (Allow) LPort=1542
FirewallRules: [{32E6CB39-D68C-40F3-A4AF-C3F9B0019020}] => (Allow) LPort=53
FirewallRules: [TCP Query User{DCB8A499-51C7-4F15-9721-F39409F80297}D:\gry\left 4 dead 2\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) D:\gry\left 4 dead 2\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{8F773EBA-A0E9-4E7F-8D19-7FE969B5F874}D:\gry\left 4 dead 2\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) D:\gry\left 4 dead 2\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [{0279B904-CC62-4AA5-AE1F-7D450A5AD92B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EE81378D-B977-4FE0-A99E-58274C8DA936}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{361C66A3-42B8-4700-A4FC-20397AF35B84}] => (Allow) LPort=5357
FirewallRules: [{7E885CA1-B425-491D-8B23-65E4B3378EA7}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{B8A621EE-7F76-4E07-AF4F-A21A9E1D03D4}D:\gry\wc3\warcraft iii\warcraft iii\war3.exe] => (Allow) D:\gry\wc3\warcraft iii\warcraft iii\war3.exe
FirewallRules: [UDP Query User{BE23D7A8-C9E3-437C-8AE9-9902F46955FC}D:\gry\wc3\warcraft iii\warcraft iii\war3.exe] => (Allow) D:\gry\wc3\warcraft iii\warcraft iii\war3.exe
FirewallRules: [{DA03DD71-68A7-467A-8D99-6BCE7B1D56FF}] => (Block) D:\gry\wc3\warcraft iii\warcraft iii\war3.exe
FirewallRules: [{03DC3480-F3F4-4C04-9A42-D203ACE91C3F}] => (Block) D:\gry\wc3\warcraft iii\warcraft iii\war3.exe
FirewallRules: [{FAF10F7C-91E3-43FF-9979-C4696C94926F}] => (Allow) D:\gry\Dragon Nest Europe\DragonNest.exe
FirewallRules: [{115F8C63-5E70-4F4E-BB38-3FD2BD2F86B1}] => (Allow) D:\gry\Dragon Nest Europe\DragonNest.exe
FirewallRules: [{D4CB7600-13FB-41C5-B37D-BC6CC34B1139}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{D19BDC99-3F2E-4BB3-9397-A08561072BDC}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{728B2066-2C0F-421B-AD8E-1BA579F969BE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A3AF4EB7-40FD-44A1-ABA6-1932611B9E2D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{E55B373F-19EE-495F-B827-553707C797CD}D:\gry\dying light\dying light\dyinglightgame.exe] => (Allow) D:\gry\dying light\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{5DFAE438-611B-4E8B-80DC-BB1F97455A9C}D:\gry\dying light\dying light\dyinglightgame.exe] => (Allow) D:\gry\dying light\dying light\dyinglightgame.exe
FirewallRules: [{ACD6386E-1454-4E04-BAE7-2A6BF9DE3551}] => (Block) D:\gry\dying light\dying light\dyinglightgame.exe
FirewallRules: [{A1F00EC9-89D2-4CAB-96DA-960D16DF326C}] => (Block) D:\gry\dying light\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{55A31083-9BA5-44E9-B964-723EDF8DE711}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [UDP Query User{BF2BFABC-706E-4F02-818E-9B60F9AADBB2}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [{74C9AD04-7142-430F-879E-6190735AE9E9}] => (Allow) C:\Users\Maciek\Downloads\bin\BlackDesert32.exe
FirewallRules: [{A743D48D-D2C7-4C60-A897-9831F642BAC3}] => (Allow) C:\Users\Maciek\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{D620D696-4924-41D4-B390-93DFBBF261FA}] => (Allow) C:\Users\Maciek\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{CF6CF872-D2F4-4011-9EE6-731CA2E95FAC}] => (Allow) C:\Users\Maciek\Downloads\BlackDesert_Downloader.exe
FirewallRules: [{9D1858DA-89D5-4E92-A690-3C931823215E}] => (Allow) C:\Users\Maciek\AppData\Local\Temp\7zS2513\HPDiagnosticCoreUI.exe
FirewallRules: [{1DE1F2D3-ED54-4ABF-9120-690949C0E7D5}] => (Allow) C:\Users\Maciek\AppData\Local\Temp\7zS2513\HPDiagnosticCoreUI.exe
FirewallRules: [{8ECE0D6F-D0CB-46FD-936D-6011A48AD08F}] => (Allow) C:\Users\Maciek\AppData\Local\Temp\7zS2962\HPDiagnosticCoreUI.exe
FirewallRules: [{67F206AB-DCD2-4665-8D85-1CBB4255FC46}] => (Allow) C:\Users\Maciek\AppData\Local\Temp\7zS2962\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{1C182454-8646-4155-A851-41C1E55B06E6}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe] => (Block) C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{C2E25EA6-FC30-4DB2-A09B-1CF57D0D1FB7}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe] => (Block) C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{7E59EBE4-8A6D-415B-BD18-32EE5110C727}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{355CA7EE-1D7F-4F5B-9E82-4ACCDD8F5D56}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{601F0A5C-46E6-45B6-9EDA-E74C0DA6197D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{22CA41A0-85C2-4885-865D-0CA1D22ECEA2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{BBDABA41-A678-4F62-8698-B71A71FFB53F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{AF140703-B6AC-4B26-B16E-E9D8BA434905}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{E7935429-EFA9-4AE1-9D53-5FF8D6249864}] => (Allow) %ProgramFiles% (x86)\LogMeIn Hamachi\hamachi-2.exe
FirewallRules: [{9F580309-7515-4A0C-A59E-46AC5212C82D}] => (Allow) %ProgramFiles% (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{416D77BD-1B0C-4251-8D4F-148F9EF59616}] => (Allow) C:\Users\Maciek\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{76DDE604-0644-4463-9992-DA43E37CC1C5}D:\gry\warcraft 33\warcraft iii roc + tft v1.26 complete -iceblitz\warcraft iii 1.26 -iceblitz\war3.exe] => (Allow) D:\gry\warcraft 33\warcraft iii roc + tft v1.26 complete -iceblitz\warcraft iii 1.26 -iceblitz\war3.exe
FirewallRules: [UDP Query User{BCE2B8A9-E56C-4EB0-A64F-1014E7E6ED1D}D:\gry\warcraft 33\warcraft iii roc + tft v1.26 complete -iceblitz\warcraft iii 1.26 -iceblitz\war3.exe] => (Allow) D:\gry\warcraft 33\warcraft iii roc + tft v1.26 complete -iceblitz\warcraft iii 1.26 -iceblitz\war3.exe
FirewallRules: [TCP Query User{8826BFDE-9F4E-4C27-AA88-C7539451D3B6}D:\gry\warcraft 3\warcraft iii roc + tft v1.26 complete -iceblitz\warcraft iii 1.26 -iceblitz\war3.exe] => (Allow) D:\gry\warcraft 3\warcraft iii roc + tft v1.26 complete -iceblitz\warcraft iii 1.26 -iceblitz\war3.exe
FirewallRules: [UDP Query User{17930075-9482-47DD-AAFF-175EB4D47005}D:\gry\warcraft 3\warcraft iii roc + tft v1.26 complete -iceblitz\warcraft iii 1.26 -iceblitz\war3.exe] => (Allow) D:\gry\warcraft 3\warcraft iii roc + tft v1.26 complete -iceblitz\warcraft iii 1.26 -iceblitz\war3.exe
FirewallRules: [TCP Query User{3306F45E-8262-45D7-B8E4-EDB91CF75DE6}D:\gry\borderlands goty\binaries\borderlands.exe] => (Allow) D:\gry\borderlands goty\binaries\borderlands.exe
FirewallRules: [UDP Query User{073D097A-EFB4-4D7D-AE08-370698403E05}D:\gry\borderlands goty\binaries\borderlands.exe] => (Allow) D:\gry\borderlands goty\binaries\borderlands.exe
FirewallRules: [{B8CC8372-08D3-44A5-BD24-EC35BD078148}] => (Allow) C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\RtWLan.exe
FirewallRules: [{D5881C9B-2D4F-425A-87C6-F3C9E74F1223}] => (Allow) C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\RtWLan.exe
FirewallRules: [{3BFDF22C-7695-4658-807E-CB1213060A07}] => (Allow) LPort=1542
FirewallRules: [{C062534B-318A-4CD6-832D-A15D06B68EAE}] => (Allow) LPort=1542
FirewallRules: [{F6EB14EC-AB9D-4CDA-8D38-682CC9308CF5}] => (Allow) LPort=53
FirewallRules: [{5C4DA68A-84EA-44F1-BE04-36714CD02B0C}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{A2C51CD9-B0AE-45BC-BFC1-F103F651FF9E}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{A4F25158-B1FD-4AC5-8499-ED5357942918}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C0B8293A-5176-4210-99E0-E7C865D50D72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{553E72B2-ACE7-4E61-8D2B-9F04929BCCF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B2876FB-B98D-4DA9-B9C7-38B5C6D16B96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7153BF26-97F8-47AF-9707-2AAB9512CC69}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{695E1C19-4347-49B0-9455-31300C6C6FE2}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{095616D9-6BD7-4E16-AA6C-A4330781E6D6}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{FAEC1548-2989-4712-9D77-CD4ECA75D858}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{DA0C3DFD-B64B-4090-83C2-BD0B4B58E2E6}] => (Allow) C:\Users\Maciek\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{58DFD90E-F45A-4856-9B3B-002821233336}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{5CD6228A-96C8-4495-810B-66C208B29555}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{3A97A8F7-286B-4CFE-BE21-A8544738E3EB}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{4F899E91-EB3B-4B41-9FA6-FAF4DEA3DBA0}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{978A9E16-C099-4C90-9C18-F9E70787D379}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{1C48B125-688E-4FAA-BBC7-0E63B0250BC1}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{0B364F11-CFD5-4E79-87A4-F3A2CE05266C}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{28A4114B-D70E-4C44-BFCB-80C310F5F4F1}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{17A1C912-6FBA-483B-8A63-81725EEB6CCF}] => (Allow) C:\Users\Maciek\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{6EEA883E-0DF2-4537-81E3-4717FAB1A8E4}] => (Allow) D:\gry\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{AB1C0AA6-9F7A-454E-809F-471995704BC5}D:\gry\gameforgelive\games\pol_pol\tera\tera-launcher.exe] => (Allow) D:\gry\gameforgelive\games\pol_pol\tera\tera-launcher.exe
FirewallRules: [UDP Query User{209ED9DA-EB25-415C-9E23-21B8881A6AFE}D:\gry\gameforgelive\games\pol_pol\tera\tera-launcher.exe] => (Allow) D:\gry\gameforgelive\games\pol_pol\tera\tera-launcher.exe
FirewallRules: [TCP Query User{350B4610-B61A-448D-A6D6-3D603D849B0F}D:\gry\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\gry\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{137F77DB-2D97-4626-BF4A-533944631AEF}D:\gry\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\gry\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{53A889E8-2A29-481C-AE25-7D8316294141}D:\gry\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\gry\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{C3D7697B-60DE-4827-A136-D9EC290EF0B2}D:\gry\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\gry\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{8B325F52-5C33-4BAC-B0C9-3D2025DD94BC}] => (Allow) D:\gry\GameforgeLive\Games\POL_pol\Orcs Must Die! Unchained\OMDU.exe
FirewallRules: [{AFD63EA1-9120-4DC1-94E5-D4EF9DC5B370}] => (Allow) D:\gry\GameforgeLive\Games\POL_pol\Orcs Must Die! Unchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{65DF2F28-87ED-4AAF-8FA1-73C9AB198CC7}] => (Allow) D:\gry\GameforgeLive\Games\POL_pol\Orcs Must Die! Unchained\Binaries\Win64\SpitfireGame.exe
FirewallRules: [{B1B435D1-52C3-4B87-85A6-00BAE3A9586D}] => (Allow) C:\Users\Maciek\AppData\Local\Temp\QQGameDownloader\wuxia_1475132283_49781\MiniQQDL.exe
FirewallRules: [{B7DE743C-2C16-4950-89B3-73B4E728A799}] => (Allow) C:\Users\Maciek\AppData\Local\Temp\QQGameDownloader\wuxia_1475132283_49781\MiniQQDL.exe
FirewallRules: [TCP Query User{3E0776B4-ADB2-4B5D-A2F5-092E3B6DECFA}C:\users\maciek\appdata\local\temp\qqgamedownloader\wuxia_1475132283_49781\teniodl.exe] => (Allow) C:\users\maciek\appdata\local\temp\qqgamedownloader\wuxia_1475132283_49781\teniodl.exe
FirewallRules: [UDP Query User{07DA69E2-5C17-4B99-AB9B-5D6A0E3B2CF5}C:\users\maciek\appdata\local\temp\qqgamedownloader\wuxia_1475132283_49781\teniodl.exe] => (Allow) C:\users\maciek\appdata\local\temp\qqgamedownloader\wuxia_1475132283_49781\teniodl.exe
FirewallRules: [{D9CEDF05-375B-481C-B502-D91B3E8BC618}] => (Allow) D:\gry\GameforgeLive\Games\POL_pol\Elsword\data\x2.exe
FirewallRules: [{909DFDC3-918D-4523-B2C0-197A47042966}] => (Allow) D:\gry\GameforgeLive\Games\POL_pol\Elsword\data\x2.exe
FirewallRules: [TCP Query User{7A059A64-B65B-4234-B879-058EDFDD10E7}C:\users\maciek\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\maciek\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{41419DDE-30D2-4902-B9D1-0011E3BA3745}C:\users\maciek\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\maciek\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{34B014C1-FD3B-4364-8051-E78D0A87F4D4}D:\gry\revolution online\revelation online\game\tianyu.exe] => (Allow) D:\gry\revolution online\revelation online\game\tianyu.exe
FirewallRules: [UDP Query User{EC5A7DD7-1C21-46A9-BA18-147018390CA4}D:\gry\revolution online\revelation online\game\tianyu.exe] => (Allow) D:\gry\revolution online\revelation online\game\tianyu.exe
FirewallRules: [TCP Query User{72601475-9D7E-4755-B7C5-EF70587B7C93}D:\gry\game center 101xp\launcher101xp.exe] => (Allow) D:\gry\game center 101xp\launcher101xp.exe
FirewallRules: [UDP Query User{7D1BC258-3382-4BA4-B262-98A0C88307A9}D:\gry\game center 101xp\launcher101xp.exe] => (Allow) D:\gry\game center 101xp\launcher101xp.exe
FirewallRules: [{58A0C199-46BF-4D7D-85AC-DB3A6DE9BE50}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{EF5E7E22-DB5F-468E-93FC-9D3321C6CB9E}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{89190F40-F836-423D-BB46-11C15837B494}] => (Allow) D:\gry\Vindictus EU\en-EU\NMService.exe
FirewallRules: [{DACD9C9B-FD80-47FC-A5D3-662416EBD9F3}] => (Allow) D:\gry\Vindictus EU\en-EU\NMService.exe
FirewallRules: [{F0D8130D-D90C-491B-A04F-1D5EFE3B43B4}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{B1D4D37E-712E-4F6D-8E21-EA035E54CA6D}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{F3246830-4BCF-4521-A9C6-8B405938FEC8}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{0C4CF2D8-A22C-4AA3-A043-C174DA6F5D04}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{1AB3B367-7B02-4098-AD9A-6658A59D22E3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{F7906F15-8A87-4A1E-A8AF-F7EC1533D376}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [TCP Query User{8EE4A61A-7A59-4843-A36D-D877039B92B6}C:\users\maciek\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\maciek\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{97B5FC14-A1AF-4436-8C46-F3C65DD5464F}C:\users\maciek\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\maciek\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{AC0CBB6F-4B95-4D32-A803-8071433BF31F}C:\games101xp\install\bless\binaries\win64\bless.exe] => (Allow) C:\games101xp\install\bless\binaries\win64\bless.exe
FirewallRules: [UDP Query User{DFBCD93E-473E-4B4F-A9C7-0DB256E6402E}C:\games101xp\install\bless\binaries\win64\bless.exe] => (Allow) C:\games101xp\install\bless\binaries\win64\bless.exe
FirewallRules: [TCP Query User{1910032C-A73F-48B4-B851-F1DAD96D7F73}D:\gry\game center 101xp\launcher101xp.exe] => (Allow) D:\gry\game center 101xp\launcher101xp.exe
FirewallRules: [UDP Query User{A6CF44C1-7697-46AC-9B7C-9EA0CE0BAB3B}D:\gry\game center 101xp\launcher101xp.exe] => (Allow) D:\gry\game center 101xp\launcher101xp.exe
FirewallRules: [TCP Query User{31AE5C5C-D7D0-4C4F-9D2D-0085732B2FCD}C:\games101xp\install\bless\binaries\win64\bless.exe] => (Allow) C:\games101xp\install\bless\binaries\win64\bless.exe
FirewallRules: [UDP Query User{26C5F00B-FF97-460E-AD2A-072EB3DF919A}C:\games101xp\install\bless\binaries\win64\bless.exe] => (Allow) C:\games101xp\install\bless\binaries\win64\bless.exe
FirewallRules: [TCP Query User{B3A8327C-C037-4142-A5A6-D2C662FB3249}D:\gry\dont starve together\don't starve together beta\don't starve together (v134235) (rog)\don't starve together\bin\dontstarve_steam.exe] => (Allow) D:\gry\dont starve together\don't starve together beta\don't starve together (v134235) (rog)\don't starve together\bin\dontstarve_steam.exe
FirewallRules: [UDP Query User{F4D2031C-AED8-458F-B612-956CE3973300}D:\gry\dont starve together\don't starve together beta\don't starve together (v134235) (rog)\don't starve together\bin\dontstarve_steam.exe] => (Allow) D:\gry\dont starve together\don't starve together beta\don't starve together (v134235) (rog)\don't starve together\bin\dontstarve_steam.exe
FirewallRules: [{644D487F-A4C1-4D4B-9B00-476312DB2117}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

30-01-2017 19:05:23 Installed LogMeIn Hamachi
07-02-2017 17:57:50 Installed League of Legends
07-02-2017 17:58:31 Installed DirectX
21-02-2017 10:35:05 Scheduled Checkpoint
28-02-2017 21:23:49 Scheduled Checkpoint
08-03-2017 12:47:59 Scheduled Checkpoint
15-03-2017 14:27:12 Windows Update
16-03-2017 20:55:24 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
16-03-2017 20:56:09 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
16-03-2017 20:56:46 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2017 02:24:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/17/2017 06:41:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/17/2017 07:52:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/16/2017 09:12:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/16/2017 09:06:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/16/2017 12:21:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/15/2017 04:30:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/15/2017 12:49:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/14/2017 03:31:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/14/2017 08:23:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/18/2017 02:24:11 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The OpenVPN Interactive Service service depends the following service: tap0901. This service might not be installed.

Error: (03/17/2017 06:41:30 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The OpenVPN Interactive Service service depends the following service: tap0901. This service might not be installed.

Error: (03/17/2017 07:52:27 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The OpenVPN Interactive Service service depends the following service: tap0901. This service might not be installed.

Error: (03/16/2017 09:12:53 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The OpenVPN Interactive Service service depends the following service: tap0901. This service might not be installed.

Error: (03/16/2017 09:06:11 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The OpenVPN Interactive Service service depends the following service: tap0901. This service might not be installed.

Error: (03/16/2017 09:06:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:05:15 PM on ‎3/‎16/‎2017 was unexpected.

Error: (03/16/2017 12:21:42 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The OpenVPN Interactive Service service depends the following service: tap0901. This service might not be installed.

Error: (03/15/2017 04:30:24 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The OpenVPN Interactive Service service depends the following service: tap0901. This service might not be installed.

Error: (03/15/2017 12:49:53 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The OpenVPN Interactive Service service depends the following service: tap0901. This service might not be installed.

Error: (03/14/2017 03:31:04 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The OpenVPN Interactive Service service depends the following service: tap0901. This service might not be installed.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 33%
Total physical RAM: 8083.02 MB
Available physical RAM: 5392.71 MB
Total Virtual: 16164.21 MB
Available Virtual: 12967.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:687.37 GB) (Free:521.56 GB) NTFS
Drive d: () (Fixed) (Total:244.04 GB) (Free:110.64 GB) NTFS
Drive f: (16.0.6741.2048) (CDROM) (Total:2.62 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DAEAC3EC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Shortcut
Users shortcut scan result (x64) Version: 15-03-2017
Ran by Maciek (18-03-2017 16:02:12)
Running from C:\Users\Maciek\Desktop\FRST
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)



Shortcut: C:\Users\Maciek\AppData\Local\Microsoft\Windows\GameExplorer\{CF68FDBD-51DE-4B22-8467-6867F11E73CA}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.croteam.com/game_overview.shtml


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk -> C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk -> D:\gry\paragon\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Co nowego w ostatniej wersji.lnk -> C:\Program Files\WinRAR\CoNowego.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Podręcznik RARa dla konsoli.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Pomoc WinRARa.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 13.0\Vegas Pro 13.0 (64-bit).lnk -> C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe (Sony Creative Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 13.0\Vegas Pro 13.0 Readme.lnk -> C:\Program Files\Sony\Vegas Pro 13.0\Readme\Vegas_readme.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\SoftEther VPN Client Manager.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\SoftEther VPN Command Line Utility (vpncmd).lnk -> C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Configuration Tools\Services Running on this Computer.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Configuration Tools\Uninstall SoftEther VPN Client.lnk -> C:\Program Files\SoftEther VPN Client\vpnsetup.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Uninstall.lnk -> C:\Program Files (x86)\Google\Picasa3\uninstall.exe (Google)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest\NCLauncher\Uninstall - NCLauncher.lnk -> C:\Program Files (x86)\NCWest\NCLauncher\Uninstall.exe (NCSOFT Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napisy24\Napisy24.pl.lnk -> C:\Program Files (x86)\Napisy24\Napisy24.exe (Napisy24.pl)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Deinstalacja programu Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk -> C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk -> D:\gry\LOL\LeagueClient.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic (x64).lnk -> C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe (MPC-HC Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC\mpc-hc.exe (MPC-HC Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk -> C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2540 series\Help.lnk -> C:\Program Files (x86)\HP\HP Deskjet 2540 series\bin\HelpViewer\hpqlpvwr.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2540 series\HP Online Printer Diagnostic Tools.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\DiagnosticToolsShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2540 series\HP Scan.lnk -> C:\Program Files (x86)\HP\HP Deskjet 2540 series\bin\HPScan.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2540 series\Printer Setup & Software.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetupLauncher.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2540 series\Product Support Website.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\ProductSupportShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2540 series\Shop for Supplies.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2540 series\Wireless Printing Online Help.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\WirelessEasyShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Wiedźmin 3® - Dziki Gon\Usuń Wiedźmin 3® - Dziki Gon.lnk -> C:\GOG Games\The Witcher 3 Wild Hunt\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\GOG Galaxy\GOG Galaxy.lnk -> C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe (GOG.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk -> C:\Program Files\Microsoft Games\More Games\MoreGames.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\StarCraft II Wings of Liberty™.lnk -> [LF6"pH,R GFSIOf{VeCCommand the mysterious protoss, the nomadic terrans or the ruthless zerg as you decide how to outwit or outgun the enemy in an unforgiving universe of intense real-time strategic gameplay.(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Tales from the Borderlands.lnk -> [LF6"pH,R GFSIpś.IlAAITales from the Borderlands(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\The Witcher 3 Wild Hunt.lnk -> [LF6"pH,R GFSIgmL8 zThe Witcher 3: Wild Hunt(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Dezinstalacja aplikacji Gameforge Live.lnk -> D:\gry\GameforgeLive\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Gameforge Live.lnk -> D:\gry\GameforgeLive\GameforgeLive.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery\Advanced Archive Password Recovery.lnk -> C:\Program Files (x86)\Elcomsoft Password Recovery\Advanced Archive Password Recovery\ARCHPR.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery\Documentation\Advanced Archive Password Recovery Help.lnk -> C:\Program Files (x86)\Elcomsoft Password Recovery\Advanced Archive Password Recovery\ARCHPR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery\Documentation\License Agreement.lnk -> C:\Program Files (x86)\Elcomsoft Password Recovery\License.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk -> C:\Program Files (x86)\DAEMON Tools Lite\DTLauncher.exe (Disc Soft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black & White 2\Przeczytaj v1.1.lnk -> D:\gry\Black And White 2\readme_v1_1.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black & White 2\Przeczytaj v1.2.lnk -> D:\gry\Black And White 2\readme_v1_2.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\USB-N10 WLAN Card Utilities\ASUS USB-N10 WLAN Control Center.lnk -> C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\RtWLan.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy\HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy\Start Andy.lnk -> C:\Program Files\Andy\HandyAndy.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings\AMD Settings.lnk -> C:\Program Files\AMD\CNext\CNext\cnext.exe (Advanced Micro Devices, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLPlayer\ALLPlayer.lnk -> C:\Program Files (x86)\ALLPlayer\ALLPlayer.exe (ALLPlayer Group Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLPlayer\Strona WWW programu ALLPlayer V6.X.lnk -> C:\Program Files (x86)\ALLPlayer\ALLPlayerENG.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\Links\OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Maciek\Music\Computer - Shortcut.lnk -> L ᐁ À 䘀  借俠⃐㫪ၩ�〫鴰 û ꀀn 匱卐뜥䟯ယ怂麌곫%
ἀ ऀ 䌀漀洀瀀甀琀攀爀 ⴀ Ѐ   System Folder  匱卐檦⡣锽ᇒ횵쀀�퀘e  ἀ ⤀ 㨀㨀笀㈀ 䐀 㐀䘀䔀 ⴀ㌀䄀䔀䄀ⴀ㄀ 㘀㤀ⴀ䄀㈀䐀㠀ⴀ 㠀  ㈀䈀㌀ ㌀ 㤀䐀紀
Shortcut: C:\Users\Maciek\Links\Desktop.lnk -> C:\Users\Maciek\Desktop ()
Shortcut: C:\Users\Maciek\Links\Downloads.lnk -> C:\Users\Maciek\Downloads ()
Shortcut: C:\Users\Maciek\Links\OneDrive.lnk -> C:\Users\Maciek\OneDrive ()
Shortcut: C:\Users\Maciek\Links\RecentPlaces.lnk -> L ᐁ À 䘀  耟穭⊇㞡䘚낑�깚馼 ă ꀀv 匱卐뜥䟯ယ怂麌곫-
ἀ ฀ 刀攀挀攀渀琀 倀氀愀挀攀猀 ⴀ Ѐ   System Folder  匱卐檦⡣锽ᇒ횵쀀�퀘e  ἀ ⤀ 㨀㨀笀㈀㈀㠀㜀㜀䄀㘀䐀ⴀ㌀㜀䄀㄀ⴀ㐀㘀㄀䄀ⴀ㤀㄀䈀 ⴀ䐀䈀䐀䄀㔀䄀䄀䔀䈀䌀㤀㤀紀
Shortcut: C:\Users\Maciek\Desktop\Bless - Shortcut.lnk -> C:\Games101XP\install\BLESS\Binaries\Win64\Bless.exe (No File)
Shortcut: C:\Users\Maciek\Desktop\dontstarve_steam - Shortcut.lnk -> D:\gry\dont starve together\Don't Starve Together Beta\Don't Starve Together (v134235) (RoG)\Don't Starve Together\bin\dontstarve_steam.exe ()
Shortcut: C:\Users\Maciek\Desktop\Игровой Центр 101XP.lnk -> D:\gry\Game Center 101XP\launcher101xp.exe (101XP)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Users\Maciek\AppData\Roaming\HPSewil\SewilStarter2.exe (No File)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Users\Maciek\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Co nowego w ostatniej wersji.lnk -> C:\Program Files\WinRAR\CoNowego.txt ()
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Podręcznik RARa dla konsoli.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Pomoc WinRARa.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games\My.com Game Center.lnk -> C:\Users\Maciek\AppData\Local\MyComGames\MyComGames.exe (MY.COM B.V.)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Black & White 2 Battle of the Gods™.lnk -> [LF6"pH,R GFSIхޢ]EHny$Black & White 2: Battle of the Gods"!(1SPSXFL8C&m]
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Black & White 2™.lnk -> [LF6"pH,R GFSIQ[OEJbsBlack & White 2"!(1SPSXFL8C&m]
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Metal Gear Solid®.lnk -> [LF6"pH,R GFSIf=Ll$~OMetal Gear Solid(1SPSXFL8C&m]
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Serious Sam.lnk -> [LF6"pH,R GFSIhQ"KghgsSerious Sam(1SPSXFL8C&m]
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\WarCraft IIIFrozen Throne™.lnk -> [LF6"pH,R GFSI{FG#YO2?WarCraft III:Frozen Throne"!(1SPSXFL8C&m]
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Warcraft® 3 Reign of Chaos™.lnk -> [LF6"pH,R GFSII
aOu@hjINWarcraft 3: Reign of Chaos"!(1SPSXFL8C&m]
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk -> D:\Programiki\FormatFactory\FormatFactory.exe (Free Time)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Uninstall.lnk -> D:\Programiki\FormatFactory\uninst.exe (Free Time)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever\Program Management Console.lnk -> C:\Users\Maciek\AppData\Local\CompuClever\Program Management Console\pmc.exe (No File)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Users\Maciek\AppData\Roaming\HPSewil\SewilStarter2.exe (No File)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\SendTo\Format Factory.lnk -> D:\Programiki\FormatFactory\FormatFactory.exe (Free Time)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Napisy24.pl.lnk -> C:\Program Files (x86)\Napisy24\Napisy24.exe (Napisy24.pl)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Program Management Console.lnk -> C:\Users\Maciek\AppData\Local\CompuClever\Program Management Console\pmc.exe (No File)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\HP Scan.lnk -> C:\Program Files (x86)\HP\HP Deskjet 2540 series\bin\HPScan.exe (Hewlett-Packard Co.)
Shortcut: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Maciek\AppData\Local\Microsoft\Windows\GameExplorer\{CF68FDBD-51DE-4B22-8467-6867F11E73CA}\PlayTasks\0\Play.lnk -> D:\gry\ss\Bin\SeriousSam.exe (No File)
Shortcut: C:\Users\Maciek\AppData\Local\Microsoft\Windows\GameExplorer\{96B11405-BDB9-4040-A771-619BFDD12B4D}\PlayTasks\0\Play.lnk -> D:\gry\Warcraft 3\Warcraft III RoC + TFT v1.26 Complete -IceBlitz\Warcraft III 1.26 -IceBlitz\Frozen Throne.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\DAEMON Tools Lite.lnk -> C:\Program Files (x86)\DAEMON Tools Lite\DTLauncher.exe (Disc Soft Ltd)
Shortcut: C:\Users\Public\Desktop\Epic Games Launcher.lnk -> D:\gry\paragon\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\Users\Public\Desktop\Gameforge Live.lnk -> D:\gry\GameforgeLive\GameforgeLive.exe ()
Shortcut: C:\Users\Public\Desktop\GOG Galaxy.lnk -> C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe (GOG.com)
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Users\Maciek\AppData\Roaming\HPSewil\SewilStarter2.exe (No File)
Shortcut: C:\Users\Public\Desktop\League of Legends.lnk -> D:\gry\LOL\LeagueClient.exe ()
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Recuva.lnk -> C:\Program Files\Recuva\recuva64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ASUS USB-N10 WLAN Control Center.lnk -> C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\RtWLan.exe (ASUSTeK Computer Inc.) -> /H
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.) -> /startup
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Manage Remote Computer's SoftEther VPN Client.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.) -> /remote
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Language Settings\Configure Display Language.lnk -> C:\Program Files\SoftEther VPN Client\vpnsetup.exe (SoftEther VPN Project at University of Tsukuba, Japan.) -> /language:yes
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Configuration Tools\TCP Optimization Utility.lnk -> C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.) -> /tcp
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Administrative Tools\Debugging Information Collecting Tool.lnk -> C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.) -> /debug
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Administrative Tools\Easy Installer Creator.lnk -> C:\Program Files\SoftEther VPN Client\vpnsetup.exe (SoftEther VPN Project at University of Tsukuba, Japan.) -> /easy:true
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Administrative Tools\Network Traffic Speed Test Tool.lnk -> C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.) -> /traffic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Administrative Tools\Web Installer Creator.lnk -> C:\Program Files\SoftEther VPN Client\vpnsetup.exe (SoftEther VPN Project at University of Tsukuba, Japan.) -> /web:true
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configure Picasa Photo Viewer.lnk -> C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe (Google Inc.) -> /reconfig
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {89E5827E-EAE7-47F2-A57F-52D92C671983} REMOVE=ALL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavaudio.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavsplitter.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavvideo.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2540 series\HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HP Deskjet 2540 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2540 series\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /qb /x {6A79CD11-0C1C-4E24-A8C6-46A02F680346}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2540 series\Update IP Address.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe (Hewlett-Packard Co.) -> /changeip ""
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Wiedźmin 3® - Dziki Gon\Wiedźmin 3® - Dziki Gon.lnk -> C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe (GOG.com) -> /gameId=1207664643 /command=launch /path="C:\GOG Games\The Witcher 3 Wild Hunt"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Orcs Must Die! Unchained.lnk -> D:\gry\GameforgeLive\GameforgeLive.exe () -> "D:\gry\GameforgeLive\Games\POL_pol\Orcs Must Die! Unchained\OMDU.exe" -start OrcsMustDie
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery\Uninstall\Advanced Archive Password Recovery.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /i {6E356EEF-203C-451B-9144-CBF099E3738A}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\USB-N10 WLAN Card Utilities\Uninstall USB-N10 WLAN Card Utilities.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{9C049499-055C-4a0c-A916-1D12314F45EB}\Install.exe (RealTek) -> -uninst -l0x9
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLPlayer\ALLPlayer.Radio.lnk -> C:\Program Files (x86)\ALLPlayer\ALLPlayer.exe (ALLPlayer Group Ltd.) -> Radio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Maciek\Desktop\Archeage.lnk -> D:\gry\RIFT\Glyph\GlyphClientApp.exe (Trion Worlds Inc.) -> -game 120
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk -> D:\Programiki\FormatFactory\FormatFactory.exe (Free Time) -> /help
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ALLPlayer.Radio.lnk -> C:\Program Files (x86)\ALLPlayer\ALLPlayer.exe (ALLPlayer Group Ltd.) -> Radio
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 1 0
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> 3 0
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c7ce92988e5465d0\101XP Launcher.lnk -> D:\gry\Game Center 101XP\launcher101xp.exe (101XP) -> --user-data-dir="C:\Users\Maciek\AppData\Local\101XP Launcher\User Data" --profile-directory=Default --app-id=lelfganfcipdjofcdoibbjcmcnppdgfa
ShortcutWithArgument: C:\Users\Public\Desktop\Orcs Must Die! Unchained.lnk -> D:\gry\GameforgeLive\GameforgeLive.exe () -> "D:\gry\GameforgeLive\Games\POL_pol\Orcs Must Die! Unchained\OMDU.exe" -start OrcsMustDie
ShortcutWithArgument: C:\Users\Public\Desktop\Wiedźmin 3® - Dziki Gon.lnk -> C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe (GOG.com) -> /gameId=1207664643 /command=launch /path="C:\GOG Games\The Witcher 3 Wild Hunt"


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napisy24\Napisy24.pl on the Web.url -> URL: hxxp://napisy24.pl/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Online Codec Help.url -> URL: hxxp://www.codecguide.com/help.htm
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Wiedźmin 3® - Dziki Gon\Dokumenty\Pomoc.url -> URL: hxxp://www.gog.com/support/the_witcher_3_wild_hunt
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Strona internetowa Gameforge Live.url -> URL: hxxp://gfl.gameforge.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery\Documentation\ElcomSoft on the Web.url -> URL: hxxp://www.elcomsoft.com
InternetURL: C:\Users\Maciek\Favorites\Windows Live\Get Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Maciek\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Maciek\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Maciek\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Maciek\Favorites\MSN Websites\MSN Autos.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Maciek\Favorites\MSN Websites\MSN Entertainment.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Maciek\Favorites\MSN Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Maciek\Favorites\MSN Websites\MSN Sports.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Maciek\Favorites\MSN Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Maciek\Favorites\MSN Websites\MSNBC News.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Maciek\Favorites\Microsoft Websites\IE Add-on site.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Maciek\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Maciek\Favorites\Microsoft Websites\Microsoft At Home.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Maciek\Favorites\Microsoft Websites\Microsoft At Work.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Maciek\Favorites\Microsoft Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Maciek\Favorites\Links for United States\GobiernoUSA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Maciek\Favorites\Links for United States\USA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Maciek\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Maciek\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Maciek\Desktop\Revelation Online.url -> URL: mycomgames://show/13.2000026
InternetURL: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games\Revelation Online\Revelation Online.url -> URL: mycomgames://show/13.2000026
InternetURL: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games\Revelation Online\Uninstall Revelation Online.url -> URL: mycomgames://uninstall/13.2000026

==================== End of Shortcut.txt =============================


frst notepad
LastRegBack: 2017-03-14 15:48

==================== End of FRST.txt ============================

electrolux

Ekspert
Posty: 319
Rejestracja: 06 lut 2017, 00:26

złośliwe oprogramowanie + virus w przeglądarkach

Post18 mar 2017, 17:52

Log FRST.txt nie zmieścił się.

Otwórz Notatnik i wklej w nim:
C:\Users\Maciek\Desktop\Bless - Shortcut.lnk
C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
C:\Users\Maciek\AppData\Roaming\HPSewil
C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever\Program Management Console.lnk
C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk
C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Program Management Console.lnk
C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 1 0 <===== Cyrillic
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> 3 0 <===== Cyrillic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
Task: {C58DE258-FA54-4CF8-AB24-1401C252AF74} - System32\Tasks\{2423D97F-6BEB-4C4D-A821-97101549B10D} => pcalua.exe -a "D:\gry\Game Center 101XP\launcher101xp_agent.exe" -c send uninstall=3
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser-Security
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Browser-Security
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

Zrób nowe logi FRST.
przed skanem zaznacz: Additional.txt Shortcut.txt,
Logi (tekst) wklejaj na Dostępne tylko dla zarejestrowanych użytkowników, a w poście daj tylko linki.(czyli skopiuj adres z paska adresów)
Napisz, jaka sytuacja?


electrolux

Ekspert
Posty: 319
Rejestracja: 06 lut 2017, 00:26

złośliwe oprogramowanie + virus w przeglądarkach

Post20 mar 2017, 19:37

Otwórz Notatnik i wklej w nim:
FirewallRules: [TCP Query User{8EE4A61A-7A59-4843-A36D-D877039B92B6}C:\users\maciek\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\maciek\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{97B5FC14-A1AF-4436-8C46-F3C65DD5464F}C:\users\maciek\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\maciek\appdata\local\akamai\netsession_win.exe
C:\users\maciek\appdata\local\akamai\netsession_win.exe
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 1 0 <===== Cyrillic
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> 3 0 <===== Cyrillic
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c7ce92988e5465d0\101XP Launcher.lnk -> D:\gry\Game Center 101XP\launcher101xp.exe (101XP) -> --user-data-dir="C:\Users\Maciek\AppData\Local\101XP Launcher\User Data" --profile-directory=Default --app-id=lelfganfcipdjofcdoibbjcmcnppdgfa
C:\Users\Maciek\Desktop\Игровой Центр 101XP.lnk
C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk
C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
CHR Extension: (Browser-Security) - C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\faeinneekbeceimjnljfmaincojhhmln [2016-11-18]
HKU\S-1-5-21-3516207580-795487630-1224567326-1000\...\Run: [Chromium] => "c:\users\maciek\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

Zrób nowe logi FRST - już bez Shortcut.
.


electrolux

Ekspert
Posty: 319
Rejestracja: 06 lut 2017, 00:26

złośliwe oprogramowanie + virus w przeglądarkach

Post21 mar 2017, 19:51

SimpleNotepad3 (HKU\S-1-5-21-3516207580-795487630-1224567326-1000\...\SimpleNotepad3) (Version: - ) <==== ATTENTION

Znasz ten program?

Otwórz Notatnik i wklej w nim:
C:\Users\Maciek\Desktop\Игровой Центр 101XP.lnk
C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk
C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
RemoveDirectory: C:\Users\Maciek\AppData\Roaming\HPSewil
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 1 0 <===== Cyrillic
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> 3 0 <===== Cyrillic
CHR Extension: (Browser-Security) - C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\faeinneekbeceimjnljfmaincojhhmln [2017-03-21]
EmptyTemp:

>>Menu Notatnika >> Plik >>
>>Zapisz jako >>
Nazwa pliku: fixlist
Zapisz jako typ: Dokumenty tekstowe
Kodowanie: UTF-8
>>Zapisz
Plik umieść w folderze C:\Users\Maciek\Desktop\FRST
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

Zrób nowe logi FRST - bez Shortcut.
.


electrolux

Ekspert
Posty: 319
Rejestracja: 06 lut 2017, 00:26

złośliwe oprogramowanie + virus w przeglądarkach

Post22 mar 2017, 19:50

Nie znam,

to spróbuj odinstalować.

CHR Extension: (Browser-Security) - C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\faeinneekbeceimjnljfmaincojhhmln [2017-03-22]

Sam zainstalowałeś to rozszerzenie w Chrome?

Matej

Użytkownik
Posty: 16
Rejestracja: 04 mar 2016, 21:20

złośliwe oprogramowanie + virus w przeglądarkach

Post22 mar 2017, 21:11

Odinstalowałem,
jeśli chodzi o rozszerzenie to też nie instalowałem

electrolux

Ekspert
Posty: 319
Rejestracja: 06 lut 2017, 00:26

złośliwe oprogramowanie + virus w przeglądarkach

Post22 mar 2017, 21:34

Otwórz Notatnik i wklej w nim:
CHR Extension: (Browser-Security) - C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\faeinneekbeceimjnljfmaincojhhmln [2017-03-22]
C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\faeinneekbeceimjnljfmaincojhhmln
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

Jak oceniasz sytuację?

Matej

Użytkownik
Posty: 16
Rejestracja: 04 mar 2016, 21:20

złośliwe oprogramowanie + virus w przeglądarkach

Post22 mar 2017, 22:51

Wszystko chodzi jak powinno :)



  • Reklama

Wróć do „Bezpieczeństwo”



Kto jest online

Użytkownicy przeglądający to forum: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 12 gości