FRST

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 16.05.2018 01
Uruchomiony przez maro (28-05-2018 08:34:00)
Uruchomiony z F:\
Windows 10 Home Wersja 1803 17134.48 (X64) (2018-05-13 20:20:08)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Administrator (S-1-5-21-2733974409-696436795-1696199612-500 - Administrator - Disabled)
Gość (S-1-5-21-2733974409-696436795-1696199612-501 - Limited - Disabled)
Konto domyślne (S-1-5-21-2733974409-696436795-1696199612-503 - Limited - Disabled)
maro (S-1-5-21-2733974409-696436795-1696199612-1004 - Administrator - Enabled) => C:\Users\maro
WDAGUtilityAccount (S-1-5-21-2733974409-696436795-1696199612-504 - Limited - Disabled)

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

µTorrent (HKU\S-1-5-21-2733974409-696436795-1696199612-1004\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.)
1400 (HKLM-x32\...\{0919D141-CCBC-4751-997D-E022345643BE}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
1400_Help (HKLM-x32\...\{6FBE200D-1F00-40B7-BF48-FEB265AADE94}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
1400Trb (HKLM-x32\...\{6A3C2391-BCE2-4D28-A336-73B953B4502F}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (HKLM-x32\...\{D5045A94-1D46-44A7-9C4F-7D05B40D82EC}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{2DFDE21D-AFFE-4CDD-BBD4-3B7832BEC036}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
AudioFXSetup (HKLM\...\{1FE5ADE2-823B-4E4C-A2D3-063822B3C794}) (Version: 1.2.1201 - Nahimic) Hidden
Brother MFL-Pro Suite DCP-T500W (HKLM-x32\...\{BA07A125-6AC7-4293-89D6-391676FFD041}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Cent Browser (HKU\S-1-5-21-2733974409-696436795-1696199612-1004\...\CentBrowser) (Version: 2.9.4.39 - Cent Studio)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
CheckDevicesConfigurator (HKLM\...\{85334C6B-E4CF-4A3C-8FE2-AF73D5DB9827}) (Version: 1.2.1201 - Nahimic) Hidden
Company of Heroes 2 (HKLM-x32\...\Company of Heroes 2_is1) (Version:  - )
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
e-pity 9.3.4 za rok 2017 (HKLM-x32\...\{80D8170E-5590-218-B9ED-E24E4C99A11D}_is1) (Version: 9.3.4 - e-file sp. z o.o. sp.k.)
f.lux (HKU\S-1-5-21-2733974409-696436795-1696199612-1004\...\Flux) (Version:  - f.lux Software LLC)
Fallout 4 GOTY version 1.10.82.0 (HKLM-x32\...\Fallout 4 GOTY_is1) (Version: 1.10.82.0 - Mr DJ)
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
Gadwin PrintScreen (64-Bit) (HKLM\...\{6813FA49-DFC4-4F58-910D-ED39C2BD979B}) (Version: 5.8.0.0 - Gadwin Systems)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{89E5F369-612A-4A5E-8BF2-7938C76ABF29}) (Version: 3.0.135 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 3.1.53.8739 - Intel(R) Corporation)
Intel® Small Business Advantage (HKLM-x32\...\{C7A82877-2365-4A03-B23F-DFDD629B7F3A}) (Version: 4.0.44 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 11.0.0 - JPEXS)
LauncherSetup (HKLM\...\{E9A24BF9-2AD3-46BE-A9AF-4DED8EBC124E}) (Version: 1.2.1201 - Nahimic) Hidden
LOOT version 0.12.5 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.12.5 - LOOT Team)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.9226.2156 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - pl-pl (HKLM\...\ProPlusRetail - pl-pl) (Version: 16.0.9226.2156 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.021 - MSI)
Nahimic for MSI (HKLM-x32\...\{0c311339-9de4-4dd7-b21d-3dcfa3a2946f}) (Version: 1.2.12 - Nahimic)
NahimicSettingsConfigurator (HKLM\...\{5FFC5E3A-4A2B-4201-9132-5ED5A0453797}) (Version: 1.2.1201 - Nahimic) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5 - Notepad++ Team)
NVIDIA Oprogramowanie systemu PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Sterownik 3D Vision 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Sterownik kontrolera 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0415-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== UWAGA
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oprogramowanie mikroukładu Intel® (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Panel sterowania NVIDIA 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.13 - NVIDIA Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.5 - Tracker Software Products Ltd)
ProductDaemonSetup (HKLM\...\{79CB3FC2-E67A-4C4F-8C24-874DCD38199A}) (Version: 1.2.1201 - Nahimic) Hidden
Python 3.6.4 (32-bit) (HKU\S-1-5-21-2733974409-696436795-1696199612-1004\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 Core Interpreter (32-bit) (HKLM-x32\...\{D188614B-E656-4EF1-9F5A-23559EBE8F5A}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Development Libraries (32-bit) (HKLM-x32\...\{C3797E33-967D-4687-8F1A-9DE771A00125}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Documentation (32-bit) (HKLM-x32\...\{E09874D3-E898-4AB6-B043-EE24DF786088}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Executables (32-bit) (HKLM-x32\...\{47A75DB9-F3F5-4697-9261-DBA5162DBB9E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 pip Bootstrap (32-bit) (HKLM-x32\...\{54142B43-2FA5-4BBA-BF03-27C10EB50C1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Standard Library (32-bit) (HKLM-x32\...\{2832768E-9BCA-4421-950C-7186B3BDFC45}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{20888FA1-8127-42E3-969F-9BF93245AC83}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Test Suite (32-bit) (HKLM-x32\...\{D14FB2FA-51B2-415C-93BF-5053102235EE}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Utility Scripts (32-bit) (HKLM-x32\...\{D0730E44-E519-4F39-B926-E2FC0449D67C}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{B42FF40A-60D4-4096-AC47-C86153D72797}) (Version: 3.6.6196.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
System Table (HKLM-x32\...\System Table_is1) (Version:  - )
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
Tower of Time (HKLM-x32\...\Tower of Time_is1) (Version:  - )
TP-LINK TL-WN881ND Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
UIInstallUpgrade (HKLM\...\{DEB82682-EF4C-4D3D-AEE0-51B62FEFDD21}) (Version: 1.2.1201 - Nahimic) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WhatsApp (HKU\S-1-5-21-2733974409-696436795-1696199612-1004\...\WhatsApp) (Version: 0.2.6968 - WhatsApp)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
YoutubeAdBlock (HKLM-x32\...\E3605470-291B-44EB-8648-745EE356599A) (Version: 2.0.0.541 - Company Inc.) <==== UWAGA

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => F:\Notepad++\NppShell_06.dll [2017-08-15] ()
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {095AB15E-9C81-482C-8B89-12D4F3016D9E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {20BAD7FA-0048-47F4-AF24-E94E863EBB6B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)
Task: {2D571C8D-2C5C-46AE-A106-3BC7F6B8C105} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2733974409-696436795-1696199612-1004 => C:\Users\maro\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {2E551A8D-9151-4D87-89A5-A1248A52FFDF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-21] (Microsoft Corporation)
Task: {3905B444-EDD6-4F32-9309-B66AFE04046D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {3ABDD550-9BAF-4C1B-9FC3-F117E66D6CF0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)
Task: {3C829382-C543-43F3-885B-38256FCC1988} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-05-29] ()
Task: {487CF29F-C985-47AE-84DB-7FF66578471C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-05-21] (Microsoft Corporation)
Task: {4F9736B9-68C8-48D2-8B94-10115F7FA46C} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
Task: {630AC73E-81DD-4F88-AD06-6A26D8F2BBC7} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {768788A2-2194-420B-A84D-DF0C27C0EFF3} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe [2015-12-04] ()
Task: {78BBD74E-4FF0-4D48-BFE7-431CF268C9A9} - System32\Tasks\{019149B5-28B3-4D91-A2E7-AD81B91E7D02} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}\PerformanceSuite.exe" -c -remove -runfromtemp
Task: {7BD16E14-5FBF-4A68-9F9E-81C6FB65C198} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [2015-12-04] ()
Task: {7CC54AB4-B9E8-43B0-9158-0B36666939A0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-05-29] ()
Task: {8784AE71-91F1-4A9C-B0BE-5627D141E86C} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe [2015-12-04] ()
Task: {92607F0D-32F4-4DBC-8132-144FED4DE048} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {92819FA6-8AA2-44BC-8FE4-D67E3A50E922} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {9D359044-3963-4430-8F4E-E0A0B89D5ED1} - System32\Tasks\CCleanerSkipUAC => E:\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {A09CD147-1336-46A7-BBA5-A74F3ADC6E5D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {A21E145D-D254-4FCB-91B5-6A78B0118908} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-18] (NVIDIA Corporation)
Task: {C058E22E-7DFD-4A5D-A296-456B8D068AA4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {CA629667-5308-497C-BEC7-3F962295E273} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {D307241E-F920-4734-8956-5094E65FB9BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-05-21] (Microsoft Corporation)
Task: {D3079382-EED2-4845-8D5E-E2C12DA7577B} - System32\Tasks\Intel(R) Small Business Advantage\Notifier => C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\SBA_Notifier.exe [2015-06-04] (Intel Corporation)
Task: {D8E232C3-619B-4047-B5AE-E7BD94482584} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-21] (Microsoft Corporation)
Task: {DDBA8288-9832-46AF-8DBE-8B8A8447A91A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {DE493D15-B701-4F11-BD4A-958E2FE4199F} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {DEB4DB56-9641-4FDB-9310-8DC23098BD3F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {E40FE246-6B48-4260-B5A5-AB7FDCDD73F3} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
Task: {FA0B11EA-A149-4440-8557-AF51A914BC11} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\WINDOWS\Tasks\MSIOSDx64_Host.job => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
Task: C:\WINDOWS\Tasks\MSIOSDx86_Host.job => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWoW64\muachost.exe

==================== Skróty & WMI ========================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)


Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Сеnt Вrоwser.lnk -> C:\Users\maro\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnet Еxplоrеr.lnk -> C:\Users\maro\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\6f9cb17000d7fedd\Сent Вrowser.lnk -> C:\Users\maro\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\Вrоther Utilitiеs.lnk -> C:\Users\maro\AppData\Roaming\Browsers\exe.rehcnualrb.bat (Brak pliku) <==== Cyrillic

ShortcutWithArgument: C:\Users\maro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\6f9cb17000d7fedd\Cent Browser.lnk -> E:\CentBrowser\CentBrowser\Application\chrome.exe (Dan Deng) -> --profile-directory="Profile 1"

==================== Załadowane moduły (filtrowane) ==============

2015-05-19 09:11 - 2015-05-19 09:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2017-12-05 23:26 - 2005-04-22 06:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2018-05-28 00:11 - 2018-05-22 18:24 - 006232185 _____ () C:\ProgramData\Microsoft\Windows\WNetworkMgmt\WNetworkMgmt.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-08-15 23:20 - 2017-08-15 23:20 - 000230064 _____ () F:\Notepad++\NppShell_06.dll
2018-04-12 01:35 - 2018-04-12 17:53 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-28 08:23 - 2018-05-28 08:23 - 000776704 _____ () C:\Users\maro\AppData\Local\Temp\is-28N4F.tmp\tvbpugmu5zr.tmp
2018-05-28 08:23 - 2018-05-28 08:23 - 000776704 _____ () C:\Users\maro\AppData\Local\Temp\is-FMDO1.tmp\2sd5l54wrxi.tmp
2017-10-02 17:41 - 2017-10-01 14:27 - 004195384 _____ () E:\CentBrowser\CentBrowser\Application\2.9.4.39\libglesv2.dll
2017-10-02 17:41 - 2017-10-01 14:27 - 000102968 _____ () E:\CentBrowser\CentBrowser\Application\2.9.4.39\libegl.dll
2016-09-29 22:07 - 2005-07-18 13:43 - 000160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2018-05-28 08:23 - 2018-05-28 08:23 - 000024240 _____ () C:\Users\maro\AppData\Local\Temp\is-U5RJG.tmp\_isetup\_isdecmp.dll
2018-05-28 08:23 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\maro\AppData\Local\Temp\is-U5RJG.tmp\itdownload.dll
2018-05-28 08:23 - 2018-05-28 08:23 - 000024240 _____ () C:\Users\maro\AppData\Local\Temp\is-RHE31.tmp\_isetup\_isdecmp.dll
2018-05-28 08:23 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\maro\AppData\Local\Temp\is-RHE31.tmp\itdownload.dll
2016-08-30 01:19 - 2016-08-30 01:19 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)


==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)


==================== Powiązania plików (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2015-10-30 09:24 - 2018-05-28 00:32 - 000094876 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-2733974409-696436795-1696199612-1004\Control Panel\Desktop\\Wallpaper -> E:\Dokumenty\Tapety\cristal_clear_mountain_lake-wallpaper-1920x1080.jpg
DNS Servers: Urządzenie nie jest podłączone do internetu.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "NahimicMSIUILauncher"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "MSIRegister"
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "Super Charger"
HKU\S-1-5-21-2733974409-696436795-1696199612-1004\...\StartupApproved\Run: => "OneDrive"

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [UDP Query User{FD9E1BD7-CE65-4A87-83EB-70B508B8AA01}E:\gry\company of heroes 2\reliccoh2.exe] => (Block) E:\gry\company of heroes 2\reliccoh2.exe
FirewallRules: [TCP Query User{C67D69C0-53EF-4422-85AD-417B5B7B4224}E:\gry\company of heroes 2\reliccoh2.exe] => (Block) E:\gry\company of heroes 2\reliccoh2.exe
FirewallRules: [{84C6DBE6-696A-4E39-A60B-3C79D1A6FD88}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{DDFEB754-3B4F-4C35-815C-0DAF9102CB90}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{878602AA-E6A0-4A2A-BDF0-B09E51B09238}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{57E07912-C72B-4046-851A-7A12134E7D9D}C:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe
FirewallRules: [TCP Query User{878BD3E9-7A47-44BD-9B8F-018452BCF70E}C:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe
FirewallRules: [UDP Query User{3D1254F8-16FC-4339-A949-DF1E5958F1E1}E:\centbrowser\centbrowser\application\chrome.exe] => (Allow) E:\centbrowser\centbrowser\application\chrome.exe
FirewallRules: [TCP Query User{723E4249-07A9-460E-B3EE-95EE48C90720}E:\centbrowser\centbrowser\application\chrome.exe] => (Allow) E:\centbrowser\centbrowser\application\chrome.exe
FirewallRules: [{A139781F-0938-496A-9999-BCE54E87FBEA}] => (Allow) LPort=54925
FirewallRules: [{A5D5F748-94E3-4899-8755-0D8A9E6CC4FB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FEA533A2-A7CE-4836-9A82-C57A22EB4C3A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{33862EC3-5732-44DC-A5F2-202EA7CF0AB8}] => (Allow) C:\Users\maro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5BF134D1-7A30-457D-AE2D-87BAD8363508}] => (Allow) C:\Users\maro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{36340E82-581D-4521-9770-2DE227E011E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{7A6119B9-65E4-40D5-BD0C-5C6088BFE93B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{DB793729-DAD5-42E6-BB46-7D205A5EE496}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{6055E416-1980-4B93-97D9-0F1CAD6CBA1B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{38D053DD-844E-4FB8-AF4E-96A709425E5E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{0605A85A-9C1D-4A19-B3AF-4C9D313B37F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{81A0FC50-C162-46E1-AC22-8CC12D5B1D8F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{605F05FE-E9CC-428F-A855-A958CEE62A5E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{FD80DFB7-04F8-4604-88FE-F71D9B6DCED9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{848BA282-32A1-4D2F-9471-0221B5C75EAF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{4E0B7E82-5527-44C5-B7E6-4880A24433F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{F06560DC-0D15-4329-B644-FBE6BE204CFF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{AAD37DE6-F2E7-4ED7-B772-0DB30DE944C8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{52807D15-98A0-42A0-9410-92DCF438739F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{89E22D1D-BD18-489C-AA4B-C4D948BEE62D}] => (Allow) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage Next\Sba.exe
FirewallRules: [{651A89FD-F3AE-4C58-874C-2F9AD8219292}] => (Allow) E:\Winamp\winamp.exe
FirewallRules: [{60302C6D-51A9-4E39-AFB2-7129905E2C63}] => (Allow) E:\Winamp\winamp.exe
FirewallRules: [{C1C07F57-8640-46DD-9B2F-86D24639F641}] => (Allow) LPort=26789
FirewallRules: [TCP Query User{970529C5-C198-4A15-9DA7-EDA477649B99}F:\pobrane gry\judgment.apocalypse.survival.simulation\judgment\judgment.exe] => (Block) F:\pobrane gry\judgment.apocalypse.survival.simulation\judgment\judgment.exe
FirewallRules: [UDP Query User{998E2E68-83A9-45F7-912F-A7BF73165500}F:\pobrane gry\judgment.apocalypse.survival.simulation\judgment\judgment.exe] => (Block) F:\pobrane gry\judgment.apocalypse.survival.simulation\judgment\judgment.exe
FirewallRules: [{6AA7E01B-4513-4899-AC3E-5254BF664844}] => (Allow) C:\Fallout 4 GOTY\Fallout4.exe
FirewallRules: [{DA57CDF7-FE9A-4F82-9022-9F8D2D29EC93}] => (Allow) C:\Fallout 4 GOTY\Fallout4.exe
FirewallRules: [{5F1A1C7F-06F6-4A13-A7B3-F9145E5BA8B1}] => (Allow) C:\Fallout 4 GOTY\Fallout4Launcher.exe
FirewallRules: [{223EA642-0AB2-4610-8A9F-526A96CACFB2}] => (Allow) C:\Fallout 4 GOTY\Fallout4Launcher.exe
FirewallRules: [TCP Query User{454CD8A1-FE8C-4CCD-9069-2BED8908285B}C:\fallout 4 goty\creationkit.exe] => (Block) C:\fallout 4 goty\creationkit.exe
FirewallRules: [UDP Query User{1E9435A1-CB89-4C09-BCE5-DD7334C9C2D8}C:\fallout 4 goty\creationkit.exe] => (Block) C:\fallout 4 goty\creationkit.exe

==================== Punkty Przywracania systemu =========================

14-05-2018 22:00:29 Windows Update
22-05-2018 18:05:03 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
23-05-2018 22:28:05 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

Name: Standardowa klawiatura PS/2
Description: Standardowa klawiatura PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Klawiatury standardowe)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Mysz Microsoft PS/2
Description: Mysz Microsoft PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (05/28/2018 12:13:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: v8dq2esy.exe, wersja: 2.2.19882.0, sygnatura czasowa: 0x56e2cdca
Nazwa modułu powodującego błąd: v8dq2esy.exe, wersja: 2.2.19882.0, sygnatura czasowa: 0x56e2cdca
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0008dd21
Identyfikator procesu powodującego błąd: 0x1f04
Godzina uruchomienia aplikacji powodującej błąd: 0x01d3f607326c7ca3
Ścieżka aplikacji powodującej błąd: F:\v8dq2esy.exe
Ścieżka modułu powodującego błąd: F:\v8dq2esy.exe
Identyfikator raportu: 18e62334-1088-45c1-9978-fff8ec95390b
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (05/28/2018 12:10:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: system.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x5b0a3757
Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000
Identyfikator procesu powodującego błąd: 0x26f0
Godzina uruchomienia aplikacji powodującej błąd: 0x01d3f6077de68eac
Ścieżka aplikacji powodującej błąd: C:\Users\maro\AppData\Local\Temp\we3zibwx5me\system.exe
Ścieżka modułu powodującego błąd: unknown
Identyfikator raportu: 1bdcd47e-63dc-4759-9448-ab8c44f5c59e
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (05/28/2018 12:02:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: v8dq2esy.exe, wersja: 2.2.19882.0, sygnatura czasowa: 0x56e2cdca
Nazwa modułu powodującego błąd: v8dq2esy.exe, wersja: 2.2.19882.0, sygnatura czasowa: 0x56e2cdca
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0001d061
Identyfikator procesu powodującego błąd: 0x73c
Godzina uruchomienia aplikacji powodującej błąd: 0x01d3f604d9747138
Ścieżka aplikacji powodującej błąd: F:\v8dq2esy.exe
Ścieżka modułu powodującego błąd: F:\v8dq2esy.exe
Identyfikator raportu: abda91a9-9005-481b-bf1c-e6837fa30e75
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (05/27/2018 11:44:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\$Recycle.Bin\S-1-5-21-2733974409-696436795-1696199612-1004\$RPQ6T48.exe".
Nie można odnaleźć zestawu zależnego 2.9.4.39,language="&#x2a;",type="win32",version="2.9.4.39".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (05/27/2018 11:44:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Users\maro\AppData\Roaming\Browsers\chrome.bat.exe".
Nie można odnaleźć zestawu zależnego 2.9.4.39,language="&#x2a;",type="win32",version="2.9.4.39".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (05/27/2018 11:40:20 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: System Windows nie może załadować biblioteki DLL licznika rozszerzalnego rdyboost. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu systemu Windows.

Error: (05/27/2018 11:40:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Nie powiodło się wykonanie procedury otwierania dla usługi „BITS” w bibliotece DLL „C:\Windows\System32\bitsperf.dll”. Dane wydajności dla tej usługi nie będą dostępne. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu.

Error: (05/27/2018 11:38:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: g4sh2vq302d.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x5b0a3780
Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000
Identyfikator procesu powodującego błąd: 0x2484
Godzina uruchomienia aplikacji powodującej błąd: 0x01d3f60309bf46ab
Ścieżka aplikacji powodującej błąd: C:\Users\maro\AppData\Local\Temp\skaovp3vksm\g4sh2vq302d.exe
Ścieżka modułu powodującego błąd: unknown
Identyfikator raportu: 3aea9e70-83ac-48c7-b7c3-293db714ab4b
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:


Dziennik System:
=============
Error: (05/28/2018 08:24:48 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT)
Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Uruchom do aplikacji serwera COM z identyfikatorem klasy CLSID
Windows.SecurityCenter.WscDataProtection
 i identyfikatorem aplikacji APPID
Niedostępny
 użytkownikowi ZARZĄDZANIE NT\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (05/28/2018 08:23:04 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-09FFBFH)
Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 i identyfikatorem aplikacji APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 użytkownikowi DESKTOP-09FFBFH\maro o identyfikatorze zabezpieczeń SID (S-1-5-21-2733974409-696436795-1696199612-1004) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (05/28/2018 08:22:52 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Nastąpił ponowny rozruch komputera po operacji wykrywania błędów. Wyniki tej operacji były następujące: 0x000000d1 (0xffffa08138d78010, 0x00000000000000ff, 0x0000000000000000, 0xfffff80f0fe98bc8). Zrzut zapisano w: C:\WINDOWS\MEMORY.DMP. Identyfikator raportu: 43617555-6d8f-43fc-a531-ee9ce94c372c.

Error: (05/28/2018 08:22:45 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 01:18:47 na ‎28.‎05.‎2018 było nieoczekiwane.

Error: (05/28/2018 08:15:07 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-09FFBFH)
Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 i identyfikatorem aplikacji APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 użytkownikowi DESKTOP-09FFBFH\maro o identyfikatorze zabezpieczeń SID (S-1-5-21-2733974409-696436795-1696199612-1004) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (05/28/2018 08:13:56 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-09FFBFH)
Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 i identyfikatorem aplikacji APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 użytkownikowi DESKTOP-09FFBFH\maro o identyfikatorze zabezpieczeń SID (S-1-5-21-2733974409-696436795-1696199612-1004) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (05/28/2018 08:13:04 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-09FFBFH)
Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 i identyfikatorem aplikacji APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 użytkownikowi DESKTOP-09FFBFH\maro o identyfikatorze zabezpieczeń SID (S-1-5-21-2733974409-696436795-1696199612-1004) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (05/28/2018 01:21:52 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-09FFBFH)
Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 i identyfikatorem aplikacji APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 użytkownikowi DESKTOP-09FFBFH\maro o identyfikatorze zabezpieczeń SID (S-1-5-21-2733974409-696436795-1696199612-1004) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.


Windows Defender:
===================================
Date: 2018-05-28 01:13:12.232
Description:
Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nazwa: HackTool:MSIL/AutoKMS
Identyfikator: 2147711767
Ważność: Wysoki
Kategoria: Narzędzie
Ścieżka: file:_F:\uTorrent\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe->[MSILRES:KMSAuto_Net.Resources.resources]#9->(VFS:TunMirror.exe)
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: Konkretne
Źródło wykrycia: Ochrona w czasie rzeczywistym
Użytkownik: DESKTOP-09FFBFH\maro
Nazwa procesu: C:\Users\maro\AppData\Local\Temp\F4037A5E-97D5264-66F610EA-47D4B570\x21xVq3u.exe
Wersja podpisu: AV: 1.269.149.0, AS: 1.269.149.0, NIS: 1.269.149.0
Wersja aparatu: AM: 1.1.14901.4, NIS: 1.1.14901.4

Date: 2018-05-28 01:04:35.672
Description:
Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nazwa: HackTool:MSIL/AutoKMS
Identyfikator: 2147711767
Ważność: Wysoki
Kategoria: Narzędzie
Ścieżka: file:_F:\uTorrent\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe->[MSILRES:KMSAuto_Net.Resources.resources]#9->(VFS:TunMirror.exe)
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: Konkretne
Źródło wykrycia: Ochrona w czasie rzeczywistym
Użytkownik: DESKTOP-09FFBFH\maro
Nazwa procesu: C:\Users\maro\AppData\Local\Temp\F4037A5E-97D5264-66F610EA-47D4B570\x21xVq3u.exe
Wersja podpisu: AV: 1.269.149.0, AS: 1.269.149.0, NIS: 1.269.149.0
Wersja aparatu: AM: 1.1.14901.4, NIS: 1.1.14901.4

Date: 2018-05-28 00:11:30.329
Description:
Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner.CY&threatid=2147726391&enterprise=0
Nazwa: Trojan:Win32/CoinMiner.CY
Identyfikator: 2147726391
Ważność: Poważny
Kategoria: Koń trojański
Ścieżka: clsid:_HKLM\SOFTWARE\CLASSES\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};file:_C:\Windows\System32\mcicda64.dll;regkey:_HKLM\SOFTWARE\CLASSES\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shellexechook:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shellextapproved:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shelliconoverlayid:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\{BFD98515-CD74-48A4-98E2-13D209E3EE4F}
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: Konkretne
Źródło wykrycia: Ochrona w czasie rzeczywistym
Użytkownik: DESKTOP-09FFBFH\maro
Nazwa procesu: C:\Windows\explorer.exe
Wersja podpisu: AV: 1.269.149.0, AS: 1.269.149.0, NIS: 1.269.149.0
Wersja aparatu: AM: 1.1.14901.4, NIS: 1.1.14901.4

Date: 2018-05-28 00:10:48.871
Description:
Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner.CY&threatid=2147726391&enterprise=0
Nazwa: Trojan:Win32/CoinMiner.CY
Identyfikator: 2147726391
Ważność: Poważny
Kategoria: Koń trojański
Ścieżka: file:_C:\Windows\System32\mcicda64.dll
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: Konkretne
Źródło wykrycia: Ochrona w czasie rzeczywistym
Użytkownik: DESKTOP-09FFBFH\maro
Nazwa procesu: C:\Windows\explorer.exe
Wersja podpisu: AV: 1.269.149.0, AS: 1.269.149.0, NIS: 1.269.149.0
Wersja aparatu: AM: 1.1.14901.4, NIS: 1.1.14901.4

Date: 2018-05-28 00:10:47.649
Description:
Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
https://go.microsoft.com/fwlink/?linkid=37020&name=Ransom:Win32/GandCrab.AE&threatid=2147727082&enterprise=0
Nazwa: Ransom:Win32/GandCrab.AE
Identyfikator: 2147727082
Ważność: Poważny
Kategoria: Oprogramowanie wymuszające okup
Ścieżka: file:_C:\Users\maro\AppData\Local\Temp\io30kjf0htw\calc.exe
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: Konkretne
Źródło wykrycia: Ochrona w czasie rzeczywistym
Użytkownik: DESKTOP-09FFBFH\maro
Nazwa procesu: C:\Program Files (x86)\ssFanny\501186.exe
Wersja podpisu: AV: 1.269.149.0, AS: 1.269.149.0, NIS: 1.269.149.0
Wersja aparatu: AM: 1.1.14901.4, NIS: 1.1.14901.4

Date: 2018-05-28 08:32:52.590
Description:
Produkt Program antywirusowy Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 1.269.149.0
Źródło aktualizacji: Serwer usługi Microsoft Update
Typ podpisu: Oprogramowanie antywirusowe
Typ aktualizacji: Pełne
Użytkownik: ZARZĄDZANIE NT\SYSTEM
Bieżąca wersja aparatu:
Poprzednia wersja aparatu: 1.1.14901.4
Kod błędu: 0x80240438
Opis błędu: Podczas sprawdzania aktualizacji wystąpił nieoczekiwany problem. Aby uzyskać informacje na temat instalowania aktualizacji i rozwiązywania problemów z nimi, zobacz Pomoc i obsługę techniczną.

Date: 2018-05-28 00:58:57.719
Description:
Produkt Program antywirusowy Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 1.269.149.0
Źródło aktualizacji: Serwer usługi Microsoft Update
Typ podpisu: Oprogramowanie antywirusowe
Typ aktualizacji: Pełne
Użytkownik: ZARZĄDZANIE NT\SYSTEM
Bieżąca wersja aparatu:
Poprzednia wersja aparatu: 1.1.14901.4
Kod błędu: 0x80240438
Opis błędu: Podczas sprawdzania aktualizacji wystąpił nieoczekiwany problem. Aby uzyskać informacje na temat instalowania aktualizacji i rozwiązywania problemów z nimi, zobacz Pomoc i obsługę techniczną.

==================== Statystyki pamięci ===========================

Procesor: Intel(R) Core(TM) i5-6600 CPU @ 3.30GHz
Procent pamięci w użyciu: 13%
Całkowita pamięć fizyczna: 16330.77 MB
Dostępna pamięć fizyczna: 14123.23 MB
Całkowita pamięć wirtualna: 18762.77 MB
Dostępna pamięć wirtualna: 15347.98 MB

==================== Dyski ================================

Drive c: () (Fixed) (Total:222.24 GB) (Free:90.61 GB) NTFS
Drive e: (Nowy) (Fixed) (Total:465.82 GB) (Free:330.93 GB) NTFS
Drive f: (Nowy) (Fixed) (Total:465.69 GB) (Free:343.78 GB) NTFS

\\?\Volume{c37e9f41-0000-0000-0000-100000000000}\ (Zastrzeżone przez system) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{c37e9f41-0000-0000-0000-60ae37000000}\ () (Fixed) (Total:0.84 GB) (Free:0.45 GB) NTFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: C37E9F41)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=864 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DA86C5A4)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== Koniec  Addition.txt ============================
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 16.05.2018 01
Uruchomiony przez maro (administrator)  DESKTOP-09FFBFH (28-05-2018 08:33:36)
Uruchomiony z F:\
Załadowane profile: maro (Dostępne profile: maro)
Platform: Windows 10 Home Wersja 1803 17134.48 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: "E:\CentBrowser\CentBrowser\Application\chrome.exe" -- "%1")
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage Next\SbaService.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe
() C:\ProgramData\Microsoft\Windows\WNetworkMgmt\WNetworkMgmt.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(f.lux Software LLC) C:\Users\maro\AppData\Local\FluxSoftware\Flux\flux.exe
(ZA3 ) C:\Users\maro\AppData\Roaming\ur0l0ankdj4\tvbpugmu5zr.exe
() C:\Users\maro\AppData\Local\Temp\is-28N4F.tmp\tvbpugmu5zr.tmp
(ZA3 ) C:\Users\maro\AppData\Roaming\abw31lmiwa5\2sd5l54wrxi.exe
() C:\Users\maro\AppData\Local\Temp\is-FMDO1.tmp\2sd5l54wrxi.tmp
(Dan Deng) E:\CentBrowser\CentBrowser\Application\chrome.exe
(Dan Deng) E:\CentBrowser\CentBrowser\Application\chrome.exe
(Dan Deng) E:\CentBrowser\CentBrowser\Application\chrome.exe
(Dan Deng) E:\CentBrowser\CentBrowser\Application\chrome.exe
(Dan Deng) E:\CentBrowser\CentBrowser\Application\chrome.exe
(Dan Deng) E:\CentBrowser\CentBrowser\Application\chrome.exe
(Dan Deng) E:\CentBrowser\CentBrowser\Application\chrome.exe
(Dan Deng) E:\CentBrowser\CentBrowser\Application\chrome.exe
(Dan Deng) E:\CentBrowser\CentBrowser\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dan Deng) E:\CentBrowser\CentBrowser\Application\chrome.exe
(Dan Deng) E:\CentBrowser\CentBrowser\Application\chrome.exe
(Dan Deng) E:\CentBrowser\CentBrowser\Application\chrome.exe
(Dan Deng) E:\CentBrowser\CentBrowser\Application\chrome.exe

==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2016-07-22] (Realtek Semiconductor)
HKLM\...\Run: [NahimicMSIUILauncher] => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [740320 2015-12-04] ()
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11340752 2016-07-19] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1190688 2016-08-30] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4514304 2014-08-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2733974409-696436795-1696199612-1004\...\Run: [f.lux] => C:\Users\maro\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-2733974409-696436795-1696199612-1004\...\Run: [8654320] => C:\Users\maro\AppData\Roaming\ur0l0ankdj4\tvbpugmu5zr.exe [615599 2018-05-27] (ZA3 )
HKU\S-1-5-21-2733974409-696436795-1696199612-1004\...\Run: [4642551] => C:\Users\maro\AppData\Roaming\abw31lmiwa5\2sd5l54wrxi.exe [615599 2018-05-28] (ZA3 )
HKU\S-1-5-21-2733974409-696436795-1696199612-1004\...\RunOnce: [Application Restart #4] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MSI)
HKU\S-1-5-21-2733974409-696436795-1696199612-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2018-04-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-07-31]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{64c0f746-de2f-4f45-9017-8cda2f4488e3}: [DhcpNameServer] 192.168.1.15 192.168.1.1
Tcpip\..\Interfaces\{d334fd5a-72ae-4032-a341-4dcfdebff9be}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-2733974409-696436795-1696199612-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ_ye9Gzw4oVd4hIuDhExDC9LZyZwjMJ_SYddkPbpL6beCduMsoN-Bjjhe-pZm-2E0xVZyTMv6n8zIy7NKS_dNbvJi-Whwe38dEwXazZSnQm689YBbOzzp6akxnjPbTzf1s8-xfED5joxqwF28PJML77t_EUg,,&q={searchTerms}
HKU\S-1-5-21-2733974409-696436795-1696199612-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://page-ups.com/all/
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ_ye9Gzw4oVd4hIuDhExDC9LZyZwjMJ_SYddkPbpL6beCduMsoN-Bjjhe-pZm-2E0xVZyTMv6n8zIy7NKS_dNbvJi-Whwe38dEwXazZSnQm689YBbOzzp6akxnjPbTzf1s8-xfED5joxqwF28PJML77t_EUg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2733974409-696436795-1696199612-1004 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ_ye9Gzw4oVd4hIuDhExDC9LZyZwjMJ_SYddkPbpL6beCduMsoN-Bjjhe-pZm-2E0xVZyTMv6n8zIy7NKS_dNbvJi-Whwe38dEwXazZSnQm689YBbOzzp6akxnjPbTzf1s8-xfED5joxqwF28PJML77t_EUg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2733974409-696436795-1696199612-1004 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ_ye9Gzw4oVd4hIuDhExDC9LZyZwjMJ_SYddkPbpL6beCduMsoN-Bjjhe-pZm-2E0xVZyTMv6n8zIy7NKS_dNbvJi-Whwe38dEwXazZSnQm689YBbOzzp6akxnjPbTzf1s8-xfED5joxqwF28PJML77t_EUg,,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-05-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-24] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Brak podpisu cyfrowego]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566448 2018-05-12] (Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Brak podpisu cyfrowego]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Brak podpisu cyfrowego]
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [58792 2015-06-04] (Intel Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Brak podpisu cyfrowego]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177288 2015-05-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2227152 2016-07-19] (Micro-Star INT'L CO., LTD.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 SbaService; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage Next\SbaService.exe [26296 2015-10-14] (Intel Corporation)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-04-25] (Microsoft Corporation)
R2 winamgr; C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe [10644480 2018-05-23] (Microsoft Corporation) [Brak podpisu cyfrowego] <==== UWAGA
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-04-25] (Microsoft Corporation)
R2 WNetworkMgmt; C:\ProgramData\Microsoft\Windows\WNetworkMgmt\WNetworkMgmt.exe [6232185 2018-05-22] () [Brak podpisu cyfrowego] <==== UWAGA
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-02-08] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-02-08] (Disc Soft Ltd)
S3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Qualcomm Atheros, Inc.)
R1 MpKsle48d637c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0045F7FA-FCFA-4729-B55E-A77531505C89}\MpKsle48d637c.sys [58120 2018-05-28] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [203296 2018-02-08] (Duplex Secure Ltd)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-04-25] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313888 2018-04-25] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-25] (Microsoft Corporation)
U3 dmwappushsvc; Brak ImagePath

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2018-05-28 08:33 - 2018-05-28 08:33 - 000000000 ____D C:\FRST
2018-05-28 08:22 - 2018-05-28 08:22 - 1452639219 _____ C:\WINDOWS\MEMORY.DMP
2018-05-28 08:22 - 2018-05-28 08:22 - 001176068 _____ C:\WINDOWS\Minidump\052818-5546-01.dmp
2018-05-28 08:22 - 2018-05-28 08:22 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-28 00:11 - 2018-05-28 00:54 - 000000000 ____D C:\Program Files (x86)\NExnNAYCpUUn
2018-05-28 00:11 - 2018-05-28 00:49 - 000000000 ____D C:\Program Files (x86)\VfXyqasRzlGpJFtgwyR
2018-05-28 00:11 - 2018-05-28 00:29 - 000000000 ____D C:\Program Files (x86)\EPVqpVJyVSWU2
2018-05-28 00:11 - 2018-05-28 00:28 - 000000000 ____D C:\Program Files (x86)\KCGHGVOnU
2018-05-28 00:11 - 2018-05-28 00:28 - 000000000 ____D C:\Program Files (x86)\JAcqddADqIE
2018-05-28 00:11 - 2018-05-28 00:25 - 000000000 ____D C:\Program Files (x86)\SvnSzzIscGyUC
2018-05-28 00:10 - 2018-05-28 00:55 - 000000000 ____D C:\Program Files\NA95Q9L6FZ
2018-05-28 00:10 - 2018-05-28 00:10 - 000000000 ____D C:\Users\maro\AppData\Roaming\WidModule
2018-05-28 00:10 - 2018-05-28 00:10 - 000000000 ____D C:\Users\maro\AppData\Roaming\abw31lmiwa5
2018-05-27 23:43 - 2018-05-27 23:43 - 000000000 ____D C:\Users\maro\Intel
2018-05-27 23:40 - 2018-05-27 23:40 - 000000266 __RSH C:\Users\maro\ntuser.pol
2018-05-27 23:40 - 2018-05-27 23:40 - 000000000 ____D C:\Users\maro\AppData\LocalLow\uTorrent
2018-05-27 23:39 - 2018-05-28 00:59 - 000000000 ____D C:\Users\maro\AppData\Roaming\Browsers
2018-05-27 23:39 - 2018-05-28 00:11 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-05-27 23:39 - 2018-05-27 23:40 - 000401664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-27 23:39 - 2018-05-27 23:39 - 000002260 ___RS C:\Users\Public\Desktop\Вrоther Utilitiеs.lnk
2018-05-27 23:39 - 2018-05-27 23:39 - 000001380 ___RS C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Сеnt Вrоwser.lnk
2018-05-27 23:39 - 2018-05-27 23:39 - 000000000 ____D C:\Users\maro\AppData\Roaming\SPI
2018-05-27 23:38 - 2018-05-28 00:54 - 000000000 ____D C:\Program Files\E0K2R0XGIM
2018-05-27 23:38 - 2018-05-28 00:11 - 000000000 ____D C:\Users\maro\AppData\Local\XService
2018-05-27 23:38 - 2018-05-28 00:10 - 000003654 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-05-27 23:38 - 2018-05-27 23:38 - 000000266 __RSH C:\ProgramData\ntuser.pol
2018-05-27 23:38 - 2018-05-27 23:38 - 000000000 ____D C:\Users\maro\AppData\Roaming\ur0l0ankdj4
2018-05-27 23:38 - 2018-05-27 23:38 - 000000000 ____D C:\Program Files\My Program
2018-05-27 23:37 - 2018-05-28 00:29 - 000000000 ____D C:\ProgramData\yahoochrome_D
2018-05-27 23:37 - 2018-05-27 23:37 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2018-05-27 23:37 - 2018-05-27 23:37 - 000000000 ____D C:\Program Files (x86)\ssFanny
2018-05-27 23:36 - 2018-05-28 00:29 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-05-27 23:36 - 2018-05-27 23:41 - 000929792 _____ C:\Users\maro\AppData\Local\sham.db
2018-05-27 23:36 - 2018-05-27 23:36 - 007611392 _____ C:\Users\maro\AppData\Local\agent.dat
2018-05-27 23:36 - 2018-05-27 23:36 - 001986760 _____ C:\Users\maro\AppData\Local\UnaLux.tst
2018-05-27 23:36 - 2018-05-27 23:36 - 001895382 _____ C:\Users\maro\AppData\Local\Bamcore.bin
2018-05-27 23:36 - 2018-05-27 23:36 - 000278508 _____ C:\Users\maro\AppData\Local\Domstring.tst
2018-05-27 23:36 - 2018-05-27 23:36 - 000140800 _____ C:\Users\maro\AppData\Local\installer.dat
2018-05-27 23:36 - 2018-05-27 23:36 - 000126464 _____ C:\Users\maro\AppData\Local\noah.dat
2018-05-27 23:36 - 2018-05-27 23:36 - 000070896 _____ C:\Users\maro\AppData\Local\Config.xml
2018-05-27 23:36 - 2018-05-27 23:36 - 000016416 _____ C:\Users\maro\AppData\Local\InstallationConfiguration.xml
2018-05-27 23:36 - 2018-05-27 23:36 - 000015606 _____ C:\WINDOWS\SysWOW64\findit.xml
2018-05-27 23:36 - 2018-05-27 23:36 - 000005568 _____ C:\Users\maro\AppData\Local\md.xml
2018-05-27 23:36 - 2018-05-27 23:36 - 000000000 ____D C:\Users\maro\AppData\Roaming\Mozilla
2018-05-27 23:36 - 2018-05-27 23:36 - 000000000 ____D C:\Users\maro\AppData\Roaming\Microleaves
2018-05-27 23:36 - 2018-05-27 23:36 - 000000000 ____D C:\Users\maro\AppData\Local\AdvinstAnalytics
2018-05-27 23:36 - 2018-05-27 23:36 - 000000000 ____D C:\ProgramData\Quoteexs
2018-05-27 23:36 - 2018-05-27 23:36 - 000000000 ____D C:\Program Files (x86)\Microleaves
2018-05-26 23:53 - 2018-05-26 23:53 - 000000165 ____H C:\Users\maro\Desktop\~$Social_Media_Presentation.pptx
2018-05-23 22:16 - 2018-05-23 22:17 - 000000000 ____D C:\Users\maro\AppData\Local\Bethesda.net Launcher
2018-05-23 18:26 - 2018-05-23 18:27 - 000000000 ____D C:\Users\maro\AppData\Local\Fallout4
2018-05-23 12:39 - 2018-05-26 22:34 - 000001075 _____ C:\Users\maro\Desktop\f4se_loader — skrót .lnk
2018-05-23 07:57 - 2018-05-23 07:57 - 000000000 ____D C:\Users\maro\AppData\Roaming\JPEXS
2018-05-22 18:09 - 2018-05-26 17:42 - 000000000 ____D C:\Users\maro\AppData\Local\LOOT
2018-05-22 18:05 - 2018-05-22 18:05 - 000000631 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk
2018-05-22 17:07 - 2018-05-22 17:07 - 000000000 ____D C:\Games
2018-05-22 16:55 - 2018-05-26 22:27 - 000000000 ____D C:\Users\maro\Documents\Nexus Mod Manager
2018-05-22 16:55 - 2018-05-22 16:55 - 000000735 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2018-05-22 16:55 - 2018-05-22 16:55 - 000000000 ____D C:\Users\maro\AppData\Local\Black_Tree_Gaming
2018-05-22 16:09 - 2018-05-26 23:34 - 000000000 ____D C:\Fallout 4 GOTY
2018-05-21 18:28 - 2018-05-21 18:28 - 000000000 ____D C:\Users\maro\AppData\LocalLow\Suncrash
2018-05-21 16:55 - 2018-05-21 16:55 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-05-14 15:07 - 2018-05-26 17:20 - 000000000 ____D C:\Users\maro\AppData\Local\D3DSCache
2018-05-14 14:00 - 2018-05-14 14:00 - 000000000 ____D C:\Users\maro\AppData\LocalLow\Meta Interaction
2018-05-13 23:13 - 2018-05-13 23:14 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-13 23:12 - 2018-05-13 23:13 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-13 23:12 - 2018-05-13 23:12 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-13 23:11 - 2018-05-13 23:11 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-13 23:11 - 2018-05-13 23:11 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-13 23:11 - 2018-05-13 23:11 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-13 23:11 - 2018-05-13 23:11 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-13 23:11 - 2018-05-13 23:11 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-13 23:11 - 2018-05-13 23:11 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-13 23:11 - 2018-05-13 23:11 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-13 23:11 - 2018-05-13 23:11 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-13 23:11 - 2018-05-13 23:11 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-13 23:11 - 2018-05-13 23:11 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-13 23:11 - 2018-05-13 23:11 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-13 23:11 - 2018-05-13 23:11 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-13 23:11 - 2018-05-13 23:11 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-13 23:11 - 2018-05-13 23:11 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-13 23:11 - 2018-05-13 23:11 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-13 23:11 - 2018-05-13 23:11 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-13 23:11 - 2018-05-13 23:11 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-13 23:11 - 2018-05-13 23:11 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-13 23:11 - 2018-05-13 23:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-13 23:11 - 2018-05-13 23:11 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-13 23:11 - 2018-05-13 23:11 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-13 23:11 - 2018-05-13 23:11 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-13 23:11 - 2018-05-13 23:11 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-13 23:11 - 2018-05-13 23:11 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-05-13 23:10 - 2018-05-13 23:10 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-13 23:10 - 2018-05-13 23:10 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-13 23:10 - 2018-05-13 23:10 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-13 23:10 - 2018-05-13 23:10 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-13 23:10 - 2018-05-13 23:10 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-13 23:10 - 2018-05-13 23:10 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-13 23:10 - 2018-05-13 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2018-05-13 23:10 - 2018-05-13 23:10 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-13 23:10 - 2018-05-13 23:10 - 000000000 ____D C:\Program Files\MSBuild
2018-05-13 23:10 - 2018-05-13 23:10 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-13 23:10 - 2018-05-13 23:10 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-13 23:09 - 2018-05-13 23:09 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-13 23:09 - 2018-05-13 23:09 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-13 23:09 - 2018-05-13 23:09 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-13 23:09 - 2018-05-13 23:09 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-13 23:09 - 2018-05-13 23:09 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-13 23:09 - 2018-05-13 23:09 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-13 23:09 - 2018-05-13 23:09 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-13 23:09 - 2018-05-13 23:09 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-13 22:24 - 2018-05-13 22:24 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-13 22:22 - 2018-05-28 08:26 - 001763504 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-13 22:20 - 2018-05-28 08:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-13 22:20 - 2018-05-13 22:20 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-05-13 22:20 - 2018-05-13 22:20 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2018-05-13 22:20 - 2018-05-13 22:20 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-13 22:20 - 2018-05-13 22:20 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-13 22:20 - 2018-05-13 22:20 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2733974409-696436795-1696199612-1004
2018-05-13 22:20 - 2018-05-13 22:20 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-13 22:20 - 2018-05-13 22:20 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-13 22:20 - 2018-05-13 22:20 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-13 22:20 - 2018-05-13 22:20 - 000002680 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2018-05-13 22:20 - 2018-05-13 22:20 - 000002436 _____ C:\WINDOWS\System32\Tasks\{019149B5-28B3-4D91-A2E7-AD81B91E7D02}
2018-05-13 22:20 - 2018-05-13 22:20 - 000002412 _____ C:\WINDOWS\System32\Tasks\NahimicMSIUILauncherRun
2018-05-13 22:20 - 2018-05-13 22:20 - 000002400 _____ C:\WINDOWS\System32\Tasks\NahimicMSIsvc64Run
2018-05-13 22:20 - 2018-05-13 22:20 - 000002392 _____ C:\WINDOWS\System32\Tasks\NahimicMSIsvc32Run
2018-05-13 22:20 - 2018-05-13 22:20 - 000002222 _____ C:\WINDOWS\System32\Tasks\MSIOSDx86_Host
2018-05-13 22:20 - 2018-05-13 22:20 - 000002222 _____ C:\WINDOWS\System32\Tasks\MSIOSDx64_Host
2018-05-13 22:20 - 2018-05-13 22:20 - 000002190 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-05-13 22:20 - 2018-05-13 22:20 - 000002148 _____ C:\WINDOWS\System32\Tasks\MSISW_Host
2018-05-13 22:20 - 2018-05-13 22:20 - 000000020 ___SH C:\Users\maro\ntuser.ini
2018-05-13 22:20 - 2018-05-13 22:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel(R) Small Business Advantage
2018-05-13 22:20 - 2018-05-13 22:20 - 000000000 ____D C:\ProgramData\USOShared
2018-05-13 22:19 - 2018-05-13 22:20 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-05-13 22:19 - 2018-05-13 22:20 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-05-13 22:17 - 2018-05-13 22:17 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-13 22:16 - 2018-05-28 00:47 - 000000000 ____D C:\Users\maro
2018-05-13 22:16 - 2018-05-13 22:16 - 000000000 _SHDL C:\Users\maro\Ustawienia lokalne
2018-05-13 22:16 - 2018-05-13 22:16 - 000000000 _SHDL C:\Users\maro\Szablony
2018-05-13 22:16 - 2018-05-13 22:16 - 000000000 _SHDL C:\Users\maro\Moje dokumenty
2018-05-13 22:16 - 2018-05-13 22:16 - 000000000 _SHDL C:\Users\maro\Menu Start
2018-05-13 22:16 - 2018-05-13 22:16 - 000000000 _SHDL C:\Users\maro\Documents\Moje wideo
2018-05-13 22:16 - 2018-05-13 22:16 - 000000000 _SHDL C:\Users\maro\Documents\Moje obrazy
2018-05-13 22:16 - 2018-05-13 22:16 - 000000000 _SHDL C:\Users\maro\Documents\Moja muzyka
2018-05-13 22:16 - 2018-05-13 22:16 - 000000000 _SHDL C:\Users\maro\Dane aplikacji
2018-05-13 22:16 - 2018-05-13 22:16 - 000000000 _SHDL C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2018-05-13 22:16 - 2018-05-13 22:16 - 000000000 _SHDL C:\Users\maro\AppData\Local\Historia
2018-05-13 22:16 - 2018-05-13 22:16 - 000000000 _SHDL C:\Users\maro\AppData\Local\Dane aplikacji
2018-05-13 22:16 - 2018-05-13 22:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-13 22:16 - 2018-05-13 22:16 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-13 22:16 - 2017-10-27 18:06 - 000136312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-05-13 22:16 - 2017-09-14 01:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-05-13 22:16 - 2017-09-14 01:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-05-13 22:16 - 2017-09-14 01:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-05-13 22:16 - 2017-09-14 01:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-05-13 22:15 - 2018-05-28 08:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-13 22:15 - 2018-04-12 01:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-13 22:15 - 2017-11-09 05:43 - 000540784 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-05-13 22:15 - 2017-11-09 05:43 - 000446392 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-05-13 19:39 - 2018-05-13 19:39 - 000000565 _____ C:\Users\Public\Desktop\Company of Heroes 2.lnk
2018-05-13 16:41 - 2018-05-13 16:41 - 000000000 ____D C:\Users\maro\AppData\Local\WARTILE
2018-05-13 16:41 - 2018-05-13 16:41 - 000000000 ____D C:\Users\maro\AppData\Local\UnrealEngine
2018-05-13 08:37 - 2018-05-27 23:24 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-10 14:39 - 2018-05-10 14:39 - 000000000 ____D C:\Users\maro\AppData\Local\2K Games
2018-05-10 11:33 - 2018-05-10 11:33 - 000000000 ____D C:\Users\maro\AppData\LocalLow\Event horizon
2018-05-10 11:13 - 2018-05-10 11:13 - 000000533 _____ C:\Users\Public\Desktop\Tower of Time.lnk
2018-04-30 09:26 - 2018-04-30 09:26 - 000000000 ____D C:\Users\maro\Documents\efile-backup
2018-04-30 09:26 - 2018-04-30 09:26 - 000000000 _____ C:\Users\maro\Desktop\ZAPŁACIĆ SKŁADKĘ KWIECIEŃ.txt
2018-04-30 08:47 - 2018-04-30 08:47 - 000000000 ____D C:\Users\maro\Documents\efile
2018-04-30 08:47 - 2018-04-30 08:47 - 000000000 ____D C:\Users\maro\AppData\Roaming\com.efile.epity
2018-04-30 08:46 - 2018-05-13 23:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-pity
2018-04-30 08:46 - 2018-04-30 08:46 - 000000682 _____ C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-pity 2017 - program, pity roczne, e-deklaracje.lnk
2018-04-30 08:46 - 2018-04-30 08:46 - 000000000 ____D C:\Users\maro\AppData\Roaming\fillUp

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2018-05-28 08:27 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-28 08:26 - 2018-04-12 17:51 - 000782334 _____ C:\WINDOWS\system32\perfh015.dat
2018-05-28 08:26 - 2018-04-12 17:51 - 000151496 _____ C:\WINDOWS\system32\perfc015.dat
2018-05-28 08:26 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-05-28 08:22 - 2017-09-07 16:16 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-28 00:54 - 2018-04-23 11:45 - 000000000 ____D C:\Program Files (x86)\ProxyGate
2018-05-28 00:33 - 2018-04-11 23:04 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-05-28 00:25 - 2018-03-14 13:17 - 000000000 ____D C:\Users\maro\Doctor Web
2018-05-27 23:43 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-27 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-27 23:43 - 2017-11-08 15:38 - 000000000 ____D C:\Users\maro\AppData\Local\Packages
2018-05-27 23:40 - 2017-08-03 09:32 - 000000000 ____D C:\Users\maro\AppData\Roaming\uTorrent
2018-05-27 23:39 - 2017-12-05 23:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2018-05-27 23:39 - 2016-09-27 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nahimic for MSI
2018-05-27 23:39 - 2016-09-27 17:39 - 000000000 ____D C:\ProgramData\Intel
2018-05-27 23:38 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-05-27 23:24 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-27 23:24 - 2017-08-08 09:58 - 000000000 ____D C:\Users\maro\AppData\Roaming\MPC-HC
2018-05-23 22:28 - 2016-09-27 17:34 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-23 18:29 - 2018-03-12 20:14 - 000000000 ____D C:\Users\maro\Documents\My Games
2018-05-22 18:09 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\OCR
2018-05-22 18:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-05-22 16:43 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-21 18:28 - 2017-08-02 09:04 - 000000000 ____D C:\Users\maro\AppData\Roaming\SmartSteamEmu
2018-05-21 16:55 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-21 16:55 - 2017-08-04 09:28 - 000000000 ____D C:\Program Files\Microsoft Office
2018-05-16 14:00 - 2018-04-10 15:49 - 000000000 ____D C:\Users\maro\AppData\Local\PlaceholderTileLogoFolder
2018-05-16 07:24 - 2018-04-24 15:47 - 000000901 _____ C:\Users\maro\Desktop\Battle Brothers - Lindwurm.lnk
2018-05-15 19:42 - 2017-09-14 21:33 - 000001319 ____H C:\Users\maro\Desktop\centbrowser.lnk
2018-05-15 08:55 - 2016-10-12 20:28 - 000000000 ____D C:\Users\maro\AppData\Local\ConnectedDevicesPlatform
2018-05-15 08:16 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-13 23:14 - 2018-04-12 01:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-13 23:14 - 2018-04-12 01:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-13 23:14 - 2018-04-12 01:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-13 23:14 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-05-13 23:14 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-13 23:14 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-13 23:14 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-13 23:14 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-13 23:14 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-05-13 23:14 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Help
2018-05-13 23:14 - 2018-02-05 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-05-13 23:14 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-13 23:14 - 2017-09-09 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-13 23:14 - 2017-09-07 16:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-13 23:14 - 2017-08-23 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2018-05-13 23:14 - 2017-07-24 12:22 - 000000000 ____D C:\Program Files\UNP
2018-05-13 23:14 - 2017-07-24 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2018-05-13 23:14 - 2017-07-19 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-05-13 23:14 - 2016-09-29 22:07 - 000000000 ____D C:\WINDOWS\SysWOW64\LiveUpdate
2018-05-13 23:14 - 2016-09-27 17:34 - 000000000 ____D C:\Program Files\Intel
2018-05-13 23:13 - 2017-09-07 16:15 - 000000000 ____D C:\Program Files\Realtek
2018-05-13 23:13 - 2017-09-05 16:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin
2018-05-13 23:13 - 2017-07-31 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\spool
2018-05-13 23:13 - 2017-07-31 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2018-05-13 23:13 - 2017-07-28 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-05-13 23:13 - 2016-09-27 17:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2018-05-13 23:13 - 2016-09-27 17:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-13 23:11 - 2018-04-12 17:53 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-13 23:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-13 23:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-05-13 23:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-13 23:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-13 23:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-05-13 23:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-13 23:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-13 23:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-13 23:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-13 23:11 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-13 23:11 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-13 23:10 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-05-13 23:10 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-05-13 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-13 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-13 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-13 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-13 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-13 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-13 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-13 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-13 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-05-13 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-13 23:01 - 2018-04-14 12:25 - 000000766 _____ C:\Users\maro\Desktop\Cheat Engine.lnk
2018-05-13 22:39 - 2016-09-29 21:14 - 000000000 ___RD C:\Users\maro\OneDrive
2018-05-13 22:20 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-13 22:20 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\windows nt
2018-05-13 22:20 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-13 22:20 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-13 22:20 - 2017-11-08 15:42 - 000000000 ___RD C:\Users\maro\3D Objects
2018-05-13 22:20 - 2016-09-27 17:31 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-13 22:19 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-13 22:19 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-13 22:18 - 2016-10-12 20:26 - 000023140 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-13 22:17 - 2018-02-09 23:46 - 000000000 ____D C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2018-05-13 22:16 - 2017-11-10 19:42 - 000000000 ____D C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-05-13 22:16 - 2017-09-07 16:15 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-05-13 22:16 - 2017-09-07 16:15 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-05-13 22:15 - 2017-09-07 16:16 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-13 22:15 - 2017-09-07 16:16 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-11 09:04 - 2017-12-05 23:26 - 000007969 _____ C:\WINDOWS\BRRBCOM.INI
2018-05-10 12:13 - 2016-09-28 10:34 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-10 12:12 - 2017-10-12 11:02 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-10 12:11 - 2016-09-28 10:34 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-04 22:04 - 2017-11-27 20:36 - 000016895 _____ C:\Users\maro\Desktop\ZIOŁA.xlsx
2018-05-04 21:49 - 2018-04-05 18:11 - 000580999 _____ C:\Users\maro\Desktop\Excel dla Klaudii.xlsx
2018-05-01 23:22 - 2018-04-12 01:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 23:22 - 2018-04-12 01:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Pliki w katalogu głównym wybranych folderów =======

2017-12-08 10:13 - 2017-12-08 11:03 - 000000279 _____ () C:\Users\maro\AppData\Roaming\enigmaProviderCertSign.properties
2017-12-08 10:13 - 2017-12-08 10:13 - 000000277 _____ () C:\Users\maro\AppData\Roaming\enigmaSecApp.properties
2018-04-23 11:44 - 2018-04-23 11:44 - 000000000 _____ () C:\Users\maro\AppData\Roaming\FC29FA0894FE.ini
2017-09-12 08:35 - 2017-09-12 08:35 - 000000003 _____ () C:\Users\maro\AppData\Roaming\ispnetkey.dll
2017-10-17 20:54 - 2017-10-27 16:40 - 000000619 _____ () C:\Users\maro\AppData\Roaming\pacemaker.ini
2017-10-17 20:54 - 2017-10-27 16:40 - 000041090 _____ () C:\Users\maro\AppData\Roaming\pacemaker_songparams.txt
2018-05-27 23:36 - 2018-05-27 23:36 - 007611392 _____ () C:\Users\maro\AppData\Local\agent.dat
2018-05-27 23:36 - 2018-05-27 23:36 - 001895382 _____ () C:\Users\maro\AppData\Local\Bamcore.bin
2018-05-27 23:36 - 2018-05-27 23:36 - 000070896 _____ () C:\Users\maro\AppData\Local\Config.xml
2018-05-27 23:36 - 2018-05-27 23:36 - 000278508 _____ () C:\Users\maro\AppData\Local\Domstring.tst
2018-05-27 23:36 - 2018-05-27 23:36 - 000016416 _____ () C:\Users\maro\AppData\Local\InstallationConfiguration.xml
2018-05-27 23:36 - 2018-05-27 23:36 - 000140800 _____ () C:\Users\maro\AppData\Local\installer.dat
2018-05-27 23:36 - 2018-05-27 23:36 - 000005568 _____ () C:\Users\maro\AppData\Local\md.xml
2018-05-27 23:36 - 2018-05-27 23:36 - 000126464 _____ () C:\Users\maro\AppData\Local\noah.dat
2018-05-27 23:36 - 2018-05-27 23:41 - 000929792 _____ () C:\Users\maro\AppData\Local\sham.db
2018-05-27 23:36 - 2018-05-27 23:36 - 001986760 _____ () C:\Users\maro\AppData\Local\UnaLux.tst
2018-05-27 23:36 - 2018-05-27 23:36 - 000032038 _____ () C:\Users\maro\AppData\Local\uninstall_temp.ico

Niektóre pliki w TEMP:
====================
2018-05-27 23:35 - 2018-05-27 23:35 - 000016384 _____ (Greenville) C:\Users\maro\AppData\Local\Temp\capi.exe
2018-05-27 23:38 - 2018-05-27 23:38 - 000020480 _____ (noOrg) C:\Users\maro\AppData\Local\Temp\cubesta.exe
2018-05-27 23:35 - 2018-05-27 23:35 - 001793368 _____ () C:\Users\maro\AppData\Local\Temp\gimi.exe
2018-05-27 23:37 - 2018-05-27 23:37 - 000375522 _____ (                                                            ) C:\Users\maro\AppData\Local\Temp\rbpusrw4jmb.exe
2018-05-27 23:35 - 2018-05-27 23:35 - 003303331 _____ () C:\Users\maro\AppData\Local\Temp\tilusorel.exe
2018-05-27 23:39 - 2018-05-27 23:39 - 000976896 _____ () C:\Users\maro\AppData\Local\Temp\Ummi downloader 2.0.exe

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo
C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

LastRegBack: 2018-05-13 22:15

==================== Koniec  FRST.txt ============================
Rezultat skanowania skrótów użytkowników (x64) Wersja: 16.05.2018 01
Uruchomiony przez maro (28-05-2018 08:34:13)
Uruchomiony z F:\
Tryb startu: Normal

==================== Skróty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\maro\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\maro\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\maro\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\maro\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\maro\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\maro ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk -> E:\Gry\LOOT\LOOT.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk -> F:\Notepad++\notepad++.exe (Don HO [email protected])
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nahimic for MSI\Nahimic for MSI.lnk -> C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nahimic for MSI\Nаhimiс for MSI.lnk -> C:\Users\maro\AppData\Roaming\Browsers\exe.rehcnualiuismcimihan.bat (Brak pliku)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\Live Update\Dezinstalacja aplikacji Live Update.lnk -> C:\Program Files (x86)\MSI\Live Update\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\Live Update\Live Update.lnk -> C:\Program Files (x86)\MSI\Live Update\Live Update.exe (Micro-Star INT'L CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Small Business Advantage\Small Business Advantage.lnk -> C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage Next\Sba.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Small Business Advantage\Intel® Small Business Advantage.lnk -> C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Management Engine Components\Intel(R) Management and Security Status.lnk -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\PSC All-In-One 1400 series\Pomoc.lnk -> C:\Program Files (x86)\HP\Digital Imaging\help\aio21.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\PSC All-In-One 1400 series\Readme.lnk -> C:\Program Files (x86)\HP\Digital Imaging\help\AIO_CDB_readme\readme.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\PSC All-In-One 1400 series\Witryna pomocy technicznej.lnk -> C:\Program Files (x86)\HP\Digital Imaging\hp psc 1400 series\help\HP Product Support Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Tower of Time\Tower of Time.lnk -> E:\Gry\Tower of Time\TowerOfTime.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Tower of Time\Uninstall Tower of Time.lnk -> E:\Gry\Tower of Time\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin\Gadwin PrintScreen (64-Bit)\Gadwin PrintScreen (64-Bit).lnk -> C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe (Gadwin Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-pity\e-pity 2017 - program, pity roczne, e-deklaracje.lnk -> E:\Programy\e-pity\e-pity.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-pity\Odinstaluj e-pity 2017.lnk -> E:\Programy\e-pity\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\Brother Utilities.lnk -> C:\Program Files (x86)\Brother\BrLauncher\BrLauncher.exe (Brother Industories, Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\Вrоthеr Utilities.lnk -> C:\Users\maro\AppData\Roaming\Browsers\exe.rehcnualrb.bat (Brak pliku)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\Links\Desktop.lnk -> C:\Users\maro\Desktop ()
Shortcut: C:\Users\maro\Links\Downloads.lnk -> C:\Users\maro\Downloads ()
Shortcut: C:\Users\maro\Desktop\Battle Brothers - Lindwurm.lnk -> E:\Gry\Battle Brothers - Lindwurm\win32\BattleBrothers.exe ()
Shortcut: C:\Users\maro\Desktop\Cheat Engine.lnk -> E:\Programy\Cheat Engine 6.7\Cheat Engine.exe ()
Shortcut: C:\Users\maro\Desktop\Dokumenty — skrót .lnk -> E:\Dokumenty ()
Shortcut: C:\Users\maro\Desktop\f4se_loader — skrót .lnk -> C:\Fallout 4 GOTY\f4se_loader.exe ()
Shortcut: C:\Users\maro\Desktop\Think and Grow Rich — skrót  108.lnk -> E:\Dokumenty\E-booki\THINK AND GROW RICH - Napoleon Hill\Think and Grow Rich.pdf ()
Shortcut: C:\Users\maro\Desktop\Tor Browser — skrót .lnk -> E:\Programy\Tor Browser ()
Shortcut: C:\Users\maro\Desktop\WhatsApp.lnk -> C:\Users\maro\AppData\Local\WhatsApp\WhatsApp.exe (WhatsApp)
Shortcut: C:\Users\maro\Desktop\µTorrent.lnk -> C:\Users\maro\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\maro\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cent Browser.lnk -> E:\CentBrowser\CentBrowser\Application\chrome.exe (Dan Deng)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-pity 2017 - program, pity roczne, e-deklaracje.lnk -> E:\Programy\e-pity\e-pity.exe ()
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk -> C:\Users\maro\AppData\Local\FluxSoftware\Flux\flux.exe (f.lux Software LLC)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kosz.lnk -> [LFx@_dP/N1SPSU(Ly9K-e)::{645FF040-5081-101B-9F08-00AA002F954E}]
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Сеnt Вrоwser.lnk -> C:\Users\maro\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp\WhatsApp.lnk -> C:\Users\maro\AppData\Local\WhatsApp\WhatsApp.exe (WhatsApp)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6\Python 3.6 (32-bit).lnk -> E:\Programy\Python\python.exe (Python Software Foundation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnet Еxplоrеr.lnk -> C:\Users\maro\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Windows\SendTo\Transfer plików Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\maro\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\6f9cb17000d7fedd\Сent Вrowser.lnk -> C:\Users\maro\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku)
Shortcut: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Brother Utilities.lnk -> C:\Program Files (x86)\Brother\BrLauncher\BrLauncher.exe (Brother Industories, Ltd.)
Shortcut: C:\Users\Public\Desktop\Company of Heroes 2.lnk -> E:\Gry\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment Inc.)
Shortcut: C:\Users\Public\Desktop\Gadwin PrintScreen (64-Bit).lnk -> C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe (Gadwin Systems)
Shortcut: C:\Users\Public\Desktop\Nexus Mod Manager.lnk -> E:\Gry\Nexus Mod Manager\NexusClient.exe (Black Tree Gaming)
Shortcut: C:\Users\Public\Desktop\PDF-Viewer.lnk -> E:\Tracker Software\PDF Viewer\PDFXCview.exe (Tracker Software Products (Canada) Ltd.)
Shortcut: C:\Users\Public\Desktop\Tower of Time.lnk -> E:\Gry\Tower of Time\TowerOfTime.exe ()
Shortcut: C:\Users\Public\Desktop\Winamp.lnk -> E:\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\Public\Desktop\Вrоther Utilitiеs.lnk -> C:\Users\maro\AppData\Roaming\Browsers\exe.rehcnualrb.bat (Brak pliku)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK\Uninstall - TP-LINK TL-WN881ND Driver.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{FDA7E907-6539-42C1-9721-0239C281B336}\setup.exe (Macrovision Corporation) -> -runfromtemp -removeonly DriverOnly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare.lnk -> C:\Program Files\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office Upload Center.lnk -> C:\Program Files\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files\Microsoft Office\Root\Office16\MSOUC.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare.lnk -> C:\Program Files\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Update Manager\Intel(R) Update Manager.lnk -> C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe () -> --showui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\PSC All-In-One 1400 series\Dezinstalacja.lnk -> C:\Program Files (x86)\HP\Digital Imaging\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}\setup\hpzscr40.exe (Hewlett-Packard) -> -datfile hposcr19.dat -onestop
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\PSC All-In-One 1400 series\Dodaj urządzenie.lnk -> C:\Program Files (x86)\HP\Digital Imaging\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}\hpzstub.exe (Hewlett-Packard) -> -addadevice
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\PSC All-In-One 1400 series\Rejestracja produktu.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe (Hewlett-Packard Company) -> "HP PSC 1400 series"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\maro\Desktop\centbrowser.lnk -> E:\CentBrowser\CentBrowser\Application\chrome.exe (Dan Deng) -> chrome
ShortcutWithArgument: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6\IDLE (Python 3.6 32-bit).lnk -> E:\Programy\Python\pythonw.exe (Python Software Foundation) -> "E:\Programy\Python\Lib\idlelib\idle.pyw"
ShortcutWithArgument: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6\Python 3.6 Module Docs (32-bit).lnk -> E:\Programy\Python\python.exe (Python Software Foundation) -> -m pydoc -b
ShortcutWithArgument: C:\Users\maro\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\maro\AppData\Roaming\Microsoft\Windows\SendTo\Odbiorca faksu.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\maro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\6f9cb17000d7fedd\Cent Browser.lnk -> E:\CentBrowser\CentBrowser\Application\chrome.exe (Dan Deng) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\maro\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\Live Update\MSI Website.url -> URL: hxxp://www.msi.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-pity\fillUp online - przyjazne formularze, umowy, druki.url -> URL: hxxp://fillup.pl/online
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-pity\Przejdź na stronę WWW o e-pity.url -> URL: hxxp://e-pity.pl
InternetURL: C:\Users\maro\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

==================== Koniec  Shortcut.txt =============================