CloseProcesses: CreateRestorePoint: AlternateDataStreams: C:\WINDOWS\OvtWia.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\PCDLIB32.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\RtCRU64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AERTAC64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AERTAR64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\btcoinst.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BtContextMenu.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\centel.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\DdcWnsListener.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EXT2800.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FMAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gfxSrvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GfxUI.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hccutils.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hkcmd.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpf3l70v.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hposc_d02a.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpost_d02c.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hposwia_d02c.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hppldcoi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpzids40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IccLibDll_x64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ig4icd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igd10umd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdde64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdumd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfx11cmrt64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxcmjit64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxcmrt64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4459.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxdev.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IGFXDEVLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxdo.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxexps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxpers.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxpph.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrara.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrchs.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrcht.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrcsy.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrdan.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrdeu.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrell.lrc:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\igfxrenu.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxresn.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxress.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrfin.lrc:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\igfxrfra.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrheb.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrhrv.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrhun.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrita.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrjpn.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrkor.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrnld.lrc:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\igfxrnor.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrplk.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrptb.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrptg.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrrom.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrrus.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrsky.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrslv.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrsve.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrtha.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxrtrk.lrc:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxTMM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxtray.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iglhcp64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iglhsip64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\JpgLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO20.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO30.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioEQ64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxVolumeSDAPO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\OV550Ext.ax:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OvtFBoot.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RdpGroupPolicyExtension.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\RtCRX64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTNUninst64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SETB740.tmp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SynCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SynGlwPadShlExt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SynTPAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SynTPCo41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GPhotos.scr:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\HexUniRTFBox.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ig4icd32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10umd32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdde32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdumd32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfx11cmrt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmjit32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmrt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxdv32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxexps32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhcp32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhsip32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ijl15.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmlmedia.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\msmapi32.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PaintX.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PDFDocScout.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SynCom.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\unicows.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WISPTIS.EXE:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\athrx.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\btath_bus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\btfilter.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\CFRMD.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\FilmScan.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\igdkmd64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\pccsmcfdx64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\Rt64win7.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\SynTP.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\afc.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\(tapeciarnia.pl)104811_drzewa_snieg.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\(tapeciarnia.pl)15096_1486068109_3039.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\(tapeciarnia.pl)154295_las_mgla_jezioro_lawka.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\(tapeciarnia.pl)85790_gory_jezioro_niebo.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\adguardInstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\alchemik-super.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\AllDupSetup.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\doublekiller.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\dziewczyna-z-pociagu.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\Fwd__Plakaty_PRL-u_i_drzewa_ciekawostki.zip:$CmdTcID [130] AlternateDataStreams: C:\Users\laptop\Downloads\mbam-setup-2.2.1.1043.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\OutlookContacts.csv:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\paint.net.4.0.10.install.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\Parkingi Platne.csv:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\Przejazdy Kolejowe Niestrzezone.csv:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\Przejazdy Kolejowe Strzezone.csv:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\RadioSure-2.2.1042-setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\rajd 2017 - otwarcie sezonu - regulamin.docx:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\Raport_1474881370975.csv:$CmdTcID [130] AlternateDataStreams: C:\Users\laptop\Downloads\regulamin xii rajdu do miejsc pamici narodowej.doc:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\Silverlight_x64.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\SpotifySetup(1).exe:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\streaming-audio-recorder.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\tapeciarnia.pl-118305_windows_system_operacyjny.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\tapeciarnia.pl-241520_windows_10_kolorowy_blask.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\tapeciarnia.pl-250365_grafika_windows_3d.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\tapeciarnia.pl-258953_system_operacyjny_windows_10.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\tapeciarnia.pl-61252_niebieskie_tlo_windows_7.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\tapeciarnia.pl-68953_lodowa_otchlan.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\tapeciarnia.pl-92062_internet_explorer_10.jpg:$CmdTcID [130] AlternateDataStreams: C:\Users\laptop\Downloads\tapeciarnia.pl-94680_firefox_logo.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\tapeciarnia.pl-tapeta-widok-z-jaskini-na-zachmurzone-niebo-nad-plaza-na-karaibach.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\wt_launcher_1.0.1.741.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\Zamki i Palace.csv:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Downloads\zly.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\laptop\Documents\KeePass.exe:$CmdTcID [64] Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: