Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-08-2015 Ran by admin (2015-08-06 21:32:51) Running from C:\Users\admin\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin (S-1-5-21-1752190103-3108269733-922013570-1001 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-1752190103-3108269733-922013570-500 - Administrator - Disabled) => C:\Users\Administrator Gość (S-1-5-21-1752190103-3108269733-922013570-501 - Limited - Disabled) Konto domyślne (S-1-5-21-1752190103-3108269733-922013570-503 - Limited - Disabled) test (S-1-5-21-1752190103-3108269733-922013570-1002 - Administrator - Enabled) => C:\Users\test ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4t Tray Minimizer Free 5.52 (HKLM-x32\...\4t Tray Minimizer_is1) (Version: 5.52 - 4t Niagara Software) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam) Aktualizacje NVIDIA 2.5.12.11 (Version: 2.5.12.11 - NVIDIA Corporation) Hidden AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.) Assassin's Creed Rogue (HKLM-x32\...\Uplay Install 895) (Version: - Ubisoft) ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.8.2.0 - ASUSTek COMPUTER INC.) ASUS GPU Tweak (x32 Version: 2.8.2.0 - ASUSTek COMPUTER INC.) Hidden Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - ) Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version: - WB Games Montreal) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.0 - EA Digital Illusions CE AB) Bulletstorm (HKLM-x32\...\GFWL_{45410935-3E72-472B-8C35-AB1000008200}) (Version: 1.0.0000.130 - EA) Bulletstorm (x32 Version: 1.0.0000.130 - EA) Hidden BulletStorm (x32 Version: 1.0.0005.130 - EA) Hidden Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games) Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward) Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward) Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward) Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward) CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version: - cbrreader.com) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Deadpool (HKLM-x32\...\Deadpool_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91) Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Far Cry 2 (HKLM-x32\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.03.00 - Ubisoft) Far Cry 3 (HKLM-x32\...\Uplay Install 46) (Version: - Ubisoft) Far Cry 4 Update V1.4 (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - ) FlashPeak Slimjet 64bit (HKLM\...\Slimjet) (Version: 3.0.4.0 - FlashPeak Inc.) FOCA Free (HKLM-x32\...\{B66CFB02-1CF0-41E8-AA79-8C7FA8BEC0FF}) (Version: 3.0.0 - Informatica64) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.124.715 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.) Gemote (HKLM-x32\...\Gemote) (Version: 2.0.2 - Greenflow AS) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.) Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North) Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - ) HTC Home Apis (HKLM-x32\...\HTC Home Apis) (Version: 3.0.620.0 - Stealth) K-Lite Mega Codec Pack 11.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.3.0 - ) Komunikator WTW 1.2.0.4424 (HKLM\...\{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}) (Version: 1.2.0.4424 - K2T.eu) LEGO Batman 3: Beyond Gotham (HKLM-x32\...\Steam App 313690) (Version: - TT Games Ltd) Lego Star Wars 3: The Clone Wars (HKLM-x32\...\Steam App 32510) (Version: - Traveller's Tales) Lego Star Wars Saga (HKLM-x32\...\Steam App 32440) (Version: - Traveller's Tales) LEGO® Jurassic World (HKLM-x32\...\Steam App 352400) (Version: - TT Games Ltd) LEGO® Piraci z Karaibów Gra wideo (HKLM-x32\...\{DED30CC9-D549-403A-9C7E-3D4A12F06BF0}) (Version: 1.0.0.0 - Disney Interactive Studios) LEGO®Indiana Jones™ 2 The Adventure Continues (HKLM-x32\...\{FCB3AB5D-877A-43FF-BA2B-2E6A9D1EDD99}) (Version: 1.00.0000 - LucasArts) Łatka polonizacyjna GTA IV v1.0 (HKLM-x32\...\Łatka polonizacyjna GTA IV v1.0) (Version: 1.0 - GTAPOLSKA.PL) Mass Effect™ (HKLM-x32\...\{44A570EE-FD93-4086-8997-2C38DFDE0019}) (Version: 1.2.20608.0 - Electronic Arts) Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts) Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts) Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 pl)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla) Mozilla Thunderbird 38.1.0 (x86 pl) (HKLM-x32\...\Mozilla Thunderbird 38.1.0 (x86 pl)) (Version: 38.1.0 - Mozilla) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8 - Notepad++ Team) NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA Sterownik graficzny 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation) NVIDIA Sterownik kontrolera 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA Wirtualny dźwięk Miracast 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.30 - NVIDIA Corporation) OpenVPN 2.3.6-I001 (HKLM\...\OpenVPN) (Version: 2.3.6-I001 - ) Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.) Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security) Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0006 - Panda Security) Panda Free Antivirus (Version: 7.84.00.0000 - Panda Security) Hidden Panel sterowania NVIDIA 353.30 (Version: 353.30 - NVIDIA Corporation) Hidden PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) PRO100 wersja 5.20 (HKLM-x32\...\PRO100_is1) (Version: 5.20 - Ecru Oprogramowanie) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.) RAGE (HKLM-x32\...\Steam App 9200) (Version: - id Software) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games) Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - ) Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software) Star Wars: Empire at War Gold (HKLM-x32\...\Steam App 32470) (Version: - Petroglyph) STAR WARS® - Rogue Squadron 3D (HKLM-x32\...\1421404950_is1) (Version: 2.0.0.3 - GOG.com) STAR WARS® - TIE Fighter (1998) (HKLM-x32\...\1207666413_is1) (Version: 2.0.0.5 - GOG.com) STAR WARS® - X-Wing (1998) (HKLM-x32\...\1207666393_is1) (Version: 2.0.0.5 - GOG.com) STAR WARS® - X-Wing Alliance (HKLM-x32\...\1421404763_is1) (Version: 2.0.0.9 - GOG.com) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) The Witcher 3 - Wild Hunt (HKLM-x32\...\The Witcher 3 - Wild Hunt_is1) (Version: - ) UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.4 - uvnc bvba) Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.3f1 - Unity Technologies ApS) Unreal Commander v2.02 (HKLM-x32\...\UnrealCommander_is1) (Version: 2.0.2.1082 - Max Diesel) Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft) USB Scanner (HKLM-x32\...\{5265664F-6128-405C-9225-9782A85954FD}) (Version: 3.0.1 - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Phone Assistant (HKLM-x32\...\{3D266EA2-43B5-4A51-A51B-0FB0E0766D44}) (Version: 1.0.0.0 - Microsoft Corporation) WinRAR 5.20 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.3 - win.rar GmbH) World of Tanks (HKU\S-1-5-21-1752190103-3108269733-922013570-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1752190103-3108269733-922013570-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1752190103-3108269733-922013570-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1752190103-3108269733-922013570-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1752190103-3108269733-922013570-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1752190103-3108269733-922013570-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1752190103-3108269733-922013570-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1752190103-3108269733-922013570-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1752190103-3108269733-922013570-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1752190103-3108269733-922013570-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1752190103-3108269733-922013570-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1752190103-3108269733-922013570-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 06-08-2015 15:39:28 2015-08-06 przed combofix ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 13:04 - 2015-08-05 18:21 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation) Task: {018F8FB7-A77C-479A-ACFD-716BA577E420} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION Task: {076DF954-47F3-4B4D-B910-9FC88B5E47A2} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION Task: {0AD5CEA1-C3AA-40AC-B1D0-FAA3DE819A37} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation) Task: {104652EF-547A-48BB-81D3-1E39235DF4C9} - \klcp_update No Task File <==== ATTENTION Task: {1641F54C-1E57-4902-AB65-EE2B65E5629D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {1787AAB6-E7CD-4834-871E-2BE8A4508139} - \GoogleUpdateTaskMachineCore1d04081af26067c No Task File <==== ATTENTION Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {1D3D099E-EE1E-4907-8BA2-BA8F12D11AA6} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe [2015-07-10] (Microsoft Corporation) Task: {2C97A00A-1C5C-4318-B5CC-8A1A126B77F9} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask Task: {31215049-396B-4BBD-B449-F6C9FA64426A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d No Task File <==== ATTENTION Task: {3976396A-58A5-4D49-90C8-38CFD02DD874} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION Task: {3E4837D5-A5D1-4181-BBF9-18255974B4BD} - \Optimize Start Menu Cache Files-S-1-5-21-1752190103-3108269733-922013570-1001 No Task File <==== ATTENTION Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation) Task: {4454A8D0-2E4E-4A02-BF67-48DF6A7BFAB4} - System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask Task: {4A6B5959-5B32-4A29-9EE2-B0526E8C4554} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d No Task File <==== ATTENTION Task: {5737FD28-6DFF-49B0-BF35-1DE1822D767A} - \AutoKMS No Task File <==== ATTENTION Task: {5E5515C1-7D87-4904-B9CE-FD29EB2ADB72} - System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {6AB6FC16-0321-4B15-9BC9-97A04E920370} - \GoogleUpdateTaskMachineCore1d08fafd71cd0dd No Task File <==== ATTENTION Task: {711EE2F9-A611-4773-AF8E-D4B278A6718D} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask Task: {744C9FEA-08B7-43E1-A729-0F94647D655C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {74891896-CE99-42CA-88F4-B633ADA42207} - \GoogleUpdateTaskMachineUA1d004342dd4a430 No Task File <==== ATTENTION Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance Task: {7A003965-A297-4DC6-B15B-852D798391E0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe [2015-07-30] (Microsoft Corporation) Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe [2015-07-30] (Microsoft Corporation) Task: {8C3F16CF-BF25-4B92-BC5B-2350E03AF9A3} - \PeerBlock No Task File <==== ATTENTION Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-30] (Microsoft Corporation) Task: {91C0ADEF-CBA7-431E-A17C-11C371BD95C8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION Task: {93B71DF3-862A-42D3-94E1-7C8F14029585} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION Task: {A147E713-F33B-497F-A195-5A723EE2040D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d No Task File <==== ATTENTION Task: {A364E297-00AD-490D-900E-22AC34598C71} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager Task: {A7459789-6E34-4CDC-BAAD-E87B9FB4F097} - \CreateChoiceProcessTask No Task File <==== ATTENTION Task: {AC29E64E-3271-47BA-B8F1-914523CF379B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update Task: {AD15BF00-7F70-4089-9D8F-BFF56BB28785} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION Task: {B9B36D41-C776-424E-9A13-5387E17A2CEB} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\Windows\System32\WiFiTask.exe [2015-07-10] (Microsoft Corporation) Task: {C1A491EE-1BD5-41D2-AE96-60C2F7172BD5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation) Task: {C2162702-FFEB-48C0-AA5F-2DA3A8887D61} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation Task: {C34C2CD6-AAF0-413C-9B67-37ABBCE86F22} - \GoogleUpdateTaskMachineCore1d0bfafc0d9f669 No Task File <==== ATTENTION Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation) Task: {CA848C06-82F1-4D98-8081-17103BBBA6F4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION Task: {CACE9CF6-6052-40D2-A9B8-EC69BF14904C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd No Task File <==== ATTENTION Task: {D1F7FA31-A0EC-4D0F-81A6-F235826F4101} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION Task: {D2401052-A382-42DE-9C79-D1CF3563F654} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation Task: {DAF2BAE3-1C5B-4CB5-9F62-0911C031A15A} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\Windows\system32\disksnapshot.exe [2015-07-10] (Microsoft Corporation) Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe [2015-07-30] (Microsoft Corporation) Task: {EE3C8401-A6D8-4B9E-AA5A-6D2F801963FD} - \CCleanerSkipUAC No Task File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => 0x000A0100F1249FAE2F636044A5FED07EFBDEC1D54600D400000000003C000A00200000000014730F000000000513040020200401000000000000000000000000000000000000180043003A005C00570049004E0044004F00570053005C006500780070006C006F007200650072002E0065007800650000000C002F004E004F0055004100430043004800450043004B000000000018004500780070006C006F007200650072005300680065006C006C0055006E0065006C00650076006100740065006400000000000000080003130400000000000000 Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d04081af26067c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08fafd71cd0dd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bfafc0d9f669.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-07-30 00:19 - 2015-07-30 00:19 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-07-30 00:19 - 2015-07-30 00:19 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe 2015-04-13 18:31 - 2015-06-17 08:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-08-05 22:27 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-08-05 22:27 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-07-10 12:59 - 2015-07-10 12:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll 2011-06-21 08:07 - 2015-01-25 19:28 - 02264576 _____ () C:\Program Files (x86)\HTC Home\Clock.exe 2014-11-19 22:11 - 2015-04-30 15:11 - 00019456 _____ () C:\Program Files\K2T\WTW\libCryptoLayer.module 2014-11-19 22:11 - 2015-04-30 15:11 - 00088064 _____ () C:\Program Files\K2T\WTW\libCryptoWtw.module 2014-11-19 22:11 - 2015-04-30 15:11 - 00579072 _____ () C:\Program Files\K2T\WTW\libImage.module 2014-11-19 22:11 - 2015-04-30 15:11 - 00546816 _____ () C:\Program Files\K2T\WTW\libSQ3.module 2014-11-19 22:11 - 2015-04-30 15:11 - 00092160 _____ () C:\Program Files\K2T\WTW\libZlib.module 2014-11-19 22:11 - 2015-04-30 15:11 - 00129024 _____ () C:\Program Files\K2T\WTW\libExpat.module 2014-11-19 22:11 - 2015-04-30 15:11 - 00442880 _____ () C:\Program Files\K2T\WTW\libLexer.module 2014-11-19 22:11 - 2015-04-30 15:11 - 00014336 _____ () C:\Program Files\K2T\WTW\libWin8.module 2015-07-29 16:19 - 2015-07-25 17:31 - 01763144 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libglesv2.dll 2015-07-29 16:19 - 2015-07-25 17:31 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libegl.dll 2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll 2015-04-03 19:16 - 2015-07-24 06:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1752190103-3108269733-922013570-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\Desktop\r9IcOlx.png DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run32: => "BCSSync" HKU\S-1-5-21-1752190103-3108269733-922013570-1001\...\StartupApproved\Run: => "Xvid" HKU\S-1-5-21-1752190103-3108269733-922013570-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-1752190103-3108269733-922013570-1001\...\StartupApproved\Run: => "Foxmail" HKU\S-1-5-21-1752190103-3108269733-922013570-1001\...\StartupApproved\Run: => "Windows Phone Assistant" HKU\S-1-5-21-1752190103-3108269733-922013570-1001\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [{D66C91A5-D2F5-4DDE-BA36-6697598DDDAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{116B8402-9A1C-4772-A0C8-436A97057718}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Jedi Academy\GameData\jamp.exe FirewallRules: [{6D0A4C7B-4CD9-4353-8250-100D06E4FCC5}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Jedi Academy\GameData\jamp.exe FirewallRules: [{F126900C-9BC3-4508-AF63-F29676470256}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Jedi Academy\GameData\jasp.exe FirewallRules: [{1E16CC6B-EF9B-4EC5-BAF6-49BCCB39C946}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Jedi Academy\GameData\jasp.exe FirewallRules: [{67290418-D59D-4ADA-9DFA-2C8E19DD3B2B}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Call of Duty Modern Warfare 3\iw5sp.exe FirewallRules: [{61574A97-0DF6-4FFF-9819-9D1F17DF3D5D}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Call of Duty Modern Warfare 3\iw5sp.exe FirewallRules: [{6F12F97B-1848-436F-9D8A-218B3C309F02}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe FirewallRules: [{8CB39805-AD77-4345-B0F2-4D2319C7A290}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe FirewallRules: [{CC3104CC-C911-4388-AF5C-AAC2A99E264F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{6688942F-6223-468C-9C64-6195062C0949}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{3ACCCEAB-87E9-4E96-92EA-BB115F59FA9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{E06EE380-7568-4CDD-9F1C-54445D2FD3E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{2C450FA0-2021-4422-9EE9-E8C3DC93526D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{20D6E8C5-ACED-471D-84BB-595EFE64A282}] => (Allow) C:\Program Files\WindroyeBox\WindroyeBoxHD.exe FirewallRules: [{7D981915-E18D-47B6-936F-8D41147FB531}] => (Allow) C:\Program Files\WindroyeBox\WindroyeBoxHD.exe FirewallRules: [UDP Query User{9959F990-8B2C-4ABB-9BF4-9FB77D649499}C:\program files (x86)\gemote\gemote\gemote.exe] => (Allow) C:\program files (x86)\gemote\gemote\gemote.exe FirewallRules: [TCP Query User{F5EADB9A-CDB8-4093-B40B-22689CC158E0}C:\program files (x86)\gemote\gemote\gemote.exe] => (Allow) C:\program files (x86)\gemote\gemote\gemote.exe FirewallRules: [{F61E7DEE-90CB-47B0-B495-2E38DD82E4A1}] => (Allow) D:\GAMES\Origin-games\Battlefield 4\bf4.exe FirewallRules: [{4312E807-1078-4459-BBD2-38A89B64CBA1}] => (Allow) D:\GAMES\Origin-games\Battlefield 4\bf4.exe FirewallRules: [{98976A54-EA74-4570-A7BE-F9077B16CFD2}] => (Allow) D:\GAMES\Origin-games\Battlefield 4\bf4_x86.exe FirewallRules: [{09292252-758C-4971-AD0A-27783C8BC218}] => (Allow) D:\GAMES\Origin-games\Battlefield 4\bf4_x86.exe FirewallRules: [{850F84AC-B68B-46FB-80F0-AA85BA08E268}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{003AF539-B170-4688-8DCA-1D02FDAF4B5A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{E0C3E969-EA75-49FF-BF34-DAF8EEE02DD7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{318DAB66-D23B-415B-8A63-7CD16C119DEF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{E4148158-DAF3-4EF4-8DC1-0F6E96AAF34C}] => (Allow) D:\GAMES\uplay-g\FarCry2\Far Cry 2\bin\FC2ServerLauncher.exe FirewallRules: [{D7B402E1-78EB-4FA9-B735-06A82F9A59C2}] => (Allow) D:\GAMES\uplay-g\FarCry2\Far Cry 2\bin\FC2ServerLauncher.exe FirewallRules: [{6F98B194-DD29-4CCF-9038-2B825F318A33}] => (Allow) D:\GAMES\uplay-g\FarCry2\Far Cry 2\bin\FC2Editor.exe FirewallRules: [{887981EF-21BF-41DF-AED3-2B9FDF71F956}] => (Allow) D:\GAMES\uplay-g\FarCry2\Far Cry 2\bin\FC2Editor.exe FirewallRules: [{62042466-F947-42AE-A1BB-7CAD8FB9043F}] => (Allow) D:\GAMES\uplay-g\FarCry2\Far Cry 2\bin\FC2Launcher.exe FirewallRules: [{E1A2519F-DD3F-44E5-96CA-004CCBF42445}] => (Allow) D:\GAMES\uplay-g\FarCry2\Far Cry 2\bin\FC2Launcher.exe FirewallRules: [{97A77308-1EE3-4181-8068-1CEE617D6A2B}] => (Allow) D:\GAMES\uplay-g\FarCry2\Far Cry 2\bin\FarCry2.exe FirewallRules: [{8A076668-32CA-471B-BEB9-6CD6D687450C}] => (Allow) D:\GAMES\uplay-g\FarCry2\Far Cry 2\bin\FarCry2.exe FirewallRules: [UDP Query User{09AF6CB9-43FE-4A87-9DD3-9B300758B55B}D:\games\inne\grand theft auto v\gta5.exe] => (Block) D:\games\inne\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{8DB41398-0E25-4EAD-BF12-B423390E4756}D:\games\inne\grand theft auto v\gta5.exe] => (Block) D:\games\inne\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{FF3E8D40-DB54-403D-8ED1-40AD6F854B40}D:\games\steam-games\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\games\steam-games\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe FirewallRules: [TCP Query User{6BDD6DFE-9715-44F7-BD62-BC2412A3DDFC}D:\games\steam-games\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\games\steam-games\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe FirewallRules: [{D3342602-9E20-42CF-BF9F-7D7008D250CA}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe FirewallRules: [{DDDE8187-DE32-44CA-A0C7-4469E471AED8}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe FirewallRules: [{3489DBD5-2B15-48A4-B118-F931B406AA22}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Lego Star Wars III - The Clone Wars\LEGOCloneWars.exe FirewallRules: [{697F902F-9B1F-4E04-98AD-805962B62D6A}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Lego Star Wars III - The Clone Wars\LEGOCloneWars.exe FirewallRules: [{B0BD38E5-A5A4-4014-B73A-0BFD7CFA443A}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Lego Star Wars Saga\LEGOStarWarsSaga.exe FirewallRules: [{D70C9606-6EB3-4D83-A774-A0DEAABBF585}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Lego Star Wars Saga\LEGOStarWarsSaga.exe FirewallRules: [{04BA87E0-C415-4AC6-8AAC-66586047AC4C}] => (Allow) D:\GAMES\Origin-games\Mass Effect 3\Binaries\Win32\MassEffect3.exe FirewallRules: [{A3FA1C9B-CD21-46B6-9072-AF77EA2AADD0}] => (Allow) D:\GAMES\Origin-games\Mass Effect 3\Binaries\Win32\MassEffect3.exe FirewallRules: [UDP Query User{796E0973-D6DD-452A-8CB9-72C0BF717F15}D:\games\origin-games\mass effect 2\binaries\me2game.exe] => (Allow) D:\games\origin-games\mass effect 2\binaries\me2game.exe FirewallRules: [TCP Query User{5DA75D72-4847-46B2-A741-9810A8BA9B27}D:\games\origin-games\mass effect 2\binaries\me2game.exe] => (Allow) D:\games\origin-games\mass effect 2\binaries\me2game.exe FirewallRules: [{C08CD0A3-D907-426E-A710-3FF447EA7DE1}] => (Allow) D:\GAMES\Origin-games\Mass Effect 2\Binaries\MassEffect2.exe FirewallRules: [{073C8358-4F67-43AC-A9B3-FEA10A7E2FF4}] => (Allow) D:\GAMES\Origin-games\Mass Effect 2\Binaries\MassEffect2.exe FirewallRules: [{E6574A4F-2351-4E27-88F5-9B2BE68B5D12}] => (Allow) D:\GAMES\Origin-games\Mass Effect\Binaries\MassEffect.exe FirewallRules: [{A3A0B647-CF70-4923-BE89-A0F0552DEEF9}] => (Allow) D:\GAMES\Origin-games\Mass Effect\Binaries\MassEffect.exe FirewallRules: [{6B86DAC4-1AB2-4C17-8F31-E0D0C9258D04}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\RAGE\Rage64.exe FirewallRules: [{2FA3B1A6-FE10-4672-8167-600BA95F4BF8}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\RAGE\Rage64.exe FirewallRules: [{65380813-FB5C-4206-BF07-A6932E64168C}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\RAGE\Rage.exe FirewallRules: [{832392AA-FE51-47DF-9B52-C458E5FC85F8}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\RAGE\Rage.exe FirewallRules: [{6D6D1CAA-ACB0-4720-B958-C07DD813FCC4}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Star Wars Empire at War\runme2.exe FirewallRules: [{A33E7650-B261-4D8D-873B-5F86D4AAA49B}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Star Wars Empire at War\runme2.exe FirewallRules: [{574A67B3-B720-4551-B3FC-06528FE957A3}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Star Wars Empire at War\runme.exe FirewallRules: [{3FBAA9F6-A19E-485C-86A7-CFEED88A7D96}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Star Wars Empire at War\runme.exe FirewallRules: [{A689F034-CBAF-46E1-A790-D3B8BAE9321B}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe FirewallRules: [{39E8E007-037A-464D-9FA0-90299574D75F}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe FirewallRules: [{EB8E1D6F-A4A3-496A-A2AC-E9036328D069}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe FirewallRules: [{4C4ED9C2-D5C3-49A6-9FD7-71E9797316B8}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe FirewallRules: [{A2FB910C-909D-4494-A55E-89DE300697BD}] => (Allow) D:\GAMES\Origin-games\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe FirewallRules: [{5AF2F3B1-5422-4723-B343-D009C9CD3FD4}] => (Allow) D:\GAMES\Origin-games\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe FirewallRules: [{06C3AA7F-2B61-4169-AF3F-C62CCB4553D0}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Call of Duty Black Ops II\t6mp.exe FirewallRules: [{36217FBE-4AED-4FB1-BA28-8C81FCBE2181}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Call of Duty Black Ops II\t6mp.exe FirewallRules: [{EF13213E-9613-4622-A437-DC61282D6733}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Call of Duty Black Ops II\t6zm.exe FirewallRules: [{97ECB09C-2BBA-4251-9538-A7FC3C0B5F9D}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Call of Duty Black Ops II\t6zm.exe FirewallRules: [{0230C6E7-FFE4-452E-A7A8-D372F71CE4E6}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe FirewallRules: [{A7338A7C-CFF2-4C2A-8C78-0A08A70E8924}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe FirewallRules: [{AA766022-EE93-4C19-9F03-015D5716E234}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe FirewallRules: [{39C35DFC-E581-4A97-A012-6BD055F523A7}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe FirewallRules: [{35816D51-C9F2-4D25-AAA0-4DB37EA00960}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe FirewallRules: [{11B9A0B1-1DD3-484A-BF12-56531F93F73F}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe FirewallRules: [{E4654AAF-6FFE-4C8A-BC70-03C433EA968E}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe FirewallRules: [{5A739D0C-E09B-4919-8329-DB0232137380}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe FirewallRules: [{E62C6B2C-4441-44A2-8954-A4F12ABE59FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{320CFB6E-95EA-4C51-ABD5-B22C5336DC19}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F070559A-3643-4D99-8CE8-2CE21971C188}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Tomb Raider\TombRaider.exe FirewallRules: [{1467B51E-BA37-4957-97EE-2E678F30C7DE}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Tomb Raider\TombRaider.exe FirewallRules: [UDP Query User{FA2DA4C0-78E6-4C21-9D6F-08650BF00778}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe FirewallRules: [TCP Query User{BCD3C682-7B10-4F61-A62D-9B7D1F91CE76}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe FirewallRules: [UDP Query User{B6A206C8-0511-4DE1-8C96-6C71A199FD9B}D:\games\world of tanks\worldoftanks.exe] => (Allow) D:\games\world of tanks\worldoftanks.exe FirewallRules: [TCP Query User{C12BBF68-D9C2-4B53-9305-C0F25A2B07B3}D:\games\world of tanks\worldoftanks.exe] => (Allow) D:\games\world of tanks\worldoftanks.exe FirewallRules: [UDP Query User{8B369187-C3C6-4140-BC8E-FA468B7ADB54}D:\games\world of tanks\wotlauncher.exe] => (Allow) D:\games\world of tanks\wotlauncher.exe FirewallRules: [TCP Query User{94BDD3F2-915D-4987-AF73-78F9360824FF}D:\games\world of tanks\wotlauncher.exe] => (Allow) D:\games\world of tanks\wotlauncher.exe FirewallRules: [{27FEF61D-E39C-4FF7-8F78-8DC478CF9F86}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe FirewallRules: [{B7DC0225-80C1-4AB5-B413-D6A13B0B3555}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe FirewallRules: [{B3A80568-570D-41E5-AC88-305FC41A45F5}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe FirewallRules: [{CF39CDAE-50D0-4DEF-97B1-4FE7C9615328}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe FirewallRules: [{42EB69BA-44DC-4F76-B33F-B7A838ACEA9C}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe FirewallRules: [{20DF5E49-F779-431F-9598-1D0FBFDB0377}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe FirewallRules: [UDP Query User{F58771E0-A7D5-4396-9D9B-247F910ACCED}D:\games\inne\far cry 4\bin\farcry4.exe] => (Block) D:\games\inne\far cry 4\bin\farcry4.exe FirewallRules: [TCP Query User{3915079A-9BB8-40DC-801B-333FA7CCD71A}D:\games\inne\far cry 4\bin\farcry4.exe] => (Block) D:\games\inne\far cry 4\bin\farcry4.exe FirewallRules: [{C802D2CE-47F6-4A6E-A2AE-83A2D840E7B9}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{4969AF27-9E5F-439B-B9D4-125EB50B76AF}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [UDP Query User{7A1EBFE8-8F7C-41AF-8DFA-994F8F55FAA5}D:\games\uplay-g\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\games\uplay-g\far cry 3\bin\farcry3_d3d11.exe FirewallRules: [TCP Query User{046913B1-8F16-4D37-855F-6AA7E8DCE420}D:\games\uplay-g\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\games\uplay-g\far cry 3\bin\farcry3_d3d11.exe FirewallRules: [UDP Query User{EC65C597-E776-4A56-A5D0-8D368C1CA560}D:\games\uplay-g\far cry 3\bin\farcry3.exe] => (Allow) D:\games\uplay-g\far cry 3\bin\farcry3.exe FirewallRules: [TCP Query User{209CD0F2-0B50-4E46-A672-DBE95502D4FF}D:\games\uplay-g\far cry 3\bin\farcry3.exe] => (Allow) D:\games\uplay-g\far cry 3\bin\farcry3.exe FirewallRules: [{2D0C3586-6726-4E06-90DF-24214EA57F24}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe FirewallRules: [{5C8DBD6B-4C8F-4A9A-982B-4F03B564945E}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe FirewallRules: [{2C3D6F07-7439-41CA-9A9E-1C7BFEE4268F}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe FirewallRules: [{7B7024B4-BE83-4B3B-90F6-2AE3D99266C7}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe FirewallRules: [{AC40D4A6-976D-4B18-BCB8-106937A880A4}] => (Allow) LPort=5800 FirewallRules: [{9C83C493-72C9-4DD6-B489-5AD89FF7B6A0}] => (Allow) LPort=5900 FirewallRules: [{6A7B80DE-0156-45D7-ABB7-B0A06BFE4721}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{0D2F24B5-6C60-425D-9A64-12414181BF07}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [UDP Query User{ACEA74EB-DD00-4836-A314-321B601380D7}D:\torki\!!!---utorrent---!!!\utorrent.exe] => (Allow) D:\torki\!!!---utorrent---!!!\utorrent.exe FirewallRules: [TCP Query User{A482FF8A-323E-4311-A6CC-7EAEE162D9CE}D:\torki\!!!---utorrent---!!!\utorrent.exe] => (Allow) D:\torki\!!!---utorrent---!!!\utorrent.exe FirewallRules: [{14B31468-67E7-4FBC-B1C0-A81F08529B1F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{7FEABC77-29A8-4D9A-9387-634423825AE4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{6D8F9CAC-A213-477E-8FA5-8EFC15AE7747}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe FirewallRules: [{720409C4-A3F3-46D5-978E-B5EAB738885B}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShare.exe FirewallRules: [{493697C7-F6E3-4871-8771-3DE20072FB09}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe FirewallRules: [{13426E4E-3920-4939-976B-B0EA758968F8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{25F2C906-CFC4-4B69-A74B-353119D23277}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{F1C53A00-1165-4B75-92F7-BE4C3C6C2F78}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp.exe FirewallRules: [{1629B4A8-69FA-4F64-835B-0D5DA5CCDFEC}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp.exe FirewallRules: [{A9FE03E4-7A7D-47DB-8466-098923ABC6AE}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe FirewallRules: [{6DDFA87A-B3B5-4B37-8484-A6293C0F622E}] => (Allow) D:\GAMES\Steam-games\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/06/2015 09:03:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: PSUAMain.exe, wersja: 4.0.0.644, sygnatura czasowa: 0x54efac0e Nazwa modułu powodującego błąd: CC3290MT.DLL, wersja: 9.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000193ee Identyfikator procesu powodującego błąd: 0x16dc Godzina uruchomienia aplikacji powodującej błąd: 0xPSUAMain.exe0 Ścieżka aplikacji powodującej błąd: PSUAMain.exe1 Ścieżka modułu powodującego błąd: PSUAMain.exe2 Identyfikator raportu: PSUAMain.exe3 Pełna nazwa pakietu powodującego błąd: PSUAMain.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: PSUAMain.exe5 Error: (08/06/2015 08:50:16 PM) (Source: Windows Search Service) (EventID: 10021) (User: ) Description: Nie można uzyskać informacji rejestru licznika wydajności dla elementu WSearchIdxPi w wystąpieniu z powodu następującego błędu: Operacja ukończona pomyślnie. 0x0. Error: (08/06/2015 08:50:16 PM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Nie można zainicjować monitorowania wydajności dla obiektu programu zbierającego, ponieważ liczniki nie są załadowane lub nie można otworzyć obiektu pamięci współużytkowanej. Wpływa to tylko na dostępność liczników monitora wydajności. Uruchom ponownie komputer. Kontekst: aplikacja , wykaz SystemIndex Error: (08/06/2015 08:50:15 PM) (Source: Windows Search Service) (EventID: 3006) (User: ) Description: Nie można zainicjować monitorowania wydajności dla usługi zbierającej, ponieważ liczniki nie są załadowane lub nie można otworzyć obiektu pamięci współużytkowanej. Wpływa to tylko na dostępność liczników monitora wydajności. Uruchom ponownie komputer. Error: (08/06/2015 08:32:01 PM) (Source: Windows Search Service) (EventID: 10021) (User: ) Description: Nie można uzyskać informacji rejestru licznika wydajności dla elementu WSearchIdxPi w wystąpieniu z powodu następującego błędu: Operacja ukończona pomyślnie. 0x0. Error: (08/06/2015 08:32:01 PM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Nie można zainicjować monitorowania wydajności dla obiektu programu zbierającego, ponieważ liczniki nie są załadowane lub nie można otworzyć obiektu pamięci współużytkowanej. Wpływa to tylko na dostępność liczników monitora wydajności. Uruchom ponownie komputer. Kontekst: aplikacja , wykaz SystemIndex Error: (08/06/2015 08:32:01 PM) (Source: Windows Search Service) (EventID: 3006) (User: ) Description: Nie można zainicjować monitorowania wydajności dla usługi zbierającej, ponieważ liczniki nie są załadowane lub nie można otworzyć obiektu pamięci współużytkowanej. Wpływa to tylko na dostępność liczników monitora wydajności. Uruchom ponownie komputer. Error: (08/06/2015 07:36:09 PM) (Source: usbperf) (EventID: 2001) (User: ) Description: Nie można odczytać wartości „First Counter” wpisu klucza usbperf\Performance. Kody stanu zostały zwrócone w danych. Error: (08/06/2015 07:34:00 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: usbhubC:\WINDOWS\system32\usbperf.dll8 Error: (08/06/2015 07:34:00 PM) (Source: usbperf) (EventID: 2001) (User: ) Description: Nie można odczytać wartości „First Counter” wpisu klucza usbperf\Performance. Kody stanu zostały zwrócone w danych. System errors: ============= Error: (08/06/2015 08:50:18 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd: %%5. Error: (08/06/2015 08:50:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Usługa udostępniania w sieci programu Windows Media Player zakończyła działanie; wystąpił następujący błąd: %%1008 Error: (08/06/2015 08:50:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Windows Phone Assistant Update Service. Error: (08/06/2015 08:50:15 PM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: Ten komputer jest skonfigurowany jako członek grupy roboczej, a nie domeny. W tej konfiguracji usługa Netlogon nie musi być uruchamiana. Error: (08/06/2015 08:49:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Synchronizuj hosta_Session1 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/06/2015 08:32:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Usługa udostępniania w sieci programu Windows Media Player zakończyła działanie; wystąpił następujący błąd: %%1008 Error: (08/06/2015 08:32:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd: %%5. Error: (08/06/2015 08:32:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Windows Phone Assistant Update Service. Error: (08/06/2015 08:31:59 PM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: Ten komputer jest skonfigurowany jako członek grupy roboczej, a nie domeny. W tej konfiguracji usługa Netlogon nie musi być uruchamiana. Error: (08/06/2015 08:31:39 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Inicjowanie zrzutu awaryjnego nie powiodło się! Microsoft Office: ========================= Error: (08/06/2015 09:03:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: PSUAMain.exe4.0.0.64454efac0eCC3290MT.DLL9.0.0.000000000c0000005000193ee16dc01d0d07a9671f903C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exeC:\Program Files (x86)\Panda Security\Panda Security Protection\CC3290MT.DLL94ef2d1e-176e-4aa9-830f-109fe18298ec Error: (08/06/2015 08:50:16 PM) (Source: Windows Search Service) (EventID: 10021) (User: ) Description: WSearchIdxPiOperacja ukończona pomyślnie. 0x0 Error: (08/06/2015 08:50:16 PM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Kontekst: aplikacja , wykaz SystemIndex Error: (08/06/2015 08:50:15 PM) (Source: Windows Search Service) (EventID: 3006) (User: ) Description: Error: (08/06/2015 08:32:01 PM) (Source: Windows Search Service) (EventID: 10021) (User: ) Description: WSearchIdxPiOperacja ukończona pomyślnie. 0x0 Error: (08/06/2015 08:32:01 PM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Kontekst: aplikacja , wykaz SystemIndex Error: (08/06/2015 08:32:01 PM) (Source: Windows Search Service) (EventID: 3006) (User: ) Description: Error: (08/06/2015 07:36:09 PM) (Source: usbperf) (EventID: 2001) (User: ) Description: Error: (08/06/2015 07:34:00 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: usbhubC:\WINDOWS\system32\usbperf.dll8 Error: (08/06/2015 07:34:00 PM) (Source: usbperf) (EventID: 2001) (User: ) Description: CodeIntegrity: =================================== Date: 2015-08-05 19:45:59.178 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-08-05 19:34:26.992 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-08-05 18:29:02.865 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-08-05 18:11:12.410 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-08-05 18:08:38.276 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-08-05 18:06:06.614 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X3 450 Processor Percentage of memory in use: 33% Total physical RAM: 6143.29 MB Available physical RAM: 4105.96 MB Total Virtual: 7167.29 MB Available Virtual: 4997.67 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:58.84 GB) (Free:15.09 GB) NTFS Drive d: (MAGAZYN) (Fixed) (Total:1397.26 GB) (Free:532.88 GB) NTFS Drive e: (ZAPASOWY) (Fixed) (Total:698.63 GB) (Free:448.38 GB) NTFS Drive f: (MAGAZYN-2) (Fixed) (Total:1862.89 GB) (Free:309.53 GB) NTFS Drive h: (ESD-ISO) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 4E65B366) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=58.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 8758C420) Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 037CEF3D) Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 04927924) Partition: GPT Partition Type. ==================== End of log ============================