Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-08-2015 Ran by Mateusz (2015-08-13 22:26:40) Running from F:\Documents\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2665037262-1289974158-2679861988-500 - Administrator - Disabled) Gość (S-1-5-21-2665037262-1289974158-2679861988-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2665037262-1289974158-2679861988-1004 - Limited - Enabled) Konto domyślne (S-1-5-21-2665037262-1289974158-2679861988-503 - Limited - Disabled) Mateusz (S-1-5-21-2665037262-1289974158-2679861988-1001 - Administrator - Enabled) => C:\Users\Mateusz ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {126F5C40-0780-E208-D500-AE2B16370E58} AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Internet Security (Enabled - Up to date) {A90EBDA4-21BA-ED86-EFB0-95596DB044E5} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2A54DD65-4DEF-E350-FE5F-071EE8E44923} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2665037262-1289974158-2679861988-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.) 7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated) Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.) Any Audio Converter 5.8.2 (HKLM-x32\...\Any Audio Converter_is1) (Version: - Any-Audio-Converter.com) Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden Baidu PC Faster (HKLM-x32\...\Baidu PC Faster 5.1.0.0) (Version: 5.1.3.131061 - Baidu, Inc.) <==== ATTENTION Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden Blender (HKLM\...\{EA3C8A99-1565-44FF-89FC-926CEEB623B5}) (Version: 2.75.1 - Blender Foundation) Build Tools - amd64 (Version: 12.0.31010 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.31010 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.31010 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.31010 - Microsoft Corporation) Hidden CodedUITest81 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden Entity Framework 6.1.3 Tools for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation) Epic Games Launcher (HKLM\...\{863C2079-A129-485C-8E09-ED683D538C26}) (Version: 1.1.30.0 - Epic Games, Inc.) FileZilla Client 3.12.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse) FortiClient SSLVPN v4.0.2297 (HKLM-x32\...\{A34DCE59-0004-0000-2297-3F8A9926B752}) (Version: 4.0.2297 - Fortinet Inc.) Fraps (HKLM-x32\...\Fraps) (Version: - ) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Git version 1.9.5-preview20150319 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20150319 - The Git Development Community) Gothic (HKLM-x32\...\Gothic) (Version: - ) Gothic (HKLM-x32\...\Steam App 65540) (Version: - Piranha – Bytes) Hotkey 8.0103 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 8.0103 - NoteBook) Hotkey 8.0103 (x32 Version: 8.0103 - NoteBook) Hidden IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation) Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle) Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation) JetBrains ReSharper Ultimate in Visual Studio 2015 (HKU\S-1-5-21-2665037262-1289974158-2679861988-1001\...\{02ee0a0e-7567-5503-9c73-1d5e05353513}) (Version: 2015.1.3 - JetBrains s.r.o.) Kaspersky Internet Security Technical Preview (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.424 - Kaspersky Lab) Kaspersky Internet Security Technical Preview (x32 Version: 16.0.0.424 - Kaspersky Lab) Hidden K-Lite Codec Pack 11.2.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.0 - ) LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden LocalESPCui for en-us (x32 Version: 8.59.29989 - Microsoft) Hidden Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation) Microsoft Visual C++ 2015 RC Redistributable (x86) - 14.0.22816 (HKLM-x32\...\{714692fa-709b-4925-8170-821d51135f42}) (Version: 14.0.22816.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{D62E1B70-E60B-48C1-AAD0-B780A3B9E073}) (Version: 1.9.9.0 - Microsoft Corporation) Microsoft Visual Studio Emulator for Android (HKLM-x32\...\{7fdce4dd-a0ed-44ab-9caa-88df6506adab}) (Version: 1.0.50427.1 - Microsoft Corporation) Microsoft Visual Studio Enterprise 2015 (HKLM-x32\...\{a60a492e-b5eb-4218-a9e6-f38d18a7dbaf}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation) Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden NVIDIA Tegra Android Development Pack 2.0r8 (HKLM-x32\...\NVIDIA Tegra Android Development Pack 2.0r8) (Version: 2.0r8 - NVIDIA Corporation) OpenVPN 2.3.7-I601 (HKLM-x32\...\OpenVPN) (Version: 2.3.7-I601 - ) Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software) Oracle VM VirtualBox 5.0.1 (HKLM\...\{2AB7E6FC-205C-4EC3-A27A-83E7E318EB82}) (Version: 5.0.1 - Oracle Corporation) Perforce Visual Components (HKLM\...\{1708D0B7-75BD-42B1-9827-D5B3829B3B0E}) (Version: 143.100.7674 - Perforce Software) Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation) Project and Item Templates for Visual Studio Community 2015 - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 6.0.29.0 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.) SharePoint Client Components (Version: 16.0.3104.1200 - Microsoft Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated) TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - ) Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.8.0 - GOG.com) The Witcher 3: Wild Hunt - Alternative Look for Ciri (HKLM-x32\...\Alternative Look for Ciri_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Finisher Animations (HKLM-x32\...\New Finisher Animations_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com) TypeScript Power Tool (x32 Version: 1.5.4.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.5.4.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2015 1.5.4.0 (HKLM-x32\...\{4cde0c8c-47b3-448f-babf-fe5d392432a6}) (Version: 1.5.23128.0 - Microsoft Corporation) Unity (HKLM-x32\...\Unity) (Version: 5.1.1f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-2665037262-1289974158-2679861988-1001\...\UnityWebPlayer) (Version: 5.1.1f1 - Unity Technologies ApS) Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden Universal CRT Redistributable (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden Universal CRT Tools x64 (Version: 10.0.10150 - Microsoft Corporation) Hidden Universal CRT Tools x86 (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0415-0000-0000000FF1CE}_Office15.PROPLUSR_{61D76467-9532-4D27-AE19-31DF7BD2C973}) (Version: - Microsoft) Vivaldi (HKU\S-1-5-21-2665037262-1289974158-2679861988-1001\...\Vivaldi) (Version: 1.0.162.9 - Vivaldi) WCF Data Services 5.6.2 Runtime (x32 Version: 5.6.61937.2 - Microsoft Corporation) Hidden WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden Windows Phone 8.1 Emulators - ENU (HKLM-x32\...\{166a69f6-6512-47ea-a342-17d954fc059a}) (Version: 12.0.31010.0 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2665037262-1289974158-2679861988-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2665037262-1289974158-2679861988-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2665037262-1289974158-2679861988-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2665037262-1289974158-2679861988-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2665037262-1289974158-2679861988-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2665037262-1289974158-2679861988-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2665037262-1289974158-2679861988-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2665037262-1289974158-2679861988-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2665037262-1289974158-2679861988-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll () CustomCLSID: HKU\S-1-5-21-2665037262-1289974158-2679861988-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2665037262-1289974158-2679861988-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2665037262-1289974158-2679861988-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 08-08-2015 16:37:01 Microsoft Visual Studio Enterprise 2015 10-08-2015 00:00:38 Installed Blender 11-08-2015 12:43:33 Installed Oracle VM VirtualBox 5.0.1 12-08-2015 21:18:30 Installed FortiClient SSLVPN v4.0.2297 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-06-30 11:21 - 2015-06-30 11:19 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation) Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation) Task: {1641F54C-1E57-4902-AB65-EE2B65E5629D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {166855E8-FA85-4D25-9B42-5F682434A0B8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe [2015-07-16] (Microsoft Corporation) Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {1D3D099E-EE1E-4907-8BA2-BA8F12D11AA6} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe [2015-07-10] (Microsoft Corporation) Task: {1FB73D80-E8A9-4C51-8020-EEB213A6DA42} - System32\Tasks\Baidu PC Faster Service => C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe [2015-05-13] (Baidu, Inc.) Task: {23438638-4F4E-4D05-918E-C96A2489A599} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation) Task: {279EE335-FEDE-4A90-99BC-F7F239406CD2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation) Task: {2C97A00A-1C5C-4318-B5CC-8A1A126B77F9} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW Task: {3F7FFC56-F30D-4588-BC16-FA06FA59762E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-16] (Adobe Systems Incorporated) Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation) Task: {4454A8D0-2E4E-4A02-BF67-48DF6A7BFAB4} - System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask Task: {455BCB98-B769-4E95-95BE-116B65BE6EB8} - System32\Tasks\Baidu PC Faster Update => C:\Program Files (x86)\PC Faster\5.1.0.0\Updater.exe [2015-05-07] (Baidu, Inc.) Task: {47A2CB15-5C2E-4ACD-AE19-EB6BFE3AC259} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Duplicaterecord.js" <==== ATTENTION Task: {5E5515C1-7D87-4904-B9CE-FD29EB2ADB72} - System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {711EE2F9-A611-4773-AF8E-D4B278A6718D} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask Task: {744C9FEA-08B7-43E1-A729-0F94647D655C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance Task: {7A003965-A297-4DC6-B15B-852D798391E0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe [2015-07-16] (Microsoft Corporation) Task: {7A2121E2-78CA-4639-90C8-F31F368763AB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-05-31] () Task: {80D3C800-FEE0-4617-A642-CCC0C2D79674} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation) Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe [2015-07-16] (Microsoft Corporation) Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-15] (Microsoft Corporation) Task: {93F611D0-40E7-42D3-BD31-6C237E4A238D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {A364E297-00AD-490D-900E-22AC34598C71} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager Task: {AC29E64E-3271-47BA-B8F1-914523CF379B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update Task: {B9B36D41-C776-424E-9A13-5387E17A2CEB} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\Windows\System32\WiFiTask.exe [2015-07-10] (Microsoft Corporation) Task: {C2162702-FFEB-48C0-AA5F-2DA3A8887D61} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation) Task: {D2401052-A382-42DE-9C79-D1CF3563F654} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation Task: {DAF2BAE3-1C5B-4CB5-9F62-0911C031A15A} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\Windows\system32\disksnapshot.exe [2015-07-10] (Microsoft Corporation) Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe [2015-07-16] (Microsoft Corporation) Task: {F4586FD0-51DA-4BCE-8DAA-335DB6C27745} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-7LE5HS1-Mateusz DESKTOP-7LE5HS1 => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2015-06-26] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe ==================== Loaded Modules (Whitelisted) ============== 2015-07-21 19:12 - 2015-07-15 04:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-07-21 11:29 - 2015-07-21 11:29 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2013-01-30 13:08 - 2013-01-30 13:08 - 00046592 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe 2015-06-23 21:11 - 2015-06-23 21:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2015-08-06 02:29 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-08-06 02:29 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-07-04 10:09 - 2015-03-19 23:33 - 00736962 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll 2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-08-12 12:27 - 2015-08-03 03:11 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-07-10 13:00 - 2015-07-10 18:35 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-08-12 12:27 - 2015-08-03 03:08 - 01806848 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-08-12 12:27 - 2015-08-03 03:09 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 13:00 - 2015-07-10 18:35 - 00210432 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2013-02-24 23:42 - 2013-02-24 23:42 - 04760576 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe 2015-04-28 10:02 - 2015-04-28 10:02 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\kpcengine.2.3.dll 2015-07-06 18:27 - 2015-07-03 18:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-07-06 18:27 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-07-06 18:27 - 2015-08-12 20:26 - 02413248 _____ () C:\Program Files (x86)\Steam\video.dll 2015-07-06 18:27 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-07-06 18:27 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-07-06 18:27 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-07-06 18:27 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-07-06 18:27 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-07-06 18:27 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-07-06 18:27 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-07-06 18:27 - 2015-08-12 20:26 - 00704192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-03-31 08:22 - 2015-03-31 08:22 - 00595824 _____ () C:\Program Files (x86)\PC Faster\5.1.0.0\sqlite.dll 2015-07-06 18:27 - 2015-07-03 18:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2665037262-1289974158-2679861988-1001\...\sharepoint.com -> hxxps://stdntpartners.sharepoint.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2665037262-1289974158-2679861988-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mateusz\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\witcher 3 wild hunt, the - wallpaper 5 (2560x1440).jpg DNS Servers: 150.254.65.22 - 150.254.65.21 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2665037262-1289974158-2679861988-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-2665037262-1289974158-2679861988-1001\...\StartupApproved\Run: => "Skype" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [{80741259-EA5E-4217-A336-DEE65B1BC0E6}] => (Block) C:\program files\epic games\4.8\engine\binaries\dotnet\swarmagent.exe FirewallRules: [{028EC68D-872C-4255-BA1F-3AB3645EC277}] => (Block) C:\program files\epic games\4.8\engine\binaries\dotnet\swarmagent.exe FirewallRules: [UDP Query User{B592D36B-AE20-41FA-AB1E-E182375E413B}C:\program files\epic games\4.8\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\4.8\engine\binaries\dotnet\swarmagent.exe FirewallRules: [TCP Query User{2432A063-C7E5-4242-A7F0-3780EB69B8E0}C:\program files\epic games\4.8\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\4.8\engine\binaries\dotnet\swarmagent.exe FirewallRules: [{77196B1D-908C-4092-B8AB-C87FA27145BC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{A72372A0-22E4-4202-9318-D8D5293F5FAE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{EA71A79A-7D80-4BCE-90A9-CA06FB987881}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{5CD80BB6-4018-472C-84D5-BBBA44A7136A}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{4C096896-E662-4063-BB46-4A7C2B4E6120}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{FEA309A5-1E33-4C18-BAB5-D06F1B7C13DF}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{D5A670BE-F494-484B-9C37-5254DF684A06}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D675698A-EFD6-47B0-8143-80B5E9C357E6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{B1C4917B-D640-4347-B9C5-BF262029E815}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{54FFC73E-47BE-441B-8F19-081119E436EE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{E32113C9-9F79-4720-A031-5BD3121D2872}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{B5600B60-14DD-4590-888D-4B45C3564A32}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{C50FA525-DDFC-44D4-88AA-16940E3A0C56}] => (Allow) C:\Users\Mateusz\AppData\Local\Vivaldi\Application\vivaldi.exe FirewallRules: [{22B9A5FC-DDB6-430F-A9DD-C6C64CFFA92D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{11F3F625-7CE1-40AC-A63B-21DD70B4A07D}] => (Allow) C:\Users\Mateusz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{829D84A1-D09F-45C5-9C84-ED2267EDB226}] => (Allow) C:\Users\Mateusz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{8D40F794-AADC-430A-AEE2-A4129083E2BE}] => (Allow) C:\Users\Mateusz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9A5E65E4-A244-4B83-B92C-0E7503B21D8B}] => (Allow) C:\Users\Mateusz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0913284E-567C-44A2-A725-8413FB7B38B0}] => (Allow) C:\Users\Mateusz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{BCE7AA8B-5433-4446-AD5B-8DA43DA02C5A}] => (Allow) C:\Users\Mateusz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [UDP Query User{14B9AF91-F8D7-4AEB-9D65-349964052E51}C:\program files (x86)\microsoft xde\8.1\xde.exe] => (Allow) C:\program files (x86)\microsoft xde\8.1\xde.exe FirewallRules: [TCP Query User{1C8580B3-55C0-4301-B085-5A3DE7601918}C:\program files (x86)\microsoft xde\8.1\xde.exe] => (Allow) C:\program files (x86)\microsoft xde\8.1\xde.exe FirewallRules: [{C4A3FE22-7F03-4E4E-9BF1-86C7B1B88140}] => (Allow) C:\PROGRA~1\Unity\Editor\Unity.exe FirewallRules: [{AC01CA1F-F411-4D13-A2EE-8A9DC3303D34}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{5E295540-B9DF-4D54-BBEA-A87406816B94}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe FirewallRules: [{C8F67F0B-B6AC-4C2A-BD70-1071B4962A69}] => (Block) C:\program files\unity\editor\unity.exe FirewallRules: [{9C1E7999-E943-40D3-8022-0C0750FEBA0F}] => (Block) C:\program files\unity\editor\unity.exe FirewallRules: [UDP Query User{8C8027F7-6E1E-4902-A142-EFAD975B486A}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe FirewallRules: [TCP Query User{DAB83F3B-7AA0-48C9-A0DF-D4CC3F7AC2D6}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe FirewallRules: [{2C788AD2-D7A3-4F0B-B1DC-1430A9AF8B3F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{0B997152-B048-47D3-9451-220CF91807DA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{1652AB4B-80BD-4854-9244-92AEAD19B0D4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{D71B396D-E2C9-4E7C-8440-C504BF4CE2D3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{CAA4A06B-BEA2-401A-BC3E-8F270C681CF7}] => (Allow) C:\Program Files (x86)\PC Faster\5.1.0.0\WifiHotspot.exe FirewallRules: [{A28F1E47-446C-424A-BC03-2CCCC7E40CFE}] => (Allow) C:\Program Files (x86)\PC Faster\5.1.0.0\WifiHotspot.exe FirewallRules: [{4C3BA329-65B9-4B8E-AE40-B75009B9025A}] => (Allow) LPort=1337 FirewallRules: [{62EF89F3-7411-4079-9FBB-EA60D434EAD2}] => (Allow) LPort=1337 FirewallRules: [{F17BAE13-3B0F-4F36-BDD1-B5DB77922A0B}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Gothic\system\GOTHIC.EXE FirewallRules: [{3C9830E9-20BC-4724-90D2-D39B7DEAE985}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Gothic\system\GOTHIC.EXE FirewallRules: [{B13156A2-59A0-44F6-8EF8-94F9C2C56CED}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{DA957661-3200-4C96-836F-C94244D401F3}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{F4409C72-D8FF-414C-8553-CA9E719C690C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{43EACC21-4DBB-4EFC-B592-E71704E18590}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{75D29712-0D77-4B23-8584-F4E2CD21D944}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{2948BDB4-974E-45E8-96E1-EAD39A14334F}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{4BB2817A-800A-4E62-8AF8-40ACDE7E3F73}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe ==================== Faulty Device Manager Devices ============= Name: Urządzenie PCI Description: Urządzenie PCI Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/13/2015 10:24:54 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (7640) Nie można utworzyć nowego pliku dziennika, ponieważ baza danych nie może dokonać zapisu na dysku dziennika. Dysk może być tylko do odczytu, zapełniony, niewłaściwie skonfigurowany lub uszkodzony. Błąd -1032. Error: (08/13/2015 10:24:54 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (7640) Próba utworzenia pliku „C:\WINDOWS\system32\edbtmp.log” zakończyła się niepomyślnie z błędem systemowym 5 (0x00000005): „Odmowa dostępu. ”. Operacja tworzenia pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error: (08/13/2015 10:24:43 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (7640) Nie można utworzyć nowego pliku dziennika, ponieważ baza danych nie może dokonać zapisu na dysku dziennika. Dysk może być tylko do odczytu, zapełniony, niewłaściwie skonfigurowany lub uszkodzony. Błąd -1032. Error: (08/13/2015 10:24:43 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (7640) Próba utworzenia pliku „C:\WINDOWS\system32\edbtmp.log” zakończyła się niepomyślnie z błędem systemowym 5 (0x00000005): „Odmowa dostępu. ”. Operacja tworzenia pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error: (08/13/2015 10:24:33 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (7640) Nie można utworzyć nowego pliku dziennika, ponieważ baza danych nie może dokonać zapisu na dysku dziennika. Dysk może być tylko do odczytu, zapełniony, niewłaściwie skonfigurowany lub uszkodzony. Błąd -1032. Error: (08/13/2015 10:24:33 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (7640) Próba utworzenia pliku „C:\WINDOWS\system32\edbtmp.log” zakończyła się niepomyślnie z błędem systemowym 5 (0x00000005): „Odmowa dostępu. ”. Operacja tworzenia pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error: (08/13/2015 10:24:23 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (7640) Nie można utworzyć nowego pliku dziennika, ponieważ baza danych nie może dokonać zapisu na dysku dziennika. Dysk może być tylko do odczytu, zapełniony, niewłaściwie skonfigurowany lub uszkodzony. Błąd -1032. Error: (08/13/2015 10:24:23 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (7640) Próba utworzenia pliku „C:\WINDOWS\system32\edbtmp.log” zakończyła się niepomyślnie z błędem systemowym 5 (0x00000005): „Odmowa dostępu. ”. Operacja tworzenia pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error: (08/13/2015 10:24:12 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (7640) Nie można utworzyć nowego pliku dziennika, ponieważ baza danych nie może dokonać zapisu na dysku dziennika. Dysk może być tylko do odczytu, zapełniony, niewłaściwie skonfigurowany lub uszkodzony. Błąd -1032. Error: (08/13/2015 10:24:12 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (7640) Próba utworzenia pliku „C:\WINDOWS\system32\edbtmp.log” zakończyła się niepomyślnie z błędem systemowym 5 (0x00000005): „Odmowa dostępu. ”. Operacja tworzenia pliku zostanie zakończona z błędem -1032 (0xfffffbf8). System errors: ============= Error: (08/13/2015 10:22:18 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x000000be (0xfffff96054010000, 0x80300000071d7021, 0xffffd00020c48131, 0x000000000000000b)C:\WINDOWS\MEMORY.DMP081315-9765-01 Error: (08/13/2015 10:22:18 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 22:08:25 na ‎13.‎08.‎2015 było nieoczekiwane. Error: (08/13/2015 10:11:31 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: właściwe dla aplikacjiLokalnyAktywacja{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}ZARZĄDZANIE NTUSŁUGA LOKALNAS-1-5-19LocalHost (użycie LRPC)NiedostępnyNiedostępny Error: (08/13/2015 10:11:31 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: właściwe dla aplikacjiLokalnyAktywacja{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}ZARZĄDZANIE NTUSŁUGA LOKALNAS-1-5-19LocalHost (użycie LRPC)NiedostępnyNiedostępny Error: (08/13/2015 10:11:31 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: właściwe dla aplikacjiLokalnyAktywacja{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}ZARZĄDZANIE NTUSŁUGA LOKALNAS-1-5-19LocalHost (użycie LRPC)NiedostępnyNiedostępny Error: (08/13/2015 10:11:30 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: właściwe dla aplikacjiLokalnyAktywacja{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}ZARZĄDZANIE NTUSŁUGA LOKALNAS-1-5-19LocalHost (użycie LRPC)NiedostępnyNiedostępny Error: (08/13/2015 10:11:30 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: właściwe dla aplikacjiLokalnyAktywacja{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}ZARZĄDZANIE NTUSŁUGA LOKALNAS-1-5-19LocalHost (użycie LRPC)NiedostępnyNiedostępny Error: (08/13/2015 10:08:25 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 22:06:54 na ‎13.‎08.‎2015 było nieoczekiwane. Error: (08/13/2015 10:06:55 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x000000e2 (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\WINDOWS\MEMORY.DMP Error: (08/13/2015 10:06:55 PM) (Source: BugCheck) (EventID: 1005) (User: ) Description: Microsoft Office: ========================= Error: (08/13/2015 10:24:54 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost7640-1032 Error: (08/13/2015 10:24:54 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost7640C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Odmowa dostępu. Error: (08/13/2015 10:24:43 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost7640-1032 Error: (08/13/2015 10:24:43 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost7640C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Odmowa dostępu. Error: (08/13/2015 10:24:33 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost7640-1032 Error: (08/13/2015 10:24:33 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost7640C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Odmowa dostępu. Error: (08/13/2015 10:24:23 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost7640-1032 Error: (08/13/2015 10:24:23 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost7640C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Odmowa dostępu. Error: (08/13/2015 10:24:12 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost7640-1032 Error: (08/13/2015 10:24:12 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost7640C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Odmowa dostępu. CodeIntegrity: =================================== Date: 2015-08-12 23:24:11.872 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-01 20:47:31.794 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-01 20:47:31.734 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-01 18:39:29.310 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-01 18:39:29.250 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-31 18:02:36.897 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-31 18:02:36.823 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-30 23:25:00.331 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-30 14:43:00.453 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-30 14:43:00.382 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz Percentage of memory in use: 39% Total physical RAM: 8152.34 MB Available physical RAM: 4939.75 MB Total Virtual: 16856.34 MB Available Virtual: 13309.46 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:222.73 GB) (Free:50.57 GB) NTFS Drive d: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: (Data) (Fixed) (Total:399.96 GB) (Free:246.14 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: B8D725DE) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=222.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=505 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 775AB25F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=65.7 GB) - (Type=83) Partition 3: (Not Active) - (Size=400 GB) - (Type=07 NTFS) ==================== End of log ============================