Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Oskar_2 (2016-03-26 18:19:53) Running from C:\Users\Oskar_2\Downloads\Programs Windows 10 Pro N Version 1511 (X64) (2016-03-11 11:22:10) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4005860982-2939158325-716014447-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4005860982-2939158325-716014447-503 - Limited - Disabled) Guest (S-1-5-21-4005860982-2939158325-716014447-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4005860982-2939158325-716014447-1003 - Limited - Enabled) Oskar_2 (S-1-5-21-4005860982-2939158325-716014447-1008 - Administrator - Enabled) => C:\Users\Oskar_2 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Cloud Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4005860982-2939158325-716014447-1008\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.) 60 Seconds! (HKLM-x32\...\NjBTZWNvbmRz_is1) (Version: 1 - ) ACP Application (Version: 2015.1012.1326.42 - Advanced Micro Devices, Inc.) Hidden ACP Application (Version: 2016.0203.1025.57 - Advanced Micro Devices, Inc.) Hidden Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.30.0 - Mirillis) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated) Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation) Catalyst Control Center Next Localization BR (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) COMODO Cloud Antivirus (HKLM-x32\...\Comodo Cloud Antivirus_list_uninstall) (Version: 1.1.384558.142 - Comodo) COMODO Cloud Antivirus (x32 Version: 1.1.142.0 - COMODO) Hidden Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Disney Universe (HKLM-x32\...\{8265F2BC-5961-4A0D-8A34-F08C02E8974D}) (Version: 1.00.0000 - Disney Interactive Studios) Dying Light The Following Enhanced Edition version 1.10.0.0 (HKLM-x32\...\Dying Light The Following Enhanced Edition_is1) (Version: 1.10.0.0 - Techland) Freemake Video Converter wersja 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation) Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Minecraft Story Mode Episode 2 (HKLM-x32\...\Minecraft Story Mode Episode 2_is1) (Version: - ) Minecraft: Story Mode - A Telltale Games Series (HKLM\...\TWluZWNyYWZ0U3RvcnlNb2RlQVRlbGx0YWxlR2FtZXNTZXJpZXM=_is1) (Version: 1 - ) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Obsługa programów Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Opera Stable 36.0.2130.32 (HKLM-x32\...\Opera 36.0.2130.32) (Version: 36.0.2130.32 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.8.11-r110387-release - Plays.tv, LLC) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Raptr (HKLM-x32\...\Raptr) (Version: 5.0.3-r110001-release - Raptr, Inc) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Sizer 3.34 (HKLM-x32\...\{DE43AA92-E8C0-4620-AFE2-FBD623C71643}) (Version: 3.3.4.0 - Brian Apps) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.16.201511171525 - Sony Mobile Communications Inc.) Sony PC Companion 2.10.297 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.297 - Sony) STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.4.52841 - Electronic Arts) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SUPERHOT (HKLM-x32\...\1456141688_is1) (Version: 2.0.0.4 - GOG.com) System Requirements Lab Detection (HKLM-x32\...\{C0BF9E7D-9CF4-4E60-B2C2-66BBE87DE893}) (Version: 6.1.6.0 - Husdawg, LLC) TeamSpeak 3 Client (HKU\S-1-5-21-4005860982-2939158325-716014447-1008\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH) TechSmith Screen Capture Codec (x32 Version: 3.1.0 - TechSmith Corporation) Hidden TechSmith Screen Codec 2 (x32 Version: 1.0.7.0 - TechSmith Corporation) Hidden The Sims 4 Deluxe Edition version 1.10.57.1020 (HKLM-x32\...\The Sims 4 Deluxe Edition_is1) (Version: 1.10.57.1020 - GMT-MAX.ORG) The Sims 4 Get Together Addon Pack (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - ) Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft) Transformice (HKLM-x32\...\Transformice) (Version: 1.0.0 - UNKNOWN) Transformice (x32 Version: 1.0.0 - UNKNOWN) Hidden Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft) Uplay (HKLM-x32\...\Uplay) (Version: 8.0 - Ubisoft) WinRAR 5.21 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4005860982-2939158325-716014447-1008_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Oskar_2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1338BD96-7DC0-4FCD-B734-BEBF1FCF8380} - System32\Tasks\AdobeoaUpdate Ver 2015910 => C:\Users\Oskar\AppData\Roaming\wenguanjia\ElTaces.exe Task: {2F6DEDA1-BC2B-4480-AB42-9F83B8A66A4B} - System32\Tasks\Cyelma => C:\PROGRA~1\SHOPPE~1\Elipj.bat Task: {3ABBBCB2-B52E-4753-9E61-5DCF5C66DDCE} - System32\Tasks\{A471D989-5CC2-45A1-9B36-3AD188795DE9} => pcalua.exe -a C:\Users\Oskar\Downloads\GTA_V_Launcher_1_0_440_2.exe -d C:\WINDOWS\system32 Task: {5386B9EA-79D4-4983-9B7F-05A88C63CC4D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {557461C8-1F3F-4860-BCD4-D4506725333E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo) Task: {5E8C5490-65BC-428A-B596-673603171790} - System32\Tasks\Ukarb => C:\PROGRA~1\GROOVE~1\Kukavawn.bat Task: {67ECCBF6-68D2-4632-A5F2-11A6AD6B590D} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-02-03] (Advanced Micro Devices, Inc.) Task: {7424C173-330E-473D-921A-D44936CCCE44} - \CCleanerSkipUAC -> No File <==== ATTENTION Task: {76A58DCC-3EA8-40FC-BDDF-F55D66ABD4F1} - System32\Tasks\Opera scheduled Autoupdate 1441897010 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-14] (Opera Software) Task: {8433A491-A3CC-4F03-886E-F8131B93D727} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {94963040-9538-4567-A834-5ABCC172A7AA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_197_pepper.exe [2016-03-24] (Adobe Systems Incorporated) Task: {A445187D-C4D6-48D4-8308-B806DD906DEC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-24] (Adobe Systems Incorporated) Task: {A5AEF42F-B379-4841-ACA4-1355946E08A2} - System32\Tasks\{EB07B9E7-AFE2-43EE-A6FD-93C458AD5ABF} => pcalua.exe -a "D:\Program Files (x86)\Need for Speed Carbon\setup.exe" -d "D:\Program Files (x86)\Need for Speed Carbon" Task: {ACA025F9-B575-4EA2-A38A-13DC2A2D446D} - System32\Tasks\{4225B075-748C-467E-9E2B-06CADF3910B9} => pcalua.exe -a "C:\Program Files (x86)\Object Browser\Uninstall.exe" -c /fcp=1 Task: {B7EF1BA2-8CEC-45E5-BA87-61DB7713C82A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for OSKAR-PC-Oskar_2 Oskar-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation) Task: {BCF1DA28-99A7-425E-8987-E4C58E390079} - System32\Tasks\{FB8EA1CD-C771-4154-8256-CC96C1E0006C} => pcalua.exe -a "C:\Program Files (x86)\AnyProtectEx\uninstall.exe" <==== ATTENTION Task: {BE9679E9-066F-4FA0-958A-E688B9042A2C} - System32\Tasks\{46FF4027-3BA4-40F5-8B84-CE55AC2AC132} => pcalua.exe -a "C:\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\setup.exe" -c --uninstall --system-level Task: {C9BEE582-9DAF-47E7-AC69-92A9C607F4FB} - System32\Tasks\A5C721D-BE7C-45DE-BDAB-F2A072F86353 => C:\Users\Oskar\AppData\Local\A5C721D-BE7C-45DE-BDAB-F2A072F86353\A5C721D-BE7C-45DE-BDAB-F2A072F86353.exe <==== ATTENTION Task: {E6B0C2E0-DA5A-42A6-83DD-D3501CE3F396} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {EED17BB3-68BF-4718-9B87-CB8861035BA6} - System32\Tasks\{4A42DEF0-6D88-4ABD-979B-CD6DC8A0CA2F} => launchwinapp.exe hxxp://ui.skype.com/ui/0/7.18.0.112/pl/abandoninstall?source=lightinstaller&page=tsInstall Task: {F06C5FEF-FC92-47C3-B19D-ED3829B0EB6E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_197_pepper.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AdobeoaUpdate Ver 2015910.job => C:\Users\Oskar\AppData\Roaming\wenguanjia\ElTaces.exe/check_update C:\Users\Oskar\AppData\Roaming\wenguanjia\OSKAR-PC\Oskar(This task detect has update.Ver ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Oskar_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursearching.com/?type=sc&ts=1458472476&z=092799a4db54c4842fe7258g8z0w6bfz0m8o0z9o2q&from=face&uid=ST500DM002-1BD142_Z2AQEPN3XXXXZ2AQEPN3 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursearching.com/?type=sc&ts=1458472476&z=092799a4db54c4842fe7258g8z0w6bfz0m8o0z9o2q&from=face&uid=ST500DM002-1BD142_Z2AQEPN3XXXXZ2AQEPN3 ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 08:16 - 2015-10-30 08:16 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-03-20 12:42 - 2016-03-20 12:05 - 00529408 _____ () C:\ProgramData\lhgu\lhgu.exe 2016-03-18 14:13 - 2016-03-18 14:13 - 00174464 _____ () C:\Users\Oskar_2\AppData\Roaming\Kyiadare\Kyiadare.exe 2016-03-19 09:29 - 2016-03-19 09:29 - 00174448 _____ () C:\Users\Oskar_2\AppData\Roaming\Bouriwy\Bouriwy.exe 2015-11-03 09:25 - 2015-11-03 09:25 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2016-03-19 09:29 - 2016-03-19 09:29 - 00125808 _____ () C:\Users\Oskar_2\AppData\Roaming\PiptoEtane\Ciwfof.exe 2016-03-11 12:49 - 2016-03-11 12:49 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-03-11 12:49 - 2016-03-11 12:49 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-01-21 14:01 - 2015-01-21 14:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-05-01 15:13 - 2014-05-01 15:13 - 00470016 _____ () C:\Users\Oskar_2\AppData\Local\MEGAsync\ShellExtX64.dll 2016-03-18 14:13 - 2016-03-18 14:13 - 00146304 _____ () C:\Users\Oskar_2\AppData\Roaming\Kyiadare\Vogori.exe 2016-03-18 14:13 - 2016-03-18 14:13 - 00670592 _____ () C:\Users\Oskar_2\AppData\Roaming\Kyiadare\Vogori.dll 2016-03-19 09:29 - 2016-03-19 09:29 - 00146288 _____ () C:\Users\Oskar_2\AppData\Roaming\Bouriwy\Ralvow.exe 2016-03-19 09:29 - 2016-03-19 09:29 - 00670576 _____ () C:\Users\Oskar_2\AppData\Roaming\Bouriwy\Ralvow.dll 2016-03-19 09:29 - 2016-03-19 09:29 - 00115568 _____ () C:\Users\Oskar_2\AppData\Roaming\Bouriwy\Egonsus.exe 2016-03-18 14:13 - 2016-03-18 14:13 - 00115584 _____ () C:\Users\Oskar_2\AppData\Roaming\Kyiadare\Ofarjop.exe 2016-03-11 12:49 - 2016-03-11 12:49 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-11 12:49 - 2016-03-11 12:49 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-03-11 12:49 - 2016-03-11 12:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-03-11 12:49 - 2016-03-11 12:49 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-03-11 12:49 - 2016-03-11 12:49 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-03-11 12:49 - 2016-03-11 12:49 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 12:02 - 2016-03-26 18:05 - 00002750 ____A C:\WINDOWS\system32\Drivers\etc\hosts 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com 107.178.248.130 static.doubleclick.net 107.178.247.130 connect.facebook.net 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com 107.178.248.130 static.doubleclick.net 107.178.247.130 connect.facebook.net 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com 107.178.248.130 static.doubleclick.net 107.178.247.130 connect.facebook.net 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com There are 18 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4005860982-2939158325-716014447-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\Oskar_2\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg DNS Servers: 104.197.191.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: 8B140DE3-3691-474C-bF79-96E348EBD612 => 3 MSCONFIG\Services: BrsHelper => 2 MSCONFIG\Services: dipubibu => 2 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: Freemake Improver => 2 MSCONFIG\Services: globalUpdate => 2 MSCONFIG\Services: globalUpdatem => 3 MSCONFIG\Services: gyvixodu => 2 MSCONFIG\Services: lehicewu => 2 MSCONFIG\Services: lulonuji => 2 MSCONFIG\Services: Origin Client Service => 3 MSCONFIG\Services: QQPCRTP => 2 MSCONFIG\Services: Service KMSELDI => 2 MSCONFIG\Services: shopperz100920151159 Updater => 2 MSCONFIG\Services: SPBIUpd => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: TAOFrame => 3 HKLM\...\StartupApproved\Run: => "shopperz100920151159" HKLM\...\StartupApproved\Run: => "shopperz10092015115964" HKLM\...\StartupApproved\Run: => "IDSCPRODUCT" HKLM\...\StartupApproved\Run: => "SpaceSoundPro" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "ProductUpdater" HKLM\...\StartupApproved\Run32: => "wenguanjia" HKLM\...\StartupApproved\Run32: => "SPDriver" HKLM\...\StartupApproved\Run32: => "SmartWeb" HKLM\...\StartupApproved\Run32: => "YTDownloader" HKLM\...\StartupApproved\Run32: => " QQPCTray" HKLM\...\StartupApproved\Run32: => "AvastUI.exe" HKLM\...\StartupApproved\Run32: => "PlaysTV" HKLM\...\StartupApproved\Run32: => "pcmgr" HKLM\...\StartupApproved\Run32: => "apphide" HKU\S-1-5-21-4005860982-2939158325-716014447-1008\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-4005860982-2939158325-716014447-1008\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-4005860982-2939158325-716014447-1008\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-4005860982-2939158325-716014447-1008\...\StartupApproved\Run: => "IDMan" HKU\S-1-5-21-4005860982-2939158325-716014447-1008\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-4005860982-2939158325-716014447-1008\...\StartupApproved\Run: => "svchost0" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{8C118D42-C11A-4804-8351-8C525D57358B}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe FirewallRules: [{F1DE8A77-82E4-4756-8594-1CF2980AA8AC}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe FirewallRules: [{E6CBD473-B61C-4670-AC83-E411E80E57ED}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe FirewallRules: [{F92A9525-5EC6-411D-BEE2-BE3BA00AD225}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe FirewallRules: [{4A8CFA4B-C2D0-41CB-88FE-BEB17D82456F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{2FFEBB5C-6A91-427D-A94C-45F03DC286EB}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{AAD40885-6CB9-4A9B-8F23-7F2CC237D3B1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{A7DD2D2B-75D4-4344-B5AD-AC351B7A9BA1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{11D337AA-53F0-4F76-AC57-D0E81A9426DC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [UDP Query User{773F223E-4459-4B36-8D7D-0F0A6934696D}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Allow) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe FirewallRules: [TCP Query User{A80CBC39-6FC6-44D6-8270-14302DC1BAA7}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Allow) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe FirewallRules: [{12F1FDC5-733F-400E-92D8-7CC23999EF56}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\GasGuzzlersExtreme\Bin64\GGDedicatedServerLauncher.exe FirewallRules: [{C4AF3B6B-995C-48A7-A073-DC85F2706A4B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\GasGuzzlersExtreme\Bin64\GGDedicatedServerLauncher.exe FirewallRules: [{A16A74D0-5F36-466A-A245-84B10FA4E6A6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\GasGuzzlersExtreme\Bin64\GasGuzzlers.exe FirewallRules: [{9422D994-FA99-4A27-973F-43D113069E31}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\GasGuzzlersExtreme\Bin64\GasGuzzlers.exe FirewallRules: [{A4F506B8-397B-4C9A-84F2-1C4B15873EA3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\GasGuzzlersExtreme\Bin32\GGDedicatedServerLauncher.exe FirewallRules: [{6E78B042-B584-44C5-8A13-38B82AE73A88}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\GasGuzzlersExtreme\Bin32\GGDedicatedServerLauncher.exe FirewallRules: [{A73711BB-0BB5-44DA-A7B7-4724C1A27477}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\GasGuzzlersExtreme\Bin32\GasGuzzlers.exe FirewallRules: [{BFAABC0B-EAAC-465F-8263-F7737D1CC42B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\GasGuzzlersExtreme\Bin32\GasGuzzlers.exe FirewallRules: [UDP Query User{D889676E-00D7-4261-BE67-6C9C2EE83943}C:\program files\java\jre1.8.0_71\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\java.exe FirewallRules: [TCP Query User{BE33779B-42E9-479C-905B-CD1A2FB376E4}C:\program files\java\jre1.8.0_71\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\java.exe FirewallRules: [UDP Query User{05683832-D744-48C6-BE5B-1404479117B2}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe FirewallRules: [TCP Query User{8A20B783-1191-42C9-A04D-2E8081DB893F}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe FirewallRules: [{7A228535-2EA7-49EF-8B2C-BC1EA35E4784}] => (Allow) C:\Users\Oskar_2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B3F39EC0-1A03-466A-B61E-BEDBEB88B039}] => (Allow) C:\Users\Oskar_2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{63BB2270-E99A-47FC-82BE-D079F6127B7A}] => (Allow) C:\Users\Oskar_2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{8E87E1FA-3FAA-486F-9770-40FEEDAF0D7E}] => (Allow) C:\Users\Oskar_2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3F60C5D0-B047-4C86-A316-CE864C3879B5}] => (Allow) C:\Users\Oskar_2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{BEF8D2DF-9BAA-4281-B7B8-5D8B4237430B}] => (Allow) C:\Users\Oskar_2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{24DCF778-BC30-47B2-B8B4-3443C74F28CD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{61C864D8-1451-4E1D-8C70-51E9BC350974}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{DE4B8B36-9A42-445E-BEDC-81DCD6BCAC95}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{CA6A3593-5370-4541-850C-407E92479398}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{97891D86-9360-44A8-B40E-9CF4E4296A32}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{CD10AA18-C1FC-43BF-B197-E2A9D314D96C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{03E1557A-8D95-4F3A-801B-0D7B582BC722}] => (Allow) LPort=13999 FirewallRules: [{F308D1CA-3755-4923-9E6D-B8009150D0ED}] => (Allow) LPort=13200 FirewallRules: [{AFE39822-4F17-47FB-AE7A-3637251D072C}] => (Allow) LPort=13005 FirewallRules: [{2BE2AB10-F0CB-4D7E-845C-76C084B6D3DE}] => (Allow) LPort=13000 FirewallRules: [{306932A3-D27B-42D9-90D7-B5C66FA65CCD}] => (Allow) LPort=80 FirewallRules: [{0E3657C8-1881-4ACF-A99E-C73F72B1BC73}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe FirewallRules: [{0E77622C-88C8-490A-94DF-53DBEDF3AC9E}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe FirewallRules: [{4A8F74DC-DFCB-4046-9039-BA272621C827}] => (Allow) LPort=11155 FirewallRules: [{09E39978-0615-423C-8F9F-0281D64F6B89}] => (Allow) LPort=11155 FirewallRules: [{0E4F9AB3-5716-4B08-925F-CB45BB8738BA}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{7E27BBA3-259C-4C52-9C91-1201EBB24BF1}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{FB550683-3A0F-414E-B363-128E40445FD8}] => (Allow) LPort=1688 FirewallRules: [{035C4E40-D887-46C7-9EAE-4257C032F1E6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{74FD52B4-1955-4DF5-9824-7096B322F330}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{B18D2D80-E9B3-4704-B004-1911CE3DDCCF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{C9744E34-F832-4160-83C7-1DF538E4768E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [UDP Query User{E0D39D4F-B407-4560-9714-ED0ECE9F5345}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [TCP Query User{9EF6E03B-EC5C-4DE9-8557-345C1E72CFB9}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [{433D153E-4A60-4B9B-985A-6D505EBBD3C1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{F822F76B-E17A-4CCC-84C8-CD537BD5D446}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{B3CFC04A-60F0-4795-82A2-BCE881864FE5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{D06A254E-E51E-49D6-ACF8-4499A0548ECC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{16078250-22F1-4846-84A1-663E2E7317D2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{31D7594F-DA72-4209-A81B-C293CC0AE811}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A958539C-EBD6-4910-BF75-62A56330F829}] => (Block) D:\Program Files (x86)\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{58685559-3ADC-4E50-80C8-B7C28A601803}] => (Block) D:\Program Files (x86)\Rockstar Games\Grand Theft Auto V\GTA5.exe FirewallRules: [{DDAA8590-056E-4AF1-B63A-425EE288F8F1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{3FC04E7D-85E2-40BD-9BED-B772B7279805}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{CCAD5F3C-7EDA-461F-9CE6-E1A92C6B64AF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{EEB9FB1B-CBE6-4F72-81E9-483631A9C0D0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [UDP Query User{3F84C21F-DE5B-4C16-B957-426709619A59}C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe] => (Allow) C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe FirewallRules: [TCP Query User{DB036809-6AD0-4E9F-8D86-320A4DFF96A6}C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe] => (Allow) C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe FirewallRules: [UDP Query User{CEEF1DB7-0056-4A54-AA86-BC64DB012045}D:\program files (x86)\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files (x86)\rockstar games\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{0FFD1EAC-1367-4485-845B-A6127B1BB1F2}D:\program files (x86)\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files (x86)\rockstar games\grand theft auto v\gta5.exe FirewallRules: [{E61BA1D3-5C14-4AC0-95E7-D5FBE54083EC}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{AE6F5D3B-4E49-47A1-B6B9-8D24FCAD5F52}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{0F748ABB-BD76-4D3A-B8CE-E6AE72516846}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{DDAFD693-CFCC-41B2-93D1-14999E956C09}] => (Allow) LPort=8317 FirewallRules: [{9D94F748-AC8F-4050-A244-E37FF4A2FFF9}] => (Allow) C:\Torrentex\Torrentex.exe FirewallRules: [{0921CDBC-88C9-40C5-A5CC-17CBC4AAB257}] => (Allow) C:\Torrentex\Torrentex.exe FirewallRules: [{18B1C886-9243-4442-AD78-CDC83E1997AB}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe FirewallRules: [{99442472-B4D4-41A6-B35C-1DB7E015F741}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe FirewallRules: [{B839B900-1912-496D-A7FD-9A81449AF0E6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{A480B30F-DA1B-4874-982F-0649E5A3ED32}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/26/2016 06:10:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a80b5abf-76ad-428b-b05d-a47d2dffeebf;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (03/26/2016 06:10:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a80b5abf-76ad-428b-b05d-a47d2dffeebf;NotificationInterval=1440;Trigger=NetworkAvailable Error: (03/26/2016 06:03:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a80b5abf-76ad-428b-b05d-a47d2dffeebf;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (03/26/2016 05:45:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a80b5abf-76ad-428b-b05d-a47d2dffeebf;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (03/26/2016 05:45:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a80b5abf-76ad-428b-b05d-a47d2dffeebf;NotificationInterval=1440;Trigger=NetworkAvailable Error: (03/26/2016 01:49:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program ADWCLE~1.EXE w wersji 5.1.0.5 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w oknie Zabezpieczenia i konserwacja w Panelu sterowania. Identyfikator procesu: 1bd4c Godzina rozpoczęcia: 01d1875b9424a774 Godzina zakończenia: 4294967295 Ścieżka aplikacji: C:\Users\Oskar_2\Desktop\ADWCLE~1.EXE Identyfikator raportu: 35f4a29f-f351-11e5-83b5-d027884e6a45 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (03/26/2016 01:29:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: csgo.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x56da83c3 Nazwa modułu powodującego błąd: tier0.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x56e9ae39 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000093c4 Identyfikator procesu powodującego błąd: 0x1c4ac Godzina uruchomienia aplikacji powodującej błąd: 0xcsgo.exe0 Ścieżka aplikacji powodującej błąd: csgo.exe1 Ścieżka modułu powodującego błąd: csgo.exe2 Identyfikator raportu: csgo.exe3 Pełna nazwa pakietu powodującego błąd: csgo.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: csgo.exe5 Error: (03/26/2016 01:22:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: csgo.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x56da83c3 Nazwa modułu powodującego błąd: tier0.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x56e9ae39 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000093c4 Identyfikator procesu powodującego błąd: 0x1c678 Godzina uruchomienia aplikacji powodującej błąd: 0xcsgo.exe0 Ścieżka aplikacji powodującej błąd: csgo.exe1 Ścieżka modułu powodującego błąd: csgo.exe2 Identyfikator raportu: csgo.exe3 Pełna nazwa pakietu powodującego błąd: csgo.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: csgo.exe5 Error: (03/26/2016 01:21:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: csgo.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x56da83c3 Nazwa modułu powodującego błąd: tier0.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x56e9ae39 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000093c4 Identyfikator procesu powodującego błąd: 0x1c4ac Godzina uruchomienia aplikacji powodującej błąd: 0xcsgo.exe0 Ścieżka aplikacji powodującej błąd: csgo.exe1 Ścieżka modułu powodującego błąd: csgo.exe2 Identyfikator raportu: csgo.exe3 Pełna nazwa pakietu powodującego błąd: csgo.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: csgo.exe5 Error: (03/26/2016 01:21:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: ccavsrv.exe, wersja: 1.1.56878.142, sygnatura czasowa: 0x56f1092c Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc000041d Przesunięcie błędu: 0x0e7f16d0 Identyfikator procesu powodującego błąd: 0x1c010 Godzina uruchomienia aplikacji powodującej błąd: 0xccavsrv.exe0 Ścieżka aplikacji powodującej błąd: ccavsrv.exe1 Ścieżka modułu powodującego błąd: ccavsrv.exe2 Identyfikator raportu: ccavsrv.exe3 Pełna nazwa pakietu powodującego błąd: ccavsrv.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: ccavsrv.exe5 System errors: ============= Error: (03/26/2016 06:08:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Freemake Improver z powodu następującego błędu: %%1053 Error: (03/26/2016 06:08:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Freemake Improver. Error: (03/26/2016 06:07:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Lemxatxi z powodu następującego błędu: %%2 Error: (03/26/2016 06:07:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi ktip z powodu następującego błędu: %%2 Error: (03/26/2016 06:05:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa User Data Access_400e6 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (03/26/2016 06:05:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa User Data Storage_400e6 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (03/26/2016 06:05:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Contact Data_400e6 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (03/26/2016 06:05:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Sync Host_400e6 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (03/26/2016 06:05:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (03/26/2016 06:02:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi lhgu z powodu następującego błędu: %%1053 CodeIntegrity: =================================== Date: 2016-03-26 18:14:27.847 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-26 18:12:47.795 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-26 18:08:51.338 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-26 18:07:47.998 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements. Date: 2016-03-26 18:04:58.003 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-26 18:04:18.824 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-26 18:02:35.667 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-26 18:01:31.541 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements. Date: 2016-03-26 17:46:34.284 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-26 17:46:24.669 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X4 965 Processor Percentage of memory in use: 26% Total physical RAM: 8191.18 MB Available physical RAM: 5987.55 MB Total Virtual: 9471.18 MB Available Virtual: 6372.82 MB ==================== Drives ================================ Drive c: (Gry) (Fixed) (Total:97.66 GB) (Free:15.06 GB) NTFS Drive d: (DANE) (Fixed) (Total:361.77 GB) (Free:100.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EF8453EE) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=500 MB) - (Type=27) Partition 3: (Not Active) - (Size=465.1 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================