Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2016 Ran by Andrzej (29-08-2016 17:37:10) Running from C:\Users\Andrzej\Downloads\Programy do czyszczenia\FRST64 Windows 8.1 (Update) (X64) (2014-06-17 16:53:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1169792134-2358267525-3225177676-500 - Administrator - Disabled) Andrzej (S-1-5-21-1169792134-2358267525-3225177676-1001 - Administrator - Enabled) => C:\Users\Andrzej Guest (S-1-5-21-1169792134-2358267525-3225177676-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1169792134-2358267525-3225177676-1005 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ) 2Tware Change File Date Free version 1.1 (HKLM-x32\...\{F7D6B4BC-9A94-4A09-88CF-64A873856650}_is1) (Version: 1.1 - 2Tware Tech Development Co., Ltd.) 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov) Acronis True Image 2014 (HKLM-x32\...\{BC238959-B84D-4891-BB85-6232E7DC7147}Visible) (Version: 17.0.6614 - Acronis) Acronis True Image 2014 (x32 Version: 17.0.6614 - Acronis) Hidden Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated) android_driver_install.exe (HKLM-x32\...\android_driver_install_is1) (Version: - android) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Archiwizator WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - ) Ashampoo Photo Recovery (HKLM-x32\...\{C92AB6F1-E203-2A07-CBAF-6329C61FE1CC}_is1) (Version: 1.0.3 - Ashampoo GmbH & Co. KG) Audiometr Demo (HKLM-x32\...\{37D6F3CE-23F7-46F6-B7CA-AE7BC1CDCA4B}_is1) (Version: 1.04 - Zubek Electronics s.c.) Audiometr Demo (HKLM-x32\...\{95E2948E-62A4-4A17-9673-D34BE1727E9F}_is1) (Version: 1.04 - Zubek Electronics s.c.) Aunsoft Final Mate version 1.9.1.1166 (HKLM-x32\...\{777035DA-2B47-4E06-8A01-D33423CCB8D9}_is1) (Version: - ) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software) BlazeDTV 6.0 (HKLM-x32\...\BlazeDTV 6.0_is1) (Version: - ) CardRecovery 6.10 (HKLM-x32\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version: - WinRecovery Software) ChomikBox (HKLM-x32\...\{C7B52FAF-58D8-438C-B810-F78C3C927504}) (Version: 2.0.8.0 - Chomikuj.pl) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2230.0 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.2230.0 - CyberLink Corp.) Hidden CyberLink PowerDirector 12 Content Pack Premium (HKLM-x32\...\InstallShield_{0219CB86-A833-4581-8FF1-78F303F93AC3}) (Version: 12 - CyberLink Corp.) CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle) Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.2 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.2 - Dell Inc.) Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.) Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.0 - Synaptics Incorporated) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Document Express DjVu Plug-in (HKLM-x32\...\{CC83DD3A-5989-4C4E-986B-46B302D0B719}) (Version: 6.1.33592 - Cuminas Corporation) Drive Rescue 1.9 (HKLM-x32\...\Drive Rescue_is1) (Version: - Alexander Grau) Drzewo Genealogiczne (HKLM-x32\...\{0FC860E5-3F77-4708-962C-20E274A854F4}_is1) (Version: 2.20.1.0 - PL-SOFT S.C.) DVS Video Downloader Addon for Internet Explorer version 1.0.14.910 (HKLM-x32\...\DVS Video Downloader Addon for Internet Explorer_is1) (Version: 1.0.14.910 - DVDVideoSoft Ltd.) DVS Video Downloader Addon for Mozilla Firefox version 4.3.4.17 (HKLM-x32\...\DVS Video Downloader Addon for Mozilla Firefox_is1) (Version: 4.3.4.17 - DVDVideoSoft Ltd.) Elecard AVC HD Editor (HKLM-x32\...\Elecard AVC HD Editor 1.0.100705) (Version: 1.0.100705 - Elecard) EXIF Date Changer v3.3.6 (HKLM-x32\...\{26CA1B07-BC53-4196-B9C2-A11C6F6F3E08}_is1) (Version: - Rellik Software) FlashGet3.7 (HKLM-x32\...\FlashGet3.7) (Version: 3.7.0.1220 - hxxp://www.FlashGet.com) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.) Free YouTube Download version 3.2.46.923 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.) Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden GeoSetter 3.4.16 (HKLM-x32\...\GeoSetter_is1) (Version: - Friedemann Schmidt) GeoSetter 3.4.51 beta (HKLM-x32\...\GeoSetterBeta_is1) (Version: - Friedemann Schmidt) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden jv16 PowerTools X (HKLM-x32\...\jv16 PowerTools X) (Version: - Macecraft Software) KMSnano 25 (HKLM\...\KMSnano 25_is1) (Version: KMSnano 25 - ) Lexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version: - Lexmark International, Inc.) Lizardtech DjVu Control (HKLM-x32\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version: - ) Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech) LoiLoScope (HKLM-x32\...\{09A0338C-F1D8-4586-9E78-1B7AAD6AC929}_is1) (Version: 1.8.5.3 - LoiLo inc) LoiLoScope 2 (HKLM-x32\...\{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.3.2 - LoiLo inc) LoiLoScope Download (HKLM-x32\...\{C2A254F4-AC74-482F-8F09-DB2843AC2AAE}_is1) (Version: 2.0 - LoiLo inc) MediaInfo 0.7.70 (HKLM\...\MediaInfo) (Version: 0.7.70 - MediaArea.net) MetaX for Windows (HKLM-x32\...\{0F46559A-C917-4001-8E75-74EF23E88B2B}) (Version: 2.48 - No Bull Software) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue) NewBlue Video Essentials II for PowerDirector (HKLM\...\NewBlue Video Essentials II for Cyberlink) (Version: 3.0 - NewBlue) NewBlue Video Essentials III for PowerDirector (HKLM\...\NewBlue Video Essentials III for Cyberlink) (Version: 3.0 - NewBlue) Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia) Nokia Internet Modem (HKLM-x32\...\{AF91A56A-A775-4183-99C5-E9320263B612}) (Version: 3.8.149.40 - SmartCom) Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia) Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden Obsługa programów Apple (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Pakiet sterowników systemu Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\4D67C1984266FCB0F08AA13AFAD4F98C91EB52D0) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.) Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Pakiet sterowników systemu Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) Pakiet sterowników systemu Windows - Qualcomm (qcusbnet) Net (10/16/2012 1.0.7.9) (HKLM\...\C03E573DE1B7F7DE10352D707DF6C7E88C0FAA03) (Version: 10/16/2012 1.0.7.9 - Qualcomm) Pakiet sterowników systemu Windows - Qualcomm Incorporated (qcusbser) Modem (10/26/2012 2.1.0.3) (HKLM\...\19E621CD1BB015A1069EB53B72E2877DC34F038C) (Version: 10/26/2012 2.1.0.3 - Qualcomm Incorporated) Pakiet sterowników systemu Windows - Qualcomm Incorporated (qcusbser) Ports (10/26/2012 2.1.0.3) (HKLM\...\52D9B5E0B1B45DD17B0C3972C332873F1BC298B3) (Version: 10/26/2012 2.1.0.3 - Qualcomm Incorporated) PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) PHOTOfunSTUDIO 9.1 PE (HKLM-x32\...\{C13FE7DE-D34D-48CC-9FA3-8DB9A3621B98}) (Version: 9.01.709 - Panasonic Corporation) PHOTORECOVERY Professional 2015 5.1.2.4 (HKLM-x32\...\{07533900-D194-48b0-8F23-5A653839CD5B}_is1) (Version: 5.1.2.4 - LC Technology International, Inc.) Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.5.0.327 - Corel Corporation) Pinnale Systems Software Keys (HKLM-x32\...\{616CD10B-1EC7-41D2-8C14-3ECE93E7AEE9}_is1) (Version: - VPP TEAM) PITy2014 IPS 1.6 kompilacja:1.6.2.37 (HKLM-x32\...\PITy2014IPS_is1) (Version: - IPS Przedsiębiorstwo Informatyczne) PITy2015 IPS 1.7 kompilacja:1.7.3.9 (HKLM-x32\...\PITy2015IPS_is1) (Version: - IPS Przedsiębiorstwo Informatyczne) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poczta usługi Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.021 - Dell Inc.) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) RoboGEO v6.3.2 (HKLM-x32\...\{7AB9EA7D-78FF-4D2B-9E73-3D19FC25F6E4}) (Version: 6.3.2.0 - Pretek, Inc.) SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) SpyHunter4 (HKLM-x32\...\SpyHunter 4.23.2.4686) (Version: - ) Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.) StrongRecovery (HKLM-x32\...\StrongRecovery) (Version: - ) StrongRecovery 3.8.0.1 (HKLM-x32\...\StrongRecovery_is1) (Version: - Drobinski Maciej StrongRecovery) Twierdza Deluxe (HKLM-x32\...\Twierdza Deluxe_is1) (Version: - ) USB device MF63 Hostless Modem (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation) Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony) Virtual Disk Driver (HKLM-x32\...\{7E014B78-94DA-4DE6-8226-A674A878F0C7}) (Version: 1.1.2116 - Acronis) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) WhatsApp (HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\WhatsApp) (Version: 0.2.1455 - WhatsApp) Wondershare Data Recovery(Build 5.0.0.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 5.0.0.5 - Wondershare Software Co.,Ltd.) World of Tanks (HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) XnView 2.25 (HKLM-x32\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e) YouTube Video Grabber version 1.9.9.1 (HKLM-x32\...\YouTube Video Grabber_is1) (Version: 1.9.9.1 - LitexMedia, Inc.) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.465 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07420F8E-DFA6-4ECF-8B5B-61DDB1E176C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0D07741D-C2D0-41B1-B03D-07631DE087D6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe Task: {0ED0F897-1EB9-4F37-9C01-1812822CFCC1} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {14815E4B-97BF-421A-9EA3-E7D32E3613AC} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.) Task: {156A2227-7A02-4B6E-BF68-3CA68C55F32C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe Task: {1D507981-B916-4B72-A9E6-6F661EFFC1B0} - System32\Tasks\Ghreringuwek Center => C:\Program Files (x86)\Isakphovey\stagle.exe Task: {20075B62-0659-4F3F-9975-50149ADBE451} - System32\Tasks\SpyHunter4Startup => C:\Program Files\SpyHunter\SpyHunter4.exe [2016-07-20] (Enigma Software Group USA, LLC.) Task: {271B633B-98C3-4167-A425-2693069EC641} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-08-02] (PC-Doctor, Inc.) Task: {2A4396DD-8815-4CE9-B271-E3393D51E3E4} - System32\Tasks\Trigger KMS Activation => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] () Task: {2A751B6F-4C28-4022-8DED-40A5F37BD691} - System32\Tasks\AdobeAAMUpdater-1.0-WINDOWS-R08CI6E-Andrzej => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe Task: {3D7A47AC-7A72-4AB1-B742-BC05E3138302} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-05] (Synaptics Incorporated) Task: {4D9867C3-8CD0-4ECA-A648-47D0F3043883} - System32\Tasks\{FC1A70EB-8EE8-4CBB-A3AF-22623135A628} => pcalua.exe -a E:\Driver\DrvInstall.exe -d E:\Driver Task: {5130CBF5-3109-47AA-A2E2-E90687284340} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-08-02] (PC-Doctor, Inc.) Task: {53382003-6D6C-4595-B868-E595B4C1C6D0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software) Task: {5B1365B4-5BCC-4872-8021-6A8F06B8F61C} - \Resage Builder -> No File <==== ATTENTION Task: {64A8E18C-60F5-4B92-8CD3-B17482A63124} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {6AF0331B-098A-4234-80D0-843F2D5B56F3} - \{092FA7A6-87BF-4309-B59C-E9878F876B2F} -> No File <==== ATTENTION Task: {86DE649A-67CD-4551-AC44-6DE7628AF864} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {9F6FF44C-92D2-4352-8ACB-EE8FB360E822} - System32\Tasks\{4C74801A-B66D-4F35-9292-6052B0840E78} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Sansaillight\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Sansaillight\uninstall.dat" -a uninstallme 21561E05-6695-4308-AA6B-38E1420BE307 DeviceId=d76e53b7-93ed-007d-5bd0-95fe4ba1c4c9 BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet Task: {9F925264-1CE7-4ED7-8321-EE3ED9A47FD5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {BC577063-E03B-4402-8D37-9F760063E7B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {C21CE813-973A-4673-A387-2F88CA2122BA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe Task: {C6244D62-2CAE-4FB8-A8DB-EE9F81B75B64} - \b2929b72a96a471893ecaa9c51368bae -> No File <==== ATTENTION Task: {CCCCF25E-2B45-435E-BCD5-818644D3F6CF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-14] (AVAST Software) Task: {D6A2BF24-BBEA-41E1-AF21-754A1C1A0CD7} - System32\Tasks\SafeZone scheduled Autoupdate 1470238239 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software) Task: {DD68DCAE-11BC-4CF3-A611-55D1702E2620} - System32\Tasks\{70ED9FE3-4657-4980-AEDA-901982510344} => pcalua.exe -a "C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\Uninst.exe" Task: {E43EBC8D-18E5-4964-99CE-B6C1F2F06943} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-27] (Google Inc.) Task: {EBFB66CF-F38F-4AAB-A87F-D5F3B71CEBA9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {FFD091E4-A160-46CE-A809-1BBE0A2F46E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-27] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FullHD Video Editor LoiLoScope Download.lnk -> C:\Program Files (x86)\LoiLo\LoiLoScope Download\WebShortcut.exe () -> hxxp://loilo.tv/product/20?partner_id=14 ShortcutWithArgument: C:\Users\Public\Desktop\FullHD Video Editor LoiLoScope Download.lnk -> C:\Program Files (x86)\LoiLo\LoiLoScope Download\WebShortcut.exe () -> hxxp://loilo.tv/product/20?partner_id=14 ShortcutWithArgument: C:\Users\Public\Desktop\USB device MF63.lnk -> C:\Program Files (x86)\Hostless Modem\USB device MF63\LaunchWebUI.exe () -> hxxp://router.setup/ ==================== Loaded Modules (Whitelisted) ============== 2015-02-08 12:57 - 2012-08-08 22:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2014-06-28 16:35 - 2012-05-04 17:19 - 00274208 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe 2013-10-01 11:42 - 2013-10-01 11:42 - 02817944 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll 2014-03-06 20:28 - 2013-08-19 18:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2014-03-06 20:28 - 2013-08-19 18:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2014-07-31 19:09 - 2010-02-10 18:10 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2014-03-06 20:28 - 2013-08-19 18:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll 2016-05-29 18:21 - 2016-08-25 21:10 - 00123760 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2016-07-14 22:55 - 2016-07-14 22:55 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-08-29 12:54 - 2016-08-29 12:54 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16082900\algo.dll 2016-07-14 22:55 - 2016-07-14 22:55 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2013-11-08 18:08 - 2013-11-08 18:08 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll 2013-11-08 18:11 - 2013-11-08 18:11 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2014-03-06 20:11 - 2013-03-05 05:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 19:41 - 2013-03-05 19:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2016-08-08 23:33 - 2016-08-03 02:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application.b388a6c\52.0.2743.116\libglesv2.dll 2016-08-08 23:33 - 2016-08-03 02:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application.b388a6c\52.0.2743.116\libegl.dll 2013-10-01 12:00 - 2013-10-01 12:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:9FA5EC55 [155] AlternateDataStreams: C:\ProgramData\Temp:F0D7EE30 [175] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2016-08-25 17:08 - 00000991 ____N C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 activation.acronis.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img7.jpg DNS Servers: 37.8.214.2 - 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "Usługa Acronis Scheduler2 Service" HKLM\...\StartupApproved\Run: => "ZAM" HKLM\...\StartupApproved\Run32: => "mcpltui_exe" HKLM\...\StartupApproved\Run32: => "PowerDVD12Agent" HKLM\...\StartupApproved\Run32: => "UIExec" HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df" HKLM\...\StartupApproved\Run32: => "CheckNDISPortF0acE3" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor" HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\StartupApproved\StartupFolder: => "Super Finder XT.lnk" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\StartupApproved\Run: => "BlazeServoTool" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\StartupApproved\Run: => "Nokia Internet Modem" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\StartupApproved\Run: => "LaunchFinalMate" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\StartupApproved\Run: => "ChomikBox" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\StartupApproved\Run: => "IPLA!" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\StartupApproved\Run: => "C" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\StartupApproved\Run: => "PC Suite Tray" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\StartupApproved\Run: => "svchost0" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{7E20C59D-2746-43D4-BF24-7FEC34CB8DED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{D0C9F43C-31F9-4650-A0A1-539BCA9A6E28}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{CE0610A0-C4BF-400E-8208-ABDC878F6A4A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{5622A8B9-1710-41D4-8817-B453B9F46EFA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{E27AAA42-A412-4F98-B93B-EB89435AE11E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{ADFA478D-9A2D-4C4E-A83A-EF99877BAA0D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{B2C2E21C-2CCA-453C-961D-6CF4AD31D3B4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{7D74F13B-271C-4B57-8401-BF6E31299578}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{5201DBB3-C36C-4CBF-B201-E05AF26F9589}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{90679764-DEC4-4A63-8A25-C682270061D4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{083051DA-B69A-454F-8B55-30BD19DFE84F}] => (Allow) LPort=2869 FirewallRules: [{88B87893-66FE-4367-881B-2D7991DE7BEA}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{4C414AB0-834A-4024-87F6-5C6F8F310BF2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{6D16E351-5B46-4537-A7B1-62A0E75B1DDD}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{6673DAD8-21D8-4DAF-A9FA-4E7E3B8C6A0D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{0B3E7781-FF41-4C8F-B3AB-C69BA3E0178C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{336D3CB3-7795-4E04-A387-161D1F90AF39}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{81DF89FB-4503-41F7-B469-4DDF13D0963A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{DD6B5B4E-A68C-4BC2-B6A9-95A9899E30DA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{2D3BA731-7ABB-4988-98F6-3BD483CAA607}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{62989D95-EDFE-4F99-A2B4-EB2CDB0DE285}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{033B48D2-B44D-44F4-8607-0DAD88631334}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{1D4F2CBF-B2F6-4541-8D32-D77DD8A7CD61}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{AE1D18EC-DAA1-4A50-9B67-18B4E41C84F6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{5C52B58C-B034-4EBA-A89B-4042FEA5F353}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe FirewallRules: [UDP Query User{7B48F4D1-3E68-4679-BAF1-8108675D96CB}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe FirewallRules: [TCP Query User{8DCFC814-F3BD-4562-90E2-71B0224D36FC}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe FirewallRules: [UDP Query User{33EAA174-D289-4676-B6AA-1B769A939C7B}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe FirewallRules: [TCP Query User{FD00B24F-795D-45EE-8AC5-39F1A5D3548D}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe FirewallRules: [UDP Query User{F069B185-70F2-435D-B28D-9D3A1AB0CA6F}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe FirewallRules: [{864D6C48-CCB3-4BA4-9B21-0B92F59F4A03}] => (Block) C:\program files (x86)\flashget network\flashget 3\flashget3.exe FirewallRules: [{6823250D-01B3-4181-A3CD-9CB8166ACDEF}] => (Block) C:\program files (x86)\flashget network\flashget 3\flashget3.exe FirewallRules: [{C45568FB-E74A-43FA-8171-4BB834465B4E}] => (Allow) C:\Users\Andrzej\AppData\Local\Temp\nsm916E.tmp\CnetInstaller-144175.exe FirewallRules: [{C9B1C7D4-32BD-4903-AB76-7C175A0A605A}] => (Allow) C:\Users\Andrzej\AppData\Local\Temp\nsm916E.tmp\CnetInstaller-144175.exe FirewallRules: [TCP Query User{A87945FE-442D-4C06-9F14-81450641B0A1}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe FirewallRules: [UDP Query User{B4F89F90-59CE-4E10-9251-B9B85E31A05D}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe FirewallRules: [TCP Query User{92E2185F-224F-4DC2-89EC-CCB52ECE9BEB}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe FirewallRules: [UDP Query User{3DBCCD94-36D2-4B2F-8A8E-7E6FF2C8F1C1}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe FirewallRules: [{264CACCB-1719-4E58-9B16-F271E36EA8B5}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [{8FA21E7C-CF55-4C29-B0FF-0107637A6430}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{AB1E6C49-6D16-4E8F-B442-06AF24FF3043}] => (Allow) C:\Windows\SysWOW64\lxczcoms.exe FirewallRules: [{B3B891F7-05EF-483C-9702-6E78D0D20E22}] => (Allow) C:\Windows\SysWOW64\lxczcoms.exe FirewallRules: [{42B30D73-CFD4-4E9E-9AE2-934AA7FB5F43}] => (Allow) C:\Windows\System32\lxczcoms.exe FirewallRules: [{1BCC132A-1713-48DC-995C-275B665E8D67}] => (Allow) C:\Windows\System32\lxczcoms.exe FirewallRules: [TCP Query User{E07C14EA-5426-43B1-B494-2286ACB4F127}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [UDP Query User{4C546A6F-CFB8-4DDD-B867-800F620A8AA8}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [TCP Query User{9FF92012-2063-4B77-885E-E48CEE058BE6}C:\program files (x86)\twierdza deluxe\stronghold.exe] => (Block) C:\program files (x86)\twierdza deluxe\stronghold.exe FirewallRules: [UDP Query User{44570178-CB4D-4912-B624-A89118315E99}C:\program files (x86)\twierdza deluxe\stronghold.exe] => (Block) C:\program files (x86)\twierdza deluxe\stronghold.exe FirewallRules: [TCP Query User{CB1E1092-4D84-4259-82A7-21F79A2FA920}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [UDP Query User{5B709DEA-FCBB-4E8E-9960-C5DAB79FF122}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [TCP Query User{04F540EA-90F4-4E16-823F-C501B55E0DF2}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe FirewallRules: [UDP Query User{201A3D4A-D45D-4C17-AC8B-526868B63CA2}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe FirewallRules: [{35FFF4A7-DF0D-4DA7-BD4E-8598A4C2FE3F}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe FirewallRules: [{0F51F87E-FBD9-42C5-A5C0-5EBF4ADB7555}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe FirewallRules: [{4AB61A43-E5B4-4CC8-9E94-C523450E7ECE}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe FirewallRules: [{E23CADDA-1D7A-4B93-91B7-8A03D26CDC18}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe FirewallRules: [{DCB52568-ACAA-46F9-BD9C-12CC880CFBF2}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe FirewallRules: [{1AA97D20-0DE2-415A-8257-2A7AA8670FC5}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe FirewallRules: [{9D7769BC-D810-4042-AD12-679DE1DEB55B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{A92C1880-F955-447F-BACB-DC99DA91060B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{CF717860-DC6B-4B96-86B0-4B8359006221}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{DF3A9062-5C5D-4027-B4F2-CAEBAA96A60C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{6A9F7473-2765-476A-9BEF-5DC29019EF10}] => (Allow) C:\Torrentex\Torrentex.exe FirewallRules: [{F2C167AB-7AC0-4AA9-938D-62D23B07316C}] => (Allow) C:\Torrentex\Torrentex.exe FirewallRules: [TCP Query User{AC510656-4ACD-413C-9507-D7AF1B3D080A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{67B16B60-2080-41D7-80EB-149042AF2279}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{82D69703-173B-4771-B257-51D6BF74B1FD}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{5053051B-F79E-4A1B-9FF9-F39C3C2FFE78}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{F2B50277-46ED-4C81-87B9-465E1F869355}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{7E260799-092F-40B0-83E8-DDD30DF8CC4B}C:\program files (x86)\google\chrome\application.b388a6c\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application.b388a6c\chrome.exe FirewallRules: [UDP Query User{F3003C75-D8E9-4B33-8630-E2092D530A62}C:\program files (x86)\google\chrome\application.b388a6c\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application.b388a6c\chrome.exe FirewallRules: [{DF951C1A-2CC4-472B-8AFA-590F60D3059F}] => (Allow) C:\Program Files\KMSnano\data\qemu-system-i386.exe FirewallRules: [{901E22DB-0386-4ED5-8D17-41104D61078B}] => (Allow) C:\Program Files\KMSnano\data\qemu-system-i386.exe FirewallRules: [{A64A898C-3F15-4A25-88E3-D81A3FE9BAAA}] => (Allow) C:\Program Files\KMSnano\data\qemu-system-i386.exe FirewallRules: [{3DE8ADA8-6384-4679-B7B5-ABE4F4D210D5}] => (Allow) C:\Program Files\KMSnano\data\qemu-system-i386.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3 ==================== Restore Points ========================= 29-08-2016 09:24:46 Zaplanowany punkt kontrolny 29-08-2016 12:15:38 Zemana AntiMalware 2016-08-29 12:15:37 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/29/2016 01:46:41 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program KMSELDI.exe w wersji 16.0.0.0 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania. Identyfikator procesu: 3bb0 Godzina rozpoczęcia: 01d201e3f7c23869 Godzina zakończenia: 518 Ścieżka aplikacji: C:\Program Files\KMSnano\KMSELDI.exe Identyfikator raportu: 6f602fce-6ddb-11e6-838a-f82fa8c82b90 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (08/29/2016 01:40:20 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program MovieMaker.exe w wersji 16.4.3528.331 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania. Identyfikator procesu: 37fc Godzina rozpoczęcia: 01d201e9fa176399 Godzina zakończenia: 105 Ścieżka aplikacji: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe Identyfikator raportu: 5536696a-6ddd-11e6-838a-f82fa8c82b90 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (08/29/2016 08:08:49 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\DjVuViewer.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Składnik 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (08/28/2016 09:28:51 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: Menedżer okien pulpitu napotkał błąd krytyczny (0x8898008d). Error: (08/28/2016 07:51:11 PM) (Source: Winlogon) (EventID: 4005) (User: ) Description: Proces usługi logowania systemu Windows został nieoczekiwanie zakończony. Error: (08/28/2016 03:14:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-R08CI6E) Description: Aktywacja aplikacji Microsoft.BingNews_8wekyb3d8bbwe!AppexNews nie powiodła się. Błąd: -2147024865. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (08/28/2016 03:14:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-R08CI6E) Description: Aktywacja aplikacji Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel nie powiodła się. Błąd: -2147024865. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (08/28/2016 10:51:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-R08CI6E) Description: Aktywacja aplikacji Microsoft.BingNews_8wekyb3d8bbwe!AppexNews nie powiodła się. Błąd: -2147024891. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (08/28/2016 10:11:20 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\DjVuViewer.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Składnik 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (08/28/2016 10:07:28 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\DjVuViewer.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Składnik 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. System errors: ============= Error: (08/29/2016 01:12:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi esgiguard z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Error: (08/29/2016 01:12:15 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Program Files\SpyHunter\esgiguard.sys Error: (08/29/2016 01:11:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi esgiguard z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Error: (08/29/2016 01:11:58 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Program Files\SpyHunter\esgiguard.sys Error: (08/29/2016 12:53:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Kmm4xNT z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Error: (08/29/2016 12:53:33 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\Kmm4xNT.SYS Error: (08/29/2016 12:53:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa GhreringuwekCenter zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonego modułu. Error: (08/29/2016 12:53:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT) Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\windows\System32\bcmihvsrv64.dll Kod błędu: 126 Error: (08/29/2016 12:51:35 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: Jedno wystąpienie usługi już działa. . Error: (08/29/2016 12:51:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Karta wydajności WMI niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. CodeIntegrity: =================================== Date: 2016-07-17 21:56:54.491 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-17 21:56:53.534 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-17 18:24:50.174 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-17 18:24:49.528 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-17 18:24:48.927 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-17 18:24:48.111 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-17 18:24:46.787 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-17 18:24:46.159 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-17 18:24:44.258 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-17 18:24:43.868 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A8-5545M APU with Radeon(tm) HD Graphics Percentage of memory in use: 40% Total physical RAM: 7365.01 MB Available physical RAM: 4361.19 MB Total Virtual: 8261.01 MB Available Virtual: 5095.35 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:921.73 GB) (Free:44.89 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: FB8089BA) Partition: GPT. ==================== End of Addition.txt ============================