Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2017 Ran by Macek (18-10-2017 20:15:43) Running from C:\Users\arcis\Downloads Windows 10 Home Version 1703 15063.674 (X64) (2017-08-06 14:37:14) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3116734461-3747102014-2550280443-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3116734461-3747102014-2550280443-503 - Limited - Disabled) Guest (S-1-5-21-3116734461-3747102014-2550280443-501 - Limited - Disabled) Macek (S-1-5-21-3116734461-3747102014-2550280443-1004 - Administrator - Enabled) => C:\Users\arcis ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3116734461-3747102014-2550280443-1004\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated) ALLPlayer V7.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.) Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) BitLord 2.5 (HKLM-x32\...\BitLord) (Version: 2.4.5-316 - House of Life) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4118.0 - CyberLink Corp.) Hidden CyberLink PowerRecover (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.5610 - CyberLink Corp.) Hidden CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.5610 - CyberLink Corp.) Discord (HKU\S-1-5-21-3116734461-3747102014-2550280443-1004\...\Discord) (Version: 0.0.298 - Discord Inc.) Dolby Audio X2 Windows API SDK (HKLM\...\{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8}) (Version: 0.7.2.61 - Dolby Laboratories, Inc.) Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.) ELAN Touchpad 16.19.2.1_X64_WHQL (HKLM\...\Elantech) (Version: 16.19.2.1 - ELAN Microelectronic Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.) Intel(R) Chipset Device Software (HKLM-x32\...\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}) (Version: 10.1.1.32 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4475 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{fefa9370-e735-4821-9cbc-48bd843e7ac3}) (Version: 19.80.0 - Intel Corporation) iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.) League of Legends (HKLM-x32\...\{4D78B137-434D-466E-A4D8-98E7EA3F73E5}) (Version: 4.2.1 - Riot Games) Hidden League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games) Microsoft Office Professional 2016 - pl-pl (HKLM\...\ProfessionalRetail - pl-pl) (Version: 16.0.8431.2107 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3116734461-3747102014-2550280443-1004\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 56.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 pl)) (Version: 56.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Napisy24 (HKLM-x32\...\{D1985DBC-F09E-4317-91B8-932AD0FD4A27}_is1) (Version: 1.8 - Napisy24.pl) NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0415-1000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden OpenOffice 4.1.3 (HKLM-x32\...\{4D71C348-C964-442D-B2DB-5160E46FB664}) (Version: 4.13.9783 - Apache Software Foundation) PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0127 - Pegatron Corporation) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.9.422.2016 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7926 - Realtek Semiconductor Corp.) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.) Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17376 - Microsoft Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Wondershare TunesGo ( Version 9.5.0 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 9.5.0 - Wondershare) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-01-20] (Cyberlink) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-01-20] (Cyberlink) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxDTCM.dll [2016-11-02] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0A2C33B3-B0AA-49A0-95BB-F583A38C19CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {2E274811-F2DF-4141-B382-DEADEE61EF60} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2016-01-08] (CyberLink Corp.) Task: {41977934-119F-4562-A114-0CBD855FDF21} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-15] () Task: {42481013-3C67-463B-8F32-B5A3986E8B68} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-04] (Microsoft Corporation) Task: {78311986-7F35-4C92-8121-7829D082C9BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-01] (Google Inc.) Task: {888ABA05-6162-4FC7-A5E3-3F890698F9CB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-04] (Microsoft Corporation) Task: {B32BBD49-F46E-4B30-A7F1-049A78127327} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-11] (Adobe Systems Incorporated) Task: {CB8106B0-5299-4485-9234-2F6A7E5547BD} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2016-01-05] (CyberLink Corp.) Task: {DAC9CB7B-4149-402D-8CBC-090CA28C6C57} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated) Task: {E8A87B9B-1079-4470-897C-AEE79FCCD60D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-01] (Google Inc.) Task: {F553A408-5EB2-4CAD-963F-985F02AA80FA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-15] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-25 13:16 - 2014-08-07 12:45 - 000135680 _____ () C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe 2017-01-13 14:56 - 2017-01-13 14:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-07-25 16:05 - 2014-04-14 20:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2016-07-25 13:16 - 2016-03-29 15:56 - 002409472 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe 2016-07-25 13:16 - 2010-01-12 19:36 - 000117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe 2016-07-25 13:16 - 2010-01-12 19:36 - 000121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe 2016-07-25 13:16 - 2010-12-17 16:04 - 000449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe 2017-03-18 22:59 - 2017-03-20 05:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-25 13:16 - 2014-03-18 23:54 - 005644800 _____ () C:\Program Files (x86)\PHotkey\Dolbyosd.exe 2016-07-25 13:16 - 2016-04-13 18:23 - 009054720 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe 2016-07-25 13:16 - 2015-10-06 15:52 - 000331776 _____ () C:\Program Files (x86)\PHotkey\Keyboardmonitortool.exe 2017-08-23 01:18 - 2017-08-23 01:21 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-08-23 01:18 - 2017-08-23 01:21 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-08-23 01:18 - 2017-08-23 01:21 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-08-23 01:18 - 2017-08-23 01:21 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll 2016-06-24 02:33 - 2016-06-24 02:33 - 000829632 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe 2017-09-26 23:24 - 2017-09-21 09:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll 2017-09-26 23:24 - 2017-09-21 09:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll 2016-07-18 10:39 - 2016-07-18 10:39 - 000154816 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe 2016-07-25 13:16 - 2009-12-18 17:36 - 000973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll 2016-07-25 13:16 - 2013-09-18 01:23 - 000108032 _____ () C:\Program Files (x86)\PHotkey\PGFNEX.dll 2016-07-27 12:11 - 2016-06-15 04:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-07-25 16:04 - 2014-12-08 09:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2014-12-08 17:28 - 2014-12-08 17:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 09:24 - 2015-10-30 09:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3116734461-3747102014-2550280443-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\arcis\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\wallpaper.jpg DNS Servers: 192.168.2.10 - 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "PowerDVD12Agent" HKU\S-1-5-21-3116734461-3747102014-2550280443-1004\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3116734461-3747102014-2550280443-1004\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3116734461-3747102014-2550280443-1004\...\StartupApproved\Run: => "ALLUpdate" HKU\S-1-5-21-3116734461-3747102014-2550280443-1004\...\StartupApproved\Run: => "Napisy24.pl" HKU\S-1-5-21-3116734461-3747102014-2550280443-1004\...\StartupApproved\Run: => "Napisy24Update" HKU\S-1-5-21-3116734461-3747102014-2550280443-1004\...\StartupApproved\Run: => "Discord" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2CA7A070-4AC3-4130-B8B9-667A96A58662}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{6BD33063-4BEE-437B-B383-C65AB4468E4B}] => (Allow) C:\Users\arcis\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1DF8A242-1C70-4F35-BAB8-BB0BB0017821}] => (Allow) C:\Users\arcis\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7C0ABEF6-4390-4E7A-BD23-B22082DD8CD0}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe FirewallRules: [{5115DB36-136E-411F-BF31-6C53EC40C11B}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe FirewallRules: [{A7C5E788-553F-49F7-9E24-F5F9092D9696}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8FA6DD6A-9904-4DB7-A366-0DF396B329E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BA28FB93-DCD4-4C24-8EA2-4CB138873D3A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5F76AE3F-FCC1-4575-A903-0952AD40C67F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8141A406-F0D1-4170-AB3E-25543CFCEDC9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8C957E73-0A63-4EA0-BA76-7B06A540982D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{6F97E735-9889-4294-ADBE-B704B2BD6705}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe FirewallRules: [{955FD5D6-2B18-486E-9867-A5134355E04E}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe FirewallRules: [{A340718F-10D6-4A29-94F5-31B8C2FCE651}] => (Allow) C:\Users\arcis\AppData\Local\Temp\Rar$EXa0.363\Windows 10 Activators\Microsoft Toolkit 2.5.3\Microsoft Toolkit.exe FirewallRules: [{02BBFCCB-F5F0-4A97-9F0F-8399D360C61D}] => (Allow) C:\Users\arcis\AppData\Local\Temp\Rar$EXa0.363\Windows 10 Activators\Microsoft Toolkit 2.5.3\Microsoft Toolkit.exe FirewallRules: [{FD4469DA-F0DB-466E-A9D7-A82293D49F50}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [{378F860F-F16F-4E8B-9FAD-3718AC64C3DB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{F4CFB7C0-50DF-4B16-8CF1-03E4600D7523}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{1F297F7B-21F1-4078-8C3E-6A37A155750B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{FD68AD87-7266-41DD-95EB-342FA467362F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{6F348128-19AB-4BE7-A6B9-4E0D7181137A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{C789EA4A-544C-4663-8C22-C69551E742DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{EB641EA7-3285-4583-A406-3FFAFCFD0CB9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{9B048944-6AB0-4B81-9BC4-138E4564DDB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{2200D6BD-50DA-42AC-BCB4-AA43F37E701F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{E45D7B64-7050-404B-9D61-EA7DE2A2EA4D}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{759A124E-DF74-4CFB-91EA-A997EAFB6D8F}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{C99D3875-4757-463C-9301-16B77A71D439}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{FA482D28-BD60-4B84-8545-EB5164AD6A62}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{E8A944AC-E096-4EFF-BF85-DC4CCDAEE49C}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\outlook.exe FirewallRules: [{09999154-7568-4420-AD94-2F7E1FBE96F0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe ==================== Restore Points ========================= 13-10-2017 00:17:54 Windows Update 17-10-2017 23:51:41 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/18/2017 08:06:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/18/2017 08:06:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (10/18/2017 08:03:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 10.0.15063.674, sygnatura czasowa: 0xd8364343 Nazwa modułu powodującego błąd: combase.dll, wersja: 10.0.15063.608, sygnatura czasowa: 0xb66dc19d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000000000001ded4 Identyfikator procesu powodującego błąd: 0x1a54 Godzina uruchomienia aplikacji powodującej błąd: 0x01d343bff6a0955e Ścieżka aplikacji powodującej błąd: C:\WINDOWS\Explorer.EXE Ścieżka modułu powodującego błąd: C:\WINDOWS\System32\combase.dll Identyfikator raportu: a7d4488c-ecf2-46e5-a753-a4836cec8a11 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (10/18/2017 07:56:29 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "c:\program files\cyberlink\photodirector6\kernel\ces\CES_CacheAgent.exe.Manifest". Nie można odnaleźć zestawu zależnego PDR.X,type="win32",version="1.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (10/18/2017 07:56:29 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "c:\program files\cyberlink\photodirector6\kernel\ces\CES_AudioCacheAgent.exe.Manifest". Nie można odnaleźć zestawu zależnego PDR.X,type="win32",version="1.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (10/18/2017 07:56:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AMCIEK) Description: Aktywacja aplikacji Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo nie powiodła się. Błąd: -2147009280. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (10/18/2017 07:54:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/17/2017 11:49:29 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/17/2017 11:49:04 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=TimerEvent Error: (10/17/2017 12:45:47 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3875 System errors: ============= Error: (10/18/2017 08:05:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Windows Presentation Foundation Font Cache 3.0.0.0 z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (10/18/2017 08:05:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą FontCache3.0.0.0. Error: (10/18/2017 08:04:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} i identyfikatorem aplikacji APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} użytkownikowi NT AUTHORITY\LOCAL SERVICE o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (10/18/2017 08:04:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} i identyfikatorem aplikacji APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} użytkownikowi NT AUTHORITY\LOCAL SERVICE o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (10/18/2017 08:04:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi CldFlt z powodu następującego błędu: Żądanie nie jest obsługiwane. Error: (10/18/2017 08:04:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN. Ścieżka modułu: C:\WINDOWS\System32\IWMSSvc.dll Error: (10/18/2017 08:04:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN. Ścieżka modułu: C:\WINDOWS\System32\IWMSSvc.dll Error: (10/18/2017 08:03:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN. Ścieżka modułu: C:\WINDOWS\System32\IWMSSvc.dll Error: (10/18/2017 08:03:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa Szybka instalacja pakietu Microsoft Office niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (10/18/2017 08:03:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Intel(R) Content Protection HECI Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. CodeIntegrity: =================================== Date: 2017-10-18 20:12:24.139 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-18 20:12:24.137 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-18 20:11:52.705 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-18 20:11:52.704 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-18 20:11:34.022 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-18 20:11:34.018 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-18 20:11:33.885 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-18 20:11:33.882 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-18 20:05:22.017 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-18 20:05:22.016 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz Percentage of memory in use: 19% Total physical RAM: 16284.22 MB Available physical RAM: 13149.95 MB Total Virtual: 18716.22 MB Available Virtual: 15641.57 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:235.95 GB) (Free:62.39 GB) NTFS Drive d: (Data) (Fixed) (Total:901.51 GB) (Free:791.8 GB) NTFS Drive e: (Recover) (Fixed) (Total:30 GB) (Free:7.3 GB) NTFS Drive f: (Moje pliki) (CDROM) (Total:2.18 GB) (Free:0 GB) UDF Drive g: (atlas_3) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 0BB4CC3B) Partition: GPT. ======================================================== Disk: 1 (Size: 238.5 GB) (Disk ID: 0BB4CBDE) Partition: GPT. ==================== End of Addition.txt ============================