Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017 Ran by Michał (13-03-2017 10:33:24) Running from D:\DOWNLOAD Windows 8.1 Pro (Update) (X64) (2017-01-17 00:33:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4122494467-2726101799-183990937-500 - Administrator - Disabled) Guest (S-1-5-21-4122494467-2726101799-183990937-501 - Limited - Disabled) Michał (S-1-5-21-4122494467-2726101799-183990937-1001 - Administrator - Enabled) => C:\Users\Michał ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371} AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Adventure Game Studio 3.4.0 P2 (HKLM-x32\...\c57ecb2e-4390-4154-b3b7-e9f5816f6edd_is1) (Version: 3.4.0.14 - AGS Project Team) Aktualizacje NVIDIA 23.23.30.0 (Version: 23.23.30.0 - NVIDIA Corporation) Hidden Ansel (Version: 378.78 - NVIDIA Corporation) Hidden ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS) Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender) Canon Lite Driver (HKLM-x32\...\{66A4E6BC-ECA4-4602-98BA-79425E47887F}) (Version: 1.9.0.12 - NT-ware) Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd) Eastside Hockey Manager (HKLM\...\Steam App 301120) (Version: - Sports Interactive) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Intel(R) Chipset Device Software (x32 Version: 10.1.1.14 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4578 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{EAF303B3-86E2-4B9E-92E6-2468921D86ED}) (Version: 4.2.41.2633 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{aa2c2346-d0c0-4d3e-9ab1-11a48b4cb9f3}) (Version: 19.20.3 - Intel Corporation) Magicka (HKLM\...\Steam App 42910) (Version: - Arrowhead Game Studios) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0415-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft OneNote 2016 dla Użytkowników Domowych i Uczniów - pl-pl (HKLM\...\OneNoteFreeRetail - pl-pl) (Version: 16.0.7870.2020 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NVIDIA Sterownik graficzny 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.78 - NVIDIA Corporation) NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2020 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7870.2020 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2020 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 10.4.2.12697 - Electronic Arts, Inc.) Panel sterowania NVIDIA 378.78 (Version: 378.78 - NVIDIA Corporation) Hidden qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8073 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Tablet Wacom (HKLM\...\Wacom Tablet Driver) (Version: 6.3.20-7 - Wacom Technology Corp.) The Age of Decadence (HKLM-x32\...\1440152251_is1) (Version: 2.6.0.7 - GOG.com) Torment: Tides of Numenera (1.0.1) (HKLM-x32\...\1958306970_is1) (Version: 0.1.1.294 - GOG.com) VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.19 - IDRIX) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) Windows Driver Package - ASUS (ATP) Mouse (03/18/2014 6.0.0.35) (HKLM\...\DAA6E0EEB715139C1CEA332C78AB4609FB3C211B) (Version: 03/18/2014 6.0.0.35 - ASUS) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4122494467-2726101799-183990937-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {27FDB55D-4EB6-4923-B031-E972842C3179} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe Task: {3862461A-F16E-4C04-88E6-7F8050608FED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.) Task: {39CDB6CD-FD79-4DA5-82BE-1105A8806FE1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-02] (Microsoft Corporation) Task: {4822A455-D58C-44B2-AB5A-2B2B1D45A2F1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation) Task: {4CB11756-3010-4778-B344-9BE6C6A30F92} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] () Task: {5321AC97-06FD-4AC2-934C-F2C19134BC09} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.) Task: {5D604969-5EDD-4B92-A4E9-BB4E21ECE095} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-02-23] (Realtek Semiconductor) Task: {65EF2584-09C0-42CD-ADEF-D8FF67874590} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-02] (Microsoft Corporation) Task: {6B16563B-DAB1-4C99-B50D-704CFE3226CF} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.) Task: {6E50C5C2-FD18-421A-80D7-F1EE6A74DF6A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {714E68B6-EE0A-4491-AEE0-F6E363BE9738} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {83624577-6CAB-4FBF-B60D-F53343B35D1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.) Task: {900B5488-BAD2-4F91-A91A-E428C8EC198B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation) Task: {909AD154-0ECD-43E5-93D7-D6A8D0641748} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-19] (Adobe Systems Incorporated) Task: {92E20C9A-3DEB-4ECB-97F2-BACFE37113F8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {B699EC0B-3A4F-40AA-A652-673B897C4AB3} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek) Task: {BDF499F5-16C2-48F7-AB05-63DA718854F8} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-02-23] (Realtek Semiconductor) Task: {C8CB446E-35CF-405B-9236-90CB4A0F4EB8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation) Task: {CB22AFF5-0947-46AC-8892-AB85E3F1E6A4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation) Task: {D5411B5F-7ED8-4B05-AF10-BDB3F1B5CD05} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {DC6C57AA-FE70-4910-A687-A33AD9959348} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation) Task: {E58FCE2B-A20B-401D-95F0-E2AB088C94CA} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-02-23] (Realtek Semiconductor) Task: {F9DD5EA4-68E1-429F-839A-910A78042CC8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation) Task: {FF01388F-AA53-4AF8-A52C-FF48EECDE472} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-01-17 18:35 - 2013-03-19 11:07 - 00712288 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll 2017-01-17 18:35 - 2013-09-03 13:29 - 00111832 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll 2013-11-07 17:12 - 2013-11-07 17:12 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-11-07 17:12 - 2013-11-07 17:12 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-11-07 17:12 - 2013-11-07 17:12 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2017-01-17 02:07 - 2017-02-23 19:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2017-01-17 02:07 - 2017-02-23 19:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-03-03 17:59 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-03-03 17:59 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2017-03-02 22:20 - 2017-01-13 13:26 - 18046520 _____ () C:\Windows\SYSTEM32\igd11dxva64.dll 2017-03-11 16:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2017-03-11 16:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2017-03-11 16:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2017-03-11 16:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2017-03-11 16:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2017-01-17 02:07 - 2017-02-23 19:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2017-01-17 02:07 - 2017-02-23 19:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll 2017-01-17 02:07 - 2017-02-23 19:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\sharepoint.com -> hxxps://unilodzeu-files.sharepoint.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2017-02-18 02:49 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 104.251.218.27 mf.svc.nhl.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4122494467-2726101799-183990937-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michał\Desktop\homepage_large.7d81e105.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup" HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray" HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk" HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\StartupApproved\StartupFolder: => "Wysyłanie do programu OneNote.lnk" HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\StartupApproved\Run: => "OfficeSyncProcess" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{D99DDC88-5EA2-4F99-B8CA-DC75E3508B5F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{0DD83512-26A3-450D-BE52-ECCED6FEBE25}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{54C7EF0F-A0A7-496C-8E00-1981A7842D66}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{0F52A5FA-E27D-4041-B651-B753C876B7E0}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{6B08BE72-4D62-47BF-9778-40F9D73F3C58}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{18D936FC-DB61-434E-B75E-61D4F25C52C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{5B595112-210C-417B-883F-E1A1DDAC0F00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{68CBA8D3-1020-455B-8EFB-AA24EC753421}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{9A0927D6-E056-4A71-A0A7-C4F8DC10A6BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{CA4C634D-39DD-4BC8-80FB-AE73772E7158}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{AE0E58BE-3DD0-4097-9CB8-799F9689B890}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{82D0980D-E16D-481B-B259-7266E44EEDCA}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{E49A1622-A8F6-4BC0-8807-E7CE35A37797}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{D6B1BC34-DB48-4B4C-BEB3-E1336A13BC75}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [TCP Query User{7E8E1461-556A-4E0D-8159-74F1F039BDB9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{27E468FA-62BF-4A23-AD99-9214A2B30389}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{841C706E-509E-4F92-A34A-30734DF050A4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A4D2DD90-9512-40AC-8549-906E00A69A51}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{245209EB-3236-4186-AD3F-64C648A60847}C:\users\michał\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michał\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{7EE41E52-124E-4D78-AC10-193AA244C0D1}C:\users\michał\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michał\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{96E4A222-47BB-4646-9B45-B4B1296978B4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{AD9234A2-C66B-42D1-8278-1602D906796A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{ECD62EBE-92A4-4141-A4E4-8C0DCBBC8C78}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{CD4056FA-6C2B-4F7D-9042-2315E90ED05A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{D830BF9D-B8B6-498B-97FB-462C0ECAF93F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eastside Hockey Manager\ehm.exe FirewallRules: [{DEB69438-58D0-4C82-A375-CF3595C83237}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eastside Hockey Manager\ehm.exe FirewallRules: [{03DC7915-80FC-4E29-99D2-0618F904DFB4}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{C7767552-4EA8-4B61-BAF5-F89180EB6B19}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [TCP Query User{E597A767-69F8-4B1C-81C6-84BECC33CB31}C:\users\michał\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michał\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{C9F4AAD8-8D15-4C4E-BC5D-636A30DDB34C}C:\users\michał\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michał\appdata\roaming\spotify\spotify.exe FirewallRules: [{39CBE7ED-D91A-4AC5-B855-E2A84BDF160E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{4C2DC89B-734F-4C88-8685-56BF593EE683}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [TCP Query User{806D4CE9-74DA-4946-8AF1-77632D3750D8}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe FirewallRules: [UDP Query User{12E4CC59-6798-4A06-9E30-B0E7D2990D35}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe FirewallRules: [TCP Query User{7A52A517-F17E-4360-95BD-87F008064176}C:\gog games\torment - tides of numenera\tidesofnumenera.exe] => (Allow) C:\gog games\torment - tides of numenera\tidesofnumenera.exe FirewallRules: [UDP Query User{1CF91CD3-A7E4-420B-97C9-004B07943952}C:\gog games\torment - tides of numenera\tidesofnumenera.exe] => (Allow) C:\gog games\torment - tides of numenera\tidesofnumenera.exe FirewallRules: [{4CDD48F6-902F-4789-88B1-CA4B0E2FA067}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{96288DBD-C1EE-4F1E-8D30-72309AFB3609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exe FirewallRules: [{4DDAA5BE-DA87-42DF-A458-4F6A01A74B26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exe FirewallRules: [TCP Query User{6A58DAF9-4F9E-4805-8BA3-A7FCA5C5B53F}D:\games\helldivers\binaries\x64\helldivers.exe] => (Block) D:\games\helldivers\binaries\x64\helldivers.exe FirewallRules: [UDP Query User{3AAD0EBA-40D8-4C43-A494-0500E7A8753E}D:\games\helldivers\binaries\x64\helldivers.exe] => (Block) D:\games\helldivers\binaries\x64\helldivers.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 06-03-2017 22:25:23 Zainstalowany program DirectX 08-03-2017 13:03:19 Removed ATK Package 11-03-2017 16:32:39 AA11 13-03-2017 10:16:05 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/13/2017 09:11:48 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" w wierszu 1. Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego. Odwołanie to UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definicja to UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (03/12/2017 12:09:36 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" w wierszu 1. Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego. Odwołanie to UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definicja to UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (03/11/2017 11:06:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: Service_KMS.exe, wersja: 11.0.0.0, sygnatura czasowa: 0x52a8d15d Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0x00000000 Przesunięcie błędu: 0x00007fff88e90668 Identyfikator procesu powodującego błąd: 0x100c Godzina uruchomienia aplikacji powodującej błąd: 0x01d29ab39c3c0a2b Ścieżka aplikacji powodującej błąd: C:\Program Files\KMSpico\Service_KMS.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: fa4ab6f0-06a6-11e7-828b-40167e9a6da5 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (03/11/2017 11:04:41 PM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfPolicyConfigTDPService ServiceMainThread: NotifyServiceStatusRunning() failed. Error: (03/11/2017 11:04:41 PM) (Source: DptfEvent) (EventID: 2) (User: ) Description: DptfPolicyConfigTDPService NotifyServiceStatusRunning: DeviceIoControl() failed. Last error = [0x0000001f] Error: (03/11/2017 11:04:37 PM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfProcessorParticipantService ServiceMain: ServiceStart() failed. Error: (03/11/2017 11:04:37 PM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfProcessorParticipantService ServiceStart: ConnectToDptfProcessorDriver() failed. Error: (03/11/2017 11:04:37 PM) (Source: DptfEvent) (EventID: 2) (User: ) Description: DptfProcessorParticipantService ConnectToDptfProcessorDriver: SetupDiEnumDeviceInterfaces() failed. Last error = [0x00000103] Error: (03/11/2017 11:01:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: helldivers.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x565eea2a Nazwa modułu powodującego błąd: helldivers.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x565eea2a Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000001910c0 Identyfikator procesu powodującego błąd: 0x2dc Godzina uruchomienia aplikacji powodującej błąd: 0x01d29ab307ae3c35 Ścieżka aplikacji powodującej błąd: D:\Games\HELLDIVERS\binaries\x64\helldivers.exe Ścieżka modułu powodującego błąd: D:\Games\HELLDIVERS\binaries\x64\helldivers.exe Identyfikator raportu: 4757216f-06a6-11e7-828a-cbe38ab3c826 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (03/11/2017 10:49:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: Service_KMS.exe, wersja: 11.0.0.0, sygnatura czasowa: 0x52a8d15d Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0x00000000 Przesunięcie błędu: 0x00007ff952140668 Identyfikator procesu powodującego błąd: 0x100c Godzina uruchomienia aplikacji powodującej błąd: 0x01d29ab13183aaaa Ścieżka aplikacji powodującej błąd: C:\Program Files\KMSpico\Service_KMS.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 8cde4965-06a4-11e7-8289-8086f230fc04 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: System errors: ============= Error: (03/13/2017 10:16:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa NVIDIA LocalSystem Container niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 1000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (03/13/2017 10:12:54 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Restart the service) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: Jedno wystąpienie usługi już działa. . Error: (03/13/2017 10:12:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (03/13/2017 10:12:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Intel(R) Dynamic Platform and Thermal Framework Critical Service Application niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (03/13/2017 10:12:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Media Player Network Sharing Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (03/13/2017 10:12:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Office Software Protection Platform niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (03/13/2017 10:12:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Presentation Foundation Font Cache 3.0.0.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (03/13/2017 10:12:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Spybot-S&D 2 Security Center Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (03/13/2017 10:12:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa NVIDIA LocalSystem Container niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 1000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (03/13/2017 10:12:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa NVIDIA Telemetry Container niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 1000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz Percentage of memory in use: 20% Total physical RAM: 12171.04 MB Available physical RAM: 9673.96 MB Total Virtual: 24459.04 MB Available Virtual: 20648.5 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:390.28 GB) (Free:288.22 GB) NTFS Drive d: (MAGAZYN) (Fixed) (Total:390.62 GB) (Free:363.63 GB) NTFS Drive g: (IRM_CCSA_X64FRE_EN-US_DV5) (Removable) (Total:29.31 GB) (Free:25.82 GB) NTFS Drive i: (DATA) (Fixed) (Total:150.26 GB) (Free:149.36 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4DD2E4FF) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=390.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=150.3 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 29.3 GB) (Disk ID: 076AAB53) Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================