Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015 Ran by nitro (2015-08-01 12:13:31) Running from C:\Users\nitro\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-370027915-2700264500-427465068-500 - Administrator - Disabled) Gość (S-1-5-21-370027915-2700264500-427465068-501 - Limited - Disabled) Konto domyślne (S-1-5-21-370027915-2700264500-427465068-503 - Limited - Disabled) nitro (S-1-5-21-370027915-2700264500-427465068-1001 - Administrator - Enabled) => C:\Users\nitro ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ALLPlayer Pilot (HKLM-x32\...\{146BDBDD-ACD9-4B04-A286-C27471841E8E}_is1) (Version: 1.2 - ALLPlayer Group, Ltd.) ALLPlayer V6.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.) AMD Catalyst Install Manager (HKLM\...\{ADEB8B10-B025-5FDC-A701-D595BCED7F93}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Bandicam (HKLM-x32\...\Bandicam) (Version: 2.2.5.815 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) FileZilla Client 3.12.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse) GG (HKU\S-1-5-21-370027915-2700264500-427465068-1001\...\GG) (Version: 12 - GG Network S.A.) Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North) Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games) Łatka polonizacyjna GTA IV v1.0 (HKLM-x32\...\Łatka polonizacyjna GTA IV v1.0) (Version: 1.0 - GTAPOLSKA.PL) Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 pl)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla) Napisy24 (HKLM-x32\...\{D1985DBC-F09E-4317-91B8-932AD0FD4A27}_is1) (Version: 1.1 - Napisy24.pl) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8 - Notepad++ Team) Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) S Agent (Version: 1.1.53 - Samsung Electronics CO., LTD.) Hidden Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated) Teleport Pro (HKLM-x32\...\Teleport Pro) (Version: 1.71 - Tennyson Maxwell Information Systems, Inc.) Wander Burst (HKLM-x32\...\Wander Burst) (Version: 2.0.5691.2480 - Wander Burst) <==== ATTENTION WinRAR 5.21 (32-bitowy) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) XnView 2.33 (HKLM-x32\...\XnView_is1) (Version: 2.33 - Gougelet Pierre-e) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-370027915-2700264500-427465068-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-370027915-2700264500-427465068-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\nitro\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-370027915-2700264500-427465068-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\nitro\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-370027915-2700264500-427465068-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\nitro\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-370027915-2700264500-427465068-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-370027915-2700264500-427465068-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\nitro\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-370027915-2700264500-427465068-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\nitro\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-370027915-2700264500-427465068-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\nitro\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-370027915-2700264500-427465068-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\nitro\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-370027915-2700264500-427465068-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\nitro\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-370027915-2700264500-427465068-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\nitro\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) CustomCLSID: HKU\S-1-5-21-370027915-2700264500-427465068-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\nitro\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-370027915-2700264500-427465068-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\nitro\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 30-07-2015 16:37:35 Instalator modułów systemu Windows 31-07-2015 16:39:28 Zainstalowany program DirectX 31-07-2015 16:40:09 Instalator modułów systemu Windows ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 13:04 - 2015-07-10 13:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation) Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation) Task: {1641F54C-1E57-4902-AB65-EE2B65E5629D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {1D3D099E-EE1E-4907-8BA2-BA8F12D11AA6} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe [2015-07-10] (Microsoft Corporation) Task: {2C97A00A-1C5C-4318-B5CC-8A1A126B77F9} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation) Task: {4454A8D0-2E4E-4A02-BF67-48DF6A7BFAB4} - System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask Task: {5E5515C1-7D87-4904-B9CE-FD29EB2ADB72} - System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {711EE2F9-A611-4773-AF8E-D4B278A6718D} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask Task: {744C9FEA-08B7-43E1-A729-0F94647D655C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance Task: {7A003965-A297-4DC6-B15B-852D798391E0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe [2015-07-16] (Microsoft Corporation) Task: {80552225-B856-40AA-A920-63EF3E2A6DE4} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-07-30] (Realtek Semiconductor) Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe [2015-07-16] (Microsoft Corporation) Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-15] (Microsoft Corporation) Task: {A364E297-00AD-490D-900E-22AC34598C71} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager Task: {A82D414A-3327-4B09-B593-834197BB1ACF} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation) Task: {AC29E64E-3271-47BA-B8F1-914523CF379B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update Task: {B9B36D41-C776-424E-9A13-5387E17A2CEB} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\Windows\System32\WiFiTask.exe [2015-07-10] (Microsoft Corporation) Task: {C2162702-FFEB-48C0-AA5F-2DA3A8887D61} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation) Task: {C933DF53-7F76-4CAE-91B5-F64AC141DF03} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-07-01] (Samsung Electronics CO., LTD.) Task: {D2401052-A382-42DE-9C79-D1CF3563F654} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation Task: {DAF2BAE3-1C5B-4CB5-9F62-0911C031A15A} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\Windows\system32\disksnapshot.exe [2015-07-10] (Microsoft Corporation) Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe [2015-07-16] (Microsoft Corporation) Task: {FB34EB22-FBD0-4D78-B310-F6D1536F0812} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => 0x000A0100D0E25DFDAD7B0546928C0BB3769EAF8A4600D400000000003C000A00200000000014730F000000000513040020200401000000000000000000000000000000000000180043003A005C00570049004E0044004F00570053005C006500780070006C006F007200650072002E0065007800650000000C002F004E004F0055004100430043004800450043004B000000000018004500780070006C006F007200650072005300680065006C006C0055006E0065006C00650076006100740065006400000000000000080003130400000000000000 ==================== Loaded Modules (Whitelisted) ============== 2015-07-30 16:54 - 2015-07-15 04:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-07-30 16:54 - 2015-07-11 03:22 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2015-07-30 16:55 - 2015-07-18 07:19 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-07-30 16:55 - 2015-07-18 07:19 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-07-09 19:32 - 2015-07-09 19:32 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-07-10 12:59 - 2015-07-10 12:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll 2015-07-30 16:55 - 2015-07-24 04:25 - 06576640 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-07-10 13:00 - 2015-07-10 18:34 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-07-30 16:55 - 2015-07-24 04:23 - 01806848 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-07-30 16:55 - 2015-07-24 04:23 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 13:00 - 2015-07-10 18:34 - 00210432 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2015-07-01 20:50 - 2015-07-01 20:50 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2015-08-01 08:23 - 2015-08-01 08:23 - 01136864 ____N () C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugincontainer.exe 2015-08-01 08:30 - 2015-08-01 08:30 - 01079008 ____N () C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe 2015-08-01 11:14 - 2015-08-01 11:14 - 01220320 _____ () C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\8\plugin.exe 2015-08-01 11:15 - 2015-08-01 11:15 - 01767136 _____ () C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\2\plugin.exe 2015-06-17 16:01 - 2015-06-17 16:01 - 03715648 _____ () C:\Users\nitro\AppData\Local\GG\Application\xulrunner\mozjs.dll 2015-07-30 17:35 - 2015-07-03 18:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-07-30 17:35 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-07-30 17:35 - 2015-07-24 01:24 - 02410176 _____ () C:\Program Files (x86)\Steam\video.dll 2015-07-30 17:35 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-07-30 17:35 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-07-30 17:35 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-07-30 17:35 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-07-30 17:35 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-07-30 17:35 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-07-30 17:35 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-07-30 17:35 - 2015-07-24 01:23 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-07-30 17:35 - 2015-07-07 22:41 - 00169984 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll 2015-07-30 17:35 - 2015-07-03 18:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd 2014-05-14 01:26 - 2014-05-14 01:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd 2014-05-14 01:26 - 2014-05-14 01:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd 2014-05-14 01:26 - 2014-05-14 01:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd 2014-05-14 01:26 - 2014-05-14 01:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd 2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll 2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd 2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd 2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd 2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll 2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd 2014-05-14 01:26 - 2014-05-14 01:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd 2014-08-14 02:37 - 2014-08-14 02:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll 2014-08-14 02:37 - 2014-08-14 02:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll 2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll 2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd 2013-11-21 02:05 - 2013-11-21 02:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll 2010-11-23 00:57 - 2010-11-23 00:57 - 00024064 _____ () C:\Program Files (x86)\Raptr\win32pipe.pyd 2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd 2014-06-18 02:56 - 2014-06-18 02:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd 2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll 2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll 2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll 2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll 2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll 2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll 2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll 2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll 2015-06-17 16:01 - 2015-06-17 16:01 - 00122432 _____ () C:\Users\nitro\AppData\Local\GG\Application\ggdrive\ZLIB1.dll 2015-06-17 16:01 - 2015-06-17 16:01 - 16361120 _____ () C:\Users\nitro\AppData\Local\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-370027915-2700264500-427465068-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\nitro\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\tapeta pulpitu.bmp DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{C472A736-3502-49EB-96ED-289B1BC80183}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5CD54BB9-2F12-453D-A767-4137599AFE28}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{0BEAFBEC-CE79-4DCF-8AB4-32D3FFF03C31}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E6C403A6-6EA3-415F-BA3A-E48221768735}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{3828E527-24D7-4468-80EF-E384A674C3DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe FirewallRules: [{3639EB08-BAD7-4295-B4C6-79B6C6C85087}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe FirewallRules: [{33C0D7D3-B8F9-4ABF-8B86-993B97AE02C5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{57ECDA23-F874-4EE1-B051-79040FC78184}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [UDP Query User{2058A4D1-0AAE-48D6-8B5E-34991793B559}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [{BA3D3622-A53C-44D5-B665-EA0AF4EACAF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe FirewallRules: [{F5618D1F-C73D-4E94-A777-6C3B909956B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe FirewallRules: [{ADE733F1-F4F2-4773-81E0-5BA589EDB4BA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9B0443F4-A62D-4CF3-A976-4CD877633E09}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{D867494C-8F62-404B-AE5C-D559FC0B9492}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe FirewallRules: [UDP Query User{61DE2F97-0AB5-4711-98F4-6E259A61F36E}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe FirewallRules: [{C7BE3677-98D3-4170-B119-5D1F9F112698}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{1AA76F9C-3987-4D58-B435-5CEAADB45C2B}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{26AE30CC-3B89-4A32-B55F-E5A047544F33}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{8C740DCA-49B2-41A9-A670-2BC6BEA2F0D0}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/01/2015 11:50:19 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: OHub.exe, wersja: 16.0.6020.2380, sygnatura czasowa: 0x55adecd1 Nazwa modułu powodującego błąd: ucrtbase.dll, wersja: 10.0.10240.16384, sygnatura czasowa: 0x559f3851 Kod wyjątku: 0xc0000409 Przesunięcie błędu: 0x0000000000064388 Identyfikator procesu powodującego błąd: 0x157c Godzina uruchomienia aplikacji powodującej błąd: 0xOHub.exe0 Ścieżka aplikacji powodującej błąd: OHub.exe1 Ścieżka modułu powodującego błąd: OHub.exe2 Identyfikator raportu: OHub.exe3 Pełna nazwa pakietu powodującego błąd: OHub.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: OHub.exe5 Error: (08/01/2015 11:13:07 AM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (4708) Nie można utworzyć nowego pliku dziennika, ponieważ baza danych nie może dokonać zapisu na dysku dziennika. Dysk może być tylko do odczytu, zapełniony, niewłaściwie skonfigurowany lub uszkodzony. Błąd -1032. Error: (08/01/2015 11:13:07 AM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (4708) Próba utworzenia pliku „C:\WINDOWS\system32\edbtmp.log” zakończyła się niepomyślnie z błędem systemowym 5 (0x00000005): „Odmowa dostępu. ”. Operacja tworzenia pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error: (08/01/2015 11:12:57 AM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (4708) Nie można utworzyć nowego pliku dziennika, ponieważ baza danych nie może dokonać zapisu na dysku dziennika. Dysk może być tylko do odczytu, zapełniony, niewłaściwie skonfigurowany lub uszkodzony. Błąd -1032. Error: (08/01/2015 11:12:57 AM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (4708) Próba utworzenia pliku „C:\WINDOWS\system32\edbtmp.log” zakończyła się niepomyślnie z błędem systemowym 5 (0x00000005): „Odmowa dostępu. ”. Operacja tworzenia pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error: (08/01/2015 11:12:47 AM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (4708) Nie można utworzyć nowego pliku dziennika, ponieważ baza danych nie może dokonać zapisu na dysku dziennika. Dysk może być tylko do odczytu, zapełniony, niewłaściwie skonfigurowany lub uszkodzony. Błąd -1032. Error: (08/01/2015 11:12:47 AM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (4708) Próba utworzenia pliku „C:\WINDOWS\system32\edbtmp.log” zakończyła się niepomyślnie z błędem systemowym 5 (0x00000005): „Odmowa dostępu. ”. Operacja tworzenia pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error: (08/01/2015 11:12:36 AM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (4708) Nie można utworzyć nowego pliku dziennika, ponieważ baza danych nie może dokonać zapisu na dysku dziennika. Dysk może być tylko do odczytu, zapełniony, niewłaściwie skonfigurowany lub uszkodzony. Błąd -1032. Error: (08/01/2015 11:12:36 AM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (4708) Próba utworzenia pliku „C:\WINDOWS\system32\edbtmp.log” zakończyła się niepomyślnie z błędem systemowym 5 (0x00000005): „Odmowa dostępu. ”. Operacja tworzenia pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error: (08/01/2015 11:12:26 AM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (4708) Nie można utworzyć nowego pliku dziennika, ponieważ baza danych nie może dokonać zapisu na dysku dziennika. Dysk może być tylko do odczytu, zapełniony, niewłaściwie skonfigurowany lub uszkodzony. Błąd -1032. System errors: ============= Error: (08/01/2015 11:11:36 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-G4E0E1G) Description: {B91D5831-B1BD-4608-8198-D72E155020F7} Error: (08/01/2015 11:09:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Usługa Optymalizacja dostarczania zawiesiła się podczas uruchamiania. Error: (08/01/2015 11:04:32 AM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: 1084dpsNiedostępny{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} Error: (08/01/2015 11:04:31 AM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: 1084dpsNiedostępny{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} Error: (08/01/2015 11:04:31 AM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: 1084dpsNiedostępny{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} Error: (08/01/2015 11:04:31 AM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: 1084dpsNiedostępny{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} Error: (08/01/2015 11:04:31 AM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: 1084dpsNiedostępny{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} Error: (08/01/2015 11:04:28 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-G4E0E1G) Description: 1084WSearchNiedostępny{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (08/01/2015 11:04:26 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-G4E0E1G) Description: 1084WSearchNiedostępny{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (08/01/2015 11:04:06 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-G4E0E1G) Description: 1084ShellHWDetectionNiedostępny{DD522ACC-F821-461A-A407-50B198B896DC} Microsoft Office: ========================= Error: (08/01/2015 11:50:19 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: OHub.exe16.0.6020.238055adecd1ucrtbase.dll10.0.10240.16384559f3851c00004090000000000064388157c01d0cc3f77d57a93C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6020.23801.0_x64__8wekyb3d8bbwe\OHub.exeC:\WINDOWS\SYSTEM32\ucrtbase.dllf72cab83-ee9c-44a0-9701-f6ec7bee63f1Microsoft.MicrosoftOfficeHub_17.6020.23801.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub Error: (08/01/2015 11:13:07 AM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost4708-1032 Error: (08/01/2015 11:13:07 AM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost4708C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Odmowa dostępu. Error: (08/01/2015 11:12:57 AM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost4708-1032 Error: (08/01/2015 11:12:57 AM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost4708C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Odmowa dostępu. Error: (08/01/2015 11:12:47 AM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost4708-1032 Error: (08/01/2015 11:12:47 AM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost4708C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Odmowa dostępu. Error: (08/01/2015 11:12:36 AM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost4708-1032 Error: (08/01/2015 11:12:36 AM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost4708C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Odmowa dostępu. Error: (08/01/2015 11:12:26 AM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost4708-1032 CodeIntegrity: =================================== Date: 2015-07-31 19:46:04.187 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz Percentage of memory in use: 35% Total physical RAM: 8083.48 MB Available physical RAM: 5215.52 MB Total Virtual: 10003.48 MB Available Virtual: 6928.93 MB ==================== Drives ================================ Drive c: (SYSTEM) (Fixed) (Total:707.21 GB) (Free:648.97 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 008246AD) Partition: GPT Partition Type. ==================== End of log ============================