Guest User

Addition

a guest
Jul 2nd, 2018
134
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
  2. Ran by flork (02-07-2018 10:51:51)
  3. Running from C:\Users\flork\Downloads
  4. Windows 10 Home Version 1803 17134.112 (X64) (2018-06-09 17:22:31)
  5. Boot Mode: Normal
  6. ==========================================================
  7.  
  8.  
  9. ==================== Accounts: =============================
  10.  
  11. Administrator (S-1-5-21-3473786666-1609645680-3100001402-500 - Administrator - Disabled)
  12. DefaultAccount (S-1-5-21-3473786666-1609645680-3100001402-503 - Limited - Disabled)
  13. flork (S-1-5-21-3473786666-1609645680-3100001402-1001 - Administrator - Enabled) => C:\Users\flork
  14. Guest (S-1-5-21-3473786666-1609645680-3100001402-501 - Limited - Disabled)
  15. WDAGUtilityAccount (S-1-5-21-3473786666-1609645680-3100001402-504 - Limited - Disabled)
  16.  
  17. ==================== Security Center ========================
  18.  
  19. (If an entry is included in the fixlist, it will be removed.)
  20.  
  21. AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  22. AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  23.  
  24. ==================== Installed Programs ======================
  25.  
  26. (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
  27.  
  28. Aktualizacje NVIDIA 31.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.2.0.0 - NVIDIA Corporation) Hidden
  29. AORUS GRAPHICS ENGINE (HKLM-x32\...\AORUS GRAPHICS ENGINE_is1) (Version: 1.3.4 - GIGABYTE Technology Co.,Inc.)
  30. Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
  31. BitTorrent (HKU\S-1-5-21-3473786666-1609645680-3100001402-1001\...\BitTorrent) (Version: 7.10.3.44495 - BitTorrent Inc.)
  32. CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
  33. Discord (HKU\S-1-5-21-3473786666-1609645680-3100001402-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
  34. DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.36 - NVIDIA Corporation) Hidden
  35. Epic Games Launcher (HKLM-x32\...\{C1DEC9EF-012B-40E4-A5DD-350AAD153DCD}) (Version: 1.1.151.0 - Epic Games, Inc.)
  36. Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
  37. Game Summary (HKU\S-1-5-21-3473786666-1609645680-3100001402-1001\...\Overwolf_nafihghfcpikebhfhdhljejkcifgbdahdhngepfb) (Version: 116.2.4 - Overwolf app)
  38. Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
  39. Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
  40. Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
  41. Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
  42. Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
  43. League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
  44. Malwarebytes (wersja 3.5.1.2522) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
  45. Microsoft OneDrive (HKU\S-1-5-21-3473786666-1609645680-3100001402-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
  46. Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
  47. Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
  48. Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
  49. Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
  50. Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
  51. Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
  52. Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
  53. Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
  54. Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
  55. Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
  56. Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
  57. Mozilla Firefox 60.0.2 (x64 pl) (HKLM\...\Mozilla Firefox 60.0.2 (x64 pl)) (Version: 60.0.2 - Mozilla)
  58. Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2 - Mozilla)
  59. NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation)
  60. NVIDIA Oprogramowanie systemu PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
  61. NVIDIA Sterownik 3D Vision 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.36 - NVIDIA Corporation)
  62. NVIDIA Sterownik dźwięku HD 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
  63. NVIDIA Sterownik graficzny 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.36 - NVIDIA Corporation)
  64. NVIDIA Sterownik kontrolera 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
  65. Origin (HKLM-x32\...\Origin) (Version: 10.5.21.179 - Electronic Arts, Inc.)
  66. Overwolf (HKLM-x32\...\Overwolf) (Version: 0.116.2.23 - Overwolf Ltd.)
  67. Panel sterowania NVIDIA 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 398.36 - NVIDIA Corporation) Hidden
  68. Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
  69. SHU (HKLM-x32\...\{DF11DD92-DBB8-4F3F-9564-A8BBDBE986F5}_is1) (Version: 1.0 - ScreenShu Software)
  70. Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
  71. TeamSpeak (HKU\S-1-5-21-3473786666-1609645680-3100001402-1001\...\Overwolf_jnabojaampcpfclojlbildognlnebnhfhibiielh) (Version: 1.0.0.1 - Overwolf app)
  72. TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.9 - TeamSpeak Systems GmbH)
  73. Tomb Raider GOTY Edition (HKLM-x32\...\Tomb Raider GOTY Edition_is1) (Version: - )
  74. Uplay (HKLM-x32\...\Uplay) (Version: 60.0 - Ubisoft)
  75. Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
  76. WinRAR 5.50 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
  77. World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
  78.  
  79. ==================== Custom CLSID (Whitelisted): ==========================
  80.  
  81. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  82.  
  83. ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\WinRar\rarext.dll [2017-09-13] (Alexander Roshal)
  84. ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\WinRar\rarext32.dll [2017-09-13] (Alexander Roshal)
  85. ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
  86. ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation)
  87. ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
  88. ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\WinRar\rarext.dll [2017-09-13] (Alexander Roshal)
  89. ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\WinRar\rarext32.dll [2017-09-13] (Alexander Roshal)
  90.  
  91. ==================== Scheduled Tasks (Whitelisted) =============
  92.  
  93. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  94.  
  95. Task: {00807B5D-E620-44F3-A8D4-8DD7FF9C7AAB} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-06-01] (NVIDIA Corporation)
  96. Task: {06825532-8F1E-46C9-A12D-88A36726B58B} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-06-01] (NVIDIA Corporation)
  97. Task: {0980F4F2-2BD2-492C-A22E-60A415C9B414} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
  98. Task: {15F3EB01-A5B4-4CD7-A705-3591E3B6EF3C} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-06-01] (NVIDIA Corporation)
  99. Task: {2A09F530-EB5B-490E-8CB7-E8C0DC8A8FD5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
  100. Task: {2FA4338C-71CF-48DD-9990-03ECDF46871C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-06-01] (NVIDIA Corporation)
  101. Task: {33C5D568-6C47-4D98-A298-910B1EAFC151} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => D:\AORUS GRAPHICS ENGINE\AORUS.exe [2018-05-14] (GIGABYTE Technology Co.,Ltd.)
  102. Task: {5C94C1A5-AFB2-4003-A6A8-851DD2B8FDBD} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-06-01] (NVIDIA Corporation)
  103. Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
  104. Task: {6835633D-1DC3-496B-8527-2D2DA01CCED0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
  105. Task: {991F4EF4-500C-405E-9E39-73314F125548} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-06-24] (Overwolf LTD)
  106. Task: {9C6D7036-57C9-4A5C-8A6C-21C1D44047B5} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-06-01] (NVIDIA Corporation)
  107. Task: {9E071237-A5F4-472C-BC89-60B9C5C588F8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-06-01] (NVIDIA Corporation)
  108. Task: {9E3669DC-A6CC-4192-9920-D6CE9D8F204C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
  109. Task: {D9FD74A1-B34B-4E69-BFE3-8B0F93C20A24} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-06-01] (NVIDIA Corporation)
  110. Task: {DF23E650-F9F0-4E63-B266-DF7386EA6BD1} - System32\Tasks\CCleaner Update => D:\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
  111. Task: {E45A085C-0A32-4A80-9A05-973915225E23} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-06-01] (NVIDIA Corporation)
  112. Task: {E5871E15-DED6-4BE7-9F5B-B31D9D011419} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-06-01] (NVIDIA Corporation)
  113. Task: {F2C24127-4A9A-4CB2-8906-F4F2DB329524} - System32\Tasks\CCleanerSkipUAC => D:\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
  114. Task: {FB71898B-4D02-45FF-8491-6EEEE6B33533} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-06-01] (NVIDIA Corporation)
  115.  
  116. (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
  117.  
  118.  
  119. ==================== Shortcuts & WMI ========================
  120.  
  121. (The entries could be listed to be restored or removed.)
  122.  
  123.  
  124. ==================== Loaded Modules (Whitelisted) ==============
  125.  
  126. 2018-06-09 21:49 - 2018-06-01 12:16 - 001314752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
  127. 2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
  128. 2018-07-02 03:30 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
  129. 2018-07-02 03:30 - 2018-05-30 09:22 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
  130. 2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
  131. 2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
  132. 2018-06-13 14:27 - 2018-06-08 10:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
  133. 2018-06-10 11:49 - 2018-06-10 11:53 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
  134. 2018-06-10 11:49 - 2018-06-10 11:53 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
  135. 2018-06-10 11:49 - 2018-06-10 11:55 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
  136. 2018-06-10 11:49 - 2018-06-10 11:54 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
  137. 2018-06-10 11:49 - 2018-06-10 11:50 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
  138. 2018-06-09 22:53 - 2018-06-09 22:55 - 098275328 _____ () D:\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
  139. 2018-06-09 22:55 - 2018-06-09 22:55 - 003922432 _____ () D:\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
  140. 2018-06-09 22:55 - 2018-06-09 22:55 - 000092672 _____ () D:\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
  141. 2018-06-24 13:26 - 2018-06-24 13:26 - 000061408 _____ () D:\CCleaner\branding.dll
  142. 2018-06-24 13:26 - 2018-06-24 13:26 - 000090496 _____ () D:\CCleaner\lang\lang-1045.dll
  143. 2018-06-10 11:48 - 2018-06-10 12:17 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
  144. 2018-06-10 11:48 - 2018-06-10 12:17 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
  145. 2018-06-10 11:48 - 2018-06-10 12:19 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
  146. 2018-06-10 11:48 - 2018-06-10 12:18 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
  147. 2018-06-10 11:48 - 2018-06-10 12:11 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
  148. 2018-06-10 11:48 - 2018-06-10 12:12 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
  149. 2018-06-10 11:48 - 2018-06-10 12:20 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
  150. 2018-06-10 11:48 - 2018-06-10 12:18 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
  151. 2018-06-10 11:48 - 2018-06-10 12:18 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
  152. 2018-06-10 11:48 - 2018-06-10 12:12 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
  153. 2018-06-10 11:48 - 2018-06-10 11:59 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
  154. 2018-06-10 11:48 - 2018-06-10 12:17 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
  155. 2018-06-10 11:48 - 2018-06-10 12:17 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
  156. 2018-06-10 11:48 - 2018-06-10 12:18 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
  157. 2018-06-10 11:48 - 2018-06-10 12:18 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
  158. 2018-06-09 21:49 - 2018-06-01 12:16 - 095437248 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
  159. 2018-06-09 21:49 - 2018-06-01 12:16 - 003028928 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
  160. 2018-06-09 21:49 - 2018-06-01 12:16 - 000149440 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
  161. 2018-06-22 01:22 - 2018-06-22 01:22 - 000093696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
  162. 2018-06-22 01:22 - 2018-06-22 01:22 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
  163. 2018-06-22 01:22 - 2018-06-22 01:22 - 007813632 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
  164. 2018-06-09 21:49 - 2018-06-01 12:16 - 001032640 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
  165. 2018-06-09 21:28 - 2018-06-08 23:38 - 000788256 _____ () D:\Steam\SDL2.dll
  166. 2018-06-09 21:28 - 2018-06-09 01:39 - 002632992 _____ () D:\Steam\video.dll
  167. 2018-06-09 21:28 - 2018-06-08 23:42 - 004969248 _____ () D:\Steam\v8.dll
  168. 2018-06-09 21:28 - 2018-06-08 23:40 - 000695584 _____ () D:\Steam\libavformat-57.dll
  169. 2018-06-09 21:28 - 2018-06-08 23:40 - 000351520 _____ () D:\Steam\libavresample-3.dll
  170. 2018-06-09 21:28 - 2018-06-08 23:40 - 005137696 _____ () D:\Steam\libavcodec-57.dll
  171. 2018-06-09 21:28 - 2018-06-08 23:40 - 000847136 _____ () D:\Steam\libavutil-55.dll
  172. 2018-06-09 21:28 - 2018-06-08 23:40 - 000783648 _____ () D:\Steam\libswscale-4.dll
  173. 2018-06-09 21:28 - 2018-06-08 23:40 - 001563936 _____ () D:\Steam\icui18n.dll
  174. 2018-06-09 21:28 - 2018-06-08 23:40 - 001195296 _____ () D:\Steam\icuuc.dll
  175. 2018-06-09 21:28 - 2018-06-09 01:38 - 000979744 _____ () D:\Steam\bin\chromehtml.DLL
  176. 2018-06-09 21:28 - 2018-06-08 23:40 - 000266560 _____ () D:\Steam\openvr_api.dll
  177. 2018-06-09 21:16 - 2017-01-12 11:15 - 000225792 _____ () D:\AORUS GRAPHICS ENGINE\GvFireware.dll
  178. 2018-06-09 21:16 - 2017-01-12 11:15 - 000025088 _____ () D:\AORUS GRAPHICS ENGINE\BSL430.dll
  179. 2018-06-09 21:28 - 2018-06-08 23:39 - 083524384 _____ () D:\Steam\bin\cef\cef.win7\libcef.dll
  180. 2018-06-09 21:28 - 2018-06-08 23:39 - 000788256 _____ () D:\Steam\bin\cef\cef.win7\SDL2.dll
  181. 2018-06-09 21:28 - 2018-06-08 23:42 - 000119208 _____ () D:\Steam\winh264.dll
  182. 2018-06-09 21:28 - 2018-06-08 23:39 - 002253600 _____ () D:\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
  183. 2018-06-09 21:28 - 2018-06-08 23:39 - 000109856 _____ () D:\Steam\bin\cef\cef.win7\swiftshader\libegl.dll
  184. 2018-06-09 21:16 - 2016-10-23 12:03 - 000225792 _____ () D:\AORUS GRAPHICS ENGINE\Led\GvFireware.dll
  185.  
  186. ==================== Alternate Data Streams (Whitelisted) =========
  187.  
  188. (If an entry is included in the fixlist, only the ADS will be removed.)
  189.  
  190. AlternateDataStreams: C:\Users\flork\OneDrive\Documents\Heroes of the Storm:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
  191. AlternateDataStreams: C:\Users\flork\OneDrive\Documents\League of Legends:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
  192. AlternateDataStreams: C:\Users\flork\OneDrive\Documents\My Games:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
  193. AlternateDataStreams: C:\Users\flork\OneDrive\Documents\temp:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
  194. AlternateDataStreams: C:\Users\flork\OneDrive\Documents\The Witcher:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
  195. AlternateDataStreams: C:\Users\flork\OneDrive\Documents\The Witcher 3:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
  196. AlternateDataStreams: C:\Users\flork\OneDrive\Documents\Witcher 2:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
  197. AlternateDataStreams: C:\Users\Public\AppData:CSM [482]
  198.  
  199. ==================== Safe Mode (Whitelisted) ===================
  200.  
  201. (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
  202.  
  203. HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
  204. HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
  205.  
  206. ==================== Association (Whitelisted) ===============
  207.  
  208. (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
  209.  
  210.  
  211. ==================== Internet Explorer trusted/restricted ===============
  212.  
  213. (If an entry is included in the fixlist, it will be removed from the registry.)
  214.  
  215.  
  216. ==================== Hosts content: ===============================
  217.  
  218. (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
  219.  
  220. 2018-04-12 01:38 - 2018-04-12 01:36 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
  221.  
  222.  
  223. ==================== Other Areas ============================
  224.  
  225. (Currently there is no automatic fix for this section.)
  226.  
  227. HKU\S-1-5-21-3473786666-1609645680-3100001402-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\flork\Downloads\harry-potter-7-deathly-hallows.jpg
  228. DNS Servers: 188.241.25.3 - 188.241.25.2
  229. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
  230. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
  231. Windows Firewall is enabled.
  232.  
  233. ==================== MSCONFIG/TASK MANAGER disabled items ==
  234.  
  235. MSCONFIG\Services: BEService => 3
  236. MSCONFIG\Services: EasyAntiCheat => 3
  237. MSCONFIG\Services: HiPatchService => 2
  238. MSCONFIG\Services: Origin Client Service => 3
  239. MSCONFIG\Services: Origin Web Helper Service => 2
  240. MSCONFIG\Services: OverwolfUpdater => 3
  241. MSCONFIG\Services: Steam Client Service => 3
  242. HKU\S-1-5-21-3473786666-1609645680-3100001402-1001\...\StartupApproved\Run: => "Overwolf"
  243.  
  244. ==================== FirewallRules (Whitelisted) ===============
  245.  
  246. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  247.  
  248. FirewallRules: [{9702A335-9F0D-4509-A9E7-25E6B7338E00}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
  249. FirewallRules: [{4EF889C1-EB33-40D6-9DA3-D0F320B409A1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
  250. FirewallRules: [TCP Query User{41C491DF-C537-46F1-B654-BB3D3DE17571}D:\aorus graphics engine\aorus.exe] => (Allow) D:\aorus graphics engine\aorus.exe
  251. FirewallRules: [UDP Query User{4A586C71-8047-400C-9F0F-CC6D23617D75}D:\aorus graphics engine\aorus.exe] => (Allow) D:\aorus graphics engine\aorus.exe
  252. FirewallRules: [{3E8610D3-A5AD-4EDE-B120-6357E28F188A}] => (Allow) D:\Steam\Steam.exe
  253. FirewallRules: [{D8725D65-A0EA-44F9-A428-F9DD06045F05}] => (Allow) D:\Steam\Steam.exe
  254. FirewallRules: [{9C795B25-7DCE-4615-A1CC-B0649A191D19}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
  255. FirewallRules: [{2F51E539-A720-4C3D-B1FB-F7ECB4C9F2C2}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
  256. FirewallRules: [{7AF8DDB3-86E7-465D-A656-CA29508182FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
  257. FirewallRules: [{EA8BB8D3-5A27-4046-AE6D-D1B4D750701F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
  258. FirewallRules: [{A21BA4AA-7832-40F2-B07C-60209704D226}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
  259. FirewallRules: [{F097DA5D-5FF8-4FC5-BB34-B7B1A4B37EC3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
  260. FirewallRules: [{8AED7DE4-CD25-48DD-955B-264E23DCE199}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
  261. FirewallRules: [{E9F0B69E-56E3-4D29-A938-A796D7FA97C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
  262. FirewallRules: [TCP Query User{C3572120-405F-4207-BF51-38E0065DA37E}D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
  263. FirewallRules: [UDP Query User{812CE2FA-28E9-491B-AFEF-A4AADE904B23}D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
  264. FirewallRules: [TCP Query User{FCBCEC12-AEE0-46BE-9209-5F5893FFFA89}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
  265. FirewallRules: [UDP Query User{5EFB834D-66DC-4041-BB39-5FDFAE46D53E}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
  266. FirewallRules: [TCP Query User{2769A718-B70D-4D26-AA49-2F308ADABD54}D:\lol\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe
  267. FirewallRules: [UDP Query User{CF7D5C7E-7C19-4887-8271-DB9544305AD8}D:\lol\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe
  268. FirewallRules: [{4B91554B-5ADE-4AC0-8CF2-D9269BB66440}] => (Allow) D:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
  269. FirewallRules: [{FBBCB3CF-CAAF-49F8-9C49-95CAC4D5871A}] => (Allow) D:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
  270. FirewallRules: [TCP Query User{80EEDD71-931C-4B56-AB63-A1605EA56539}D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
  271. FirewallRules: [UDP Query User{A08DE090-474F-4CEE-8C31-9216D506875E}D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
  272. FirewallRules: [{9A4615C8-4EA0-4FF8-AA4E-33A3DC68B980}] => (Allow) D:\Steam\steamapps\common\SleepingDogs\HKShip.exe
  273. FirewallRules: [{18C3B421-391A-4C21-92C9-B7ECC67E5E82}] => (Allow) D:\Steam\steamapps\common\SleepingDogs\HKShip.exe
  274. FirewallRules: [{545848B8-A865-4DCA-A7B7-07EB0C19E526}] => (Allow) D:\Steam\steamapps\common\Realm Royale\Binaries\Win64\RealmEAC.exe
  275. FirewallRules: [{5AC7FBC0-8600-45F3-9B71-281980368BAD}] => (Allow) D:\Steam\steamapps\common\Realm Royale\Binaries\Win64\RealmEAC.exe
  276. FirewallRules: [TCP Query User{AB939B2A-1D7F-41BB-821C-E5411284867C}D:\steam\steamapps\common\realm royale\binaries\win64\realm.exe] => (Allow) D:\steam\steamapps\common\realm royale\binaries\win64\realm.exe
  277. FirewallRules: [UDP Query User{0061E126-3439-4D2A-9377-18A8382A3AD6}D:\steam\steamapps\common\realm royale\binaries\win64\realm.exe] => (Allow) D:\steam\steamapps\common\realm royale\binaries\win64\realm.exe
  278. FirewallRules: [TCP Query User{CA9D7535-2A4A-48D7-AFF1-D841A982DFE9}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
  279. FirewallRules: [UDP Query User{D40C556F-1BA0-49E4-BF55-CEDC3FD6B7F3}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
  280. FirewallRules: [{2BB54C58-1A64-4082-AB5C-685222CCE11B}] => (Allow) C:\Users\flork\AppData\Roaming\BitTorrent\BitTorrent.exe
  281. FirewallRules: [{46A9296F-1C35-4A02-A9D1-4E86398FB0CC}] => (Allow) C:\Users\flork\AppData\Roaming\BitTorrent\BitTorrent.exe
  282. FirewallRules: [TCP Query User{59B4BA2F-0FA2-4B43-8335-C93047F1B094}D:\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe
  283. FirewallRules: [UDP Query User{1711DD8F-3E91-478C-BC8A-548502F95F69}D:\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe
  284. FirewallRules: [{417D64BC-D311-4638-966C-F641BE3C5C10}] => (Allow) D:\Steam\steamapps\common\H1Z1\H1Z1_BE.exe
  285. FirewallRules: [{CB7836E6-EEE7-4598-B6F6-720F16740B11}] => (Allow) D:\Steam\steamapps\common\H1Z1\H1Z1_BE.exe
  286. FirewallRules: [TCP Query User{AC6BBEFD-4096-4777-9CC0-C247955E8026}D:\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\steam\steamapps\common\h1z1\h1z1.exe
  287. FirewallRules: [UDP Query User{3E226999-04CC-4AC9-9305-AC3269E63AA7}D:\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\steam\steamapps\common\h1z1\h1z1.exe
  288. FirewallRules: [{B1FCE6C1-9846-4C43-9765-F807AE39DA4A}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
  289. FirewallRules: [{CC3FA7C8-3F29-4CBA-A09C-EB5DCF4AA782}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
  290. FirewallRules: [{1E893256-D799-400C-88FE-2278F41220A6}] => (Allow) D:\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
  291. FirewallRules: [{526800BE-D19D-4334-9B15-E3A0A8BE05EB}] => (Allow) D:\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
  292. FirewallRules: [TCP Query User{50597A3B-7821-461D-89D4-E1D166FEABEB}D:\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) D:\steam\steamapps\common\paladins\binaries\win64\paladins.exe
  293. FirewallRules: [UDP Query User{80EDF437-6AF1-4019-A0F8-C8062C460A5B}D:\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) D:\steam\steamapps\common\paladins\binaries\win64\paladins.exe
  294. FirewallRules: [{0A020273-1EB8-49C7-BA51-290F07C47314}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
  295. FirewallRules: [{D0B4445C-F035-4AA0-AF36-18ABD4515D4D}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
  296. FirewallRules: [{3680A742-E093-4B87-B5A6-1A8763551C08}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
  297. FirewallRules: [{9BCE38D5-F892-40C5-B84C-EB2810F68006}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
  298. FirewallRules: [{9FFF1F94-1453-417F-BFC0-073526C79F95}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
  299. FirewallRules: [{9602F986-B72A-43C4-862D-21E92CF88F1E}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
  300. FirewallRules: [{842BA62D-5A1E-40EF-B8D4-F89008E9EC68}] => (Allow) D:\Steam\steamapps\common\the witcher 2\Launcher.exe
  301. FirewallRules: [{A33574C5-3A73-4EFF-8895-1EA95CA674C9}] => (Allow) D:\Steam\steamapps\common\the witcher 2\Launcher.exe
  302. FirewallRules: [TCP Query User{933A078A-E7CD-45CF-ADF5-68F935C1F1C6}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe
  303. FirewallRules: [UDP Query User{CA80673F-C1C7-4950-8311-2BB97B2EEF19}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe
  304. FirewallRules: [{497B0EB2-170B-4E2C-9D59-DB5C8CB6F59E}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
  305. FirewallRules: [{909FE43C-3972-438F-9929-5B1965C2F91F}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
  306. FirewallRules: [TCP Query User{9D1539C4-B6C0-443F-9425-25B53C212D0C}C:\users\flork\downloads\sdi_r1806\sdi_x64_r1806.exe] => (Allow) C:\users\flork\downloads\sdi_r1806\sdi_x64_r1806.exe
  307. FirewallRules: [UDP Query User{90CEFAEB-6AD5-477E-BC28-BF3FE7F1FB66}C:\users\flork\downloads\sdi_r1806\sdi_x64_r1806.exe] => (Allow) C:\users\flork\downloads\sdi_r1806\sdi_x64_r1806.exe
  308. FirewallRules: [{456757C8-0836-4020-985E-C95DF6DD366F}] => (Allow) D:\CCleaner\CCUpdate.exe
  309. FirewallRules: [{F9A4FCBE-3854-4A0D-82B9-D8CCDC99B57B}] => (Allow) D:\CCleaner\CCUpdate.exe
  310. FirewallRules: [{0467C755-6C95-4EE2-B0FE-36D6D42BD7C8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
  311. FirewallRules: [{9137300D-15CB-4B6E-914B-115534D49EAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
  312. FirewallRules: [{9FD9BE19-6A46-4878-BE30-0F400E1E7408}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
  313. FirewallRules: [{BB04F33F-0F80-408E-AD7A-6D6B909039C5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
  314. FirewallRules: [{29D89073-889D-422A-AB8E-ECDEA631F599}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
  315. FirewallRules: [{22CB86B0-B5B8-4B3C-BA50-67CBF5F64BFF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
  316. FirewallRules: [{15D176BF-25BF-4C8C-B109-DD71F6A05768}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
  317. FirewallRules: [{17BE9687-B99A-4B10-B27A-965F80F4F9DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
  318. FirewallRules: [{F0CC303A-D664-4E0B-AAA2-C18CED1004C1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
  319. FirewallRules: [{3A4DA6E9-05BA-461C-BE7E-BFA1B398016C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
  320.  
  321. ==================== Restore Points =========================
  322.  
  323. 27-06-2018 19:04:14 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
  324. 27-06-2018 19:05:13 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
  325.  
  326. ==================== Faulty Device Manager Devices =============
  327.  
  328.  
  329. ==================== Event log errors: =========================
  330.  
  331. Application errors:
  332. ==================
  333. Error: (07/01/2018 06:07:12 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-KJD4D7N)
  334. Description: httphttp-2147467263
  335.  
  336. Error: (07/01/2018 05:52:21 PM) (Source: COM) (EventID: 10031) (User: )
  337. Description: Podczas anulowania kierowania obiektu skierowanego niestandardowo wykonano sprawdzanie zasad anulowania kierowania i klasa {41FD88F7-F295-4D39-91AC-A85F3149A05B} została odrzucona.
  338.  
  339. Error: (07/01/2018 05:52:21 PM) (Source: COM) (EventID: 10031) (User: )
  340. Description: Podczas anulowania kierowania obiektu skierowanego niestandardowo wykonano sprawdzanie zasad anulowania kierowania i klasa {41FD88F7-F295-4D39-91AC-A85F3149A05B} została odrzucona.
  341.  
  342. Error: (06/30/2018 05:35:11 PM) (Source: Application Error) (EventID: 1000) (User: )
  343. Description: Nazwa aplikacji powodującej błąd: witcher.exe, wersja: 1.5.0.1304, sygnatura czasowa: 0x4910475c
  344. Nazwa modułu powodującego błąd: witcher.exe, wersja: 1.5.0.1304, sygnatura czasowa: 0x4910475c
  345. Kod wyjątku: 0xc0000005
  346. Przesunięcie błędu: 0x0066525c
  347. Identyfikator procesu powodującego błąd: 0x2afc
  348. Godzina uruchomienia aplikacji powodującej błąd: 0x01d41084cd57b069
  349. Ścieżka aplikacji powodującej błąd: D:\Steam\steamapps\common\The Witcher Enhanced Edition\system\witcher.exe
  350. Ścieżka modułu powodującego błąd: D:\Steam\steamapps\common\The Witcher Enhanced Edition\system\witcher.exe
  351. Identyfikator raportu: 77f5f17a-8667-4fef-a92b-f4d76de876a8
  352. Pełna nazwa pakietu powodującego błąd:
  353. Identyfikator aplikacji względem pakietu powodującego błąd:
  354.  
  355. Error: (06/30/2018 08:02:32 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-KJD4D7N)
  356. Description: httphttp-2147467263
  357.  
  358. Error: (06/29/2018 06:03:23 PM) (Source: Application Error) (EventID: 1000) (User: )
  359. Description: Nazwa aplikacji powodującej błąd: witcher.exe, wersja: 1.5.0.1304, sygnatura czasowa: 0x4910475c
  360. Nazwa modułu powodującego błąd: witcher.exe, wersja: 1.5.0.1304, sygnatura czasowa: 0x4910475c
  361. Kod wyjątku: 0xc0000005
  362. Przesunięcie błędu: 0x00436a85
  363. Identyfikator procesu powodującego błąd: 0x2878
  364. Godzina uruchomienia aplikacji powodującej błąd: 0x01d40fa6eec1b2d7
  365. Ścieżka aplikacji powodującej błąd: D:\Steam\steamapps\common\The Witcher Enhanced Edition\system\witcher.exe
  366. Ścieżka modułu powodującego błąd: D:\Steam\steamapps\common\The Witcher Enhanced Edition\system\witcher.exe
  367. Identyfikator raportu: 90e1750a-9461-42ba-a1e4-7d6692c60432
  368. Pełna nazwa pakietu powodującego błąd:
  369. Identyfikator aplikacji względem pakietu powodującego błąd:
  370.  
  371. Error: (06/28/2018 08:15:09 PM) (Source: Application Error) (EventID: 1000) (User: )
  372. Description: Nazwa aplikacji powodującej błąd: witcher.exe, wersja: 1.5.0.1304, sygnatura czasowa: 0x4910475c
  373. Nazwa modułu powodującego błąd: MSVCR80.dll, wersja: 8.0.50727.9445, sygnatura czasowa: 0x5a7bc74c
  374. Kod wyjątku: 0xc0000005
  375. Przesunięcie błędu: 0x00014a5d
  376. Identyfikator procesu powodującego błąd: 0x2348
  377. Godzina uruchomienia aplikacji powodującej błąd: 0x01d40ef43ea731a5
  378. Ścieżka aplikacji powodującej błąd: D:\Steam\steamapps\common\The Witcher Enhanced Edition\system\witcher.exe
  379. Ścieżka modułu powodującego błąd: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll
  380. Identyfikator raportu: 1bfe85c3-fb13-40e8-aa87-de6c333133db
  381. Pełna nazwa pakietu powodującego błąd:
  382. Identyfikator aplikacji względem pakietu powodującego błąd:
  383.  
  384. Error: (06/27/2018 08:33:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
  385. Description: Program Steam.exe w wersji 4.55.34.56 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w oknie Zabezpieczenia i konserwacja w Panelu sterowania.
  386.  
  387. Identyfikator procesu: 7a0
  388.  
  389. Godzina rozpoczęcia: 01d40e0f8e2ba2ba
  390.  
  391. Godzina zakończenia: 19
  392.  
  393. Ścieżka aplikacji: D:\Steam\Steam.exe
  394.  
  395. Identyfikator raportu: 82c8c6a4-f879-44f7-aed8-f81b18d55c71
  396.  
  397. Pełna nazwa pakietu powodującego błąd:
  398.  
  399. Identyfikator aplikacji względem pakietu powodującego błąd:
  400.  
  401.  
  402. System errors:
  403. =============
  404. Error: (07/02/2018 10:47:26 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-KJD4D7N)
  405. Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
  406. {8BC3F05E-D86B-11D0-A075-00C04FB68820}
  407. i identyfikatorem aplikacji APPID
  408. {8BC3F05E-D86B-11D0-A075-00C04FB68820}
  409. użytkownikowi DESKTOP-KJD4D7N\flork o identyfikatorze zabezpieczeń SID (S-1-5-21-3473786666-1609645680-3100001402-1001) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
  410.  
  411. Error: (07/02/2018 10:47:22 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-KJD4D7N)
  412. Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
  413. {8BC3F05E-D86B-11D0-A075-00C04FB68820}
  414. i identyfikatorem aplikacji APPID
  415. {8BC3F05E-D86B-11D0-A075-00C04FB68820}
  416. użytkownikowi DESKTOP-KJD4D7N\flork o identyfikatorze zabezpieczeń SID (S-1-5-21-3473786666-1609645680-3100001402-1001) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
  417.  
  418. Error: (07/02/2018 10:46:35 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-KJD4D7N)
  419. Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
  420. {D63B10C5-BB46-4990-A94F-E40B9D520160}
  421. i identyfikatorem aplikacji APPID
  422. {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
  423. użytkownikowi DESKTOP-KJD4D7N\flork o identyfikatorze zabezpieczeń SID (S-1-5-21-3473786666-1609645680-3100001402-1001) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
  424.  
  425. Error: (07/02/2018 03:24:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
  426. Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Launch do aplikacji serwera COM z identyfikatorem klasy CLSID
  427. Windows.SecurityCenter.WscDataProtection
  428. i identyfikatorem aplikacji APPID
  429. Unavailable
  430. użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
  431.  
  432. Error: (07/02/2018 03:24:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
  433. Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Launch do aplikacji serwera COM z identyfikatorem klasy CLSID
  434. Windows.SecurityCenter.WscBrokerManager
  435. i identyfikatorem aplikacji APPID
  436. Unavailable
  437. użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
  438.  
  439. Error: (07/02/2018 03:12:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
  440. Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Launch do aplikacji serwera COM z identyfikatorem klasy CLSID
  441. Windows.SecurityCenter.WscDataProtection
  442. i identyfikatorem aplikacji APPID
  443. Unavailable
  444. użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
  445.  
  446. Error: (07/01/2018 06:00:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
  447. Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80073d02: 9NCBCSZSJRSB-SpotifyAB.SpotifyMusic.
  448.  
  449. Error: (07/01/2018 05:56:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-KJD4D7N)
  450. Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
  451. {8BC3F05E-D86B-11D0-A075-00C04FB68820}
  452. i identyfikatorem aplikacji APPID
  453. {8BC3F05E-D86B-11D0-A075-00C04FB68820}
  454. użytkownikowi DESKTOP-KJD4D7N\flork o identyfikatorze zabezpieczeń SID (S-1-5-21-3473786666-1609645680-3100001402-1001) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
  455.  
  456.  
  457. Windows Defender:
  458. ===================================
  459. Date: 2018-06-22 10:44:41.353
  460. Description:
  461. Skanowanie produktu Program antywirusowy Windows Defender zostalo zatrzymane przed ukonczeniem.
  462. Identyfikator skanowania: {878EDD92-47F5-4555-92B6-E299B7322FAD}
  463. Typ skanowania: Narzedzia chroniace przed zlosliwym oprogramowaniem
  464. Parametry skanowania: Szybkie skanowanie
  465. Uzytkownik: NT AUTHORITY\SYSTEM
  466.  
  467. Date: 2018-06-22 01:22:07.420
  468. Description:
  469. Skanowanie produktu Program antywirusowy Windows Defender zostalo zatrzymane przed ukonczeniem.
  470. Identyfikator skanowania: {F06A0500-004F-4752-A54D-0C3C75CD3912}
  471. Typ skanowania: Narzedzia chroniace przed zlosliwym oprogramowaniem
  472. Parametry skanowania: Szybkie skanowanie
  473. Uzytkownik: NT AUTHORITY\SYSTEM
  474.  
  475. Date: 2018-06-20 13:03:01.430
  476. Description:
  477. Skanowanie produktu Program antywirusowy Windows Defender zostalo zatrzymane przed ukonczeniem.
  478. Identyfikator skanowania: {EDB3B4E9-BA34-4226-8824-6409266A72B9}
  479. Typ skanowania: Narzedzia chroniace przed zlosliwym oprogramowaniem
  480. Parametry skanowania: Szybkie skanowanie
  481. Uzytkownik: NT AUTHORITY\SYSTEM
  482.  
  483. Date: 2018-06-20 11:53:32.586
  484. Description:
  485. Skanowanie produktu Program antywirusowy Windows Defender zostalo zatrzymane przed ukonczeniem.
  486. Identyfikator skanowania: {F53D2232-4CFB-42D2-B299-22049BF67DFA}
  487. Typ skanowania: Narzedzia chroniace przed zlosliwym oprogramowaniem
  488. Parametry skanowania: Szybkie skanowanie
  489. Uzytkownik: NT AUTHORITY\SYSTEM
  490.  
  491. Date: 2018-06-20 11:33:20.494
  492. Description:
  493. Skanowanie produktu Program antywirusowy Windows Defender zostalo zatrzymane przed ukonczeniem.
  494. Identyfikator skanowania: {B4446E8D-1254-46FE-834B-71E62BA8AB3C}
  495. Typ skanowania: Narzedzia chroniace przed zlosliwym oprogramowaniem
  496. Parametry skanowania: Szybkie skanowanie
  497. Uzytkownik: NT AUTHORITY\SYSTEM
  498.  
  499. CodeIntegrity:
  500. ===================================
  501.  
  502. Date: 2018-06-26 14:15:30.273
  503. Description:
  504. Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.116.2.23\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
  505.  
  506. Date: 2018-06-26 14:15:30.270
  507. Description:
  508. Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.116.2.23\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
  509.  
  510. Date: 2018-06-26 14:15:30.266
  511. Description:
  512. Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.116.2.23\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
  513.  
  514. Date: 2018-06-26 14:15:30.263
  515. Description:
  516. Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.116.2.23\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
  517.  
  518. Date: 2018-06-26 14:15:30.260
  519. Description:
  520. Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.116.2.23\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
  521.  
  522. Date: 2018-06-26 14:15:30.185
  523. Description:
  524. Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.116.2.23\x64\OWExplorer.dll that did not meet the Store signing level requirements.
  525.  
  526. Date: 2018-06-25 11:55:07.910
  527. Description:
  528. Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.116.2.22\x64\OWExplorer.dll that did not meet the Store signing level requirements.
  529.  
  530. Date: 2018-06-24 21:20:18.793
  531. Description:
  532. Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.116.1.11\x64\OWExplorer.dll that did not meet the Store signing level requirements.
  533.  
  534. ==================== Memory info ===========================
  535.  
  536. Processor: Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz
  537. Percentage of memory in use: 40%
  538. Total physical RAM: 8134.67 MB
  539. Available physical RAM: 4814.3 MB
  540. Total Virtual: 13766.67 MB
  541. Available Virtual: 8736.36 MB
  542.  
  543. ==================== Drives ================================
  544.  
  545. Drive c: () (Fixed) (Total:150.26 GB) (Free:103.79 GB) NTFS
  546. Drive d: () (Fixed) (Total:780.65 GB) (Free:478.54 GB) NTFS
  547.  
  548. \\?\Volume{00a33760-fa11-4b1b-9d6c-00d9558ed00f}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS
  549. \\?\Volume{acff066c-f298-4781-be10-b51f93f08dfc}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
  550.  
  551. ==================== MBR & Partition Table ==================
  552.  
  553. ========================================================
  554. Disk: 0 (Size: 931.5 GB) (Disk ID: 1D56431B)
  555.  
  556. Partition: GPT.
  557.  
  558. ==================== End of Addition.txt ============================
RAW Paste Data