Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01 Ran by Patryk at 2014-08-11 16:26:11 Running from C:\Users\Patryk\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios) Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios) Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) Counter-Strike(TM) (HKLM-x32\...\{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}) (Version: 1.0.0.0 - Valve) Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version: - Microsoft) EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited) Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden Magebot (HKLM-x32\...\Magebot) (Version: - ) Malwarebytes Anti-Malware wersja 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (PLK) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft PowerPoint 2010 (HKLM\...\Office14.POWERPOINT) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 31.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 pl)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) neroxml (x32 Version: 1.0.0 - Nero AG) Hidden NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden Panel sterowania NVIDIA 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden RivaTuner Statistics Server 6.1.2 (HKLM-x32\...\RTSS) (Version: 6.1.2 - Unwinder) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Steam(TM) (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve) System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC) TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH) The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts) The Sims™ 3 Cztery pory roku (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts) The Sims™ 3 Kariera (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts) The Sims™ 3 Pokolenia (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts) The Sims™ 3 Zwierzaki (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.36 - CipSoft GmbH) TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - ) Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.POWERPOINT_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.POWERPOINT_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft) Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.1 - Flagship Industries, Inc.) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) XenoBot (HKLM-x32\...\{1B1C41CF-E86B-4D0F-BCD2-FEFEEEA80C97}) (Version: 3.5.1 - XenoBot) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 10-08-2014 22:39:38 Removed Java 7 Update 67 10-08-2014 22:44:12 Installed Java 7 Update 67 11-08-2014 12:22:11 Installed Java 7 Update 67 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-08-09 11:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {130B697E-89A6-435A-A50D-674D5ACAC8EC} - System32\Tasks\{AA9B1409-3066-4E30-89B5-7A3C41C29B7B} => D:\cztery pory roku gabriela\TSBin\Sims2EP5.exe Task: {16BD39B0-A837-421A-A7EA-637629BA0881} - System32\Tasks\{1A218B18-8F33-4A84-819A-E94EBFBCE2D2} => C:\Program Files (x86)\EA GAMES\The Sims 2\TSBin\Sims2.exe Task: {1C9EC212-424D-4107-887C-1B889B3B2062} - System32\Tasks\{D3E8FCAB-7D0C-453C-AD2D-4BB91F01523C} => D:\SIMS 2 GABRIELA EDITION\TSBin\Sims2.exe Task: {24DCD2B1-2446-46DE-B7E1-79EA3EAD8F38} - System32\Tasks\{41859C14-BD35-46FE-B99A-19F868D66911} => C:\Program Files (x86)\EA GAMES\The Sims 2\TSBin\Sims2.exe Task: {2D7DF421-F9E6-429F-8C05-6D16B7543C71} - System32\Tasks\{3912EAF0-37A6-4A29-87E6-C4C957C30437} => D:\cztery pory roku gabriela\TSBin\Sims2EP5.exe Task: {31B52A7E-C778-462B-8040-FCD373DEC316} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: {3B2B7FD1-493F-4D35-9151-B5EA79DE13AB} - System32\Tasks\{675725B0-039D-4241-A10F-8A09283A3940} => C:\Program Files (x86)\EA GAMES\The Sims 2 Własny biznes\TSBin\Sims2EP3.exe Task: {3EB38D8E-B0CB-40BA-BD47-984CDAA53988} - System32\Tasks\{08BF247C-6766-4772-92AB-B2C815E7D8B5} => D:\cztery pory roku gabriela\TSBin\Sims2EP5.exe Task: {4240DA28-D7F2-46F9-B737-348C603C09D0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-07] (AVAST Software) Task: {45902AA2-48F9-4653-8407-609F7981501E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-09] (Google Inc.) Task: {4A425F52-B823-4BFC-93AD-F2A7501CD4E5} - System32\Tasks\{EBE9672F-3650-4C2A-998A-1FEE251B66DC} => G:\AutoRun.exe Task: {4B15F489-7753-4177-B2C8-4AD7DFC129D9} - System32\Tasks\{18D11BE8-A08E-4D1D-9F3B-F930D53FEC09} => C:\Program Files (x86)\EA GAMES\The Sims 2\TSBin\Sims2.exe Task: {59F9F1C5-B4D9-433F-B338-A1F88A7863F2} - System32\Tasks\{1EB43703-F5E7-4C8D-8CF9-11A1B46042FA} => D:\czTERY PORY\TSBin\Sims2EP5.exe Task: {5FFB3752-E4B6-4624-85F7-042A51B40D82} - System32\Tasks\Game_Booster_AutoUpdate => D:\Game Booster 3\AutoUpdate.exe Task: {6843DECA-FBB8-4835-8DF4-85E8F6A0430A} - System32\Tasks\{603C3B12-30EC-42E7-AF13-0A413F957D13} => D:\cztery pory roku gabriela\TSBin\Sims2EP5.exe Task: {75D4E3B9-2E39-4822-A370-678AFF6889AA} - System32\Tasks\{67157AA4-0CE5-40B4-8664-09ADF6042608} => G:\AutoRun.exe Task: {79696431-D47F-4B81-A017-F2F6B9057F04} - System32\Tasks\{08D169C5-C22D-4534-8A03-62C0377CF5B3} => F:\AutoRun.exe Task: {7CDDE212-B719-454C-9BFC-C446BB2EC66F} - System32\Tasks\{3F839AE5-82C8-4FDF-AF97-CBEBB672CE6B} => D:\cztery pory roku gabriela\TSBin\Sims2EP5.exe Task: {8F8580CA-32E2-4F90-8706-5297F28416F7} - System32\Tasks\{76F026E9-D4BD-4B20-BC0F-4DA1962E4D98} => C:\Program Files (x86)\EA GAMES\The Sims 2 Własny biznes\TSBin\Sims2EP3.exe Task: {B0ED0AB7-6DF3-41AA-9C92-F21BA92CD89A} - System32\Tasks\{DEACF885-F917-4FEF-97C5-04C988385E45} => D:\cztery pory roku gabriela\TSBin\Sims2EP5.exe Task: {B74E96B4-033C-4C83-BDE0-6669C49C238C} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: {C499BF71-328E-4A81-8D43-B455E442F613} - System32\Tasks\{ED7612F3-E663-4E46-92F9-3C37DB9AABB6} => D:\cztery pory roku gabriela\TSBin\Sims2EP5.exe Task: {C52C8A60-6AD0-47B3-8A38-642CA4881632} - System32\Tasks\{15699A6E-9E99-4EED-BA5B-62B50EDB33F8} => C:\Program Files (x86)\EA GAMES\The Sims 2 Cztery pory roku\TSBin\Sims2EP5.exe Task: {CB775965-F358-4895-ABC5-05F2C018F40A} - System32\Tasks\{EAC64405-F039-4379-941F-CE4B83114C4E} => D:\czTERY PORY\TSBin\Sims2EP5.exe Task: {CCC029DB-CD54-46EF-9883-6E6705F66871} - System32\Tasks\{89F863FD-D2D9-40BE-8ECC-452091F6EEC0} => D:\cztery pory roku gabriela\TSBin\Sims2EP5.exe Task: {D45B077A-82A5-4903-AB7D-E58371FCD0E6} - System32\Tasks\{2A3A329D-6330-4355-B42C-AF0DB65C73C2} => D:\czTERY PORY\TSBin\Sims2EP5.exe Task: {E67D62F5-9B0C-433F-8FA9-E24DCCFF2B72} - System32\Tasks\{468F59BE-AE3B-4134-816B-7C20369081A7} => C:\Program Files (x86)\EA GAMES\The Sims 2 Własny biznes\TSBin\Sims2EP3.exe Task: {E7712E9A-9567-45C4-82DA-194A4498F05E} - System32\Tasks\{0B20590D-7AC3-4FB7-AEDB-F1457C34C1F4} => C:\Program Files (x86)\EA GAMES\The Sims 2\TSBin\Sims2.exe Task: {E8D6E07C-A834-4271-A389-40E453E75892} - System32\Tasks\MSIAfterburner => D:\MSI Afterburner\MSIAfterburner.exe [2014-06-10] () Task: {E9F0BEF8-9E92-4A88-A985-8B326C7D44A6} - System32\Tasks\{EEB3D65A-8D42-46C4-98AC-A3D984EAB01E} => D:\cztery pory roku gabriela\TSBin\Sims2EP5.exe Task: {F14A5A27-579F-4B31-84FC-32C111F14EEA} - System32\Tasks\{EA2CCAE6-9DD3-4483-A311-4B3692394619} => C:\Program Files (x86)\EA GAMES\The Sims 2\TSBin\Sims2.exe Task: {FB132491-B1BF-4770-95A2-5E3BE07813E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-09] (Google Inc.) Task: {FF5DF2AF-0E35-47C8-AC1C-8C66CDD9A9D6} - System32\Tasks\{2C10FC65-4699-425A-9373-3EA5BD14F16B} => E:\Riot Games\League of Legends\lol.launcher.exe [2011-05-07] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-08 19:23 - 2013-09-12 09:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-06-10 08:04 - 2014-06-10 08:04 - 00465064 _____ () D:\MSI Afterburner\MSIAfterburner.exe 2014-08-07 12:19 - 2014-08-07 12:19 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-08-11 12:11 - 2014-08-11 12:11 - 02795520 _____ () C:\Program Files\AVAST Software\Avast\defs\14081100\algo.dll 2014-06-05 07:36 - 2014-06-05 07:36 - 00071680 _____ () D:\MSI Afterburner\RTMUI.dll 2014-06-05 07:36 - 2014-06-05 07:36 - 00056832 _____ () D:\MSI Afterburner\RTFC.dll 2014-06-05 07:37 - 2014-06-05 07:37 - 00216064 _____ () D:\MSI Afterburner\RTCore.dll 2014-06-05 07:36 - 2014-06-05 07:36 - 00127488 _____ () D:\MSI Afterburner\RTUI.dll 2014-06-05 07:37 - 2014-06-05 07:37 - 00638976 _____ () D:\MSI Afterburner\RTHAL.dll 2014-08-07 12:19 - 2014-08-07 12:19 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-08-09 23:16 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent MSCONFIG\startupreg: FixMyRegistry => C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SpeedUpMyComputer => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as MSCONFIG\startupreg: Steam => "D:\Counterstrike\Steam.exe" -silent ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Standardowa klawiatura PS/2 Description: Standardowa klawiatura PS/2 Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Klawiatury standardowe) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/11/2014 03:57:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: ZARZĄDZANIE NT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi Error: (08/11/2014 02:57:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: ZARZĄDZANIE NT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi Error: (08/11/2014 02:47:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 31.0.0.5310, sygnatura czasowa: 0x53c75e91 Nazwa modułu powodującego błąd: mozalloc.dll, wersja: 31.0.0.5310, sygnatura czasowa: 0x53c72e91 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x0000141b Identyfikator procesu powodującego błąd: 0x9dc Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0 Ścieżka aplikacji powodującej błąd: plugin-container.exe1 Ścieżka modułu powodującego błąd: plugin-container.exe2 Identyfikator raportu: plugin-container.exe3 Error: (08/11/2014 02:47:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: firefox.exe, wersja: 31.0.0.5310, sygnatura czasowa: 0x53c75e72 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x73000000 Identyfikator procesu powodującego błąd: 0xec0 Godzina uruchomienia aplikacji powodującej błąd: 0xfirefox.exe0 Ścieżka aplikacji powodującej błąd: firefox.exe1 Ścieżka modułu powodującego błąd: firefox.exe2 Identyfikator raportu: firefox.exe3 Error: (08/11/2014 02:22:12 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury ConvertStringSidToSid(S-1-5-21-671921619-4083121525-1078848941-1002.bak). hr = 0x80070539, Struktura identyfikatora zabezpieczenia jest nieprawidłowa. . Operacja: Zdarzenie OnIdentify Zbieranie danych modułu zapisującego Kontekst: Kontekst wykonywania: Shadow Copy Optimization Writer Identyfikator klasy modułu zapisującego: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nazwa modułu zapisującego: Shadow Copy Optimization Writer Identyfikator wystąpienia modułu zapisującego: {9e825f01-f716-486a-8a35-4fbfa801533c} Error: (08/11/2014 01:57:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: ZARZĄDZANIE NT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi Error: (08/11/2014 00:57:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: ZARZĄDZANIE NT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi Error: (08/11/2014 00:57:20 AM) (Source: MsiInstaller) (EventID: 11316) (User: ZARZĄDZANIE NT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi Error: (08/11/2014 00:44:12 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury ConvertStringSidToSid(S-1-5-21-671921619-4083121525-1078848941-1002.bak). hr = 0x80070539, Struktura identyfikatora zabezpieczenia jest nieprawidłowa. . Operacja: Zdarzenie OnIdentify Zbieranie danych modułu zapisującego Kontekst: Kontekst wykonywania: Shadow Copy Optimization Writer Identyfikator klasy modułu zapisującego: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nazwa modułu zapisującego: Shadow Copy Optimization Writer Identyfikator wystąpienia modułu zapisującego: {26b36482-19c2-4c2d-8f3e-57104c5802bf} Error: (08/11/2014 00:39:39 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury ConvertStringSidToSid(S-1-5-21-671921619-4083121525-1078848941-1002.bak). hr = 0x80070539, Struktura identyfikatora zabezpieczenia jest nieprawidłowa. . Operacja: Zdarzenie OnIdentify Zbieranie danych modułu zapisującego Kontekst: Kontekst wykonywania: Shadow Copy Optimization Writer Identyfikator klasy modułu zapisującego: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nazwa modułu zapisującego: Shadow Copy Optimization Writer Identyfikator wystąpienia modułu zapisującego: {dd26f143-74e6-401a-ad80-1b9cecf2e74d} System errors: ============= Error: (08/10/2014 11:46:45 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 23:44:48 na ‎2014-‎08-‎10 było nieoczekiwane. Error: (08/10/2014 09:38:18 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 12:32:48 na ‎2014-‎08-‎10 było nieoczekiwane. Error: (08/09/2014 11:28:22 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 23:22:44 na ‎2014-‎08-‎09 było nieoczekiwane. Error: (08/09/2014 11:09:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error: (08/09/2014 11:09:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/09/2014 11:09:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Usługa Windows Search zakończyła działanie; wystąpił specyficzny dla niej błąd %%-1073473535. Microsoft Office Sessions: ========================= Error: (08/11/2014 03:57:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: ZARZĄDZANIE NT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/11/2014 02:57:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: ZARZĄDZANIE NT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/11/2014 02:47:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b9dc01cfb55d8bb42653C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll9a44bc31-2155-11e4-a0e8-001d60db7cde Error: (08/11/2014 02:47:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: firefox.exe31.0.0.531053c75e72unknown0.0.0.000000000c000000573000000ec001cfb552847be641C:\Program Files (x86)\Mozilla Firefox\firefox.exeunknown95e28a5a-2155-11e4-a0e8-001d60db7cde Error: (08/11/2014 02:22:12 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-21-671921619-4083121525-1078848941-1002.bak)0x80070539, Struktura identyfikatora zabezpieczenia jest nieprawidłowa. Operacja: Zdarzenie OnIdentify Zbieranie danych modułu zapisującego Kontekst: Kontekst wykonywania: Shadow Copy Optimization Writer Identyfikator klasy modułu zapisującego: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nazwa modułu zapisującego: Shadow Copy Optimization Writer Identyfikator wystąpienia modułu zapisującego: {9e825f01-f716-486a-8a35-4fbfa801533c} Error: (08/11/2014 01:57:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: ZARZĄDZANIE NT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/11/2014 00:57:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: ZARZĄDZANIE NT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/11/2014 00:57:20 AM) (Source: MsiInstaller) (EventID: 11316) (User: ZARZĄDZANIE NT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/11/2014 00:44:12 AM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-21-671921619-4083121525-1078848941-1002.bak)0x80070539, Struktura identyfikatora zabezpieczenia jest nieprawidłowa. Operacja: Zdarzenie OnIdentify Zbieranie danych modułu zapisującego Kontekst: Kontekst wykonywania: Shadow Copy Optimization Writer Identyfikator klasy modułu zapisującego: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nazwa modułu zapisującego: Shadow Copy Optimization Writer Identyfikator wystąpienia modułu zapisującego: {26b36482-19c2-4c2d-8f3e-57104c5802bf} Error: (08/11/2014 00:39:39 AM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-21-671921619-4083121525-1078848941-1002.bak)0x80070539, Struktura identyfikatora zabezpieczenia jest nieprawidłowa. Operacja: Zdarzenie OnIdentify Zbieranie danych modułu zapisującego Kontekst: Kontekst wykonywania: Shadow Copy Optimization Writer Identyfikator klasy modułu zapisującego: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nazwa modułu zapisującego: Shadow Copy Optimization Writer Identyfikator wystąpienia modułu zapisującego: {dd26f143-74e6-401a-ad80-1b9cecf2e74d} CodeIntegrity Errors: =================================== Date: 2014-08-09 11:24:27.583 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-09 11:24:27.442 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-08 16:37:09.667 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Patryk\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-08 16:37:09.433 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Patryk\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-08 16:37:08.903 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-08 16:37:08.669 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 72% Total physical RAM: 2047.12 MB Available physical RAM: 564.71 MB Total Pagefile: 4094.23 MB Available Pagefile: 2534.56 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:39.31 GB) (Free:7.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:129.88 GB) (Free:85.7 GB) NTFS Drive e: () (Fixed) (Total:128.9 GB) (Free:83.05 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: ABBBABBB) Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=259 GB) - (Type=OF Extended) ==================== End Of Log ============================