Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014 Ran by Marta at 2014-09-10 21:26:29 Running from C:\Users\Marta\Desktop\Nowy folder Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus i Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus i Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.62 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.63 - Adobe Systems Incorporated) Adobe Reader 9.2 - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated) Cat Licking Screen Cleaner Screensaver (HKLM-x32\...\Cat Licking Screen Cleaner Screensaver) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dodatek Zapisywanie jako PDF firmy Microsoft dla programów pakietu Microsoft Office 2007 (HKLM-x32\...\{90120000-00B0-0415-0000-0000000FF1CE}) (Version: 12.0.4518.1020 - Microsoft Corporation) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo) Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.5.6 - Hotger) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation) Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel(R) Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation) Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation) Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera) Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.) Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden LITTLEST PET SHOP (HKLM-x32\...\{75569133-FD58-4F54-B622-9193EC7B6000}) (Version: 2.0.1.0 - Electronic Arts) LizardSales (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - LizardSales) <==== ATTENTION LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 11.0.654 - McAfee, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (PLK) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - Polski (HKLM-x32\...\{90140011-0066-0415-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0415-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Moduł Szybka instalacja pakietu Microsoft Office 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Moduł Szybka instalacja pakietu Microsoft Office 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden NewFreeScreensaver nfsDigitalClock03 (HKLM-x32\...\nfsDigitalClock03 New Free Screensaver_is1) (Version: - ) NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.0.21 (Version: 1.0.21 - NVIDIA Corporation) Hidden NVIDIA Sterownik graficzny 267.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.54 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.0.21 - NVIDIA Corporation) Hidden Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.7 - Lenovo) Onekey Theater (x32 Version: 2.0.2.7 - Lenovo) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Oprogramowanie Intel(R) PROSet/Wireless WiFi (HKLM\...\{AF162E20-417F-4946-A06D-65734984957F}) (Version: 14.00.0000 - Intel Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.) Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo) Panel sterowania NVIDIA 267.54 (Version: 267.54 - NVIDIA Corporation) Hidden PDF Creator (HKLM\...\PDF Creator) (Version: - ) PDF Creator Packages (HKCU\...\PDF Creator Packages) (Version: - ) <==== ATTENTION Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podręcznik użytkownika (x32 Version: 1.0.0.6 - Lenovo) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6267 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.) RtLED (HKLM\...\{ACB6F4ED-835B-44EC-9EFD-AC8C83D28597}) (Version: 1.0.3 - Realtek Semiconductor Corp.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB) Sony PC Companion 2.10.221 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.221 - Sony) SPORE™ — śmieszne i straszne części stworów (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts) SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.02.0000 - Electronic Arts) SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.10.18.0 - SRS Labs, Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated) The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts) The Sims Średniowiecze (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.113 - Electronic Arts) The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts) The Sims™ 3 Cztery pory roku (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts) The Sims™ 3 Diesel Akcesoria (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts) The Sims™ 3 Kariera (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts) The Sims™ 3 Nie z tego świata (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts) The Sims™ 3 Nowoczesny apartament Akcesoria (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts) The Sims™ 3 Po zmroku (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts) The Sims™ 3 Pokolenia (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts) The Sims™ 3 Szybka jazda Akcesoria (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts) The Sims™ 3 Wymarzone Podróże (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.17.2 - Electronic Arts) The Sims™ 3 Zostań gwiazdą (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts) The Sims™ 3 Zwierzaki (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.671.10 - Electronic Arts Inc.) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1206 - Lenovo) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation) WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-421937301-649035308-745041611-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Marta\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) ==================== Restore Points ========================= 06-09-2014 14:50:47 Usunięto: Microsoft Office 2010 06-09-2014 14:53:46 Usunięto: Microsoft Visual C++ 2005 Redistributable 06-09-2014 15:07:45 Usunięto: Microsoft Visual C++ 2005 Redistributable 06-09-2014 15:12:30 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 06-09-2014 15:28:33 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 06-09-2014 15:29:44 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 08-09-2014 15:12:35 Windows Update 08-09-2014 15:13:18 Kopia zapasowa systemu Windows 10-09-2014 16:56:56 Windows Update 10-09-2014 19:05:32 Malwarebytes Anti-Rootkit Restore Point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {109A3A62-5B17-4C9F-B18B-EFCB5E7AC721} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-421937301-649035308-745041611-1001Core => C:\Users\Marta\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-25] (Facebook Inc.) Task: {21DC0DAB-99F6-4312-9C76-8FF337D66529} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13] (Google Inc.) Task: {3EEBBF52-564D-46D4-B3C0-D111EBA38BBB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {832E0C0B-7734-42BB-B0AF-0A11742F82AD} - System32\Tasks\{533D9083-8BB5-46EC-BFB9-3F5865D066C0} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/pl/abandoninstall?page=tsMain Task: {8781D797-6E4E-498D-A0E0-744967BCA12C} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\windows\SysWOW64\FlashPlayerUpdateService.exe Task: {A03E687A-75A8-4BDD-9B07-557EDD7AA2DA} - System32\Tasks\{A5340A00-98D1-4ED3-B2D9-64B71EDA13F8} => C:\Program Files (x86)\Gadu-Gadu 10\gg.exe Task: {A587E0F8-C0C9-41DC-BEBB-C48381A46206} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink) Task: {AF5889AC-14BF-4B68-834C-BEB89FE9A31C} - System32\Tasks\{45460307-19EB-434A-B856-8535E60CCB6F} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.10.0.116.259&LastError=12002 Task: {BE7AB697-9BC3-455F-96E8-5B3FACADF81F} - System32\Tasks\{6566F171-A3DE-4FFE-8274-E4CEF8D0404D} => C:\Program Files (x86)\Gadu-Gadu 10\gg.exe Task: {BECBD2A3-B77E-4B8D-A51F-B0B33FCB970D} - System32\Tasks\AdobeFlashPlayerUpdate => C:\windows\SysWOW64\FlashPlayerUpdateService.exe Task: {E02119EC-B934-4D16-A104-5E449D77C1EF} - System32\Tasks\{61DEDE7E-08A6-4263-83D6-0797D02B3DAE} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.8.0.158&LastError=12002 Task: {F1548E3F-88C9-4C9A-A189-532A3F3153C6} - System32\Tasks\{2D95EF76-82BA-4F55-A4DA-F252E03DF736} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.3.0.105&LastError=12002 Task: {FB2CBEDD-F87C-4440-A933-3F4B40572D2E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-421937301-649035308-745041611-1001UA => C:\Users\Marta\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-25] (Facebook Inc.) Task: {FCFC96C7-1E23-48A4-A59A-F5B292113A80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13] (Google Inc.) Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-421937301-649035308-745041611-1001Core.job => C:\Users\Marta\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-421937301-649035308-745041611-1001UA.job => C:\Users\Marta\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-11-02 14:58 - 2010-11-02 14:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2013-04-02 14:03 - 2011-10-04 22:43 - 00087552 _____ () C:\windows\System32\custmon64i.dll 2010-11-11 12:42 - 2010-11-11 12:42 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll 2010-11-11 12:44 - 2010-11-11 12:44 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll 2011-10-13 18:35 - 2011-10-13 18:35 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll 2011-02-15 14:26 - 2011-02-15 14:26 - 00205088 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll 2012-02-27 17:17 - 2012-02-17 21:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2011-10-13 18:35 - 2011-10-13 18:35 - 00622592 _____ () C:\windows\system32\SimpleExt.dll 2013-08-31 08:42 - 2013-08-31 08:42 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe 2011-04-14 05:01 - 2011-03-25 11:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2010-11-02 14:58 - 2010-11-02 14:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2008-12-20 05:20 - 2011-10-13 18:52 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2008-12-20 05:20 - 2011-10-13 18:52 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2011-10-13 18:38 - 2011-10-13 18:38 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe 2012-09-10 17:19 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe 2010-11-11 12:38 - 2010-11-11 12:38 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll 2010-11-11 12:39 - 2010-11-11 12:39 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll 2012-09-10 17:19 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll 2012-09-10 17:19 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll 2011-10-13 18:35 - 2011-10-13 18:35 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01381089.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\10667509.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\23180710.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67429634.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78736736.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01381089.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\10667509.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\23180710.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67429634.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78736736.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Realtek PCIe FE Family Controller Description: Realtek PCIe FE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/10/2014 09:11:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: ZARZĄDZANIE NT) Description: System Windows nie może usunąć katalogu profilów C:\Users\TEMP.Marta-Komputer.002. Przyczyną błędu może być to, że pliki w tym katalogu są używane przez inny program. SZCZEGÓŁY — Katalog nie jest pusty. Error: (09/10/2014 09:08:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2014 09:05:32 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury ConvertStringSidToSid(S-1-5-21-421937301-649035308-745041611-1000.bak). hr = 0x80070539, Struktura identyfikatora zabezpieczenia jest nieprawidłowa. . Operacja: Zdarzenie OnIdentify Zbieranie danych modułu zapisującego Kontekst: Kontekst wykonywania: Shadow Copy Optimization Writer Identyfikator klasy modułu zapisującego: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nazwa modułu zapisującego: Shadow Copy Optimization Writer Identyfikator wystąpienia modułu zapisującego: {81773ff2-23ce-4b3f-9386-bb01b6f18148} Error: (09/10/2014 08:23:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Marta-Komputer) Description: System Windows nie może znaleźć profilu lokalnego i loguje użytkownika przy użyciu profilu tymczasowego. Zmiany wprowadzone w profilu zostaną utracone po wylogowaniu. Error: (09/10/2014 08:23:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Marta-Komputer) Description: System Windows wykonał kopię zapasową tego profilu użytkownika. System Windows automatycznie spróbuje użyć profilu z kopii zapasowej przy następnym logowaniu tego użytkownika. Error: (09/10/2014 08:23:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Marta-Komputer) Description: System Windows nie może załadować profilu przechowywanego lokalnie. Przyczyną błędu może być brak wystarczających praw zabezpieczeń lub uszkodzony profil lokalny. SZCZEGÓŁY - Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. Error: (09/10/2014 08:23:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: ZARZĄDZANIE NT) Description: System Windows nie może załadować rejestru. Częstą przyczyną tego problemu jest za mała ilość pamięci lub brak wystarczających praw zabezpieczeń. SZCZEGÓŁY - Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. for C:\Users\UpdatusUser\ntuser.dat Error: (09/10/2014 08:23:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: ZARZĄDZANIE NT) Description: System Windows nie może usunąć katalogu profilów C:\Users\TEMP.Marta-Komputer.001. Przyczyną błędu może być to, że pliki w tym katalogu są używane przez inny program. SZCZEGÓŁY — Katalog nie jest pusty. Error: (09/10/2014 08:20:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2014 08:18:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Marta-Komputer) Description: System Windows nie może znaleźć profilu lokalnego i loguje użytkownika przy użyciu profilu tymczasowego. Zmiany wprowadzone w profilu zostaną utracone po wylogowaniu. System errors: ============= Error: (09/10/2014 08:00:41 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error: (09/10/2014 08:00:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (09/10/2014 08:00:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Usługa Windows Search zakończyła działanie; wystąpił specyficzny dla niej błąd %%-1073473535. Error: (09/10/2014 07:57:48 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/08/2014 05:15:40 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {51FA2736-5DEE-11D4-98E8-006008BF430C} Error: (09/08/2014 05:15:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: ZARZĄDZANIE NT) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80070643: Aktualizacja zabezpieczeń pakietu redystrybucyjnego programu Microsoft Visual C++ 2008 z dodatkiem Service Pack 1 (KB2538243). Error: (09/07/2014 07:08:49 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (09/07/2014 06:06:51 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (09/07/2014 05:46:28 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (09/07/2014 05:02:36 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Microsoft Office Sessions: ========================= Error: (09/10/2014 09:11:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: ZARZĄDZANIE NT) Description: C:\Users\TEMP.Marta-Komputer.002Katalog nie jest pusty. Error: (09/10/2014 09:08:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2014 09:05:32 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-21-421937301-649035308-745041611-1000.bak)0x80070539, Struktura identyfikatora zabezpieczenia jest nieprawidłowa. Operacja: Zdarzenie OnIdentify Zbieranie danych modułu zapisującego Kontekst: Kontekst wykonywania: Shadow Copy Optimization Writer Identyfikator klasy modułu zapisującego: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nazwa modułu zapisującego: Shadow Copy Optimization Writer Identyfikator wystąpienia modułu zapisującego: {81773ff2-23ce-4b3f-9386-bb01b6f18148} Error: (09/10/2014 08:23:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Marta-Komputer) Description: Error: (09/10/2014 08:23:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Marta-Komputer) Description: Error: (09/10/2014 08:23:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Marta-Komputer) Description: Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. Error: (09/10/2014 08:23:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: ZARZĄDZANIE NT) Description: Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. C:\Users\UpdatusUser\ntuser.dat Error: (09/10/2014 08:23:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: ZARZĄDZANIE NT) Description: C:\Users\TEMP.Marta-Komputer.001Katalog nie jest pusty. Error: (09/10/2014 08:20:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2014 08:18:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Marta-Komputer) Description: ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz Percentage of memory in use: 22% Total physical RAM: 8106.17 MB Available physical RAM: 6291.14 MB Total Pagefile: 16210.52 MB Available Pagefile: 13992.9 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:654.69 GB) (Free:502.48 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:0 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A67A77D1) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=654.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=14.7 GB) - (Type=12) ==================== End Of Log ============================