Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015 Ran by admin at 2015-01-24 00:07:52 Running from C:\Users\admin\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.106.303.203 - ALPS ELECTRIC CO., LTD.) Angry Birds (HKLM-x32\...\{569702D6-2583-4CE1-AB67-404F69428D7B}) (Version: 4.0.0 - Rovio Entertainment Ltd.) Angry Birds Breakfast 1 (HKLM-x32\...\{DE5BE262-C5E7-49B2-A673-56A3E2522F06}) (Version: 1.0.16 - Rovio Entertainment Ltd.) Angry Birds Breakfast 2 (HKLM-x32\...\{89FD4D6C-E280-4D6E-B96D-64882F5AD199}) (Version: 1.0.16 - Rovio Entertainment Ltd.) Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros) ATI Catalyst Install Manager (HKLM\...\{45B03368-05C2-705A-9A94-C7BE80FC45F7}) (Version: 3.0.804.0 - ATI Technologies, Inc.) Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.06(T) - TOSHIBA CORPORATION) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon iP4900 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series) (Version: - ) ccc-core-static (x32 Version: 2011.0302.1046.19259 - Nazwa firmy) Hidden Cyfrowy Polsat MF821 (HKLM-x32\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: PCW_PLSPOLLV1.0.0B10 - ZTE Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Doomsday Racers (HKLM-x32\...\Doomsday Racers/PL-Polish_is1) (Version: - City Interactive) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation) Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Generator Wniosków Aplikacyjnych Edytor (HKLM-x32\...\{6CF15902-1AF7-4E07-AFE2-45A802F6C9B8}) (Version: 8.6.4 - JCommerce) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Go Kart Rally (HKLM-x32\...\Go Kart Rally/PL-Polish_is1) (Version: - City Interactive) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) IsoBuster 3.1 (HKLM-x32\...\IsoBuster_is1) (Version: 3.1 - Smart Projects) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET 2.0 AJAX Extensions 1.0 (HKLM-x32\...\{082BDF7B-4810-4599-BF0D-E3AC44EC8524}) (Version: 1.0.61025 - Microsoft Corporation) Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 35.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 pl)) (Version: 35.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MPC-HC 1.7.1 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Obsługa programów Apple (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation) Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Program TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.8 - TOSHIBA Corporation) RC Toy Machines (HKLM-x32\...\RC Toy Machines/PL-Polish_is1) (Version: - City Interactive) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6121 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6293 - Realtek Semiconductor Corp.) RedApp 1.0 (HKLM-x32\...\RedApp) (Version: 1.0 - Redefine Sp z o.o.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.1 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.1 - Renesas Electronics Corporation) Hidden RICOH Media Driver v2.13.17.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.17.01 - RICOH) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) TOSHIBA 180 Degrees Rotation Utility (HKLM-x32\...\{FEDFB4DC-E149-4897-B616-4811C718E54F}) (Version: 1.4.0 - TOSHIBA Corporation) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation) TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.9 for x64 - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM\...\{6FF9A012-0254-41E9-81E2-F538C4B53611}) (Version: 1.3.2.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation) TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.1.13 - TOSHIBA Corporation) TOSHIBA Intelligent Display Management (HKLM\...\{636E2BA9-126F-493D-A033-343C145AAD87}) (Version: 1.0.3.0 - TOSHIBA Corporation) Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA) TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION) TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.7.64 - TOSHIBA Corporation) TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.0.2.4 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.18.64 - TOSHIBA Corporation) TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation) TOSHIBA Sync Utility (HKLM-x32\...\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}) (Version: 2.0.3060 - TOSHIBA Corporation) TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.10.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 1.1.7.1 - TOSHIBA Corporation) TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION) Turbo Trucks (HKLM-x32\...\Turbo Trucks/PL-Polish_is1) (Version: - City Interactive) VueScan x64 (HKLM\...\VueScan x64) (Version: - ) White Van Racer (HKLM-x32\...\White Van Racer/PL-Polish_is1) (Version: - City Interactive) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 4.20 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Wuala (HKU\S-1-5-21-55905330-288421562-568435219-1000\...\Wuala) (Version: 1.0.444.0 - LaCie) ZTE LTE Device USB Driver (HKLM\...\{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}) (Version: - ZTE Corporation) Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation) Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-55905330-288421562-568435219-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA) CustomCLSID: HKU\S-1-5-21-55905330-288421562-568435219-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-55905330-288421562-568435219-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 09-01-2015 09:24:20 Zaplanowany punkt kontrolny 14-01-2015 10:52:24 SPTD setup V1.86 14-01-2015 11:20:28 Instalacja pakietu sterownika urządzenia: DT Soft Ltd Urządzenia systemowe 14-01-2015 11:21:24 Instalacja pakietu sterownika urządzenia: DT Soft Ltd Urządzenia systemowe 14-01-2015 11:25:29 Instalacja pakietu sterownika urządzenia: DT Soft Ltd Urządzenia systemowe 19-01-2015 19:42:36 Windows Update 19-01-2015 22:42:26 Removed Nero BackItUp 10. 19-01-2015 22:44:34 Removed Nero BurnRights 10. 19-01-2015 22:45:42 Removed Nero Express 10. 19-01-2015 22:46:32 Removed Nero InfoTool 10. 19-01-2015 22:50:43 Removed Nero Multimedia Suite 10 Essentials. 19-01-2015 22:51:45 Removed Nero Multimedia Suite 10 Essentials. 19-01-2015 23:16:05 SPTD setup V1.86 20-01-2015 09:56:33 Removed Nero BackItUp 10. 20-01-2015 09:57:26 Removed Nero BurnRights 10. 20-01-2015 09:57:46 Removed Nero Express 10. 20-01-2015 10:00:02 Removed Nero InfoTool 10. 20-01-2015 10:00:18 Removed Nero Kwik Media. 20-01-2015 10:01:16 Removed Nero Multimedia Suite 10 Essentials. 23-01-2015 21:22:08 Windows Update 23-01-2015 22:08:47 Windows Update 23-01-2015 22:42:28 Restore Point Created by FRST 23-01-2015 23:13:20 Removed Adobe Reader X (10.1.13) MUI. 23-01-2015 23:16:03 Removed Java(TM) 6 Update 20 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0F8B3D75-D341-4868-92CA-220A734BD440} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION) Task: {477AA517-F68C-4394-AE6A-20E3DA2732C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: {9A7EB1A0-DAF1-4832-BE88-02F62EB7B061} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-55905330-288421562-568435219-1000Core => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.) Task: {B4F2DBC4-E949-4A41-A77E-9357475BE5BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-55905330-288421562-568435219-1000UA => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.) Task: {E47A93CF-0BC8-4C71-9DC7-E9BF2DB2A32F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: {ED683624-14AF-4EAE-BEE8-6DA0D83E3C32} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55905330-288421562-568435219-1000Core.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55905330-288421562-568435219-1000UA.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-11-18 16:18 - 2010-11-18 16:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2010-12-15 14:19 - 2010-12-15 14:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll 2011-03-03 22:21 - 2011-03-03 22:21 - 03420584 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll 2014-11-15 21:12 - 2012-03-26 09:37 - 00073488 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\CancelAutoPlay.exe 2011-08-08 17:57 - 2011-02-18 13:08 - 00564600 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\pl\Humphrey.resources.dll 2014-11-15 21:12 - 2012-03-26 09:37 - 00031504 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\zLoggingDaemon.exe 2014-11-15 21:12 - 2012-03-26 09:37 - 00029968 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\Cyfrowy Polsat MF821.exe 2011-08-08 18:26 - 2011-04-21 09:58 - 00013184 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\pl\TosDILangPack.resources.dll 2011-08-08 18:26 - 2011-04-21 09:57 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll 2011-03-02 09:45 - 2011-03-02 09:45 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-10-19 13:15 - 2010-10-19 13:15 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-12-08 14:42 - 2010-12-08 14:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf 2014-11-15 21:12 - 2011-04-12 11:53 - 00043520 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\_socket.pyd 2014-11-15 21:12 - 2010-11-27 11:31 - 00721920 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\_ssl.pyd 2014-11-15 21:12 - 2011-04-12 11:54 - 00010240 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\select.pyd 2014-11-15 21:12 - 2010-05-14 11:19 - 00981504 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\wx._core_.pyd 2014-11-15 21:12 - 2010-05-14 11:19 - 00746496 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\wx._gdi_.pyd 2014-11-15 21:12 - 2010-05-14 11:20 - 00670720 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\wx._windows_.pyd 2014-11-15 21:12 - 2010-05-14 11:20 - 00966144 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\wx._controls_.pyd 2014-11-15 21:12 - 2010-05-14 11:21 - 00674816 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\wx._misc_.pyd 2014-11-15 21:12 - 2010-05-14 11:22 - 00467456 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\wx._aui.pyd 2014-11-15 21:12 - 2010-05-14 11:21 - 00395776 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\wx._grid.pyd 2014-11-15 21:12 - 2010-05-14 11:22 - 00346112 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\wx._html.pyd 2014-11-15 21:12 - 2010-05-14 11:22 - 00073216 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\wx._animate.pyd 2014-11-15 21:12 - 2010-05-14 11:22 - 00065024 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\wx._media.pyd 2014-11-15 21:12 - 2011-02-26 19:00 - 00096768 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\win32api.pyd 2014-11-15 21:12 - 2011-02-27 17:13 - 00110080 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\pywintypes27.dll 2014-11-15 21:12 - 2011-04-12 11:54 - 00087040 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\_ctypes.pyd 2014-11-15 21:12 - 2011-02-26 19:02 - 00354304 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\pythoncom27.dll 2014-11-15 21:12 - 2011-02-26 18:59 - 00017408 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\win32event.pyd 2014-11-15 21:12 - 2011-02-26 19:00 - 00023552 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\win32pipe.pyd 2014-11-15 21:12 - 2011-02-26 18:59 - 00112128 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\win32file.pyd 2014-11-15 21:12 - 2010-11-27 11:31 - 00057344 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\_sqlite3.pyd 2014-11-15 21:12 - 2010-11-27 11:31 - 00635392 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\sqlite3.dll 2014-11-15 21:12 - 2011-04-12 11:54 - 00126976 _____ () C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\pyexpat.pyd ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00824150.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\10881240.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24602589.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00824150.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\10881240.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24602589.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== admin (S-1-5-21-55905330-288421562-568435219-1000 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-55905330-288421562-568435219-500 - Administrator - Disabled) Gość (S-1-5-21-55905330-288421562-568435219-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-55905330-288421562-568435219-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Plustek Scanner Description: Plustek Scanner Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Hamrick Software Service: usbscan Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/23/2015 11:09:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 10:45:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 10:42:27 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {47864731-21c7-45dd-ade9-d659832bf33a} Error: (01/23/2015 10:32:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 09:07:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 08:38:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 08:08:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 06:28:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 11:03:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: BB08.tmp, wersja: 8.0.1.0, sygnatura czasowa: 0x54c21309 Nazwa modułu powodującego błąd: kernel32.dll, wersja: 6.1.7601.18409, sygnatura czasowa: 0x53159a85 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00092649 Identyfikator procesu powodującego błąd: 0xff8 Godzina uruchomienia aplikacji powodującej błąd: 0xBB08.tmp0 Ścieżka aplikacji powodującej błąd: BB08.tmp1 Ścieżka modułu powodującego błąd: BB08.tmp2 Identyfikator raportu: BB08.tmp3 Error: (01/23/2015 07:53:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (01/23/2015 11:10:03 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (01/23/2015 10:43:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT) Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN. Ścieżka modułu: C:\windows\system32\athihvs.dll Error: (01/23/2015 10:43:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT) Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN. Ścieżka modułu: C:\windows\system32\athihvs.dll Error: (01/23/2015 10:43:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Bufor wydruku z powodu następującego błędu: %%1069 Error: (01/23/2015 10:43:23 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Usługa Spooler nie może zalogować się jako NT AUTHORITY\SYSTEM za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu: %%50 Aby upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w programie Microsoft Management Console (MMC). Error: (01/23/2015 10:43:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT) Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN. Ścieżka modułu: C:\windows\system32\athihvs.dll Error: (01/23/2015 10:42:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error: (01/23/2015 10:42:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (01/23/2015 10:42:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa TOSHIBA HDD SSD Alert Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (01/23/2015 10:42:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa TPCH Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Microsoft Office Sessions: ========================= Error: (01/23/2015 11:09:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 10:45:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 10:42:27 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Odmowa dostępu. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {47864731-21c7-45dd-ade9-d659832bf33a} Error: (01/23/2015 10:32:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 09:07:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 08:38:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 08:08:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 06:28:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 11:03:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: BB08.tmp8.0.1.054c21309kernel32.dll6.1.7601.1840953159a85c000000500092649ff801d036f3c56b9a09C:\Users\admin\AppData\Local\Temp\Low\BB08.tmpC:\windows\syswow64\kernel32.dll03c23039-a2e7-11e4-a50e-e8e0b7c1c956 Error: (01/23/2015 07:53:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-12-12 14:49:54.080 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\16f14ce.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-12 14:49:54.024 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\16f14ce.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Percentage of memory in use: 44% Total physical RAM: 4069.43 MB Available physical RAM: 2244.96 MB Total Pagefile: 8137.04 MB Available Pagefile: 6026.09 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (TI30811000A) (Fixed) (Total:282.31 GB) (Free:179.74 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: CA0F8722) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=282.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14.3 GB) - (Type=17) ==================== End Of Log ============================