Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-10-2015 Ran by tomicher (2015-10-16 23:46:44) Running from C:\Users\tomicher\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2015-06-09 13:38:26) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4200013936-444429621-2781623297-500 - Administrator - Disabled) Guest (S-1-5-21-4200013936-444429621-2781623297-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4200013936-444429621-2781623297-1002 - Limited - Enabled) tomicher (S-1-5-21-4200013936-444429621-2781623297-1000 - Administrator - Enabled) => C:\Users\tomicher ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4200013936-444429621-2781623297-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.) 3nity CD DVD Burner version 3.4.0.28 (HKLM-x32\...\{49310D8B-AF88-4212-B745-4A05BA4B3988}_is1) (Version: 3.4.0.28 - 3nity Softwares) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.207 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated) Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated) Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated) Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) bl (x32 Version: 1.0.0 - Your Company Name) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CEWE Fotoswiat (HKLM-x32\...\CEWE Fotoswiat) (Version: 5.1.8 - CEWE Stiftung u Co. KGaA) DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd) DiMAGE Scan ver 1.1 (HKLM-x32\...\{AFB2133B-BCEE-49E5-AB1D-F54E7798D533}) (Version: - ) DNG Converter version 1.0 (HKLM-x32\...\{EB55CE72-00A0-4DCC-ADB4-970BFBE24A45}_is1) (Version: 1.0 - dngconverter.com) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson User's Guide EPSON Perfection V700 Photo (HKLM-x32\...\EPSON Perfection V700 Photo Useg) (Version: - ) Fliqlo Screen Saver (HKLM-x32\...\Fliqlo) (Version: - ) foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski) i1Profiler (HKLM-x32\...\i1Profiler_is1) (Version: 1.6.1 - X-Rite) iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - ) Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm) Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}) (Version: 11.4.0 - Red Giant Software) Magic Bullet Suite 64-bit (Version: 11.4.0 - Red Giant Software) Hidden Magic Mouse Utilities version 1.1 (HKLM-x32\...\{F659CE9D-CA4B-43AA-8C32-D523CD955494}_is1) (Version: 1.1 - AnimGraph) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Camera Codec Pack (HKLM\...\{7C19409A-4C5A-49E9-B601-07383E4B6E37}) (Version: 6.3.9723.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 41.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 pl)) (Version: 41.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (HKLM\...\{90150000-001F-0415-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Nero BurningROM 2015 (HKLM-x32\...\{7DEF9F2B-97EE-432E-91D9-FF39816B29D6}) (Version: 16.0.02700 - Nero AG) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1007 - Nero AG) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden ph (x32 Version: 1.0.0 - Your Company Name) Hidden Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Daum Kakao Corp.) Prerequisite installer (x32 Version: 16.0.0004 - Nero AG) Hidden QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) Silver Efex Pro 2 (HKLM-x32\...\Silver Efex Pro 2) (Version: 2.0.0.0 - Nik Software, Inc.) SilverFast 8.0.1r16 (64bit) (HKLM-x32\...\SilverFast 8 x64) (Version: 8.0.1r16 - LaserSoft Imaging AG) Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-4200013936-444429621-2781623297-1000\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB) Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft) Vector Magic (HKLM-x32\...\Vector Magic) (Version: 1.14 - Vector Magic, Inc.) VueScan x64 (HKLM\...\VueScan x64) (Version: - ) Windows Driver Package - Apple Inc. Apple Wireless Mouse (04/12/2010 3.1.0.0) (HKLM\...\472107EF594AC9CEB5B41781BDA301442D69A0AB) (Version: 04/12/2010 3.1.0.0 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.) Windows Vista - 7 - 8 - 8.1 KMS Activator Ultimate 2014 v1.9 (HKLM\...\Windows Vista - 7 - 8 - 8.1 KMS Activator Ultima~F01B7ED7_is1) (Version: v1.9 - ) WinRAR 5.21 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) X-Rite Device Services Manager (HKLM-x32\...\{36E19D34-6BA7-4BD1-B5CB-7B0DA85713C4}) (Version: 2.3.101 - X-Rite) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 15-10-2015 22:30:21 Windows Update 15-10-2015 23:13:23 Usunięto pliki kopii zapasowej dodatku Service Pack ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-09-15 18:36 - 00000968 ____A C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 stats.hamrick.com static.hamrick.com www.hamrick.com 0.0.0.0 pubads.g.doubleclick.net 0.0.0.0 securepubads.g.doubleclick.net There are 1 more lines. ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08DE32E4-32BD-40CE-B183-2902A7E3E364} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {0CEFE13E-052F-4CF9-BA8C-B8429A7A4DB9} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2015-03-05] (X-Rite Inc.) Task: {0ECD02C3-AC08-415F-9182-DFB9A8E6EA0F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-09] (Dropbox, Inc.) Task: {28E4D532-91B7-4B19-B5B9-9CFE34F4D51A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {38646570-B456-4BBA-ABB4-302F327151BC} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-06-10] () Task: {5C48BEFB-9BF8-48EA-B4F2-35F25F06AAFB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-14] (Adobe Systems Incorporated) Task: {6F67AC0E-2EED-49BD-B660-C11EDF37E8DC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-09] (Dropbox, Inc.) Task: {8D74E59C-841A-4E6E-BB18-A6C9969C0154} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated) Task: {A6DB0C11-BF37-4DDE-996F-ADF9D3FB23CC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {C2174B92-28FD-49A6-9C7F-FD327370AC13} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-03-04] (Nero AG) Task: {C89E6D1A-A4AF-4C29-9A97-903DD764BDB5} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] () Task: {DAB0ACD0-76E7-43FC-BA0C-501777499459} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {EBC86037-A022-47AD-A23D-B5A158E638BC} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation) Task: {F6517F2F-4C90-41C3-BFE4-8F4B27BABBA4} - System32\Tasks\{36E19D34-6BA7-4BD1-B5CB-7B0DA85713C4} => C:\Users\tomicher\AppData\Local\Temp\is-RBU16.tmp\XRD Manager.exe <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe Task: C:\Windows\Tasks\{36E19D34-6BA7-4BD1-B5CB-7B0DA85713C4}.job => C:\Users\tomicher\AppData\Local\Temp\is-RBU16.tmp\XRD Manager.exeȈ/exenoupdates /exelang 0 /noprereqs /qr AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE B:\ AI_PREREQFILES=C:\Users\tomicher\AppData\Local\Temp\{36E19D34-6BA7-4BD1-B5CB-7B0DA85713C4}\drivers64.msi AI_PREREQDIRS=C:\Users\tomicher\AppData\Local\Temp AI_SETUPEXEPATH=C:\Users\tomicher\AppData\Local\Temp\is-RBU16.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\tomicher\AppData\Local\Temp\is-RBU16.tmp <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2015-09-23 16:39 - 2012-09-18 15:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll 2015-09-23 16:39 - 2012-09-18 15:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll 2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-06-23 16:06 - 2014-06-23 16:06 - 01588224 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll 2014-06-23 16:06 - 2014-06-23 16:06 - 02633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll 2015-10-16 21:21 - 2015-10-16 21:21 - 00071168 _____ () c:\users\tomicher\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5n20rj.dll 2015-06-09 23:51 - 2015-09-24 01:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-06-09 23:51 - 2015-09-24 01:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-07-30 23:10 - 2015-09-24 01:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-06-09 23:51 - 2015-09-24 01:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll 2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-06-09 17:45 - 2015-10-16 21:21 - 50678592 _____ () C:\Users\tomicher\AppData\Roaming\Spotify\libcef.dll 2015-06-09 17:45 - 2015-10-16 21:21 - 01880896 _____ () C:\Users\tomicher\AppData\Roaming\Spotify\libglesv2.dll 2015-06-09 17:45 - 2015-10-16 21:21 - 00081216 _____ () C:\Users\tomicher\AppData\Roaming\Spotify\libegl.dll 2015-10-14 03:16 - 2015-10-14 03:16 - 17599688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\Users\tomicher\Local Settings:zhhH3GwtGql4nb023w AlternateDataStreams: C:\Users\tomicher\Desktop\2x3-3.jpg:com.dropbox.attributes AlternateDataStreams: C:\Users\tomicher\Desktop\itf-12.jpg:com.dropbox.attributes AlternateDataStreams: C:\Users\tomicher\Desktop\itf-20.jpg:com.dropbox.attributes AlternateDataStreams: C:\Users\tomicher\AppData\Local:zhhH3GwtGql4nb023w AlternateDataStreams: C:\Users\tomicher\AppData\Local\Application Data:zhhH3GwtGql4nb023w AlternateDataStreams: C:\Users\tomicher\AppData\Local\Temporary Internet Files:ZwIF55s4FoSaLBgyRBV62vD0 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-4200013936-444429621-2781623297-1000\...\skype.com -> hxxps://apps.skype.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4200013936-444429621-2781623297-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\tomicher\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{CBE0FEFE-2D1A-412F-ABA4-2120C200F3C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AFE29DC9-596D-4A68-9194-887548B90008}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E34727AF-CD92-4C90-938D-6A13D3272000}] => (Allow) C:\Users\tomicher\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5489C644-B840-4C99-86F4-34EBE7205683}] => (Allow) C:\Users\tomicher\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{76BE6A35-5EAA-4829-B0BB-9E5E7EE777F5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{11256C6E-ECBF-4EF4-A807-3F9D8212872A}C:\users\tomicher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomicher\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{E601FA17-8182-4B2D-94FB-4C57228C01C8}C:\users\tomicher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomicher\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{EC33D487-4E49-4D80-A9E8-526CC2F7E811}C:\users\tomicher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomicher\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{ACAB34FD-4838-46AF-B0C2-D5E7E42229A7}C:\users\tomicher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomicher\appdata\roaming\spotify\spotify.exe FirewallRules: [{B6A78008-24F9-4A2C-AC1D-1AF27B60A9B3}] => (Allow) C:\Windows.BackUp\asapvcm.exe FirewallRules: [{FF47373A-E6F7-4A78-8D7E-6B5DE237542B}] => (Allow) C:\Windows.BackUp\asapvcm.exe FirewallRules: [{42464C50-215A-47FE-8F71-37871C21BCA2}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{ABB9AFC6-CF9C-487A-8ED2-8BCC08DC75FD}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [TCP Query User{1847BCD5-508F-4BAE-A43E-BBB8C0D7B736}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{904DFA8A-EBBB-4653-833B-E80A0DB63182}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{D7E2BB6F-CE67-431E-B7CE-0960A3EFFDF3}] => (Allow) LPort=5454 FirewallRules: [{CF506E64-85F1-44A0-B4B7-28B1AA500658}] => (Allow) C:\Windows\system32\hasplms.exe FirewallRules: [TCP Query User{3B851B9E-4B55-43FE-8DB1-FFA6FD4EFB44}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{0F54DA7C-52EC-4924-8213-796891A6086F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{488A4883-FEB7-4B13-9D1C-795178C96912}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe FirewallRules: [UDP Query User{5E76BC27-EFDC-4503-8221-8531E9FDA042}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe FirewallRules: [{032C7F48-24A5-4090-A09A-01FA6A07ACE6}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe FirewallRules: [{23F49A66-A13A-4C1D-9E5E-A14DE4C9907F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe FirewallRules: [{5C6D4CBB-1734-4275-BE03-8E15140016DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7FA3FF73-BE6C-4020-A30C-BE15F0593A0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7B2CFA31-8C3D-46FC-A301-9E088CFF3DD7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{57E69F92-98B6-4508-9123-1660380A8FA0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{08FD678E-D27D-454B-9394-DAB623AA581B}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{852D68C3-3162-457A-9C89-AF6D0547EA7D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/16/2015 09:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (10/16/2015 09:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (10/16/2015 09:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (10/16/2015 08:53:13 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program firefox.exe w wersji 41.0.1.5750 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 530 Godzina rozpoczęcia: 01d10838c59f72f7 Godzina zakończenia: 28 Ścieżka aplikacji: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Identyfikator raportu: ed30a8c2-7436-11e5-a5d5-001986000a4b Error: (10/16/2015 08:53:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 41.0.1.5750, sygnatura czasowa: 0x560b37be Nazwa modułu powodującego błąd: mozglue.dll, wersja: 41.0.1.5750, sygnatura czasowa: 0x560b229d Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x0000ec7f Identyfikator procesu powodującego błąd: 0x172c Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0 Ścieżka aplikacji powodującej błąd: plugin-container.exe1 Ścieżka modułu powodującego błąd: plugin-container.exe2 Identyfikator raportu: plugin-container.exe3 Error: (10/16/2015 07:18:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (10/16/2015 07:18:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (10/16/2015 07:18:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (10/16/2015 02:22:34 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (10/16/2015 02:22:34 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. System errors: ============= Error: (10/16/2015 09:41:45 PM) (Source: cdrom) (EventID: 15) (User: ) Description: Urządzenie \Device\CdRom0 nie jest jeszcze przygotowane do dostępu. Error: (10/16/2015 09:41:45 PM) (Source: atapi) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort3. Error: (10/16/2015 09:41:44 PM) (Source: cdrom) (EventID: 15) (User: ) Description: Urządzenie \Device\CdRom0 nie jest jeszcze przygotowane do dostępu. Error: (10/16/2015 09:41:43 PM) (Source: cdrom) (EventID: 15) (User: ) Description: Urządzenie \Device\CdRom0 nie jest jeszcze przygotowane do dostępu. Error: (10/16/2015 09:41:42 PM) (Source: cdrom) (EventID: 15) (User: ) Description: Urządzenie \Device\CdRom0 nie jest jeszcze przygotowane do dostępu. Error: (10/16/2015 09:41:41 PM) (Source: cdrom) (EventID: 15) (User: ) Description: Urządzenie \Device\CdRom0 nie jest jeszcze przygotowane do dostępu. Error: (10/16/2015 09:41:11 PM) (Source: cdrom) (EventID: 15) (User: ) Description: Urządzenie \Device\CdRom0 nie jest jeszcze przygotowane do dostępu. Error: (10/16/2015 09:40:53 PM) (Source: cdrom) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error: (10/16/2015 09:40:51 PM) (Source: cdrom) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error: (10/16/2015 09:20:31 PM) (Source: atapi) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort2. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz Percentage of memory in use: 42% Total physical RAM: 7158.12 MB Available physical RAM: 4129.29 MB Total Virtual: 14314.44 MB Available Virtual: 10621.42 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:111.69 GB) (Free:23.86 GB) NTFS Drive d: (Data) (Fixed) (Total:1863.01 GB) (Free:83.77 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 7DB60B98) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 65B06DB3) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================