Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01 Ran by Wioleta (2015-08-16 14:04:38) Running from C:\Users\Wioleta\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3281234712-2478978767-3473656501-500 - Administrator - Disabled) Gość (S-1-5-21-3281234712-2478978767-3473656501-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3281234712-2478978767-3473656501-1005 - Limited - Enabled) Wioleta (S-1-5-21-3281234712-2478978767-3473656501-1001 - Administrator - Enabled) => C:\Users\Wioleta ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 8.0 (Disabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET NOD32 Antivirus 8.0 (Disabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version: - Microsoft) AMD Catalyst Install Manager (HKLM\...\{403A4E7A-D239-04D8-6A3D-31DD203C018D}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks) AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - ) Audioteka (HKLM-x32\...\{39E05A7B-FFD8-41A8-8250-1C681F250573}) (Version: 1.1.8 - Audioteka.pl) CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.) Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.) ESET NOD32 Antivirus (HKLM\...\{C8566CCF-0795-4652-9665-42241B1EF38D}) (Version: 8.0.304.2 - ESET, spol s r. o.) Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Galeria fotografii (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team) Google Chrome (HKU\S-1-5-21-3281234712-2478978767-3473656501-1001\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.) Help Desk (HKLM\...\{3D85CD3F-00E0-4E14-82D6-1F9397DDD09B}) (Version: 1.0.8 - Samsung Electronics CO., LTD.) HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation) HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 365 - pl-pl (HKLM\...\O365HomePremRetail - pl-pl) (Version: 15.0.4737.1003 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-3281234712-2478978767-3473656501-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.216 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.) Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.7.2 - Samsung Electronics CO., LTD.) S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) Support Center (HKLM\...\{843A1BDC-0879-4E5B-83E1-B81CC0CF3580}) (Version: 2.1.1201 - Samsung Electronics CO., LTD.) Support Center FAQ (x32 Version: 1.0.6 - Samsung Electronics CO., LTD.) Hidden SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.11.1 - Synaptics Incorporated) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) User Guide (HKLM-x32\...\{C7588111-1A12-4EFE-8CA0-DA4344480D92}) (Version: 1.4.00 - Samsung Electronics CO., LTD.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3281234712-2478978767-3473656501-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Wioleta\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3281234712-2478978767-3473656501-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Wioleta\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3281234712-2478978767-3473656501-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Wioleta\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3281234712-2478978767-3473656501-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Wioleta\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3281234712-2478978767-3473656501-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Wioleta\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3281234712-2478978767-3473656501-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Wioleta\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3281234712-2478978767-3473656501-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Wioleta\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3281234712-2478978767-3473656501-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Wioleta\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3281234712-2478978767-3473656501-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Wioleta\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3281234712-2478978767-3473656501-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Wioleta\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3281234712-2478978767-3473656501-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Wioleta\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3281234712-2478978767-3473656501-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Wioleta\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3281234712-2478978767-3473656501-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Wioleta\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3281234712-2478978767-3473656501-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Wioleta\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 22-07-2015 21:23:53 Windows Update 30-07-2015 20:18:33 Windows Update 08-08-2015 16:29:57 Zaplanowany punkt kontrolny 12-08-2015 20:57:40 Windows Update 16-08-2015 11:57:13 Installed STOPzilla AntiMalware. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2015-08-16 11:58 - 00000860 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {002CF15D-DD0F-47F7-9926-F207192A1C84} - System32\Tasks\StPrsSW => C:\Users\Wioleta\AppData\Roaming\StPrsSW\stprss.exe Task: {32A6E45A-5E5E-45BE-AC2C-7118C09ACDF0} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {3A72788D-BA78-424E-9B08-A00AA57EA686} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd) Task: {48C18AE6-FC30-423D-AAD3-15F86B0488DE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation) Task: {6C752144-B2C1-4A99-A1FF-7983976D53D6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation) Task: {77E8C2B8-6AAA-4E30-A83B-526A6D768E21} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-10-15] (SEC) Task: {816AC2F2-A58E-465D-8534-E69643FF7BD3} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-12] (Synaptics Incorporated) Task: {85C3426C-2DCD-4BCC-826A-0576065DC872} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation) Task: {89C107BA-C5AB-4451-898F-E88B7E4ED589} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation) Task: {9CEEAAB8-9088-4D10-9429-A9541B2FEE0D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3281234712-2478978767-3473656501-1001Core => C:\Users\Wioleta\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-03] (Google Inc.) Task: {B27C0D83-E97D-488B-991A-513FB4B238E3} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.) Task: {CD480716-443F-47F5-B82C-F255BF05C801} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3281234712-2478978767-3473656501-1001UA1d043b12abee03e => C:\Users\Wioleta\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-03] (Google Inc.) Task: {CFFC34DB-B44E-4FC0-9F09-D49240DA0B55} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3281234712-2478978767-3473656501-1001UA => C:\Users\Wioleta\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-03] (Google Inc.) Task: {E9989F12-EB65-44F1-BED9-C1E9CD9C0A73} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.) Task: {FB3BE587-A031-407B-AE69-C21EB3124441} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-07-02] (Samsung Electronics CO., LTD.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3281234712-2478978767-3473656501-1001Core.job => C:\Users\Wioleta\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3281234712-2478978767-3473656501-1001UA.job => C:\Users\Wioleta\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3281234712-2478978767-3473656501-1001UA1d043b12abee03e.job => C:\Users\Wioleta\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-12-06 17:06 - 2013-12-06 17:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-03-21 20:50 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2012-11-30 09:26 - 2012-11-30 09:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe 2014-12-18 16:27 - 2014-12-18 16:27 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe 2012-12-05 13:44 - 2012-12-05 13:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2012-12-05 13:38 - 2012-12-05 13:38 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\pl-PL\BtTray.pl-PL.dll 2012-12-05 13:41 - 2012-12-05 13:41 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2012-12-05 13:44 - 2012-12-05 13:44 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2013-10-16 19:15 - 2013-10-16 19:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2014-12-13 00:25 - 2014-12-13 00:25 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll 2014-12-18 16:25 - 2014-12-18 16:25 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll 2014-12-18 16:26 - 2014-12-18 16:26 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll 2014-12-18 16:26 - 2014-12-18 16:26 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll 2014-12-18 16:26 - 2014-12-18 16:26 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll 2014-12-18 16:26 - 2014-12-18 16:26 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll 2014-12-18 16:29 - 2014-12-18 16:29 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll 2014-12-18 16:31 - 2014-12-18 16:31 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2015-08-14 08:14 - 2015-08-08 02:13 - 01405768 _____ () C:\Users\Wioleta\AppData\Local\Google\Chrome\Application\44.0.2403.155\libglesv2.dll 2015-08-14 08:14 - 2015-08-08 02:13 - 00081224 _____ () C:\Users\Wioleta\AppData\Local\Google\Chrome\Application\44.0.2403.155\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Wioleta\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Wioleta\SkyDrive (2).old:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-3281234712-2478978767-3473656501-1001\Software\Classes\.exe: exefile => <===== ATTENTION HKU\S-1-5-21-3281234712-2478978767-3473656501-1001\Software\Classes\exefile: <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3281234712-2478978767-3473656501-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Samsung\Samsung_wallpaper.jpg DNS Servers: 192.168.8.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeActiveFileMonitor11.0 => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "Bitcasa" HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "Audioteka" HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8" HKLM\...\StartupApproved\Run32: => "CLVirtualDrive" HKLM\...\StartupApproved\Run32: => "PHEW06EN" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKU\S-1-5-21-3281234712-2478978767-3473656501-1001\...\StartupApproved\Run: => "Google Update" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{FAD38E01-FBF6-4391-A22F-C8F411CFCDC8}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe FirewallRules: [{CFFB3CD9-8717-4431-8AB4-7878B079A865}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe FirewallRules: [{DC690665-6900-459C-A1FB-51C8712E7027}] => (Allow) C:\Users\Wioleta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{9BA78969-B116-4C43-8A40-3D5DB95C7920}] => (Allow) LPort=1900 FirewallRules: [{C6D9AD3D-9FAF-4F2C-90C7-D3812C6C2DCB}] => (Allow) LPort=2869 FirewallRules: [{8E881441-39BB-4A8F-8B94-38C766375583}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [TCP Query User{AFF3F948-575A-4AE7-A312-4A6933433FDB}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{8E187DD6-BE30-41E6-9377-F7C4D6B187B0}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [{9F22C9C0-24BB-454C-B8D3-48D55E79EAA2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [TCP Query User{C15F83FA-AE64-44EA-B80A-3A79BA19578E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{3F787EED-5718-4BFC-9D72-B812C2B2C8BA}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [{5B00C18D-6C76-492D-A27F-F41210B56C10}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe FirewallRules: [{8E99305C-3909-43E6-A54C-0D5865B33DE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{510D0DAF-434D-4917-96BF-0AAC7817ABFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/16/2015 01:01:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073422302 Error: (08/16/2015 01:01:33 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: TADZIK) Description: Nie można ponownie uruchomić aplikacji lub usługi STOPzilla AntiMalware. Error: (08/16/2015 01:00:59 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: TADZIK) Description: Nie można zamknąć aplikacji lub usługi STOPzilla AntiMalware. Error: (08/16/2015 12:56:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program LiveComm.exe w wersji 17.5.9600.20911 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania. Identyfikator procesu: 1258 Godzina rozpoczęcia: 01d0d8118780dcba Godzina zakończenia: 4294967295 Ścieżka aplikacji: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe Identyfikator raportu: 7800d3f5-4405-11e5-bf20-50b7c3f29cb1 Pełna nazwa pakietu powodującego błąd: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe Identyfikator aplikacji względem pakietu powodującego błąd: ppleae38af2e007f4358a809ac99a64a67c1 Error: (08/16/2015 12:23:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: SZOptions6.exe, wersja: 6.5.1.5, sygnatura czasowa: 0x555cee8f Nazwa modułu powodującego błąd: SZOptions6.exe, wersja: 6.5.1.5, sygnatura czasowa: 0x555cee8f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00010192 Identyfikator procesu powodującego błąd: 0x1288 Godzina uruchomienia aplikacji powodującej błąd: 0xSZOptions6.exe0 Ścieżka aplikacji powodującej błąd: SZOptions6.exe1 Ścieżka modułu powodującego błąd: SZOptions6.exe2 Identyfikator raportu: SZOptions6.exe3 Pełna nazwa pakietu powodującego błąd: SZOptions6.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: SZOptions6.exe5 Error: (08/16/2015 12:01:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: SZServer.exe, wersja: 6.5.1.5, sygnatura czasowa: 0x555cee69 Nazwa modułu powodującego błąd: MSVCR120.dll, wersja: 12.0.21005.1, sygnatura czasowa: 0x524f7ce6 Kod wyjątku: 0xc0000409 Przesunięcie błędu: 0x000a7666 Identyfikator procesu powodującego błąd: 0x132c Godzina uruchomienia aplikacji powodującej błąd: 0xSZServer.exe0 Ścieżka aplikacji powodującej błąd: SZServer.exe1 Ścieżka modułu powodującego błąd: SZServer.exe2 Identyfikator raportu: SZServer.exe3 Pełna nazwa pakietu powodującego błąd: SZServer.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: SZServer.exe5 Error: (08/16/2015 11:45:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TADZIK) Description: Aktywacja aplikacji microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927142. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (08/16/2015 11:45:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TADZIK) Description: Aktywacja aplikacji microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927142. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (08/16/2015 11:45:51 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program LiveComm.exe w wersji 17.5.9600.20911 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania. Identyfikator procesu: 1928 Godzina rozpoczęcia: 01d0d80854120718 Godzina zakończenia: 4294967295 Ścieżka aplikacji: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe Identyfikator raportu: 91c819a0-43fb-11e5-bf1f-50b7c3f29cb1 Pełna nazwa pakietu powodującego błąd: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe Identyfikator aplikacji względem pakietu powodującego błąd: ppleae38af2e007f4358a809ac99a64a67c1 Error: (08/16/2015 11:21:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TADZIK) Description: Aktywacja aplikacji microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2147024891. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. System errors: ============= Error: (08/16/2015 01:47:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi AppEx Networks Accelerator LWF z powodu następującego błędu: %%31 Error: (08/16/2015 01:47:31 PM) (Source: APXACC) (EventID: 1003) (User: ) Description: The NDIS6 LWF initialization has failed. (0xC0000001) Error: (08/16/2015 01:18:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi YAC NDIS Driver z powodu następującego błędu: %%2 Error: (08/16/2015 01:18:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi AppEx Networks Accelerator LWF z powodu następującego błędu: %%31 Error: (08/16/2015 01:18:12 PM) (Source: APXACC) (EventID: 1003) (User: ) Description: The NDIS6 LWF initialization has failed. (0xC0000001) Error: (08/16/2015 01:14:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Disc Soft Lite Bus Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (08/16/2015 01:14:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/16/2015 01:14:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa SW Update Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (08/16/2015 01:14:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/16/2015 01:14:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa ZAtheros Bt and Wlan Coex Agent niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Microsoft Office: ========================= CodeIntegrity: =================================== Date: 2015-08-16 13:11:33.445 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2015-08-16 13:02:59.746 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2015-08-16 13:02:59.621 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2015-08-16 13:02:59.496 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2015-08-16 13:02:59.356 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2015-08-16 11:46:28.251 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-08 15:16:41.788 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-26 18:07:15.739 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-06-20 03:14:59.443 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-06-13 09:57:56.809 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A10-4600M APU with Radeon(tm) HD Graphics Percentage of memory in use: 21% Total physical RAM: 7643.02 MB Available physical RAM: 5984.26 MB Total Virtual: 10715.02 MB Available Virtual: 8854.18 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:901.95 GB) (Free:720.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: E96F3020) Partition: GPT. ==================== End of log ============================