Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2015 Ran by Soob at 2015-04-26 21:29:25 Running from C:\Users\Soob\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-682461631-3795882564-1583022148-500 - Administrator - Disabled) Gość (S-1-5-21-682461631-3795882564-1583022148-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-682461631-3795882564-1583022148-1002 - Limited - Enabled) Soob (S-1-5-21-682461631-3795882564-1583022148-1000 - Administrator - Enabled) => C:\Users\Soob ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-682461631-3795882564-1583022148-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.) Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version: - Microsoft) AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Anki (HKLM-x32\...\Anki) (Version: - ) Antares Filter VST DX v1.01 (HKLM-x32\...\Antares Filter VST DX v1.01) (Version: - ) Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach) ATI AVIVO64 Codecs (Version: 10.11.0.41104 - ATI Technologies Inc.) Hidden Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.3 - Auslogics Software Pty Ltd) Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd) Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 2.5 - Auslogics Software Pty Ltd) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2215 - AVAST Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre 64bit (HKLM\...\{13AD5E97-F15C-46C7-92D9-6CE42AB6E73E}) (Version: 1.26.0 - Kovid Goyal) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) CPUID HWMonitor 1.22 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) CWK (Czasowy Wyłącznik Komputera) (HKLM-x32\...\CWK) (Version: 2.52.3.43 - Damian Pasternak) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-682461631-3795882564-1583022148-1000\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - epubfilereader.com) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.) FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts) FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line) FM-Four VSTi (HKLM-x32\...\FM-Four VSTi) (Version: - ) Galeria fotografii (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden HydraVision (x32 Version: 4.2.116.0 - ATI Technologies Inc.) Hidden IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.) Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle) Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle) Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.135 - PandoraTV) Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm) LAV Filters 0.55.3 (HKLM-x32\...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes) Lo-Fizer VST (HKLM-x32\...\Lo-Fizer VST) (Version: - ) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) Magic ISO Maker v5.4 (build 0251) (HKLM-x32\...\Magic ISO Maker v5.4 (build 0251)) (Version: - ) MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - ) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0415-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft PowerPoint 2010 dla Użytkowników Domowych i Uczniów (HKLM-x32\...\Office14.POWERPOINTR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version: - ) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Mozilla Firefox 37.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 pl)) (Version: 37.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Mp3tag v2.69 (HKLM-x32\...\Mp3tag) (Version: v2.69 - Florian Heidenreich) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments) Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments) NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports) Obsługa programów Apple (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.) ON_OFF Charge B10.0301.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4643 - Electronic Arts, Inc.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PIT Projekt 2014 (HKLM-x32\...\{E8068C90-002F-469E-B65F-3CB6D141B145}}_is1) (Version: 3.0.0 - GP SOFT) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poczta usługi Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) Proteus VX (HKLM-x32\...\Proteus VX) (Version: - ) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINTR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-682461631-3795882564-1583022148-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB) Subtitle Edit 3.2.8 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.2.8.1220 - Nikse) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Toolbar Cleaner (HKLM-x32\...\Toolbar Cleaner) (Version: - Visicom Media Inc.) UltraISO Premium V9.6 (HKLM-x32\...\UltraISO_is1) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Windows 7 Codec Pack 4.1.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.1.0 - Windows 7 Codec Pack) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-682461631-3795882564-1583022148-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Soob\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-682461631-3795882564-1583022148-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Soob\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-682461631-3795882564-1583022148-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Soob\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-682461631-3795882564-1583022148-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Soob\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-682461631-3795882564-1583022148-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Soob\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-09-04 22:26 - 00000056 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 player.kmpmedia.net ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {03298D2F-4815-4EBC-9010-9CE7314F61B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.) Task: {239638DC-A93C-47D4-883F-61542C9A9FF3} - System32\Tasks\{3D3BA054-56D6-47E8-B371-460C1C6EA940} => pcalua.exe -a C:\Users\Soob\Desktop\AdobeAIRInstaller.exe -d C:\Users\Soob\Desktop Task: {4539ABAB-5D13-4C83-9226-2ACD27351FD7} - System32\Tasks\{D6803B6F-A5E0-4B6D-BD0F-D5774B094F2B} => pcalua.exe -a C:\Users\Soob\Desktop\jxpiinstall.exe -d C:\Users\Soob\Desktop Task: {696F6DC2-F403-4B54-A4B8-96839D0AE794} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated) Task: {7BB43BCA-D9F8-41FA-9656-FC1FE87276C6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {7C0E5326-A1DA-4F03-8CFB-01B35789CBA3} - System32\Tasks\GoogleUpdateTaskMachineCore1cfff98a7141a76 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.) Task: {9F618FF1-54BA-4B3C-9A45-F7AF3662CABA} - System32\Tasks\{FBEE1295-831C-4215-8CF6-2E515FE665A0} => pcalua.exe -a C:\Users\Soob\Desktop\AdobeAIRInstaller.exe -d C:\Users\Soob\Desktop Task: {BA4F50B2-48E4-47AE-8EEC-A165CD9FC5AA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {BB4A39E4-AF1F-40BF-B2A3-7B837F78CE9E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {C4787FB7-78DB-42C7-BAB9-E93197AD5718} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.) Task: {E1BFC23B-4D87-43E0-BDDF-575A43933883} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {EAE55197-9836-4E7E-AA12-B91F649820E5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {F6FF430B-67B0-4C62-B50D-DA6A40FEC3E7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-11] (Avast Software s.r.o.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfec4fffedb9e0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff98a7141a76.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-04-11 21:22 - 2015-04-11 21:22 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-04-11 21:22 - 2015-04-11 21:22 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-04-26 21:15 - 2015-04-26 21:15 - 02927104 _____ () C:\Program Files\AVAST Software\Avast\defs\15042601\algo.dll 2009-11-04 09:48 - 2009-11-04 09:48 - 00090112 _____ () C:\Program Files (x86)\ATI Technologies\HydraVision\HydraPlk.dll 2015-03-20 18:51 - 2015-03-20 18:51 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-04-14 22:19 - 2015-04-14 22:19 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\ProgramData\TEMP:07BF512B ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-682461631-3795882564-1583022148-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Soob\AppData\Roaming\Mozilla\Firefox\Tapeta pulpitu.bmp DNS Servers: 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: TabletServicePen => 2 MSCONFIG\Services: TouchServicePen => 2 ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{DD5EC31E-08CB-49FF-809E-9B0FEA744F40}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{A3BAF973-30F5-4951-9854-6027123D8BEF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{388E29AC-004B-4F4B-8EA2-C6980F8AC8A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{97B561B5-BF7A-46B0-A274-E4850BEDDAE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{037A88AC-FDE1-4298-A3C8-0C935F0BB2B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{90910CF2-D68D-48CB-B34B-9C3560094840}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{3632D3FE-19D6-4FC7-9742-95CD16A9E98A}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe FirewallRules: [{3DDB347A-7A36-4FA2-8C50-CE3660313C81}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{58FF8DD3-1D0A-4F3C-A132-68AE752D24A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\outlook.exe FirewallRules: [{2AFEDC4D-0CC2-45AC-8640-3C7A25B1BDC8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE FirewallRules: [{BAD1FDE9-C39C-42F1-95DB-F8EFC895E4D2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE FirewallRules: [{E5DAD55B-D614-4052-88B9-8621D8CD9A37}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE FirewallRules: [{0AF1BDAF-3517-43B6-BA87-886C1A3AB669}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE FirewallRules: [TCP Query User{ED213054-C345-4C02-93B2-8F02732978E7}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe FirewallRules: [UDP Query User{C3C328BA-8E41-4C07-A4C2-79EC507CD84B}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe FirewallRules: [{EB41B698-CFF5-4F41-9ADB-C178133F79EF}] => (Allow) C:\Users\Soob\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{B74DC01B-067C-4DC5-B4B0-993B949CC20A}] => (Allow) C:\Users\Soob\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{0811A189-FBDE-4040-99D2-0F3E91F2CB01}] => (Allow) C:\Users\Soob\AppData\Roaming\Spotify\spotify.exe FirewallRules: [{F06D0571-4523-40DE-B05F-468261B2E020}] => (Allow) C:\Users\Soob\AppData\Roaming\Spotify\spotify.exe FirewallRules: [{BF9F3E77-930B-48EB-B679-8B426AB3C939}] => (Allow) C:\Users\Soob\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{818BDCDD-67A3-488F-9341-8634633A59D2}] => (Allow) C:\Users\Soob\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4A57DECF-2700-4339-8EDF-D43122F35804}] => (Allow) C:\Program Files (x86)\Origin\Origin.exe FirewallRules: [{9B25DD5C-D8F3-442C-A484-29EC5BB02F38}] => (Allow) C:\Program Files (x86)\Origin\Origin.exe FirewallRules: [{1E7FDB0A-48F1-476D-AFCE-7A50B9EC9329}] => (Allow) C:\Program Files (x86)\Origin\Origin.exe FirewallRules: [{5FFEC5D0-43A7-49A7-BB75-8087F5D94913}] => (Allow) C:\Program Files (x86)\Origin\Origin.exe FirewallRules: [{55038338-1014-4FD0-9EC5-831CB8EE824B}] => (Allow) D:\Origin\FIFA 14\Game\fifa14.exe FirewallRules: [{CABD1143-855B-4CE1-9719-D65764C23A47}] => (Allow) D:\Origin\FIFA 14\Game\fifa14.exe FirewallRules: [{3BC3E8B6-C270-4A1E-ADC1-72EDA6BC39E3}] => (Allow) D:\NBA\nba2k14.exe FirewallRules: [{F1AB8371-39C4-4F3E-A7AA-27AB8FDF1019}] => (Allow) D:\NBA\nba2k14.exe FirewallRules: [{2917CD2F-16C6-485C-B07A-0BAB18B6F679}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{0DDEEC62-F3C5-4A84-8957-F48884EF6B3A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [TCP Query User{24EA36F3-C66D-4B8E-8DC1-F2CAC6B426A5}C:\users\soob\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\soob\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{5F032A7C-DC47-4DD4-A312-601DEAF78500}C:\users\soob\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\soob\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{BB89087E-D67F-4AB6-AB1A-5CA534ED57F2}] => (Allow) C:\Users\Soob\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5B2E5A2B-0D24-49D4-815D-E7C2A7EE122B}] => (Allow) C:\Users\Soob\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{01C9E73C-0332-4AAE-BF40-4244708BD22F}] => (Allow) D:\Origin\FIFA 14\Game\fifa14.exe FirewallRules: [{49134092-98A8-4C75-8B2E-6CEE6D1D017E}] => (Allow) D:\Origin\FIFA 14\Game\fifa14.exe FirewallRules: [TCP Query User{C659BD63-733D-41F5-A699-96F2AB5C4D4F}D:\origin\fifa 14\game\fiwc14.exe] => (Allow) D:\origin\fifa 14\game\fiwc14.exe FirewallRules: [UDP Query User{815312CA-51BE-4FEF-B8D7-E82E9EEBCA3F}D:\origin\fifa 14\game\fiwc14.exe] => (Allow) D:\origin\fifa 14\game\fiwc14.exe FirewallRules: [{3AD9AFAE-CDA8-4395-A65A-A1233152A44E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{64FAF63F-D042-478F-8DC0-90D0C99DEB67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{35BA1A65-9D5F-46DE-B7F7-8A018A31BC8D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{22C63A9A-6C65-4DEF-94CA-E6278D5D3B1C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{DF3FEB88-99E1-4E85-ABE6-8FED5081D41E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{720BB6C0-6A67-4DFC-A5CB-76CE427D1FC4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{10B44086-45CC-4915-815C-9F2A57BD675F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{B8B98C13-F881-410C-B4A2-17CA68C60630}C:\users\soob\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\soob\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{E5F2B44D-B31F-47E2-9A4C-B8695215E75B}C:\users\soob\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\soob\appdata\roaming\spotify\spotify.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/26/2015 09:22:22 PM) (Source: MsiInstaller) (EventID: 11359) (User: Soob-PC) Description: Product: Microsoft Silverlight -- Error 1359. Wystąpił błąd wewnętrzny. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/26/2015 09:15:02 PM) (Source: MsiInstaller) (EventID: 11359) (User: Soob-PC) Description: Product: Microsoft Silverlight -- Error 1359. Wystąpił błąd wewnętrzny. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/26/2015 09:12:26 PM) (Source: MsiInstaller) (EventID: 11359) (User: Soob-PC) Description: Product: Microsoft Silverlight -- Error 1359. Wystąpił błąd wewnętrzny. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/26/2015 07:00:06 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: Wykonanie kopii zapasowej nie zostało zakończone z powodu błędu zapisu w lokalizacji kopii zapasowej G:\. Błąd: Nie można odnaleźć lokalizacji kopii zapasowej lub jest ona nieprawidłowa. Przejrzyj ustawienia kopii zapasowej i sprawdź lokalizację kopii zapasowej. (0x81000006). Error: (04/25/2015 09:15:58 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (04/25/2015 09:15:58 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (04/24/2015 07:13:44 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (04/24/2015 07:13:44 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (04/24/2015 09:23:48 AM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Nie można zainicjować indeksu. Szczegóły: Wykaz indeksów zawartości jest uszkodzony. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/24/2015 09:23:48 AM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Nie można zainicjować aplikacji. Kontekst: aplikacja Windows Szczegóły: Wykaz indeksów zawartości jest uszkodzony. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (04/26/2015 09:16:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: ZARZĄDZANIE NT) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80070643: Microsoft Silverlight (KB2977218). Error: (04/26/2015 09:15:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący błąd: %%5. Error: (04/26/2015 09:15:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący błąd: %%5. Error: (04/24/2015 09:24:20 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error: (04/24/2015 09:23:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Windows Search z powodu następującego błędu: %%1053 Error: (04/24/2015 09:23:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Windows Search. Error: (04/24/2015 09:23:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (04/24/2015 09:23:50 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (04/24/2015 09:23:48 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Usługa Windows Search zakończyła działanie; wystąpił specyficzny dla niej błąd %%-1073473535. Error: (04/21/2015 09:04:20 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053AvastVBoxSvc{F319F1B8-7587-4146-AF9C-0D6D77819BF1} Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-01-31 15:19:36.399 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Soob\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-31 15:19:36.274 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Soob\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-31 15:19:35.990 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-31 15:19:35.852 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-30 19:13:58.847 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Soob\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-30 19:13:58.713 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Soob\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-30 19:13:58.245 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-30 19:13:58.079 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-30 15:20:39.516 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Soob\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-30 15:20:39.371 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Soob\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz Percentage of memory in use: 43% Total physical RAM: 4027.49 MB Available physical RAM: 2285.12 MB Total Pagefile: 8121.68 MB Available Pagefile: 5934.23 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:72.04 GB) (Free:21.14 GB) NTFS Drive d: (Soob) (Fixed) (Total:393.62 GB) (Free:101.46 GB) NTFS Drive e: (P_B2014PLv3A_PR) (CDROM) (Total:2.14 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BF81B63D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=72 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=393.6 GB) - (Type=07 NTFS) ==================== End Of Log ============================