Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015 Ran by muun at 2015-06-17 10:06:30 Running from C:\Users\muun\Desktop\naprawa' Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-543189089-2044631228-4276830283-500 - Administrator - Disabled) Gość (S-1-5-21-543189089-2044631228-4276830283-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-543189089-2044631228-4276830283-1011 - Limited - Enabled) muun (S-1-5-21-543189089-2044631228-4276830283-1002 - Administrator - Enabled) => C:\Users\muun Praca (S-1-5-21-543189089-2044631228-4276830283-1004 - Limited - Enabled) => C:\Users\Praca UpdatusUser (S-1-5-21-543189089-2044631228-4276830283-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft) Ad-Aware Web Companion (x32 Version: 2.0.1025.2130 - Lavasoft) Hidden AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.) aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden aioscnnr (x32 Version: 5.8.10.0 - Your Company Name) Hidden aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden ALLPlayer V5.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLCinema Ltd.) AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus) Asystent rejestracji usługi Windows Live (HKLM-x32\...\{74CC5B4D-CBB5-46F1-82B0-3169977B1D36}) (Version: 5.000.818.6 - Microsoft Corporation) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software) BatchPurifier (HKLM-x32\...\{0CB949A6-F151-41CC-BD33-43C4F26A60D9}) (Version: 6.00.0000 - Digital Confidence) Bezpieczeństwo rodzinne usługi Windows Live (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform) center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden COMODO Cloud Scanner (HKLM\...\{CC81CD6C-C2B3-4EE5-A11B-5E9A9B5941DF}) (Version: 2.0 - COMODO) COMODO Firewall (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.18.65 - Conexant) Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation) Corel Graphics - Windows Shell Extension (x32 Version: 15.0.487 - Corel Corporation) Hidden Corel PDF Fusion (HKLM\...\{7D93C785-B8CD-4B29-BBAA-8D28E30A5910}) (Version: 1.11.0000 - Corel Corporation) CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.) doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: 7.3.393 - Softland) Dropbox (HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden ETDWare PS/2-x64 7.0.5.10_WHQL (HKLM\...\Elantech) (Version: 7.0.5.10 - ELAN Microelectronics Corp.) FreshHTML (HKLM-x32\...\FreshWebmaster FreshHTML_is1) (Version: - ) FTP Commander Pro 8.03 (HKLM-x32\...\FTP Commander Pro_is1) (Version: - ) Galeria fotografii usługi Windows Live (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company) Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation) Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle) JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.67.0 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company) LavasoftTcpService (x32 Version: 2.3.4.7 - Lavasoft) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) mIRC (HKLM-x32\...\mIRC) (Version: 7.38 - mIRC Co. Ltd.) MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 38.0.5 (x86 pl) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 pl)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla) Mozilla Thunderbird 31.7.0 (x86 pl) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 pl)) (Version: 31.7.0 - Mozilla) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Narzędzie do przekazywania usługi Windows Live (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Nero 9 Essentials (HKLM-x32\...\{19590140-05e0-40c7-8ba8-ff25f279e4d6}) (Version: - Nero AG) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.58.36 - NVIDIA Corporation) Obsługa programów Apple (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden OpenOffice 4.1.1 (HKLM-x32\...\{B5373BA3-BAD7-4EAC-A9D2-B66B41B82C57}) (Version: 4.11.9775 - Apache Software Foundation) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PIT Projekt 2013 (HKLM-x32\...\{9DC72E7A-ED60-49C9-845F-3022B7A5BB8C}}_is1) (Version: 2.0.0 - GP SOFT) Poczta usługi Windows Live (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Polaczenie ze sklepem 1.0 (HKLM-x32\...\Polaczenie_0) (Version: - ) PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Settlers IV - Złota Edycja (HKLM-x32\...\{A2422674-F3A7-46F2-8966-EC6B1FBD6EB3}) (Version: 1.0 - ) Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH) Unity Web Player (HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS) USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - ) Windows Live Sync (HKLM-x32\...\{C3335EFB-008F-44DB-A87A-9EC8EE53D045}) (Version: 14.0.8050.1202 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.1 - ASUS) WinRAR 5.00 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-543189089-2044631228-4276830283-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\muun\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-543189089-2044631228-4276830283-1002_Classes\CLSID\{DD06AE6D-D0F2-4101-7287-BD049DCE4B31}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-543189089-2044631228-4276830283-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\muun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-543189089-2044631228-4276830283-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\muun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-543189089-2044631228-4276830283-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\muun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-543189089-2044631228-4276830283-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\muun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-543189089-2044631228-4276830283-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\muun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-543189089-2044631228-4276830283-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\muun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-543189089-2044631228-4276830283-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\muun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-543189089-2044631228-4276830283-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\muun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-543189089-2044631228-4276830283-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\muun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-02-05 18:05 - 00000083 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.armorgames.com 127.0.0.1 armorgames.com ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {22029C3B-A8EB-4D20-A899-8E9A665FF4E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-26] (Google Inc.) Task: {24A78C53-8DDA-4E37-A55A-3F13ABA3E710} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Task: {411877AF-9103-47B3-9E2F-768343999706} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-17] (Adobe Systems Incorporated) Task: {4FDFE6FB-C0D6-42E0-896B-73E6EFA1EF84} - System32\Tasks\{1C80B503-CCB6-401C-9539-6D8DAEC072B4} => pcalua.exe -a C:\Users\muun\Downloads\comodo.firewall_idg_downloader_30844_pc.exe -d C:\Users\muun\Downloads Task: {52B55801-94BA-4FAE-8F35-C9D47CFBB0C9} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-10] (COMODO) Task: {580A7CDC-9266-4A10-B54B-728F73BB7C50} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-11-17] (Microsoft Corporation) Task: {580D435B-1B50-46BC-B9EE-B8E0EE9D762B} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: {5C473214-399E-4157-B3E5-67F064C96823} - System32\Tasks\{419A5F67-CC2F-43D5-A6BF-B0C43851243B} => C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe Task: {66E71AFA-E02A-42CB-A84F-6FEE18E3AE7B} - System32\Tasks\ASC7_SkipUac_muun => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit) Task: {95AE9B20-99EC-48A6-9A56-87189D61F555} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-08-20] (IObit) Task: {A35CEF5C-81E9-44E0-BB43-CB3C714D0321} - System32\Tasks\{667FEA5B-935B-49B8-A143-DE3F9C839C0E} => pcalua.exe -a "C:\Program Files (x86)\Ahead\nero\uninstall\UNNERO.exe" -c /UNINSTALL Task: {A52B51C4-A0DF-407A-92C4-328C88B59C9B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-10] (Avast Software s.r.o.) Task: {A857F396-98B4-4A0E-88D9-97625CD84917} - \Driver Booster Update No Task File <==== ATTENTION Task: {AD04C335-7DD8-4D62-9300-BC035C22EE1A} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe Task: {B57F92D9-A264-49A5-9B46-458ED316FFC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-26] (Google Inc.) Task: {BD487C6C-6172-408B-9CD2-A93BCEFC81D6} - System32\Tasks\AdobeAAMUpdater-1.0-muun-Komputer-muun => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated) Task: {C44EA82A-2C35-4DDB-B0FA-14475B10C106} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO) Task: {D50245AE-308F-4502-8FCA-DA9348175196} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd) Task: {D52F1124-E5D7-44B9-9F95-C00A5DF7C863} - System32\Tasks\{569EDADB-C290-4E1A-AF78-603D9A984824} => pcalua.exe -a C:\Users\muun\Downloads\beniamin1.4.188.exe -d C:\Users\muun\Downloads Task: {DAFE9084-970E-407E-AEC7-907640871B03} - System32\Tasks\{E588241F-8903-42B5-8A0D-4EEF733F83E3} => pcalua.exe -a "C:\Users\muun\Downloads\Foxit PDF Editor [Pełna wersja]\Foxit.PDF.Editor.v2.0.1011-\FoxitEditor20_setup.exe" -d "C:\Users\muun\Downloads\Foxit PDF Editor [Pełna wersja]\Foxit.PDF.Editor.v2.0.1011-" Task: {E3462066-1B0F-457D-875A-CF90888B9462} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO) Task: {FFB77C64-CDA8-46A5-9403-A814FE234C6E} - System32\Tasks\{D8656129-42AD-48A6-BD7E-DD7DB6813DEA} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe" Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2012-04-25 10:48 - 2012-04-25 10:48 - 00146432 _____ () C:\Windows\System32\corelcreatorpm.dll 2013-11-20 16:43 - 2012-09-18 16:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll 2013-11-20 16:43 - 2015-06-10 12:10 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll 2013-11-20 16:43 - 2015-06-10 12:10 - 03162624 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\suhp1020.dll 2013-11-20 16:43 - 2015-06-10 12:09 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\gchp1020.dll 2013-11-22 21:43 - 2000-01-01 02:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-05-10 00:37 - 2015-05-10 00:37 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-05-10 00:37 - 2015-05-10 00:37 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-06-16 21:48 - 2015-06-16 21:48 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061602\algo.dll 2014-03-31 12:15 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl 2014-03-31 12:15 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl 2014-03-31 12:15 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl 2014-03-31 12:15 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll 2015-05-10 00:37 - 2015-05-10 00:37 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\system32\wiafbdrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WISPTIS.EXE:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 AlternateDataStreams: C:\ProgramData\Temp:56E2E879 AlternateDataStreams: C:\Users\muun\Downloads\10374295_1649563255256731_955885113_n(1).jpg:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\10374295_1649563255256731_955885113_n.jpg:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\10374295_1649563255256731_955885113_n.jpg:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\11326987_1649814635231593_2026054416_n.jpg:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\11326987_1649814635231593_2026054416_n.jpg:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\11356283_999838633389811_1147926589_n(1).jpg:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\11356283_999838633389811_1147926589_n(1).jpg:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\11356283_999838633389811_1147926589_n.jpg:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\11418507_999838603389814_1280125604_n.jpg:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\11418507_999838603389814_1280125604_n.jpg:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\11421583_999838556723152_1251744925_n.jpg:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\11421583_999838556723152_1251744925_n.jpg:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\11423846_999838486723159_1993800873_n(1).jpg:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\11423846_999838486723159_1993800873_n.jpg:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\11423846_999838486723159_1993800873_n.jpg:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\11430300_1649814628564927_1395156478_n.jpg:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\11430300_1649814628564927_1395156478_n.jpg:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\162e9tur.exe:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\162e9tur.exe:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\Adaware_Installer.exe:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\Adaware_Installer.exe:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\aio_install (1).exe:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\aio_install (1).exe:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\DropboxInstaller.exe:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\DropboxInstaller.exe:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\etykieta_652033.pdf:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\etykieta_652074.pdf:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\etykieta_652074.pdf:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\etykieta_655908.pdf:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\etykieta_655908.pdf:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\etykieta_655927.pdf:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\etykieta_655927.pdf:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\etykieta_655945.pdf:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\etykieta_655945.pdf:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\Gazeta Stonoga-Afera podsłuchowa TOM I.htm:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\HPSupportSolutionsFramework-11.51.0049.msi:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\HPSupportSolutionsFramework-11.51.0049.msi:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\inkscape-0.91-x64.msi:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\inkscape-0.91-x64.msi:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\invoice-compact-list.pdf:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\LEXMARK_S300_wcr_64_po.exe:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\LEXMARK_S300_wcr_64_po.exe:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\MS Office Enterprice SP-1 2007 PL + Serial.rar:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\MS Office Enterprice SP-1 2007 PL + Serial.rar:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\Office Professional Plus 2010 PL iso + Aktywator + Program do oczyszczenia starego offica.zip.zip:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\Office Professional Plus 2010 PL iso + Aktywator + Program do oczyszczenia starego offica.zip.zip:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\one05i4e.exe:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\potwierdzenie(60).pdf:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\potwierdzenie(60).pdf:$CmdZnID AlternateDataStreams: C:\Users\muun\Downloads\potwierdzenie(61).pdf:$CmdTcID AlternateDataStreams: C:\Users\muun\Downloads\potwierdzenie(61).pdf:$CmdZnID ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-543189089-2044631228-4276830283-1002\...\100sexlinks.com -> 100sexlinks.com There are 4788 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-543189089-2044631228-4276830283-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AdvancedSystemCareService7 => 2 MSCONFIG\Services: AxInstSV => 3 MSCONFIG\Services: CorelCreatorMessages => 3 MSCONFIG\Services: ekrn => 2 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2 MSCONFIG\Services: IMFservice => 2 MSCONFIG\Services: Kodak AiO Network Discovery Service => 2 MSCONFIG\Services: Kodak AiO Status Monitor Service => 2 MSCONFIG\Services: LavasoftAdAwareService11 => 2 MSCONFIG\Services: LavasoftTcpService => 2 MSCONFIG\Services: LiveUpdateSvc => 2 MSCONFIG\Services: lxeaCATSCustConnectService => 2 MSCONFIG\Services: lxea_device => 2 MSCONFIG\Services: NitroReaderDriverReadSpool3 => 2 MSCONFIG\Services: SearchProtectionService => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\startupfolder: C:^Users^muun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^muun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rejestrowanie produktów Corela.lnk => C:\Windows\pss\Rejestrowanie produktów Corela.lnk.Startup MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: ADSMTray => MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\muun\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: ALLUpdate => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: ASUS WebStorage => MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe MSCONFIG\startupreg: CorelCreatorClient => C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe MSCONFIG\startupreg: DIMDownloading your update...1300677038363 => "c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe" "c:\programdata\corel\downloads\540215253_610005\1300677038363\dim_params.xml" -Launch=3 -uibase="c:\users\muun\appdata\roaming\corel\messages\540215253_610005\en\messagecache1\workflow" MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe" MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart MSCONFIG\startupreg: lxeamon.exe => "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe" MSCONFIG\startupreg: PDFVPrinter => C:\Program Files (x86)\Classic PDF Editor\PDFVPrinter.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Setwallpaper => MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize MSCONFIG\startupreg: WebcamMaxAutoRun => "C:\Program Files (x86)\WebcamMax\wcmmon.exe" -a ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{335A7A8E-3954-481C-BB5A-3C42A9DB1F78}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{DCE9FD47-8C6B-4CE6-9100-164BB24BE180}] => (Allow) LPort=5353 FirewallRules: [{313748F3-456E-4673-9835-A31C13E5B3CA}] => (Allow) LPort=8182 FirewallRules: [{42A17FC4-354D-41A4-9ACF-A54EE3A9A243}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{1EDCDAE5-9944-4E35-B3C9-238CE7159AD6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{3CC1D8B5-A0A5-4412-8431-CD17142BD84A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{A733DD4A-0DCE-43FF-BEB4-31D16A9117C0}] => (Allow) svchost.exe FirewallRules: [{AF23DCA1-B89D-42A2-8500-598EAF120F13}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [TCP Query User{23CE4A37-999E-41D4-91C2-DD9156DC229D}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Block) C:\program files\foxit software\pdf editor\pdfedit.exe FirewallRules: [UDP Query User{2355EBDE-A7AE-4361-933D-5195F6100262}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Block) C:\program files\foxit software\pdf editor\pdfedit.exe FirewallRules: [{09C405D9-6C61-4747-AC57-820407CDD34F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{6C0ACF8C-5662-4592-B38B-FBAE31D98C68}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D4F12BD2-93FA-4FA2-80B2-CB6F9F513007}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6011BE99-65DD-4E41-877E-793900C9D375}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{4AD2A436-B00B-4A53-A214-5373A5AD87B0}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [UDP Query User{E250A24B-6E11-4D8F-9906-056DD2BE847A}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [{7DDF6FD6-95CB-437F-B0C4-5446E3F3498E}] => (Allow) C:\Users\muun\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{34DDD48F-A222-4449-885B-B9787E4530CB}] => (Allow) C:\Users\muun\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{B5F9B256-CD17-409E-9A50-F86912DC17DF}C:\users\muun\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\muun\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{8D31A33A-CD45-47A4-81E6-38DC7ED15C26}C:\users\muun\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\muun\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{A273ABA1-AEE3-40FF-ADDD-111F225D3A46}] => (Allow) LPort=9322 FirewallRules: [{8E18BAAB-9D6B-4F9B-9D97-026F8F12C941}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe FirewallRules: [{B82AF096-262D-442F-AF0A-72C0355F5232}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe FirewallRules: [{2A73C9C0-5DF9-4407-9E16-D3A85FB2A17F}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe FirewallRules: [{C6E0E882-6A95-498C-A8FF-8CD0801DCC42}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe FirewallRules: [{3804F4C4-29C0-41B7-B439-5CF47013CDE2}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe FirewallRules: [{8AE39B62-135C-4FD8-9E3B-7EBC819F5561}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe FirewallRules: [{0E287951-D5C7-4A61-854A-F584288AEB50}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe FirewallRules: [{860B2E33-2DFE-4BBD-8E63-FCE677216CEE}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe FirewallRules: [{61413866-9788-4BC4-9D5F-E0FD896814CD}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe FirewallRules: [{64E11FCD-EBA0-4BC1-8238-8462979F7A69}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/16/2015 01:41:09 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program Monitor.exe w wersji 7.0.0.398 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 81c Godzina rozpoczęcia: 01d0a824e94b7a11 Godzina zakończenia: 1029 Ścieżka aplikacji: C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe Identyfikator raportu: 7f0d690d-141c-11e5-9c79-a0f3c1a08d33 Error: (06/15/2015 02:20:05 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program Monitor.exe w wersji 7.0.0.398 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: ccc Godzina rozpoczęcia: 01d0a7606bec0199 Godzina zakończenia: 3370 Ścieżka aplikacji: C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe Identyfikator raportu: 9f9f7a07-1358-11e5-8287-a0f3c1a08d33 Error: (06/12/2015 00:49:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: instgui.exe, wersja: 13.9.0.0, sygnatura czasowa: 0x4e577599 Nazwa modułu powodującego błąd: instgui.exe, wersja: 13.9.0.0, sygnatura czasowa: 0x4e577599 Kod wyjątku: 0xc000000d Przesunięcie błędu: 0x00000000001becb1 Identyfikator procesu powodującego błąd: 0x1564 Godzina uruchomienia aplikacji powodującej błąd: 0xinstgui.exe0 Ścieżka aplikacji powodującej błąd: instgui.exe1 Ścieżka modułu powodującego błąd: instgui.exe2 Identyfikator raportu: instgui.exe3 Error: (06/11/2015 07:33:45 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program soffice.bin w wersji 4.0.9774.500 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: cd0 Godzina rozpoczęcia: 01d0a365d73de9f3 Godzina zakończenia: 234 Ścieżka aplikacji: C:\Program Files (x86)\OpenOffice 4\program\soffice.bin Identyfikator raportu: f02ec38d-105f-11e5-8902-a0f3c1a08d33 Error: (06/10/2015 10:35:03 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis Error: (06/10/2015 10:35:03 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis Error: (06/10/2015 10:35:03 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis Error: (06/10/2015 10:35:03 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis Error: (06/10/2015 10:35:03 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis Error: (06/10/2015 10:35:03 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis System errors: ============= Error: (06/17/2015 09:55:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi WebcamMax, WDM Video Capture z powodu następującego błędu: %%1058 Error: (06/17/2015 09:54:00 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Usługa Windows Update nie została poprawnie zamknięta po odebraniu kodu sterującego przed zamknięciem. Error: (06/17/2015 09:43:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Usługa Windows Update zawiesiła się podczas uruchamiania. Error: (06/17/2015 09:37:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi YouTubeAcceleratorService z powodu następującego błędu: %%3 Error: (06/17/2015 09:37:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi WebcamMax, WDM Video Capture z powodu następującego błędu: %%1058 Error: (06/17/2015 09:37:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego błędu: %%3 Error: (06/17/2015 09:36:13 AM) (Source: volsnap) (EventID: 36) (User: ) Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error: (06/17/2015 09:15:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi Wlansvc. Error: (06/16/2015 10:12:22 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Przeglądarka komputera, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error: (06/16/2015 10:12:22 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Harmonogram klas multimediów, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Microsoft Office: ========================= CodeIntegrity Errors: =================================== Date: 2014-04-11 10:58:56.932 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-11 10:58:56.807 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU P6000 @ 1.87GHz Percentage of memory in use: 90% Total physical RAM: 1900.56 MB Available physical RAM: 188.68 MB Total Pagefile: 3801.13 MB Available Pagefile: 1665.91 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:10.23 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:329.79 GB) (Free:223.89 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D) Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C) Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended) ==================== End of log ============================