Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014 Ran by leszek at 2014-11-11 11:32:03 Running from C:\Users\leszek\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Ochrona komputera (Disabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17} AS: Ochrona komputera (Disabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Crystal Eye webcam (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.34.724 - Chicony Electronics Co.,Ltd.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated) Adobe Dreamweaver CS5.5 (HKLM\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated) Adobe Dreamweaver CS6 (HKLM\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Illustrator CS5 (HKLM\...\{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}) (Version: 15.0 - Adobe Systems Incorporated) Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) Advanced RAR Repair v1.2 (HKLM\...\Advanced RAR Repair v1.2) (Version: - ) ALLConverter PRO 1.3 (HKLM\...\{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1) (Version: - ALLCinema, Inc.) ALLMediaServer (HKLM\...\{FE77909E-B782-4554-A92A-4D887CEF0ACC}_is1) (Version: 0.95 - ALLCinema Ltd.) Ashampoo WinOptimizer 10 v.10.2.5 (HKLM\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.02.05 - Ashampoo GmbH & Co. KG) Centrum obsługi urządzeń z systemem Windows Mobile — aktualizacja sterowników (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation) Common Desktop Agent (Version: 1.53.0 - OEM) Hidden Computer Security 12.83.104.0 (release) (Version: 12.83.104.0 - F-Secure Corporation) Hidden ConvertAd (HKLM\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION Creative Pack Volume 1 (HKLM\...\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}) (Version: 3.0.1 - Corel Corporation) Dazzle Video Capture DVC100 X86 Driver 1.06 (HKLM\...\{D4ACFA69-25BA-4B10-8A5E-CA222939FCF9}) (Version: 1.06.0000 - Pinnacle) DivX PowerPack 1.54 (HKLM\...\{17301EEA-29BD-4666-AEF7-56BF5903B99F}_is1) (Version: 1.54 - Maciej Bieniek) Divxpack (remove only) (HKLM\...\Divxpack) (Version: - ) Dodatek Zapisywanie jako PDF lub XPS firmy Microsoft dla programów pakietu Microsoft Office 2007 (HKLM\...\{90120000-00B2-0415-0000-0000000FF1CE}) (Version: 12.0.4518.1020 - Microsoft Corporation) e-Deklaracje Desktop (HKLM\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 6.0.1 - Ministerstwo Finansow) e-Deklaracje Desktop (Version: 6.0.1 - Ministerstwo Finansow) Hidden EVEREST Ultimate Edition v5.00 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.00 - Lavalys, Inc.) Exifer (HKLM\...\Exifer_is1) (Version: - Friedemann Schmidt) ffdshow (HKLM\...\ffdshow) (Version: 20050215 - Milan Cutka) Filmmaker's Toolkit for Studio (HKLM\...\InstallShield_{2444562A-A7DC-42B8-A4D8-1BCF704B1480}) (Version: 1.0.1 - Red Giant) Filmmaker's Toolkit for Studio (Version: 1.0.1 - Red Giant) Hidden FormatFactory 2.60 (HKLM\...\FormatFactory) (Version: 2.60 - Free Time) Freemake Video Converter wersja 4.1.5 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation) F-Secure CCF Reputation (Version: 1.0.25.1877 - F-Secure) Hidden F-Secure CCF Scanning 1.43.102.193 (release) (Version: 1.43.102.193 - F-Secure Corporation) Hidden F-Secure Network CCF 1.02.128 (Version: 1.02.128.1 - F-Secure Corporation) Hidden Google Earth (HKLM\...\{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}) (Version: 7.1.1.1580 - Google) Google SketchUp Pro 8 (HKLM\...\{E0A160F1-127B-43AC-AF96-EBB6319B01C7}) (Version: 3.0.4811 - Google, Inc.) Google SketchUp Pro 8 PL (Version: 8.0.4811.3 - Progrupa sp. z o.o.) Hidden High-Definition Video Playback 10 (Version: 7.0.11400.29.0 - Nero AG) Hidden Hollywood FX Volumes 1-3 (HKLM\...\{E3D181F8-246B-497F-945E-6DB98CBA6677}) (Version: 2.0.1 - Corel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) K-Lite Codec Pack 9.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.8.0 - ) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Motion Graphics Toolkit for Studio (HKLM\...\InstallShield_{E5C99F9E-E97D-40B6-BAFC-8BCBFF1031E4}) (Version: 1.0.1 - Red Giant) Motion Graphics Toolkit for Studio (Version: 1.0.1 - Red Giant) Hidden MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) NapiProjekt 2.0.0 (build 2151) (HKLM\...\NapiProjekt_is1) (Version: - ) Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG) Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG) Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.0.10700.9.100 - Nero AG) Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG) Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG) Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13200 - Nero AG) Nero Recode 10 (HKLM\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG) Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.30.0 - Nokia) Nokia Suite (Version: 3.8.30.0 - Nokia) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation) Online Safety 2.83.1346.10 (Version: 2.83.1346.10 - F-Secure Corporation) Hidden OpenOffice 4.0.1 (HKLM\...\{DA0106A3-216E-48DE-9CF6-655DA8FC1D22}) (Version: 4.01.9714 - Apache Software Foundation) Pakiet Bezpieczeństwa UPC (HKLM\...\F-Secure ServiceEnabler 46267) (Version: 1.83.311.0 - F-Secure Corporation) Pakiet Bezpieczeństwa UPC (Version: 1.83.311.0 - F-Secure Corporation) Hidden PATRONAT7 (HKLM\...\{2170D74F-E036-48AD-B7CD-56257F327DAD}) (Version: 7 - PATRONAT7-UPGRADE) PATRONAT7 (HKLM\...\{ADCCB4AE-15D1-4F90-ABDF-4E7872531626}) (Version: 7 - PATRONAT7-UPGRADE) PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden Phoenix Service Software 2010.8.4.41526 (HKLM\...\{92DA4424-0CFB-44D1-A08B-B63D5D8BEFBC}_is1) (Version: - PhoenixSlayer) Pinnacle Studio 17 (HKLM\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.5.0.327 - Corel Corporation) Pinnacle Studio 17 Add-Ons (Version: 17.0 - Corel) Hidden Pinnale Systems Software Keys (HKLM\...\{616CD10B-1EC7-41D2-8C14-3ECE93E7AEE9}_is1) (Version: - VPP TEAM) Polski pakiet językowy dla programu Google SketchUp Pro 8 (HKLM\...\Google SketchUp Pro 8 PL) (Version: 8.0.4811.3 - Progrupa sp. z o.o.) Premium Pack Volumes 1-2 (HKLM\...\{88C4D8A6-9954-46A0-965D-92E55DAB8734}) (Version: 2.0.1 - Corel Corporation) QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.02.06.10 - Samsung Electronics Co., Ltd.) Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Samsung Scan Assistant (HKLM\...\Samsung Scan Assistant) (Version: 1.04.45.00 - Samsung Electronics Co., Ltd.) Samsung SCX-3400 Series (HKLM\...\Samsung SCX-3400 Series) (Version: 1.08 (2012-05-07) - Samsung Electronics Co., Ltd.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.) ScoreFitter Volumes 1-2 (HKLM\...\{0FDA9ECA-6DA3-480E-B7A9-76F353AF6B6C}) (Version: 2.0.1 - Corel Corporation) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) SmartSound Common Data (Version: 1.1.0 - SmartSound Software Inc.) Hidden SmartSound Sonicfire Pro 5 (HKLM\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.6.0 - SmartSound Software Inc.) SmartSound Sonicfire Pro 5 (Version: 5.6.0 - SmartSound Software Inc.) Hidden SureThing Express Labeler (HKLM\...\stax-Pinnacle_is1) (Version: - MicroVision Development, Inc.) Title Extreme (HKLM\...\{F7214014-27EE-4237-9978-2F9D1551559B}) (Version: 2.0.1 - Corel Corporation) Ultra RM Converter 4.2.0220 (HKLM\...\Ultra RM Converter_is1) (Version: - Aone Software) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.0.0.0 - Azureus Software, Inc.) Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation) WinRAR 4.20 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) XviD MPEG-4 Video Codec (HKLM\...\XviD_is1) (Version: XviD-1.0.1-05062004 - XviD Team (Koepi)) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3924117992-576461840-467304932-1003_Classes\CLSID\{1EBF38D6-BF74-62AA-BFC1-C6D1D27E600D}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3924117992-576461840-467304932-1003_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\leszek\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) ==================== Restore Points ========================= 10-11-2014 20:53:29 Installed MSXML 6.0 Parser 10-11-2014 20:55:31 Installed ABBYY FineReader 11 Corporate Edition. 10-11-2014 21:02:09 Installed MSXML 6.0 Parser 10-11-2014 21:05:12 Installed ABBYY FineReader 11 Corporate Edition. 10-11-2014 21:13:08 Installed MSXML 6.0 Parser 10-11-2014 21:15:50 Installed ABBYY FineReader 11 Corporate Edition. 10-11-2014 22:43:16 Installed MSXML 6.0 Parser 10-11-2014 22:44:51 Installed ABBYY FineReader 11. 10-11-2014 22:47:04 Installed MSXML 6.0 Parser 10-11-2014 22:48:16 Installed ABBYY FineReader 11. 10-11-2014 22:51:43 Installed MSXML 6.0 Parser 10-11-2014 22:53:50 Installed ABBYY FineReader 11. 10-11-2014 22:58:22 Installed MSXML 6.0 Parser 10-11-2014 22:59:29 Installed ABBYY FineReader 11. 10-11-2014 23:06:08 Installed MSXML 6.0 Parser 10-11-2014 23:07:46 Installed ABBYY FineReader 11. 10-11-2014 23:18:27 Installed MSXML 6.0 Parser 10-11-2014 23:19:54 Installed MSXML 6.0 Parser 10-11-2014 23:21:06 Installed ABBYY FineReader 11. 10-11-2014 23:25:56 Installed MSXML 6.0 Parser 10-11-2014 23:27:26 Installed ABBYY FineReader 11. 11-11-2014 08:08:00 Installed MSXML 6.0 Parser 11-11-2014 08:09:57 Installed ABBYY FineReader 11. 11-11-2014 08:37:42 Operacja przywracania 11-11-2014 09:15:55 Installed MSXML 6.0 Parser 11-11-2014 09:17:14 Installed ABBYY FineReader 12 Professional. 11-11-2014 09:26:23 Installed MSXML 6.0 Parser 11-11-2014 09:27:26 Installed ABBYY FineReader 12 Professional. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-05-30 06:42 - 2014-05-30 06:42 - 00000355 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1DDE77CC-2B14-4290-BBCE-ED701E0E4BBF} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {23745F22-4BBE-403C-9D41-3B6DCE81DB6B} - System32\Tasks\{0C5B0297-377A-4439-8EFF-03850F984D72} => C:\Users\leszek\Desktop\krp-beta7.exe Task: {2D5F5565-58B1-4AAF-9476-C411957C6124} - System32\Tasks\AdobeAAMUpdater-1.0-JOLA-Komputer-leszek => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated) Task: {3E9286D6-146B-4674-B585-955F30EF3AA5} - System32\Tasks\Express FilesUpdate => C:\Program Files\ExpressFiles\EFUpdater.exe <==== ATTENTION Task: {4078C36A-BD98-4A8D-86EA-A46430B39D8A} - System32\Tasks\{CBE23C82-F3A9-4270-9636-1B538B9C3D4F} => D:\Nowy folder\MSWT2004\MSWorldTour.exe Task: {5BB58CB0-389F-40FA-91EE-042D21FFDD50} - System32\Tasks\AdobeAAMUpdater-1.0-JOLA-Komputer-JOLA => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated) Task: {62BC5A5C-99A2-4684-BF35-B1B33859BDD5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-05] (Adobe Systems Incorporated) Task: {80F9B260-7F67-49ED-9481-5CC7367BDEFB} - System32\Tasks\{2F414D25-DFEE-4FF7-AFCD-E779AD8DD6F2} => D:\CART\rebuilt.krp-beta7.exe Task: {8D41FE59-1032-4B0A-9732-841066AA512C} - System32\Tasks\{42AA610F-5AB5-40A6-B4CB-521EFF02FA93} => C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe Task: {A4D357DE-BEB2-47FD-A240-6EB76D2C066F} - System32\Tasks\DSite => C:\Users\JOLA\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {B3240B15-7C9D-4517-9B2D-A7536CAFBD2D} - System32\Tasks\4835 => Wscript.exe C:\Users\leszek\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {B4BBB5D9-4662-45F7-B33C-DAE7D71FA137} - System32\Tasks\{7BC357D6-C8E7-4A4B-BFC5-E53DC4F0E665} => C:\Users\leszek\Desktop\krp-beta7.exe Task: {B84A3D18-2BFB-4FF8-8639-F4BFE398ED7A} - System32\Tasks\RunAsStdUser => C:\Program Files\Desk 365\desk365.exe <==== ATTENTION Task: {BCA6C1EB-ECA5-4FF5-8A50-17E998CCAA9E} - System32\Tasks\{0631AAA9-FF7E-4223-8B9C-4D9B3B139013} => D:\CART\Tom Coronel Indoor Kartracing\kart.exe Task: {E507527E-A713-4AFA-8C89-00B036694290} - System32\Tasks\{E173F09E-2B3F-4D15-B463-EC756E66CACE} => D:\Nowy folder\MSWT2004\MSWorldTour.exe Task: {F6BB103B-0FF6-43B6-9872-6B0AA361FD44} - System32\Tasks\{938091E3-562C-4B0C-89E5-02AFE45BDD17} => D:\CART\rebuilt.krp-beta7.exe Task: {FEEFCDE0-7F5A-4CF7-B9AA-433A0AB205BB} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DSite.job => C:\Users\JOLA\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2013-02-01 16:32 - 2011-05-02 05:41 - 00024064 _____ () C:\Windows\System32\ssm1mlm.dll 2009-09-01 04:31 - 2009-09-01 04:31 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll 2013-05-15 15:05 - 2013-05-15 15:05 - 00220096 _____ () C:\Program Files\Pakiet Bezpieczenstwa UPC\daas2.dll 2014-05-01 11:57 - 2014-05-01 11:57 - 00030888 _____ () C:\Program Files\Pakiet Bezpieczenstwa UPC\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll 2014-05-01 11:48 - 2014-05-21 10:48 - 00949288 _____ () C:\Program Files\Pakiet Bezpieczenstwa UPC\apps\ComputerSecurity\Anti-Virus\fm4av.dll 2014-05-01 11:48 - 2014-05-01 11:57 - 00212008 _____ () C:\Program Files\Pakiet Bezpieczenstwa UPC\apps\ComputerSecurity\Spam Control\fsas.dll 2010-12-17 18:12 - 2010-12-17 18:12 - 00332288 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2010-12-17 18:13 - 2010-12-17 18:13 - 00049664 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2014-05-01 11:23 - 2014-05-01 11:23 - 00593464 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3924117992-576461840-467304932-500 - Administrator - Disabled) Gość (S-1-5-21-3924117992-576461840-467304932-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3924117992-576461840-467304932-1002 - Limited - Enabled) JOLA (S-1-5-21-3924117992-576461840-467304932-1001 - Administrator - Enabled) => C:\Users\JOLA leszek (S-1-5-21-3924117992-576461840-467304932-1003 - Administrator - Enabled) => C:\Users\leszek ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/11/2014 11:26:31 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 13 2014-11-11 11:26:31+02:00 JOLA-KOMPUTER SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\users\leszek\desktop\frst.exe File hash: f023183324410feb6a809e239078c6a5df283c52 Error: (11/11/2014 11:26:21 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 12 2014-11-11 11:26:21+02:00 JOLA-KOMPUTER SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\users\leszek\desktop\frst.exe File hash: f023183324410feb6a809e239078c6a5df283c52 Error: (11/11/2014 11:23:38 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 11 2014-11-11 11:23:38+02:00 JOLA-KOMPUTER SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\users\leszek\desktop\frst.exe File hash: f023183324410feb6a809e239078c6a5df283c52 Error: (11/11/2014 11:21:29 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 10 2014-11-11 11:21:29+02:00 JOLA-KOMPUTER SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\users\leszek\desktop\frst.exe File hash: f023183324410feb6a809e239078c6a5df283c52 Error: (11/11/2014 11:15:30 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 9 2014-11-11 11:15:30+02:00 JOLA-KOMPUTER SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\users\leszek\desktop\frst.exe File hash: f023183324410feb6a809e239078c6a5df283c52 Error: (11/11/2014 11:13:57 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 8 2014-11-11 11:13:57+02:00 JOLA-KOMPUTER SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\users\leszek\desktop\frst.exe File hash: f023183324410feb6a809e239078c6a5df283c52 Error: (11/11/2014 11:13:10 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 7 2014-11-11 11:13:10+02:00 JOLA-KOMPUTER SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\users\leszek\desktop\frst.exe File hash: f023183324410feb6a809e239078c6a5df283c52 Error: (11/11/2014 11:10:41 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 6 2014-11-11 11:10:41+02:00 JOLA-KOMPUTER SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\users\leszek\desktop\frst.exe File hash: f023183324410feb6a809e239078c6a5df283c52 Error: (11/11/2014 11:10:31 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 5 2014-11-11 11:10:31+02:00 JOLA-KOMPUTER SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\users\leszek\desktop\frst.exe File hash: f023183324410feb6a809e239078c6a5df283c52 Error: (11/11/2014 11:09:42 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 4 2014-11-11 11:09:42+02:00 JOLA-KOMPUTER SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\users\leszek\desktop\frst.exe File hash: f023183324410feb6a809e239078c6a5df283c52 System errors: ============= Error: (11/11/2014 10:58:15 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: właściwe dla aplikacjiLokalnyUruchom{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}ZARZĄDZANIE NTSYSTEMS-1-5-18LocalHost (użycie LRPC) Error: (11/11/2014 09:51:47 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Usługa Udostępnianie połączenia internetowego (ICS) zawiesiła się podczas uruchamiania. Error: (11/11/2014 09:51:31 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: właściwe dla aplikacjiLokalnyUruchom{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}ZARZĄDZANIE NTSYSTEMS-1-5-18LocalHost (użycie LRPC) Error: (11/11/2014 09:18:25 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: właściwe dla aplikacjiLokalnyUruchom{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}ZARZĄDZANIE NTSYSTEMS-1-5-18LocalHost (użycie LRPC) Error: (11/11/2014 08:49:06 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: właściwe dla aplikacjiLokalnyUruchom{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}ZARZĄDZANIE NTSYSTEMS-1-5-18LocalHost (użycie LRPC) Error: (11/11/2014 01:40:15 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/10/2014 10:09:13 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: właściwe dla aplikacjiLokalnyUruchom{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}ZARZĄDZANIE NTSYSTEMS-1-5-18LocalHost (użycie LRPC) Error: (11/10/2014 09:33:56 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: właściwe dla aplikacjiLokalnyUruchom{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}ZARZĄDZANIE NTSYSTEMS-1-5-18LocalHost (użycie LRPC) Error: (11/10/2014 07:37:56 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: właściwe dla aplikacjiLokalnyUruchom{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}ZARZĄDZANIE NTSYSTEMS-1-5-18LocalHost (użycie LRPC) Error: (11/10/2014 04:01:07 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: właściwe dla aplikacjiLokalnyUruchom{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}ZARZĄDZANIE NTSYSTEMS-1-5-18LocalHost (użycie LRPC) Microsoft Office Sessions: ========================= Error: (12/11/2013 11:01:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 133 seconds with 120 seconds of active time. This session ended with a crash. Error: (11/19/2013 06:54:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 564 seconds with 540 seconds of active time. This session ended with a crash. Error: (11/18/2013 06:56:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 271 seconds with 240 seconds of active time. This session ended with a crash. Error: (05/30/2013 11:28:57 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/30/2013 11:27:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9802 seconds with 3180 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz Percentage of memory in use: 38% Total physical RAM: 2814.42 MB Available physical RAM: 1719.17 MB Total Pagefile: 5627.13 MB Available Pagefile: 4123.75 MB Total Virtual: 2047.88 MB Available Virtual: 1893.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:227.88 GB) (Free:152.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:227.88 GB) (Free:142.99 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 33AA84EE) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=227.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=227.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================