Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-10-2014 Ran by admin at 2014-10-20 17:26:02 Running from C:\Users\admin\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) ArcaBit Prerequistes (Version: 13.11.3201 - ArcaBit Sp. z o.o.) Hidden ArcaVir (HKLM\...\{D3FD6AF3-7954-4998-A31A-F501C1E0571C}) (Version: 13.03.3201 - Arcabit Sp z o.o.) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation) Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.2 - Intel) Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Java Auto Updater (Version: 2.8.25.18 - Oracle Corporation) Hidden LibreOffice 4.3 Help Pack (Polish) (HKLM\...\{88D001B5-EB54-47CE-B5E8-82CE85802805}) (Version: 4.3.0.4 - The Document Foundation) LibreOffice 4.3.0.4 (HKLM\...\{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}) (Version: 4.3.0.4 - The Document Foundation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Mozilla Firefox 33.0 (x86 pl) (HKLM\...\Mozilla Firefox 33.0 (x86 pl)) (Version: 33.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Notepad++ (HKLM\...\Notepad++) (Version: 6.5.4 - Notepad++ Team) Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - plk) (Version: - Microsoft Corporation) Samsung CLX-92x1 93x1 Series (HKLM\...\Samsung CLX-92x1 93x1 Series) (Version: 1.41 (2014-09-11) - Samsung Electronics Co., Ltd.) Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.06.35 (2014-06-09) - Samsung Electronics Co., Ltd.) Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.05.51.00(2014-06-19) - Samsung Electronics Co., Ltd.) Samsung Printer Diagnostics (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.0.16 - Samsung Electronics Co., Ltd.) Samsung Scan Process Machine (Version: 1.02.07.10 - Samsung Electronics Co., Ltd.) Hidden SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 17-10-2014 14:49:16 Windows Update 17-10-2014 15:33:58 Instalacja pakietu sterownika urządzenia: Samsung Drukarki 20-10-2014 07:55:35 Zaplanowany punkt kontrolny ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0CAB7B68-718C-40E0-B83B-89DDF7007DC8} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] () Task: {1807AC3D-08AC-4776-8EF6-2FE938DEB7D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-16] (Adobe Systems Incorporated) Task: {1A9EF83E-5431-4484-97F6-C5B92539275C} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {22BBCD89-75CE-4943-9CE7-F7D9DCF0AD00} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd) Task: {239F2BAB-1ACD-4270-8E1A-B93538FCD8B6} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation) Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation) Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {55C27EAB-68C5-4D7E-B416-FA170C4DE522} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-10-17 17:33 - 2012-01-13 10:29 - 00024064 _____ () C:\Windows\System32\ssl1clm.dll 2014-10-17 17:33 - 2014-09-10 08:45 - 00896512 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssl1cdu.dll 2014-02-14 20:20 - 2014-10-16 17:50 - 00340144 _____ () C:\Program Files\ArcaBit\Common\ProtocolFilters.dll 2014-02-14 20:20 - 2014-10-16 17:50 - 00109424 _____ () C:\Program Files\ArcaBit\Common\nfapi.dll 2012-05-09 15:17 - 2014-02-14 20:20 - 00195944 _____ () C:\Program Files\ArcaBit\arcavir\avshell.dll 2012-06-18 17:24 - 2012-06-18 17:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll 2012-03-09 09:58 - 2012-03-09 09:58 - 00350072 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2012-03-09 09:58 - 2012-03-09 09:58 - 00056696 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2014-01-27 18:09 - 2010-05-21 14:14 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll 2014-10-16 17:16 - 2014-10-16 17:16 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== admin (S-1-5-21-3702316430-553723284-2002759146-1000 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-3702316430-553723284-2002759146-500 - Administrator - Disabled) => C:\Users\Administrator Gość (S-1-5-21-3702316430-553723284-2002759146-501 - Limited - Disabled) nauczyciel (S-1-5-21-3702316430-553723284-2002759146-1002 - Limited - Enabled) => C:\Users\nauczyciel vice (S-1-5-21-3702316430-553723284-2002759146-1004 - Limited - Enabled) => C:\Users\vice ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/17/2014 05:59:23 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: ) Description: Nie można usunąć indeksowanych danych usługi Windows Search dla użytkownika V-DYREKCJA\student w odpowiedzi na usunięcie profilu użytkownika. Kod błędu 0x80070422. Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia. . Error: (10/17/2014 05:38:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd IDS.Application.exe, wersja 1.5.51.0, sygnatura czasowa 0x53a27b00, moduł powodujący błąd IDS.Application.exe, wersja 1.5.51.0, sygnatura czasowa 0x53a27b00, kod wyjątku 0xc0000409, przesunięcie błędu 0x00198e5f, identyfikator procesu 0xa0, godzina rozpoczęcia aplikacji 0xIDS.Application.exe0. Error: (10/17/2014 04:56:56 PM) (Source: Perflib) (EventID: 1017) (User: ) Description: PolicyAgent Error: (10/17/2014 04:56:56 PM) (Source: Perflib) (EventID: 1005) (User: ) Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent4 Error: (10/17/2014 04:56:55 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (10/17/2014 04:56:55 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 System errors: ============= Error: (10/20/2014 05:14:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: ABTDI Error: (10/20/2014 05:08:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: ABTDI Error: (10/20/2014 05:02:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: ABTDI Error: (10/20/2014 04:33:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: ABTDI Error: (10/20/2014 02:26:39 PM) (Source: netbt) (EventID: 4321) (User: ) Description: Nie można zarejestrować nazwy „LICEUM :1d” w interfejsie o adresie IP 192.168.2.110. Komputer o adresie IP 10.0.0.251 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error: (10/20/2014 02:24:16 PM) (Source: netbt) (EventID: 4321) (User: ) Description: Nie można zarejestrować nazwy „LICEUM :1d” w interfejsie o adresie IP 192.168.2.110. Komputer o adresie IP 10.0.0.251 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error: (10/20/2014 02:19:38 PM) (Source: netbt) (EventID: 4321) (User: ) Description: Nie można zarejestrować nazwy „LICEUM :1d” w interfejsie o adresie IP 192.168.2.110. Komputer o adresie IP 10.0.0.251 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error: (10/20/2014 02:14:28 PM) (Source: netbt) (EventID: 4321) (User: ) Description: Nie można zarejestrować nazwy „LICEUM :1d” w interfejsie o adresie IP 192.168.2.110. Komputer o adresie IP 10.0.0.251 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error: (10/20/2014 02:12:05 PM) (Source: netbt) (EventID: 4321) (User: ) Description: Nie można zarejestrować nazwy „LICEUM :1d” w interfejsie o adresie IP 192.168.2.110. Komputer o adresie IP 10.0.0.251 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error: (10/20/2014 02:07:24 PM) (Source: netbt) (EventID: 4321) (User: ) Description: Nie można zarejestrować nazwy „LICEUM :1d” w interfejsie o adresie IP 192.168.2.110. Komputer o adresie IP 10.0.0.251 nie zezwolił na przejęcie tej nazwy przez ten komputer. Microsoft Office Sessions: ========================= Error: (10/17/2014 05:59:23 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: ) Description: V-DYREKCJA\student0x80070422Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia. Error: (10/17/2014 05:38:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IDS.Application.exe1.5.51.053a27b00IDS.Application.exe1.5.51.053a27b00c000040900198e5fa001cfea20674dfebd Error: (10/17/2014 04:56:56 PM) (Source: Perflib) (EventID: 1017) (User: ) Description: PolicyAgent Error: (10/17/2014 04:56:56 PM) (Source: Perflib) (EventID: 1005) (User: ) Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent4 Error: (10/17/2014 04:56:55 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (10/17/2014 04:56:55 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 CodeIntegrity Errors: =================================== Date: 2014-01-28 18:07:49.753 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-01-28 18:07:49.721 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-01-28 18:07:49.690 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-01-28 18:07:49.612 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-01-28 18:07:49.581 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz Percentage of memory in use: 55% Total physical RAM: 1976.88 MB Available physical RAM: 873.02 MB Total Pagefile: 4204.81 MB Available Pagefile: 3025.05 MB Total Virtual: 2047.88 MB Available Virtual: 1890.43 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.5 GB) (Free:49.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:74.51 GB) (Free:74.42 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: F8F8F8F8) Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================