Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2014 Ran by Szkola at 2014-11-25 11:08:58 Running from C:\Users\Szkola\Desktop\c Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) "Wings of Prey" (Unistall) (HKLM\...\{bd8defa4-19fa-4964-9692-f1112d8a62d9}}_is1) (Version: 1.0.5.1 - Gaijin Entertainment, Corp.) µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) ALLConverter PRO 1.1 (HKLM\...\{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1) (Version: - ALLCinema, Inc.) Ashampoo Burning Studio 2014 v.12.0.5 (HKLM\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG) Attack on Pearl Harbor (HKLM\...\PEARLHDE_is1) (Version: - Legendo Entertainment AB) Codename: Panzers Cold War (HKLM\...\{F2485BF4-830D-4D7F-B553-3B125CCFB255}) (Version: 1.00.0000 - Atari) Conexant Audio Filter Agent (HKLM\...\cAudioFilterAgent) (Version: 1.7.36.0 - Conexant Systems) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.5.51 - Conexant) Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.109.0 - Conexant Systems) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation) Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Igrzyska Zimowe 2007 1.03 (HKLM\...\Igrzyska Zimowe 2007_is1) (Version: - ) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2639 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{51A66ED3-200E-4147-8D1E-E8D30936FD26}) (Version: 1.23.605.1 - Intel Corporation) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Klient yuPlay 0.7.37 (HKLM\...\yuPlay клиент_is1) (Version: - ) K-Lite Codec Pack 9.8.5 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.8.5 - ) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM\...\{90110415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 33.1 (x86 pl) (HKLM\...\Mozilla Firefox 33.1 (x86 pl)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation) OpenAL (HKLM\...\OpenAL) (Version: - ) OpenOffice.org 3.3 (HKLM\...\{EB87675F-5281-4767-A54B-31931794C23D}) (Version: 3.3.9567 - OpenOffice.org) Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0019 - Realtek) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) World of Warplanes (HKLM\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version: - Wargaming.net) Zombie Driver (HKLM\...\Steam App 31410) (Version: - EXOR Studios) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 08-09-2014 10:27:14 Zaplanowany punkt kontrolny 16-09-2014 07:43:22 Zaplanowany punkt kontrolny 23-09-2014 09:01:41 Zaplanowany punkt kontrolny 01-10-2014 06:24:02 Zaplanowany punkt kontrolny 09-10-2014 06:29:18 Zaplanowany punkt kontrolny 16-10-2014 06:38:49 Zaplanowany punkt kontrolny 23-10-2014 10:31:51 Zaplanowany punkt kontrolny 31-10-2014 07:27:53 Zaplanowany punkt kontrolny 07-11-2014 07:43:09 Zaplanowany punkt kontrolny 14-11-2014 08:41:07 Zaplanowany punkt kontrolny 19-11-2014 08:45:11 Windows Update 25-11-2014 08:01:36 Windows Defender Checkpoint 25-11-2014 10:06:37 Usunięto: Adobe Reader 8 - Polish 25-11-2014 10:07:24 Removed Java 7 Update 51 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-11-24 07:54 - 2014-11-25 11:02 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {AF2C4E7D-01A2-4A82-9EED-60DC5102C45D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.) Task: {B55735C0-0D62-4C9D-8A1A-7B8E2240EF9D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2181966677-460633389-2470704602-1000 Task: {CDB31581-6581-4039-8EE6-F30B91FAF610} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated) Task: {E2B4A6F6-2A50-4BD0-A7FE-51BD00728B86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-11-24 08:45 - 2014-11-14 22:15 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\libglesv2.dll 2014-11-24 08:45 - 2014-11-14 22:15 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\libegl.dll 2014-11-24 08:45 - 2014-11-14 22:15 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\pdf.dll 2014-11-24 08:45 - 2014-11-14 22:15 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll 2012-11-21 16:34 - 2012-02-21 23:09 - 01198872 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Szkola^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent ========================= Accounts: ========================== Administrator (S-1-5-21-2181966677-460633389-2470704602-500 - Administrator - Disabled) Gość (S-1-5-21-2181966677-460633389-2470704602-501 - Limited - Disabled) Szkola (S-1-5-21-2181966677-460633389-2470704602-1000 - Administrator - Enabled) => C:\Users\Szkola ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/25/2014 11:06:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/25/2014 10:28:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (11/25/2014 10:28:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (11/25/2014 10:28:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (11/25/2014 10:25:30 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/25/2014 09:38:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (11/25/2014 09:38:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (11/25/2014 09:38:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (11/25/2014 09:34:47 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/25/2014 09:29:40 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (11/25/2014 11:04:40 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: Nie można zarejestrować nazwy „SZKOLA-KOMPUTER:20” w interfejsie o adresie IP 192.168.1.140. Komputer o adresie IP 192.168.1.120 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error: (11/25/2014 11:04:40 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: Nie można zarejestrować nazwy „SZKOLA-KOMPUTER:0” w interfejsie o adresie IP 192.168.1.140. Komputer o adresie IP 192.168.1.120 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error: (11/25/2014 11:04:40 AM) (Source: Server) (EventID: 2505) (User: ) Description: Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{95FBA0D6-8EF4-40DB-A941-F5DC378B89E4}, ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera. Error: (11/25/2014 10:27:18 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: Nie można zarejestrować nazwy „SZKOLA-KOMPUTER:0” w interfejsie o adresie IP 192.168.1.140. Komputer o adresie IP 192.168.1.120 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error: (11/25/2014 10:24:14 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (11/25/2014 10:24:14 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (11/25/2014 10:24:13 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (11/25/2014 10:24:08 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/25/2014 10:23:43 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: Nie można zarejestrować nazwy „SZKOLA-KOMPUTER:0” w interfejsie o adresie IP 192.168.1.140. Komputer o adresie IP 192.168.1.120 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error: (11/25/2014 10:23:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: discache spldr Wanarpv6 Microsoft Office Sessions: ========================= Error: (11/25/2014 11:06:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/25/2014 10:28:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (11/25/2014 10:28:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance1637070000000000000000000009030000 Error: (11/25/2014 10:28:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance1637070000000000000000000009030000 Error: (11/25/2014 10:25:30 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/25/2014 09:38:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (11/25/2014 09:38:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance1637070000000000000000000009030000 Error: (11/25/2014 09:38:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance1637070000000000000000000009030000 Error: (11/25/2014 09:34:47 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/25/2014 09:29:40 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz Percentage of memory in use: 51% Total physical RAM: 1942.07 MB Available physical RAM: 947 MB Total Pagefile: 3884.15 MB Available Pagefile: 2774.48 MB Total Virtual: 2047.88 MB Available Virtual: 1909.91 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:464.98 GB) (Free:400.11 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 9187C82F) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS) ==================== End Of Log ============================