Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2015 Ran by Administrator (2015-08-18 23:26:14) Running from C:\Users\Administrator\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2511829651-333839240-3277264240-500 - Administrator - Enabled) => C:\Users\Administrator Gość (S-1-5-21-2511829651-333839240-3277264240-501 - Limited - Enabled) UpdatusUser (S-1-5-21-2511829651-333839240-3277264240-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 1 (SP1) (Version: - Microsoft) Hidden Adobe Flash Player 19 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 19.0.0.142 - Adobe Systems Incorporated) Adobe Reader 9.5.0 - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software) Counter Strike 1.6 CSC (HKLM\...\Counter Strike 1.6 CSC 1.0) (Version: 1.0 - Cs-Classic) Dodatek Zapisywanie jako PDF lub XPS firmy Microsoft dla programów pakietu Microsoft Office 2007 (HKLM\...\{90120000-00B2-0415-0000-0000000FF1CE}) (Version: 12.0.4518.1020 - Microsoft Corporation) DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation) Edycja Jesień 2007/Wiosna 2008 dla MEN (HKLM\...\MENVER) (Version: - Microsoft Services Polska) FormatFactory 3.6.0.0 (HKLM\...\FormatFactory) (Version: 3.6.0.0 - Format Factory) HP Deskjet 2510 series — podstawowe oprogramowanie urządzenia (HKLM\...\{D239DFD4-44E1-4239-AD5F-0DC652320141}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 2510 series Setup Guide (HKLM\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard) HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - ) Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Malwarebytes Anti-Malware wersja 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6215.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 40.0.2 (x86 pl) (HKLM\...\Mozilla Firefox 40.0.2 (x86 pl)) (Version: 40.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.2 - Mozilla) Nero 7 Essentials (HKLM\...\{9B4E6CB9-E54D-47F7-A414-E2D5740E1045}) (Version: 7.02.8507 - Nero AG) NVIDIA Sterownik graficzny 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation) ODF Add-in for Microsoft Excel (HKLM\...\{7B8C1350-91E4-408D-8070-01D2F1268E6C}) (Version: 1.0.0 - Clever Age) ODF Add-in for Microsoft PowerPoint (HKLM\...\{5FEB73FA-7D2D-4478-88A9-37940598C998}) (Version: 1.0.0 - Sonata) ODF Add-in for Microsoft Word (HKLM\...\{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}) (Version: 1.0.0 - Clever Age) Panel sterowania NVIDIA 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden PLAY ONLINE (HKLM\...\PLAY ONLINE) (Version: 16.001.06.01.264 - Huawei Technologies Co.,Ltd) Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Symulator Farmy 2011 (HKLM\...\FarmingSimulator2011PL_is1) (Version: 1.0 - GIANTS Software) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) UltraISO Premium V9.62 (HKLM\...\UltraISO_is1) (Version: - ) VirtualDJ 8 (HKLM\...\{5CC1B8CB-4B4A-4DB6-AA7D-7167D033E93C}) (Version: 8.0.2073.0 - Atomix Productions) Windows Live Messenger (HKLM\...\{223818EB-2BB5-4AAD-9F38-BA9668A4E3F3}) (Version: 8.1.0178.00 - Microsoft Corporation) WinRAR 5.11 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 12:23 - 2015-08-18 20:26 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1297307E-EF14-4531-A75C-A0A711BD5711} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-19] (AVAST Software) Task: {16E72671-61F1-4E81-9C2B-0CC10BE16BC9} - \Advanced-System Protector_startup -> No File <==== ATTENTION Task: {2928C2F9-EC75-4CE8-AF28-A05AA4AB1F9E} - \PhraseProfessor Auto Updater 1.10.0.21 Pending Update -> No File <==== ATTENTION Task: {2CE75BC5-A788-47F2-B473-6C02891CEE11} - \PhraseProfessor Auto Updater 1.10.0.21 Core -> No File <==== ATTENTION Task: {2D656894-BD7F-45CC-925D-7F30C9D77EBC} - \Microsoft\Windows\WindowsCalendar\Reminders - Administrator -> No File <==== ATTENTION Task: {3F422672-4928-4108-8716-A1BB53EAA0FB} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION Task: {4FF4F082-9069-463B-BAA4-1EC38A9AF614} - System32\Tasks\zNNNHgS7E3WsX => C:\Users\Administrator\AppData\Roaming\zNNNHgS7E3WsX.exe <==== ATTENTION Task: {798D130B-1A21-4CEC-816C-DEA517C566E6} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION Task: {93924823-74DA-45CB-933C-DD6A41D7911B} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION Task: {FA18A1CD-BEE9-4824-98FB-0672CC389CE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-18] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (Whitelisted) ============== 2008-04-24 08:25 - 2006-12-04 10:28 - 00022723 _____ () C:\Windows\System32\sugo2l3.DLL 2014-12-19 13:08 - 2014-12-19 13:08 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Administrator\Downloads\Anna Jurksztowicz Na dobre i na złe.mp3:TOC.WMV AlternateDataStreams: C:\Users\Administrator\Downloads\Antynarkotykowa - Bezpieczne Piosenki - Magdalena Dogiel.mp3:TOC.WMV AlternateDataStreams: C:\Users\Administrator\Downloads\Rozbójnik Alibaba ft. Chada, Kroolik Underwood - Zosia.mp3:TOC.WMV AlternateDataStreams: C:\Users\Administrator\Downloads\Video - Ide na plaże.mp3:TOC.WMV AlternateDataStreams: C:\Users\Administrator\Documents\I Wouldn't Mind - He Is We.mp3:TOC.WMV AlternateDataStreams: C:\Users\Administrator\Documents\Rozbójnik Alibaba ft. Chada, Kroolik Underwood - Zosia[Luka Edit].mp3:TOC.WMV AlternateDataStreams: C:\Users\Administrator\Documents\[EDM] Aronchupa - I'm an Albatraoz.mp3:TOC.WMV ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\12428424.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59850891.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\12428424.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59850891.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2511829651-333839240-3277264240-500\Control Panel\Desktop\\Wallpaper -> DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [{32146555-3F50-415A-B3EC-5C3A2278E3BA}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe FirewallRules: [{78C19C07-9844-464E-9BE4-6594730070D8}] => (Allow) svchost.exe FirewallRules: [{D0B382A4-B84A-48B1-8494-A6849C096CF4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [TCP Query User{9E90AB5C-B3E2-4408-9A98-94958BF1C5EC}C:\users\administrator\desktop\pandora\pandoramt2(bez_patchera).exe] => (Allow) C:\users\administrator\desktop\pandora\pandoramt2(bez_patchera).exe FirewallRules: [UDP Query User{546D2183-2794-4EBD-9337-EF0C20627BE3}C:\users\administrator\desktop\pandora\pandoramt2(bez_patchera).exe] => (Allow) C:\users\administrator\desktop\pandora\pandoramt2(bez_patchera).exe FirewallRules: [{E4D8A8D9-6133-4038-A991-761E1D66BF93}] => (Allow) C:\Program Files\Symulator Farmy 2011\FarmingSimulator2011.exe FirewallRules: [{9C0C7683-9ABD-4533-B057-E45AE1367162}] => (Allow) C:\Program Files\Symulator Farmy 2011\FarmingSimulator2011.exe FirewallRules: [{EE9A0D14-F1CA-4A73-8BDC-695A97D2BA34}] => (Allow) C:\Program Files\Symulator Farmy 2011\game.exe FirewallRules: [{8196F309-09BA-4A24-B16F-1D671085CA55}] => (Allow) C:\Program Files\Symulator Farmy 2011\game.exe FirewallRules: [TCP Query User{AFE834D8-774A-45DF-95B7-D9210A36BDEF}C:\users\administrator\desktop\pandora\pandoramt2(bez_patchera).exe] => (Allow) C:\users\administrator\desktop\pandora\pandoramt2(bez_patchera).exe FirewallRules: [UDP Query User{2209FBAC-144F-4A87-B7DB-378868D6B36B}C:\users\administrator\desktop\pandora\pandoramt2(bez_patchera).exe] => (Allow) C:\users\administrator\desktop\pandora\pandoramt2(bez_patchera).exe FirewallRules: [{C232BC76-EEA8-433D-AB9E-407E27652E74}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{95200C16-E41F-42DD-90C2-B59F5CE1525C}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [TCP Query User{CDEFF183-CFFB-4994-8405-7C8EDA7679AD}C:\program files\counter strike 1.6 csc\ counter strike 1.6 csc\hl.exe] => (Allow) C:\program files\counter strike 1.6 csc\ counter strike 1.6 csc\hl.exe FirewallRules: [UDP Query User{CF76BEB7-2EEC-44F7-AD77-5CC5FA74C3B0}C:\program files\counter strike 1.6 csc\ counter strike 1.6 csc\hl.exe] => (Allow) C:\program files\counter strike 1.6 csc\ counter strike 1.6 csc\hl.exe FirewallRules: [TCP Query User{D4C27299-B3AA-4A08-831F-3A9D916696C2}C:\users\administrator\desktop\mod pandora\pandoramt2(bez_patchera).exe] => (Allow) C:\users\administrator\desktop\mod pandora\pandoramt2(bez_patchera).exe FirewallRules: [UDP Query User{9550003A-7E0B-4474-8760-B1BF6FF5B5A7}C:\users\administrator\desktop\mod pandora\pandoramt2(bez_patchera).exe] => (Allow) C:\users\administrator\desktop\mod pandora\pandoramt2(bez_patchera).exe FirewallRules: [TCP Query User{2C17D8C2-DB71-47AD-AB0E-DE2A55ED8543}C:\users\administrator\desktop\hack\pandoramt2(bez_patchera).exe] => (Allow) C:\users\administrator\desktop\hack\pandoramt2(bez_patchera).exe FirewallRules: [UDP Query User{8C1E6E58-D712-4AA1-86F1-5EB123CF6BD1}C:\users\administrator\desktop\hack\pandoramt2(bez_patchera).exe] => (Allow) C:\users\administrator\desktop\hack\pandoramt2(bez_patchera).exe FirewallRules: [{81C23E9C-8B23-4671-9562-5EC0FC20F620}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{1882FC27-C932-48FF-B4C8-35DBDD5C0128}] => (Allow) LPort=1886 FirewallRules: [{B85A7B16-FEF8-4388-A153-7FFB45913735}] => (Allow) LPort=1886 FirewallRules: [{14FB4DBA-12AF-46C1-A768-6A492084FDC3}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe FirewallRules: [{F64B49E1-6385-439E-B0EE-67B8A34E6184}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{945FCA4D-14D7-4F19-B1CD-F874A1754A4A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Faulty Device Manager Devices ============= Name: isatap.home Description: Karta Microsoft ISATAP Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (08/18/2015 11:24:55 PM) (Source: LoadPerf) (EventID: 3011) (User: ) Description: WmiApRplWmiApRpl8 Error: (08/18/2015 11:24:55 PM) (Source: LoadPerf) (EventID: 3012) (User: ) Description: Performance16 Error: (08/18/2015 11:24:55 PM) (Source: LoadPerf) (EventID: 3012) (User: ) Description: Performance16 Error: (08/18/2015 09:36:00 PM) (Source: LoadPerf) (EventID: 3011) (User: ) Description: WmiApRplWmiApRpl8 Error: (08/18/2015 09:36:00 PM) (Source: LoadPerf) (EventID: 3012) (User: ) Description: Performance16 Error: (08/18/2015 09:36:00 PM) (Source: LoadPerf) (EventID: 3012) (User: ) Description: Performance16 Error: (08/18/2015 09:07:21 PM) (Source: LoadPerf) (EventID: 3011) (User: ) Description: WmiApRplWmiApRpl8 Error: (08/18/2015 09:07:21 PM) (Source: LoadPerf) (EventID: 3012) (User: ) Description: Performance16 Error: (08/18/2015 09:07:21 PM) (Source: LoadPerf) (EventID: 3012) (User: ) Description: Performance16 Error: (08/18/2015 08:41:46 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 System errors: ============= Microsoft Office: ========================= CodeIntegrity: =================================== Date: 2015-08-18 23:26:06.000 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-18 23:26:05.968 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-18 23:26:05.935 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-18 23:26:05.904 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-18 23:26:05.698 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-18 23:26:05.667 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-18 23:26:05.634 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-18 23:26:05.602 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-18 23:25:47.106 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-18 23:25:47.075 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) D CPU 2.80GHz Percentage of memory in use: 33% Total physical RAM: 2045.39 MB Available physical RAM: 1368.21 MB Total Virtual: 4332.03 MB Available Virtual: 3520.71 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:149.05 GB) (Free:107.18 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (KINGSTON) (Removable) (Total:7.2 GB) (Free:5.6 GB) FAT32 Drive f: (SF2011) (CDROM) (Total:0.9 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 9A892786) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7.2 GB) (Disk ID: 078C7CDE) Partition 1: (Active) - (Size=7.2 GB) - (Type=0B) ==================== End of log ============================