Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015 Ran by user (2015-07-30 22:28:32) Running from C:\Users\user\Desktop\Pobrane Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1027461290-2157871058-3066203419-500 - Administrator - Disabled) Gość (S-1-5-21-1027461290-2157871058-3066203419-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1027461290-2157871058-3066203419-1002 - Limited - Enabled) user (S-1-5-21-1027461290-2157871058-3066203419-1001 - Administrator - Enabled) => C:\Users\user ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1027461290-2157871058-3066203419-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden ALLPlayer V6.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Archiwizator WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - ) ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS) ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0005 - ASUS) ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6081 - AVG Technologies) AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.6081 - AVG Technologies) Hidden AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.5.143 - AVG Technologies) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5767 - CDBurnerXP) Chronology (HKLM-x32\...\GOGPACKCHRONOLOGY_is1) (Version: 2.0.0.3 - GOG.com) DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.3.0.0254 - Disc Soft Ltd) DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden Firebird 2.1.5.18496 (Win32) (HKLM-x32\...\FBDBServer_2_1_is1) (Version: 2.1.5.18496 - Firebird Project) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version: - ) Movie Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) Obsługa programów Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Pro Surveillance System (HKLM-x32\...\{B28C9804-BFCE-4ADB-8C18-1DD9DA1C530A}) (Version: 4.0.0 - DH) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5951 - Realtek Semiconductor Corp.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.9.0 - Synaptics Incorporated) Unity Web Player (HKU\S-1-5-21-1027461290-2157871058-3066203419-1001\...\UnityWebPlayer) (Version: 5.1.0f3 - Unity Technologies ApS) USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - ) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WinRAR 4.01 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 26-07-2015 16:12:02 Installed Nero 9 Essentials 4.4.9.0 26-07-2015 19:00:25 Kopia zapasowa systemu Windows 26-07-2015 19:29:20 Installed Nero 9 Essentials 4.4.9.0 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-02-25 12:59 - 00449968 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {7E88CACE-FBC7-4C9C-B103-5C9652CC031E} - System32\Tasks\{AB4726A9-45CF-41F5-8396-8D88559E0A4D} => pcalua.exe -a "C:\Users\user\Desktop\Pobrane\QuickTimeInstaller (1).exe" -d C:\Users\user\Desktop\Pobrane Task: {8156C2B0-2D25-40C0-B242-8325E2C8BA14} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated) Task: {B91C99C1-7F3A-418E-BE63-318D45802C74} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {BA114168-823C-4720-8380-421FD24048C1} - System32\Tasks\{40C8798F-138C-4A2E-979F-BD2715191348} => pcalua.exe -a C:\Users\user\Desktop\soga\SOGA_1_40a\Setup.exe -d C:\Users\user\Desktop\soga\SOGA_1_40a Task: {D6D3B686-B753-46C6-9354-8951B0E21F33} - System32\Tasks\{31C5C998-0563-4AFB-9459-2CB531CA0D95} => Chrome.exe http://ui.skype.com/ui/0/6.21.0.104/pl/abandoninstall?page=tsMain Task: {E8B6762B-644C-4497-88CD-6A5121F0516E} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{E3A000BE-5022-41FE-A96C-2BA3F8D74EE5}.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{E3A000BE-5022-41FE-A96C-2BA3F8D74EE5}.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (Whitelisted) ============== 2015-02-20 11:59 - 2015-02-18 00:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7866 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1027461290-2157871058-3066203419-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 80.72.37.106 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{7335FF60-9627-4840-950E-EFBB925E559F}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{43B8F173-2CD9-4A5C-A810-D5020FABFCA7}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{BA90A7A8-ED27-4869-8A21-8BAFC7BF7734}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{EDDFBC42-E574-4A9B-A383-841762A971AB}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{1BBF182D-ECC4-4AA7-BD28-DBB045462577}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [TCP Query User{24E6BB3A-1655-488A-91DA-2F3251342102}C:\program files (x86)\pro surveillance system(en)\pssproject.exe] => (Allow) C:\program files (x86)\pro surveillance system(en)\pssproject.exe FirewallRules: [UDP Query User{3A7A9873-E711-4041-BC87-9899E76AFA67}C:\program files (x86)\pro surveillance system(en)\pssproject.exe] => (Allow) C:\program files (x86)\pro surveillance system(en)\pssproject.exe FirewallRules: [TCP Query User{873443E8-7136-42D3-BA95-388E8B0451FD}C:\program files\novitus\soga\soga.exe] => (Allow) C:\program files\novitus\soga\soga.exe FirewallRules: [UDP Query User{EF12EC3D-EE9F-47A7-9861-FAD3713AB4A8}C:\program files\novitus\soga\soga.exe] => (Allow) C:\program files\novitus\soga\soga.exe FirewallRules: [TCP Query User{6DCC0BB0-4884-46CA-9BBA-6D4E9CCB23B0}C:\program files\novitus\soga\fiskserv.exe] => (Allow) C:\program files\novitus\soga\fiskserv.exe FirewallRules: [UDP Query User{5A0340B8-273A-4549-8B50-CEEE7FAE6CFF}C:\program files\novitus\soga\fiskserv.exe] => (Allow) C:\program files\novitus\soga\fiskserv.exe FirewallRules: [TCP Query User{6A8A8B07-9B48-44E0-99A1-01A615CB8CDE}C:\program files\novitus\soga\magazyn.exe] => (Allow) C:\program files\novitus\soga\magazyn.exe FirewallRules: [UDP Query User{2BCF0AD1-72B5-4DD5-A8B3-D94F0F9DDAF7}C:\program files\novitus\soga\magazyn.exe] => (Allow) C:\program files\novitus\soga\magazyn.exe FirewallRules: [{1FDBE108-BE7C-4F42-BD7E-60B645A381FB}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{063C549D-E174-4C2C-88AE-CDF0DF3357F6}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{1A5CC6B6-77EA-4DB4-8177-2D81310E39C1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{552F6D2B-522C-4213-B47B-42D34318EC9C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{A16D4149-6039-43A5-ADDE-7B4C332BC0EA}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{65C60C56-2D33-4EA2-A636-CEFD466D40BD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [TCP Query User{96AFAD2C-D8D0-43FC-939A-80903E284DF7}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{C81AD134-BAAE-4A4A-A65A-E62337C55D8A}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{A26A7611-011E-42B7-803A-D26C168D61B9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{D9F1C34F-CFA7-46F7-B268-F730CE011EEA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [TCP Query User{57BD0E79-54D2-4D82-AC13-DC8E0AEF2ABA}C:\program files (x86)\pro surveillance system(en)\pssproject.exe] => (Allow) C:\program files (x86)\pro surveillance system(en)\pssproject.exe FirewallRules: [UDP Query User{2D80A062-0375-47C8-8472-7EB85E78E3A6}C:\program files (x86)\pro surveillance system(en)\pssproject.exe] => (Allow) C:\program files (x86)\pro surveillance system(en)\pssproject.exe FirewallRules: [TCP Query User{685D19E2-F8FC-455C-B822-32ACC544B75F}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [UDP Query User{6ACE212F-5C76-4496-92D2-325523079818}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [{A149BF14-05AB-4EDA-8E4E-BA35F50644DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D5477182-5929-49B9-B5B9-BA493779B9FC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{802EA3D0-CD14-492B-BC3F-994D3B44C325}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [TCP Query User{3F9BAA2B-D3CD-490F-8E93-3AD8480DD5FB}C:\program files (x86)\pro surveillance system\pssproject.exe] => (Allow) C:\program files (x86)\pro surveillance system\pssproject.exe FirewallRules: [UDP Query User{5C61AFCA-7B36-4782-9459-9828C65A3DFB}C:\program files (x86)\pro surveillance system\pssproject.exe] => (Allow) C:\program files (x86)\pro surveillance system\pssproject.exe FirewallRules: [{A3B54F85-1D9A-42AE-9184-B5F924B5EE89}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{915951A1-714D-45AE-B56C-A0C4C3FE8A0E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{A3BB3FC5-042B-42D5-881D-AE9A4C50D582}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{D86B768D-8F38-42A5-B55B-F05FEC0D79EB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{D95D84D3-5589-4E56-8D48-31B122ECA93E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{8C4770AA-52C7-4EBB-BB65-9BE6EAB811C3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{FE75C330-15DC-4C6F-8241-96661E32F6D8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/30/2015 10:23:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (07/30/2015 10:23:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (07/30/2015 10:23:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (07/30/2015 09:06:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (07/30/2015 09:06:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (07/30/2015 09:06:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (07/30/2015 08:49:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (07/30/2015 08:49:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (07/30/2015 08:49:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (07/30/2015 08:20:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: avgmfapx.exe, wersja: 15.0.0.6081, sygnatura czasowa: 0x559241dd Nazwa modułu powodującego błąd: avgcommx.dll_unloaded, wersja: 0.0.0.0, sygnatura czasowa: 0x559240f6 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x73b11620 Identyfikator procesu powodującego błąd: 0x570 Godzina uruchomienia aplikacji powodującej błąd: 0xavgmfapx.exe0 Ścieżka aplikacji powodującej błąd: avgmfapx.exe1 Ścieżka modułu powodującego błąd: avgmfapx.exe2 Identyfikator raportu: avgmfapx.exe3 System errors: ============= Error: (07/30/2015 10:22:11 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (07/30/2015 10:22:03 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC} Error: (07/30/2015 10:21:52 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0xc000021a (0xfffff8a00600f180, 0x0000000000000000, 0xffffffffc0000001, 0x0000000000100550)C:\Windows\MEMORY.DMP073015-30154-01 Error: (07/30/2015 10:21:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Avgdiska AVGIDSDriver Avgldx64 Avgloga discache spldr Wanarpv6 Error: (07/30/2015 10:21:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa AVGIDSAgent zależy od usługi AVGIDSDriver, której nie można uruchomić z powodu następującego błędu: %%31 Error: (07/30/2015 09:48:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AFD Avgdiska AVGIDSDriver Avgldx64 Avgloga Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl Error: (07/30/2015 09:48:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Rozpoznawanie lokalizacji w sieci zależy od usługi Usługa interfejsu magazynu sieciowego, której nie można uruchomić z powodu następującego błędu: %%1068 Error: (07/30/2015 09:48:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Minireadresator SMB 2.0 zależy od usługi Otoka i aparat minireadresatora SMB, której nie można uruchomić z powodu następującego błędu: %%1068 Error: (07/30/2015 09:48:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Minireadresator SMB 1.x zależy od usługi Otoka i aparat minireadresatora SMB, której nie można uruchomić z powodu następującego błędu: %%1068 Error: (07/30/2015 09:48:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Otoka i aparat minireadresatora SMB zależy od usługi Podsystem buforowania przekierowywanych danych, której nie można uruchomić z powodu następującego błędu: %%31 Microsoft Office: ========================= Error: (07/30/2015 10:23:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/30/2015 10:23:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance1637070000000000000000000009030000 Error: (07/30/2015 10:23:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance1637070000000000000000000009030000 Error: (07/30/2015 09:06:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/30/2015 09:06:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance1637070000000000000000000009030000 Error: (07/30/2015 09:06:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance1637070000000000000000000009030000 Error: (07/30/2015 08:49:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/30/2015 08:49:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance1637070000000000000000000009030000 Error: (07/30/2015 08:49:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance1637070000000000000000000009030000 Error: (07/30/2015 08:20:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: avgmfapx.exe15.0.0.6081559241ddavgcommx.dll_unloaded0.0.0.0559240f6c000000573b1162057001d0caf3d04e0857C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exeavgcommx.dlla785c864-36e7-11e5-be7d-86572ab1abcc CodeIntegrity: =================================== Date: 2014-07-22 19:27:34.655 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-22 19:27:34.655 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-06-26 16:46:30.740 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-06-26 15:52:06.313 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-06-26 14:41:32.085 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-06-26 14:08:43.267 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-06-26 12:10:45.904 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-06-26 11:31:48.268 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-06-26 11:10:46.837 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-06-25 13:07:19.926 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-75 Percentage of memory in use: 19% Total physical RAM: 4095.12 MB Available physical RAM: 3284.46 MB Total Virtual: 8188.38 MB Available Virtual: 7396.42 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:112.6 GB) (Free:78.6 GB) NTFS Drive d: (MACIEK) (Fixed) (Total:292.97 GB) (Free:189.19 GB) NTFS Drive e: (DEBCIA) (Fixed) (Total:292.97 GB) (Free:158.3 GB) NTFS Drive g: () (Removable) (Total:14.44 GB) (Free:11.44 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 46FABAFF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=112.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=293 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.5 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End of log ============================