Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 27-04-2017 Uruchomiony przez Administrator (30-04-2017 19:24:01) Uruchomiony z C:\Users\Administrator\Desktop\Nowy folder Windows 7 Home Premium Service Pack 1 (X64) (2013-05-29 11:45:22) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-721309439-3976775549-3943258617-500 - Administrator - Enabled) => C:\Users\Administrator ASPNET (S-1-5-21-721309439-3976775549-3943258617-1005 - Limited - Enabled) Gość (S-1-5-21-721309439-3976775549-3943258617-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-721309439-3976775549-3943258617-1003 - Limited - Enabled) Siegmund (S-1-5-21-721309439-3976775549-3943258617-1000 - Administrator - Enabled) => C:\Users\Siegmund ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - ) 7-Zip 9.21beta (HKLM-x32\...\7-Zip) (Version: - ) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.103 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3507 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 20.11.1107.1418 - Acer Incorporated) AdFender (HKLM-x32\...\AdFender) (Version: 1.50 - AdFender, Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated) Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden ALLPlayer V3.X (HKLM-x32\...\ALLPlayer V3.2_is1) (Version: - MarBit COMPUTERS) Backup Manager V3 (x32 Version: 3.0.0.103 - NTI Corporation) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation) Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.3 - Broadcom Corporation) Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3006 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3006 - Acer Incorporated) clear.fi SDK - MVP 2 (x32 Version: 2.0.1702 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.0.1707 - CyberLink Corp.) Hidden CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.2727_43992 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dawn of War - Dark Crusade (HKLM-x32\...\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}) (Version: 1.00.0000 - THQ) eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM) ETDWare PS/2-X64 10.6.9.9_WHQL (HKLM\...\Elantech) (Version: 10.6.9.9 - ELAN Microelectronic Corp.) Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.) FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.) Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GameRanger (HKU\S-1-5-21-721309439-3976775549-3943258617-500\...\GameRanger) (Version: - GameRanger Technologies) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3503 - Acer Incorporated) Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) ipla 2.6.3 (HKLM-x32\...\ipla) (Version: 2.6.3 - Redefine Sp z o.o.) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.) MAX-FX Tools (HKLM-x32\...\{7299E7F8-6921-4588-9A83-9BB7B867706F}) (Version: - ) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Polski (HKLM-x32\...\{90140011-0066-0415-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft) Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.14.01.105 - Huawei Technologies Co.,Ltd) Moduł Szybka instalacja pakietu Microsoft Office 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Moduł Szybka instalacja pakietu Microsoft Office 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version: - ) Mozilla Firefox 52.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 pl)) (Version: 52.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla) MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden NapiProjekt 1.0.6.9 (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Nero 9 Lite (HKLM-x32\...\{a2011d9c-980d-4d8c-a85d-c624645c0dbd}) (Version: - Nero AG) newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.) newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Plus Internet 2.5 (HKLM-x32\...\Plus Internet_is1) (Version: 2.5 - Polkomtel S.A.) Plus Internet Monitor wersja 1.0 (HKLM-x32\...\{64CFCC62-D81B-4A2B-81D6-169FBF95520A}_is1) (Version: 1.0 - Polkomtel sp. z o.o.) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Qtrax Player (HKLM-x32\...\{89505A66-35F0-4401-B3AD-D077051F8698}) (Version: 01.001.0001 - Qtrax) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated) WildTangent Games App (x32 Version: 4.0.10.17 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies) WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {0D4D84FD-36E9-4A40-A757-03FD82F9A060} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-16] (Adobe Systems Incorporated) Task: {32525F73-0523-4D3D-BC85-1E588D681DAF} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-06] (Acer Incorporated) Task: {37AFB7C8-DA1B-4C10-B7BA-B8877E5D7710} - System32\Tasks\{1D65BCFF-1D59-4903-A2BC-8145EE842C24} => C:\Program Files\Activision\Rome - Total War\RomeTW.exe Task: {3A348900-C062-436F-A6F0-1B6F179CC4A6} - System32\Tasks\{0F52AD58-AF00-4D40-9286-61DBD6FCB85D} => E:\GDFTHR_inst.exe Task: {4F3C84F7-C196-42CB-A8DF-C53525D47BAB} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.) Task: {566D66F7-0413-4B24-870F-D1F37678F939} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software) Task: {68500A48-B401-423B-8524-28C28E901AB1} - System32\Tasks\{F2234924-78E9-4253-8B7E-A8EA448B8906} => C:\Program Files\Activision\Rome - Total War\RomeTW.exe Task: {68E87733-EC66-4009-BDC9-85B619C15EF0} - System32\Tasks\{FE5ADE9D-0B72-429B-A2B0-C9648B722EF2} => C:\Program Files\Activision\Rome - Total War\RomeTW.exe Task: {7BB7C24F-EC5D-4249-8311-9ACA492016A4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-721309439-3976775549-3943258617-1000UA1d1ac62ecb4e334 => C:\Users\Siegmund\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.) Task: {8FB418A4-6443-4191-9243-EF6D8E3F261B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-721309439-3976775549-3943258617-1000Core1d1ac62ec6673ee => C:\Users\Siegmund\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.) Task: {A69B7041-350F-4A52-BE2C-B834BAA7225A} - System32\Tasks\{08532C67-A9E5-4AD5-8792-41E744E24147} => C:\Program Files\Activision\Rome - Total War\RomeTW.exe Task: {B3B8DCBD-A91B-4629-8F1A-E822034754A7} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-03-28] (CyberLink) Task: {B67A62FB-AE95-4FEA-AD04-B02C83EAB7A6} - System32\Tasks\{0C85A56A-F18C-4840-8113-F1601506342B} => E:\AutoRun.exe Task: {BB102B5B-33A2-461A-9A0F-D257724A1587} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-721309439-3976775549-3943258617-1000Core => C:\Users\Siegmund\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.) Task: {BEF20D4D-52C1-4FE8-9F17-840B670B3330} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {BF016EC1-C1F8-4086-B0DA-6D258AEEC54B} - System32\Tasks\{2D394B14-188A-43BD-938A-031FE38CC89E} => E:\GDFTHR_inst.exe Task: {C1518067-110D-4C5F-84AE-947E340611A1} - System32\Tasks\{9701931E-0DD4-4206-9905-A70E068FD8E0} => C:\Program Files\Activision\Rome - Total War\RomeTW.exe Task: {C184EB89-1069-4F48-ADFC-55CD8ACEF3EB} - System32\Tasks\{65ED8802-790A-467C-AF27-708C00EC76CC} => C:\Program Files (x86)\Electronic Arts\The Godfather The Game\godfather.exe Task: {CDE08125-45DB-461E-9EF8-450DBD7AECCC} - System32\Tasks\{224A2136-7E04-42DF-ADFA-B93F34BF7619} => C:\Program Files\Activision\Rome - Total War\RomeTW.exe Task: {D2E5E6FC-A5F8-484F-9B7F-3675E59DFE99} - System32\Tasks\{33CE69B0-503C-4BC1-BB86-CA70D70C8199} => C:\Program Files (x86)\Liquid Entertainment\Battle Realms\Battle_Realms_F.exe Task: {D978567D-3988-4997-8B8D-CBDDEDFF2388} - System32\Tasks\{8AA30653-7879-47F0-AF12-DF26F16FABAB} => C:\Program Files\Activision\Rome - Total War\RomeTW.exe Task: {E3C660F7-2FF0-4023-A14F-64427BDE8EEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-721309439-3976775549-3943258617-1000UA => C:\Users\Siegmund\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.) Task: {E8C218CB-3240-42BE-ACB7-06EF8E892057} - System32\Tasks\{0768FCF7-9AFB-49A2-9591-143331B13E43} => C:\Program Files\Activision\Rome - Total War\RomeTW.exe Task: {FEFB5155-2F57-4332-873D-3402006A35B2} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-721309439-3976775549-3943258617-1000Core.job => C:\Users\Siegmund\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-721309439-3976775549-3943258617-1000UA.job => C:\Users\Siegmund\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2009-01-22 01:45 - 2009-01-22 01:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2015-11-21 08:43 - 2012-03-12 11:05 - 00232288 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe 2012-09-20 06:11 - 2012-03-27 02:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-04-01 00:08 - 2012-04-01 00:08 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-04-01 00:08 - 2012-04-01 00:08 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2012-04-01 00:08 - 2012-04-01 00:08 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2016-05-13 11:14 - 2016-05-13 11:14 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9494e643d25019b25b5cf70f2ffc0778\IsdiInterop.ni.dll 2012-09-20 05:54 - 2012-02-02 01:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2012-12-08 01:16 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2016-12-30 04:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-721309439-3976775549-3943258617-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{221322F2-CD68-4271-AE6A-29A58CFA1BDD}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{DE99ADA4-155D-4F70-B2A7-713547266F87}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{8FA6EEF8-DD0A-464E-A883-A6EE2D530710}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{53DB9261-46F9-49AC-9A42-978BA8B9495C}] => (Allow) LPort=2869 FirewallRules: [{C7C65DF6-AEDE-4192-BCE5-55101387DBC9}] => (Allow) LPort=1900 FirewallRules: [{A98CE6B9-0BF0-44F9-8367-4D2C3A6C93D2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{12FBBA52-7BB8-497E-B6CB-316BAB0971F5}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{E15A2940-E139-40FB-B910-F0709602A5AF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{B914A7CD-0075-4AD0-AAB3-10EEB8DE4410}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{2A7F80A3-E803-42EB-A1BC-9C1AAD696789}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{BE5C6ECC-0ED7-407F-884E-DC22BF5D6AF8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{22C04864-3896-406C-896D-D7EB61E0FA46}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{A024CFE6-D29E-4D6C-B22C-7BE6D384FD61}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{AE3442AA-B21F-495D-B9E3-2DBD091F657E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{F0DD3CCD-7C8E-441E-9C9D-C64E9B6D7913}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{CD4B01EF-4237-400D-A378-F8942112E76D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\PlayMovie.exe FirewallRules: [{5DF3C031-8F36-4A26-8471-67342350049E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\VideoPlayer.exe FirewallRules: [{EA39081D-52BD-400B-9F1B-26EE0DBD9E59}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\MusicPlayer.exe FirewallRules: [{D70F684B-98DF-4DEC-8A93-EAF84F0BBA14}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe FirewallRules: [{18ECE98B-0D48-40AC-A28C-7B9D82F0F1A8}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe FirewallRules: [{503EBEB0-5C4F-4607-8C15-50300407C259}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{23BAE925-23BC-4543-B806-327EFD31245B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{708F081E-3250-4E84-ACFD-7ACE3EFAB18B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8590FEC3-0651-4C7B-B311-CD143242697C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{56B5BDD8-8539-4FBC-8699-F0DE4A602F37}C:\program files (x86)\adfender\adfender.exe] => (Block) C:\program files (x86)\adfender\adfender.exe FirewallRules: [UDP Query User{FC71E56F-8035-42D3-A7FA-60CDEE72BEDE}C:\program files (x86)\adfender\adfender.exe] => (Block) C:\program files (x86)\adfender\adfender.exe FirewallRules: [TCP Query User{F1706D24-D7E5-43DD-BFA8-87C18EF4ECFE}C:\program files (x86)\adfender\adfender.exe] => (Block) C:\program files (x86)\adfender\adfender.exe FirewallRules: [UDP Query User{C3029764-95E4-40B7-8312-A70E97142FEF}C:\program files (x86)\adfender\adfender.exe] => (Block) C:\program files (x86)\adfender\adfender.exe FirewallRules: [TCP Query User{BDA52B29-B0CF-4168-A31A-AC9D98A00306}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe FirewallRules: [UDP Query User{F487E799-FADC-479A-AE6C-2EA53068F4DC}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe FirewallRules: [{A7B26175-6609-4FC4-BC71-7ED92713A5D9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{02462292-D2CB-4786-89F5-8A1030628CEE}] => (Allow) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe FirewallRules: [{AA4B1062-3614-4031-AB9E-48F390D72EA9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{02D7D22C-CC47-4B2E-9BFB-1693639D7AE3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{47F379B7-E832-45B3-8A06-AF7170E857D0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{C99BEAB5-7BDA-4D45-BAA1-AE1FFA5216E8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [TCP Query User{8DCE4208-FDDC-4AFB-AB7A-D12A95248F87}C:\users\siegmund\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\siegmund\appdata\local\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{D9903B66-9AA4-49FA-A7A9-6496C6E2785B}C:\users\siegmund\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\siegmund\appdata\local\google\chrome\application\chrome.exe ==================== Punkty Przywracania systemu ========================= 30-04-2017 17:44:37 Restore Point Created by FRST ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: HD WebCam Description: Urządzenie wideo USB Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: usbvideo Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (04/30/2017 07:20:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/30/2017 07:20:00 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (04/30/2017 05:52:01 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe.Manifest". Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (04/30/2017 05:51:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/30/2017 05:51:06 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe.Manifest". Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (04/30/2017 05:50:38 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (04/30/2017 05:45:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddWin32ServiceFiles: Unable to back up image of service AVG WatchDog since QueryServiceConfig API failed System Error: Nie można odnaleźć określonego pliku. . Error: (04/30/2017 05:45:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary AVG TDI Driver. System Error: Nie można odnaleźć określonego pliku. . Error: (04/30/2017 05:45:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary AVG Anti-Rootkit Driver. System Error: Nie można odnaleźć określonego pliku. . Error: (04/30/2017 05:45:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary AVG Mini-Filter Resident Anti-Virus Shield. System Error: Nie można odnaleźć określonego pliku. . Dziennik System: ============= Error: (04/30/2017 07:20:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Client Virtualization Handler zależy od usługi Application Virtualization Client, której nie można uruchomić z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (04/30/2017 07:18:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Application Virtualization Client z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (04/30/2017 07:18:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Application Virtualization Client. Error: (04/30/2017 07:17:36 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: Nastąpił ponowny rozruch komputera po operacji wykrywania błędów. Wyniki tej operacji były następujące: 0x00000109 (0xa3a039d8b02a060c, 0xb3b7465f02a842ea, 0xfffff8800316f5c0, 0x0000000000000002). Zrzut zapisano w: C:\Windows\MEMORY.DMP. Identyfikator raportu: 043017-35069-01. Error: (04/30/2017 07:17:33 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 19:15:59 na ‎2017-‎04-‎30 było nieoczekiwane. Error: (04/30/2017 06:20:55 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Urządzenie \Device\Ide\iaStor0 nie odpowiedziało w ramach ustalonego limitu czasu. Error: (04/30/2017 06:20:21 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Urządzenie \Device\Ide\iaStor0 nie odpowiedziało w ramach ustalonego limitu czasu. Error: (04/30/2017 05:50:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi ePower Service z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (04/30/2017 05:50:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą ePower Service. Error: (04/30/2017 05:44:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Intel(R) Rapid Storage Technology niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. CodeIntegrity: =================================== Date: 2016-12-30 03:14:33.781 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-30 03:14:33.701 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz Procent pamięci w użyciu: 32% Całkowita pamięć fizyczna: 3932.36 MB Dostępna pamięć fizyczna: 2659.48 MB Całkowita pamięć wirtualna: 7862.9 MB Dostępna pamięć wirtualna: 6517.57 MB ==================== Dyski ================================ Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:131.55 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F53918CE) Partition 1: (Not Active) - (Size=18 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================