Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 12-06-2017 Uruchomiony przez ABBA (13-06-2017 00:07:25) Uruchomiony z C:\Users\ABBA\Downloads Windows 7 Professional Service Pack 1 (X64) (2017-05-12 19:23:08) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= ABBA (S-1-5-21-3347351025-225361290-299367054-1000 - Administrator - Enabled) => C:\Users\ABBA Administrator (S-1-5-21-3347351025-225361290-299367054-500 - Administrator - Disabled) Gość (S-1-5-21-3347351025-225361290-299367054-501 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 1.0.0.1 (HKLM-x32\...\YeaDesktop) (Version: 1.0.0.1 - ) 7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\{1D95F7C4-A547-4FC9-91A4-A35B19F597C0}) (Version: 24.0.0.194 - Adobe Systems Incorporated) Adobe Flash Player 24 PPAPI (HKLM-x32\...\{00D77C52-95CA-4E13-9ED1-1FE49E8F2D49}) (Version: 24.0.0.194 - Adobe Systems Incorporated) Age of Wonders 3 (HKLM-x32\...\Age of Wonders 3_is1) (Version: 1.8.0.2 - Triumph Studios) AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Anti-Vibrate Oscar Editor (HKLM-x32\...\InstallShield_{5600BE52-805C-4847-93F2-7921116ED0B3}) (Version: 12.08.0005 - A4TECH) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.71.1081 - AB Team, d.o.o.) Don't Starve Together (HKLM\...\Steam App 322330) (Version: - Klei Entertainment) DriverMax 9 (HKLM-x32\...\DMX5_is1) (Version: 9.31.0.206 - Innovative Solutions) Europa Universalis IV (HKLM\...\Steam App 236850) (Version: - Paradox Development Studio) Fraps (HKLM-x32\...\Fraps) (Version: - ) Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG) Generic Universal PCL (HKLM\...\Generic Universal PCL) (Version: - Generic) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden Heroes of Might and Magic 4 Complete (HKLM-x32\...\Heroes of Might and Magic 4 Complete_is1) (Version: - GOG.com) Heroes of Might And Magic IV: Equilibris (HKLM-x32\...\Equilibris) (Version: - ) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional 2016 - pl-pl (HKLM\...\ProfessionalRetail - pl-pl) (Version: 16.0.8067.2115 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3347351025-225361290-299367054-1000\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden Online Application (x32 Version: 2.6.0 - Microleaves) Hidden <==== UWAGA OSCAR Editor (x32 Version: 12.08.0005 - A4TECH) Hidden Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.1.0 - Popcorn Time) <==== UWAGA Search module (HKLM-x32\...\Search module) (Version: - Goobzo) <==== UWAGA Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Steel Division: Normandy 44 (HKLM-x32\...\Steel Division: Normandy 44_is1) (Version: - ) The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - ) The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version: - ) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-3347351025-225361290-299367054-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\ABBA\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileCoAuthLib64.dll (Microsoft Corporation) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {01BD4924-337A-4D7A-B699-97F4094BD298} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== UWAGA Task: {07F64E7D-36D2-482C-A7D6-A2982E647BC1} - System32\Tasks\{EA82E898-AAA8-4A00-A38F-77EE0B676CD2} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Kayfresh\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Kayfresh\uninstall.dat" -a uninstallme 857A73A6-8E8E-4C3A-BF32-012ED9C824F2 DeviceId=fa1989c8-c43d-24b0-6bd0-55635868f88e BarcodeId=51749003 ChannelId=3 DistributerName=APSFBcnmonetize Task: {1E209BD9-EFD9-41C9-AECB-863B15EF6928} - System32\Tasks\psv_Sanis => cmd.exe /c regedit.exe /s "C:\ProgramData\Subair\Xxx-touch.reg" & del "C:\ProgramData\Subair\Xxx-touch.reg" & SCHTASKS /Delete /TN "psv_Sanis" /F <==== UWAGA Task: {1FA7787D-E001-440B-8F78-6A90C0B67F78} - System32\Tasks\DriverMaxAgent => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [2017-05-09] (Innovative Solutions) Task: {22F0B089-E16D-4E2D-BCFE-C41BE43688C8} - System32\Tasks\DriverMaxWelcome => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [2017-05-09] (Innovative Solutions) Task: {2A4D2B20-BB7D-4C15-A51F-5B02738C7B7B} - System32\Tasks\snf => C:\ProgramData\Subair\Subair.exe <==== UWAGA Task: {443B203D-30EA-4815-BED3-B4D3795F3C98} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {4C0C64B3-A826-4A4C-961B-8F3BDE2538F7} - System32\Tasks\psv_Dentofind => cmd.exe /c regedit.exe /s "C:\ProgramData\Subair\Y-fix.reg" & del "C:\ProgramData\Subair\Y-fix.reg" & SCHTASKS /Delete /TN "psv_Dentofind" /F <==== UWAGA Task: {4DB5856F-7FCC-4160-9244-B43B3963BA1A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation) Task: {5558F61F-974D-4918-8D24-4888769472E9} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA Task: {62F983A3-6815-4F12-9ED2-F0B9B96575D1} - System32\Tasks\Windows_Antimalware_Host => powershell -WindowStyle Hidden -ExecutionPolicy Bypass -NoP -file C:\ProgramData\u3bO8YL0WR.ps1 Task: {7709290C-886B-47A0-B6E5-7B93A5D558F1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-26] () Task: {7777701D-38ED-4059-AF4E-94D53155549E} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA Task: {786D3046-7915-49ED-AE02-A4A85E69E63E} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [2017-05-18] (FreeDownloadManager.org) Task: {7D6EBDB7-8EA4-486B-9484-236102D69A89} - System32\Tasks\Windows_Antimalware_System_Host => C:\ProgramData\MicrosoftCorporation\Windows\SystemData\Isass.exe [2017-06-12] (® Microsoft Corporation. All rights reserved.) Task: {7F42AF9E-F076-4E33-AE96-1A235BF22664} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-25] (Google Inc.) Task: {809009ED-4266-4CCB-B50D-084B2A86AD16} - System32\Tasks\PPI Update => C:\Windows\explorer.exe "hxxp://insightcdn.online/download/index.php?mn=9995" <==== UWAGA Task: {89DC34D6-1553-44D6-8E31-A65FF6954DEC} - System32\Tasks\psv_Subwarm => cmd.exe /c regedit.exe /s "C:\ProgramData\Subair\Newredtax.reg" & del "C:\ProgramData\Subair\Newredtax.reg" & SCHTASKS /Delete /TN "psv_Subwarm" /F <==== UWAGA Task: {8B49EB79-F3BE-4D7D-80EF-6A1E753E9656} - System32\Tasks\Squarediarity in Board => Rundll32.exe "C:\Program Files\Squarediarity in Board\Squarediarity in Board.dll",vilFQvm Task: {8E87D8EB-925F-4017-8F11-3FDB37AE1EE2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation) Task: {91CB7E64-66B5-42B1-B7FC-C6564234457C} - System32\Tasks\psv_DonRonstring => cmd.exe /c regedit.exe /s "C:\ProgramData\Subair\Lamwarm.reg" & del "C:\ProgramData\Subair\Lamwarm.reg" & SCHTASKS /Delete /TN "psv_DonRonstring" /F <==== UWAGA Task: {955906AE-6E9F-4E21-BE27-1F77DFC6E4D6} - System32\Tasks\psv_Trustair => cmd.exe /c regedit.exe /s "C:\ProgramData\Subair\Indigostock.reg" & del "C:\ProgramData\Subair\Indigostock.reg" & SCHTASKS /Delete /TN "psv_Trustair" /F <==== UWAGA Task: {BC7A95B1-AE5E-454D-B328-718DA2D4B005} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA Task: {C7EC11C4-719C-4327-80F9-A9D2CC941D1B} - System32\Tasks\HD Ultra1 006-N => Rundll32.exe "C:\Program Files\HD Ultra1 006-N\HD Ultra1 006-N.dll",HJyhbqjdJGj Task: {CA501574-8E28-469A-AC45-809F0BB9AC85} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-26] () Task: {D19FD346-3054-4EFB-9A6E-98CE8E2A4AC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-25] (Google Inc.) Task: {D1CF3422-0CB3-4773-A6BC-443AC602D587} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-06-12] () <==== UWAGA Task: {D506D427-12AD-44C8-93E4-88DB5D230545} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-05-12] (Adobe Systems Incorporated) Task: {D9854AD6-5789-42CA-B9C6-FF1F2F02CC23} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe [2017-05-09] (Innovative Solutions) Task: {F55D037A-88BE-41DA-B2DD-19642D17B8AC} - System32\Tasks\DriverMax Notification => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [2017-05-09] (Innovative Solutions) Task: {F64CAD2A-59A3-483C-8E3F-3C983180333B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-12] (Adobe Systems Incorporated) Task: {FF739E73-E813-47C1-AA85-FDDE664B0F27} - System32\Tasks\SMW_UpdateTask_Time_3735323737343439372d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA Task: {FFC83BC8-972A-4CF8-B8A0-01B94F8104BF} - System32\Tasks\snp => C:\ProgramData\Subair\Subair.exe <==== UWAGA (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA ShortcutWithArgument: C:\Users\ABBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\Users\ABBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Readium.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl ShortcutWithArgument: C:\Users\ABBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=H6Czbcnbl1BU,d77c5cb9-67e6-48fd-af3c-cb12171382bc, ShortcutWithArgument: C:\Users\ABBA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\ABBA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\Users\ABBA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\Users\ABBA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\ABBA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\Users\ABBA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\ABBA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\ABBA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ ==================== Załadowane moduły (filtrowane) ============== 2017-05-15 22:36 - 2017-03-05 09:35 - 00022528 _____ () C:\Windows\System32\us005lm.dll 2017-05-26 18:50 - 2017-05-18 16:15 - 00029696 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll 2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2017-06-12 22:26 - 2017-06-08 16:08 - 00952832 ___SH () C:\ProgramData\igfxDH.dll 2017-06-12 22:26 - 2015-06-01 06:03 - 02466816 _____ () C:\Program Files\Squarediarity in Board\Squarediarity in Board.dll 2017-06-12 23:02 - 2017-06-12 23:02 - 08056832 ____H () C:\ProgramData\MicrosoftCorporation\Network\scvhost.exe 2012-08-17 11:44 - 2012-08-17 11:44 - 03345408 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe 2017-05-12 22:11 - 2017-05-09 08:26 - 00010544 _____ () C:\Program Files (x86)\Innovative Solutions\DriverMax\sync.dll 2017-06-12 22:28 - 2017-06-12 22:28 - 01342976 _____ () C:\Users\ABBA\AppData\Local\YjkhPack\zqgpudjd.dll 2017-06-10 10:49 - 2002-01-28 10:40 - 00261120 _____ () C:\Games\Heroes of Might and Magic 4 Complete\binkw32.dll 2017-06-10 10:49 - 2002-01-30 10:53 - 00348160 _____ () C:\Games\Heroes of Might and Magic 4 Complete\mss32.dll 2004-10-21 14:10 - 2004-10-21 14:10 - 00012800 _____ () C:\Games\Heroes of Might and Magic 4 Complete\h4.dll 2017-06-10 10:49 - 2002-02-05 08:56 - 00125952 _____ () C:\Games\Heroes of Might and Magic 4 Complete\Mp3dec.asi 2010-12-02 17:56 - 2010-12-02 17:56 - 00815104 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\Data\X7H\Forms\OSD_Text\OSD_Text.dll 2011-01-09 20:45 - 2011-01-09 20:45 - 00088064 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_MouseDeviceManager.dll 2012-06-14 15:59 - 2012-06-14 15:59 - 02414080 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\Data\X7H\Forms\ScreenCapture\ScreenCapture.dll 2012-05-17 11:17 - 2012-05-17 11:17 - 01000448 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\Data\X7H\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll 2010-09-20 14:18 - 2010-09-20 14:18 - 00085504 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_ZoomControl.dll 2010-09-20 14:18 - 2010-09-20 14:18 - 00054272 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_ScrollbarControl.dll 2011-04-12 15:14 - 2011-04-12 15:14 - 00063488 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_AnalyzeGesturesInRight.dll 2010-11-01 20:16 - 2010-11-01 20:16 - 00062976 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_AnalyzeGesturesInOne.dll 2012-04-27 11:40 - 2012-04-27 11:40 - 00118272 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_Wheel4D.dll 2017-06-12 22:26 - 2016-11-26 07:52 - 00256032 _____ () C:\Program Files (x86)\Maoha\MaohaAP\Updater\CheckUpdate.dll 2017-06-12 22:26 - 2016-11-26 07:52 - 00237088 _____ () C:\Program Files (x86)\Maoha\MaohaAP\tipsdll.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2017-06-12 22:28 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-3347351025-225361290-299367054-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{86463510-590B-4C3F-8F40-3FE9EB606534}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{153CC53B-98E8-4EEB-A18D-237308612A0A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{564513B6-8FA3-4F54-8A93-3B085A214741}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{D25A17D3-D556-42B3-A871-05C16A8A527C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{130A6DD1-5B0E-4CBB-840E-C457FF4B8ACD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{DF3EC341-9182-48AC-BA6D-84D4976F7011}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{37BBA7C4-50E4-4FD7-BFDD-8A8C1CC943CC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{70EFAEA1-7ECF-4161-9982-476A1543F2C6}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe FirewallRules: [{AC8DCAEB-23F5-434A-A06F-9E688AD8CC9F}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe FirewallRules: [{AD046143-4145-4903-8D94-DDA59FC4D615}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{A8D32139-51B0-4ADC-AC71-EBF4B5A07EF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{993B02B9-3CC6-4FAB-AB3A-730A667F181B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [TCP Query User{E3EA1384-64AD-411A-A531-E4733E6B3871}C:\games\age of wonders 3\aow3.exe] => (Allow) C:\games\age of wonders 3\aow3.exe FirewallRules: [UDP Query User{0FA58088-35A4-4102-A4DF-2CBB180665C4}C:\games\age of wonders 3\aow3.exe] => (Allow) C:\games\age of wonders 3\aow3.exe FirewallRules: [{3C21DF45-B2AD-41DF-BBFD-51177C9707F5}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{41ECF86A-5782-4573-ABFC-84FF5E39B226}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{6A64A5BA-1339-48A0-87AF-D9CA514CA0CF}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{5D3A1DE9-2EE2-4ACD-84F5-EE66EC83A029}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{85881BD9-6491-4070-B241-C44C28DAF5C2}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{E4166CA5-BE03-45CA-98F5-888278D78CAD}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{9F896A38-2A03-4382-BF55-26F921695F15}] => (Allow) C:\Games\ea\middleearth2\game.dat FirewallRules: [{DFC50920-5D85-4417-9B28-4FD1548A0B62}] => (Allow) C:\Games\ea\middleearth2\game.dat FirewallRules: [{BCEB9813-AF60-402B-9C14-33C5CD09BCDF}] => (Allow) C:\Games\ea\middleearth2\witch\game.dat FirewallRules: [{1EC8C044-6CAE-46E7-9E25-C9F2CB545F74}] => (Allow) C:\Games\ea\middleearth2\witch\game.dat FirewallRules: [{36105010-877D-42D9-8A21-943AA921ED9B}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{B0ACD006-FBA5-4D8D-AF18-022CC308FFF2}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{B947E0D5-F99B-4A6B-A9A1-A6359CC9C7C1}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{BF88584A-51AF-400D-9AE1-EA929C31FAEC}] => (Allow) C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe ==================== Punkty Przywracania systemu ========================= 08-06-2017 11:01:30 Zaplanowany punkt kontrolny 08-06-2017 19:34:28 Zainstalowany program DirectX 08-06-2017 21:05:52 Zainstalowany program DirectX 08-06-2017 21:57:37 Instalacja pakietu sterownika urządzenia: SysProgs.org Kontrolery magazynu ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (06/12/2017 11:02:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/12/2017 10:30:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: starter.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x593ef3b8 Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18409, sygnatura czasowa: 0x53159a86 Kod wyjątku: 0xe0434f4d Przesunięcie błędu: 0x0000c42d Identyfikator procesu powodującego błąd: 0x1908 Godzina uruchomienia aplikacji powodującej błąd: 0x01d2e3ba8300460c Ścieżka aplikacji powodującej błąd: C:\Users\ABBA\AppData\Local\Temp\36dd37531d8c45a3b69d29be16e9c005\starter.exe Ścieżka modułu powodującego błąd: C:\Windows\syswow64\KERNELBASE.dll Identyfikator raportu: ea926dfe-4fad-11e7-b4f8-00247ead38c0 Error: (06/12/2017 10:22:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/12/2017 07:42:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: Updater.exe, wersja: 1.2.1.1, sygnatura czasowa: 0x55a8822d Nazwa modułu powodującego błąd: netprofm.dll_unloaded, wersja: 0.0.0.0, sygnatura czasowa: 0x4a5bda75 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x747a2505 Identyfikator procesu powodującego błąd: 0x8a8 Godzina uruchomienia aplikacji powodującej błąd: 0x01d2e14c10b4792d Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Popcorn Time\Updater.exe Ścieżka modułu powodującego błąd: netprofm.dll Identyfikator raportu: 705cd7fe-4f96-11e7-9ac2-00247ead38c0 Error: (06/12/2017 10:18:14 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\ddinst.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (06/09/2017 08:14:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/09/2017 03:35:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/08/2017 10:36:34 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/08/2017 10:31:21 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: ) Description: Pozyskanie licencji użytkowania nie powiodło się. hr=0xC004C020 Identyfikator SKU=9abf5984-9c16-46f2-ad1e-7fe15931a8dd Error: (06/08/2017 10:31:21 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: ) Description: Szczegóły błędu pozyskiwania licencji. hr=0xC004C020 Dziennik System: ============= Error: (06/12/2017 11:51:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa MaohaWiFiService niespodziewanie zakończyła pracę. Wystąpiło to razy: 3. Error: (06/12/2017 11:15:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Background Logic Handler niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (06/12/2017 11:14:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa Szybka instalacja pakietu Microsoft Office niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (06/12/2017 11:14:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Prefs Secure niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (06/12/2017 11:14:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa MaohaWiFiService niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. Error: (06/12/2017 11:14:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa Szybka instalacja pakietu Microsoft Office niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (06/12/2017 11:02:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa MaohaWiFiService niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (06/12/2017 11:02:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. Error: (06/12/2017 11:02:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (06/12/2017 11:01:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Jszip Virtual Driver Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 3. CodeIntegrity: =================================== Date: 2017-06-12 22:31:24.826 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-06-12 22:31:24.794 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-12 22:20:12.347 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\agrsm64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-12 22:20:12.327 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\agrsm64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz Procent pamięci w użyciu: 51% Całkowita pamięć fizyczna: 4060.27 MB Dostępna pamięć fizyczna: 1983.41 MB Całkowita pamięć wirtualna: 6106.45 MB Dostępna pamięć wirtualna: 3877.95 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:91.16 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 78DF78DF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================