Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 20-09-2017 Uruchomiony przez Bartek (22-09-2017 18:18:14) Uruchomiony z C:\Users\Bartek\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2016-08-25 20:31:33) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-360975752-3786565279-1083807947-500 - Administrator - Disabled) Bartek (S-1-5-21-360975752-3786565279-1083807947-1001 - Administrator - Enabled) => C:\Users\Bartek Gość (S-1-5-21-360975752-3786565279-1083807947-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-360975752-3786565279-1083807947-1002 - Limited - Enabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Microsoft Security Essentials (Disabled - Out of date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: Microsoft Security Essentials (Disabled - Out of date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.) 7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) Aktualizacje NVIDIA 2.13.0.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.13.0.21 - NVIDIA Corporation) Hidden ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS) CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien) CodeBlocks (HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team) Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version: - ) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0192 - Disc Soft Ltd) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (PLK) (HKLM\...\{D93AC424-07D7-3992-B0C8-BDCB79173757}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3146716) (HKLM\...\{E026AF51-E2EB-33CF-AC15-09308053FAA7}) (Version: 4.6.01078 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 55.0.3 (x86 pl) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 pl)) (Version: 55.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla) MTA:SA v1.5.4 (HKLM-x32\...\MTA:SA 1.5) (Version: v1.5.4 - Multi Theft Auto) NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA Sterownik 3D Vision 341.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.98 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Sterownik graficzny 341.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.98 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.0.7.34 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.0.0.0 - NVIDIA Corporation) Hidden Overwolf (HKLM-x32\...\Overwolf) (Version: 0.98.211.0 - Overwolf Ltd.) Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf) Overwolf.Setup.VC100CRTx86.Dist (HKLM-x32\...\{8989DBC1-E87B-448F-9147-57EEEC5A24A5}) (Version: 1.0.0 - Overwolf) Hidden Pandora Recovery 2.0.0.289 (HKLM-x32\...\{D9BF93DF-8195-44D2-B45E-5D1991B394A4}) (Version: 2.0.289 - CleverFiles) Panel sterowania NVIDIA 341.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 341.98 - NVIDIA Corporation) Hidden SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0320 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.0.7.34 - NVIDIA Corporation) Hidden SHU (HKLM-x32\...\{DF11DD92-DBB8-4F3F-9564-A8BBDBE986F5}_is1) (Version: 1.0 - ScreenShu Software) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer) Telegram Desktop version 1.1.23 (HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.23 - Telegram Messenger LLP) Testy kategorie A, A1, A2, AM 4.1.0 (HKLM-x32\...\Testy Liwona_is1) (Version: - Liwona sp. z o.o.) TS Notifier (HKLM-x32\...\{D88D739F-72B4-48A7-A37D-12AD10A3B0EA}) (Version: 1.6.0004 - Andreas Gebert) UndeleteMyFiles Pro (HKLM-x32\...\UndeleteMyFiles Pro_is1) (Version: - SeriousBit) UsbFix (HKLM-x32\...\Usbfix) (Version: 9.001 - www.SOSVirus.Net) VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com) WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) WinSCP 5.9.5 (HKLM-x32\...\winscp3_is1) (Version: 5.9.5 - Martin Prikryl) WinZip (HKLM-x32\...\WinZip) (Version: 2.3.16 - Winzipper Pvt Ltd.) <==== UWAGA ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Bartek\programy\7 zip\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} => C:\Program Files (x86)\WinZipper\wzShellctx64.dll -> Brak pliku ContextMenuHandlers1-x32-x32: [WipeFiles] -> {ED09987C-E386-4F1A-9A52-09A6B659B45F} => D:\Program Files\UndeleteMyFiles\WipeExt.dll [2008-11-13] (SeriousBit) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\malwarebytes\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Bartek\programy\7 zip\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov) ContextMenuHandlers4: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} => C:\Program Files (x86)\WinZipper\wzShellctx64.dll -> Brak pliku ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-09-12] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Bartek\programy\7 zip\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\malwarebytes\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} => C:\Program Files (x86)\WinZipper\wzShellctx64.dll -> Brak pliku ContextMenuHandlers6-x32-x32: [WipeFiles] -> {ED09987C-E386-4F1A-9A52-09A6B659B45F} => D:\Program Files\UndeleteMyFiles\WipeExt.dll [2008-11-13] (SeriousBit) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {03F54856-B1D0-4631-A1D7-B0E70B5EF565} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation) Task: {132734A9-95F5-4723-975D-764F2B97BCD4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-22] (Google Inc.) Task: {296A3842-F378-4B34-9B2A-ACFCF5322269} - \Overwolf Updater Task -> Brak pliku <==== UWAGA Task: {2B9B6578-30B3-4BA4-A951-05FA772FA9DA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation) Task: {4B98CD12-2DBA-45F9-A8AE-672F535B7F31} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation) Task: {8667809F-D3FC-4B8F-8228-8D26EC9FED18} - System32\Tasks\DriverToolkit Autorun => D:\DriverToolkit\DriverToolkit.exe Task: {9909E866-222B-43BC-8F22-5C80C74D438F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.) Task: {A281CE71-DA24-40E8-9FBB-DD7D5733146C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation) Task: {C1144C99-B3DB-40B2-BC90-C32FB21E5FAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-22] (Google Inc.) Task: {E85D7F66-B287-471E-8866-924BBBDCCABA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation) Task: {F6611422-8064-4DED-9E78-6A62C6FAB526} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation) Task: {F82BA063-5AA1-4BC1-BFF7-960C1BED32DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\DriverToolkit Autorun.job => D:\DriverToolkit\DriverToolkit.exe ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKBKjchxocXe%2FWrUZCG7qKYIrY3ndPJFlyD8TbELWDkEafc%2B65xTmhEN3Q8aOs1w%3D%3D ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Fishpat\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKBKjchxocXe%2FWrUZCG7qKYIrY3ndPJFlyD8TbELWDkEafc%2B65xTmhEN3Q8aOs1w%3D%3D ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\86bee06da8dbda8b\Google Chrome.lnk -> C:\Program Files (x86)\Fishpat\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKBKjchxocXe%2FWrUZCG7qKYIrY3ndPJFlyD8TbELWDkEafc%2B65xTmhEN3Q8aOs1w%3D%3D ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7cdc350dafa50a54\Google Chrome.lnk -> C:\Program Files (x86)\Fishpat\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKBKjchxocXe%2FWrUZCG7qKYIrY3ndPJFlyD8TbELWDkEafc%2B65xTmhEN3Q8aOs1w%3D%3D ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKBKjchxocXe%2FWrUZCG7qKYIrY3ndPJFlyD8TbELWDkEafc%2B65xTmhEN3Q8aOs1w%3D%3D ==================== Załadowane moduły (filtrowane) ============== 2016-08-27 11:57 - 2016-09-12 22:00 - 000133568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-09-03 21:16 - 2016-08-24 15:48 - 000020240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll 2016-10-13 19:44 - 2016-09-30 06:25 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-10-13 19:44 - 2016-09-30 06:25 - 004490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2016-10-13 19:45 - 2016-09-30 06:25 - 000419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll 2017-08-28 21:37 - 2017-08-23 10:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll 2017-08-28 21:37 - 2017-08-23 10:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll 2016-10-13 19:44 - 2016-09-29 19:20 - 000500792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node 2016-10-13 19:44 - 2016-09-29 19:20 - 000255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2016-10-13 19:44 - 2016-09-29 19:20 - 002801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2016-10-13 19:44 - 2016-09-29 19:20 - 000244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2016-10-13 19:44 - 2016-09-29 19:20 - 000430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2016-10-13 19:44 - 2016-09-29 19:20 - 000336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2016-10-13 19:44 - 2016-09-29 19:20 - 000373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node 2016-10-13 19:44 - 2016-09-30 06:25 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\ProgramData:NT [40] AlternateDataStreams: C:\ProgramData:NT2 [432] AlternateDataStreams: C:\Users\All Users:NT [40] AlternateDataStreams: C:\Users\All Users:NT2 [432] AlternateDataStreams: C:\ProgramData\Application Data:NT [40] AlternateDataStreams: C:\ProgramData\Application Data:NT2 [432] AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT [40] AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 [432] AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40] AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432] AlternateDataStreams: C:\ProgramData\TEMP:9482CFB4 [268] AlternateDataStreams: C:\Users\Bartek\Dane aplikacji:NT [40] AlternateDataStreams: C:\Users\Bartek\Dane aplikacji:NT2 [432] AlternateDataStreams: C:\Users\Bartek\AppData\Roaming:NT [40] AlternateDataStreams: C:\Users\Bartek\AppData\Roaming:NT2 [432] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: ========================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2016-08-26 01:01 - 000001188 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-360975752-3786565279-1083807947-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: ) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\startupreg: apphide => C:\Program Files (x86)\sbqh\uc.exe MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: svchost0 => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{0919A306-A392-48F1-B397-785C6492AA8F}] => (Allow) C:\Users\Bartek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{ACFF7C9F-7D0C-4A67-BF81-57BE4C03A7AB}] => (Allow) C:\Users\Bartek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0EB31D3A-D77A-4E1C-B929-BFB2EBE18AC8}] => (Allow) C:\Users\Bartek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{03AA4D07-0876-4021-85F7-26C26EB831F5}] => (Allow) C:\Users\Bartek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{106FF94B-418A-4302-87BE-D538AEB5C58D}] => (Allow) C:\Users\Bartek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6ACD2077-F801-4971-B8C2-8BBD2EB9021C}] => (Allow) C:\Users\Bartek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{84B749F4-C78E-481E-9B88-DDC04C69E095}] => (Allow) C:\Users\Bartek\AppData\Local\Temp\MPCOnline\MPCDownload.exe FirewallRules: [{55B6B47A-BAC9-43EC-8E24-3B091BA96E62}] => (Allow) C:\Users\Bartek\AppData\Local\Temp\MPCOnline\MPCDownload.exe FirewallRules: [{CD72EDFE-2EF5-4F7D-8BF8-44B9CDDBC08D}] => (Allow) C:\Users\Bartek\AppData\Local\BrowserAir\Application\BrowserairExec.exe FirewallRules: [{B0BD2C0B-83B5-4D1B-9DCB-062C7418FED8}] => (Allow) E:\Bartek\Gry\steam\steam\Steam.exe FirewallRules: [{6BA29ECC-274E-444C-BCAA-A3E28ED19073}] => (Allow) E:\Bartek\Gry\steam\steam\Steam.exe FirewallRules: [{ADBC9884-4F9B-4D81-9A56-2D26B31BDBAA}] => (Allow) E:\Bartek\Gry\steam\steam\bin\steamwebhelper.exe FirewallRules: [{55FFA7F1-5243-44A5-827A-9B34FA089D09}] => (Allow) E:\Bartek\Gry\steam\steam\bin\steamwebhelper.exe FirewallRules: [{8D1EEA43-733B-4DE1-B7EE-FC2B9F4148C0}] => (Allow) E:\Bartek\programy\winamp\winamp.exe FirewallRules: [{B6FDCC8A-F741-4FC7-8B73-2888018F71D2}] => (Allow) E:\Bartek\Gry\steam\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{3C639277-E2ED-419A-85B6-C4CF161EBDD3}] => (Allow) E:\Bartek\Gry\steam\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{750877A6-AFE1-415C-AD19-24F6B4947722}] => (Allow) E:\Bartek\programy\teamviever\TeamViewer.exe FirewallRules: [{6B4977F2-672F-47DD-9C9C-EFF17D0379A8}] => (Allow) E:\Bartek\programy\teamviever\TeamViewer.exe FirewallRules: [{4186B503-EED0-49B3-AD68-31AB1D77DC07}] => (Allow) E:\Bartek\programy\teamviever\TeamViewer_Service.exe FirewallRules: [{DD2F410A-3598-4553-BF0E-2C79FD1848F9}] => (Allow) E:\Bartek\programy\teamviever\TeamViewer_Service.exe FirewallRules: [{22C05C38-145E-4A91-BDE5-ED65BD2D874C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{803F4DAD-A049-45F5-828C-78F0D3E008E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{A680EC0E-E70E-4F8A-80E2-CD414D647010}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{714AEFD1-3DF9-409A-B0C1-85CD8298587E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{041A6526-493C-4970-BC8D-EC3D64D07C7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{3E7FFF5E-CDA7-43F0-A913-6AEEDAD92201}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{439C299D-3151-4925-A4D6-D07BD988D848}C:\users\bartek\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bartek\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{5B560EA7-0AEF-4EC7-AE1F-964C688A736B}C:\users\bartek\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bartek\appdata\roaming\spotify\spotify.exe FirewallRules: [{3074766D-99F1-4F55-9242-2167A8641B26}] => (Allow) C:\Program Files (x86)\Fishpat\Application\chrome.exe FirewallRules: [{1C20ED15-4692-496B-8294-97BB022051C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E4A2B868-944B-4D7A-A11A-5B47C96AD82C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B0DC7F40-57D5-472B-9C83-99FBAD13E6DC}] => (Allow) E:\Bartek\Gry\steam\steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{0A0ED6AC-DEC2-48F3-AD77-C6A9BD4AA31E}] => (Allow) E:\Bartek\Gry\steam\steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{F33B9DFF-41B7-41ED-8CF1-981EF319B58D}E:\bartek\gry\gta sa\gta sa\gta san andreas\proxy_sa.exe] => (Allow) E:\bartek\gry\gta sa\gta sa\gta san andreas\proxy_sa.exe FirewallRules: [UDP Query User{EDC96F9A-07FA-4351-B327-954D3A60E252}E:\bartek\gry\gta sa\gta sa\gta san andreas\proxy_sa.exe] => (Allow) E:\bartek\gry\gta sa\gta sa\gta san andreas\proxy_sa.exe FirewallRules: [TCP Query User{94C7D207-EFE6-4A90-B418-70AAFC6ADCA4}E:\bartek\programy\telegram\telegram desktop\telegram.exe] => (Block) E:\bartek\programy\telegram\telegram desktop\telegram.exe FirewallRules: [UDP Query User{F283530A-2EBB-44AD-B104-945B3BC7CE93}E:\bartek\programy\telegram\telegram desktop\telegram.exe] => (Block) E:\bartek\programy\telegram\telegram desktop\telegram.exe FirewallRules: [{8EAD0517-1C08-4452-B068-6B864CC21464}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= 11-09-2017 00:11:49 Zaplanowany punkt kontrolny 19-09-2017 16:15:13 Zaplanowany punkt kontrolny 21-09-2017 21:54:34 Installed Pandora Recovery 2.0.0.289 ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Koprocesor Description: Koprocesor Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (09/22/2017 05:30:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/21/2017 09:50:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/21/2017 09:18:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/21/2017 02:09:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/20/2017 06:55:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/19/2017 07:21:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/19/2017 03:37:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/18/2017 07:52:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/17/2017 08:37:13 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/16/2017 05:46:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Dziennik System: ============= Error: (09/22/2017 05:31:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi ed2k idle service z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (09/22/2017 05:28:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi UvConverter z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (09/22/2017 05:28:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Windows Internet Service zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonego modułu. Error: (09/22/2017 05:28:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi InterHop z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (09/21/2017 09:50:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi ed2k idle service z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (09/21/2017 09:48:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi UvConverter z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (09/21/2017 09:48:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi InterHop z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (09/21/2017 09:48:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Windows Internet Service zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonego modułu. Error: (09/21/2017 09:18:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi ed2k idle service z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (09/21/2017 09:16:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi UvConverter z powodu następującego błędu: Nie można odnaleźć określonego pliku. ==================== Statystyki pamięci =========================== Procesor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz Procent pamięci w użyciu: 57% Całkowita pamięć fizyczna: 4095.27 MB Dostępna pamięć fizyczna: 1730.79 MB Całkowita pamięć wirtualna: 8188.73 MB Dostępna pamięć wirtualna: 5438.4 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:70.1 GB) (Free:22.32 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)] Drive d: () (Fixed) (Total:40.1 GB) (Free:39.23 GB) NTFS Drive e: () (Fixed) (Total:187.89 GB) (Free:74.94 GB) NTFS Drive g: (CORSAIR) (Removable) (Total:3.75 GB) (Free:3.34 GB) FAT32 Drive h: (Redo Backup) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D9B3496E) Partition 1: (Active) - (Size=70.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=40.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=187.9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 3.8 GB) (Disk ID: 04DD5721) Partition 1: (Active) - (Size=3.8 GB) - (Type=0B) ==================== Koniec Addition.txt ============================