Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 17-12-2017 Uruchomiony przez pszen (19-12-2017 22:25:38) Uruchomiony z C:\Users\pszen\Desktop\frts Windows 10 Home Wersja 1709 16299.125 (X64) (2017-11-12 17:39:15) Tryb startu: Safe Mode (with Networking) ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-4099042752-900424334-1160265230-500 - Administrator - Disabled) defaultuser0 (S-1-5-21-4099042752-900424334-1160265230-1000 - Limited - Disabled) => C:\Users\defaultuser0 Gość (S-1-5-21-4099042752-900424334-1160265230-501 - Limited - Disabled) Konto domyślne (S-1-5-21-4099042752-900424334-1160265230-503 - Limited - Disabled) pszen (S-1-5-21-4099042752-900424334-1160265230-1001 - Administrator - Enabled) => C:\Users\pszen WDAGUtilityAccount (S-1-5-21-4099042752-900424334-1160265230-504 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Ochrona komputera by F-Secure (Disabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Ochrona komputera by F-Secure (Disabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) adobe (HKLM\...\{F9972BCA-8EDC-42D8-B157-2B093EB26838}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated) Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated) Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.17 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.19.0004 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.7 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0043 - ASUS) AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.2.9 - ICEpower a/s) Computer Security 14.176.101.0 (release) (HKLM-x32\...\{658FDBCA-B7A1-43E4-A849-9F0812473331}) (Version: 14.176.101.0 - F-Secure Corporation) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd) Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.) F-Secure CCF Reputation (HKLM-x32\...\{00000000-2778-5BED-8199-52EB14D8D22F}) (Version: 2.1.1342.0 - F-Secure) Hidden F-Secure CCF Scanning 1.73.275.1078 (release) (HKLM-x32\...\{4C8051EE-668A-4578-8669-C4F4F71A05AA}) (Version: 1.73.275.1078 - F-Secure Corporation) Hidden F-Secure Network CCF 1.04.214 (HKLM-x32\...\{A691C0D2-6698-411D-BC58-980629406BB4}) (Version: 1.04.214 - F-Secure Corporation) Hidden F-Secure SafeSearch 10.0.0.0 (release) (HKLM-x32\...\{1C02D59F-EAF4-404C-95D9-2E7EF186FE44}) (Version: 10.0.0.0 - F-Secure Corporation) Hidden GG (HKU\S-1-5-21-4099042752-900424334-1160265230-1001\...\GG) (Version: 12 - GG Network S.A.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Mozilla Firefox 57.0.2 (x64 pl) (HKLM\...\Mozilla Firefox 57.0.2 (x64 pl)) (Version: 57.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla) Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Online Safety 2.176.4626.2945 (HKLM-x32\...\{545FB0D8-4D09-4D00-9FF9-729A63D4139F}) (Version: 2.176.4626.2945 - F-Secure Corporation) Hidden Pakiet Bezpieczeństwa UPC (HKLM-x32\...\{688DC56E-D16D-4B6E-9A8B-1AD800C20FF4}) (Version: 2.76.212.0 - F-Secure Corporation) Hidden Pakiet Bezpieczeństwa UPC (HKLM-x32\...\F-Secure ServiceEnabler 46267) (Version: 2.76.212.0 - F-Secure Corporation) Panel sterowania NVIDIA 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 369.09 - NVIDIA Corporation) Hidden Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.10373 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.9.422.2016 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7824 - Realtek Semiconductor Corp.) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.3.5 - NVIDIA Corporation) Hidden Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer) Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft) Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-012B-0415-1000-0000000FF1CE}_Office16.PROPLUS_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{17515373-7495-4995-9089-B7D6DF455C38}) (Version: 2.6.0.0 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) Windows Driver Package - ASUS (AsusSGDrv) Mouse (11/14/2016 8.0.0.26) (HKLM\...\F2F863C5091CD775A1EC34759959219D836FDA66) (Version: 11/14/2016 8.0.0.26 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-4099042752-900424334-1160265230-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\pszen\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\amd64\FileSyncShell64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-4099042752-900424334-1160265230-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\pszen\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\amd64\FileSyncShell64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-4099042752-900424334-1160265230-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\pszen\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\amd64\FileSyncShell64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-4099042752-900424334-1160265230-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] () ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] () ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers3: [F-Secure Shell Extension] -> {23814B80-52A2-11D0-BC1A-004095606CB9} => C:\Program Files (x86)\Pakiet Bezpieczeństwa UPC\apps\ComputerSecurity\Common\fpshx.dll [2016-10-26] (F-Secure Corporation) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5000ba0b757b594d\igfxDTCM.dll [2016-12-18] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] () ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {14B7F8FE-7E5F-4E38-95D6-CF3B5AD7A06C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {19849B53-BCBD-445E-9F63-587846EC063A} - System32\Tasks\WpsKtpcntrQingTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [2016-11-14] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {37BCCB44-2A53-49A7-AE1B-AD6ACB668A7A} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.) Task: {3A53119A-818B-4AFB-B20D-3CC60D407AAC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-16] (Adobe Systems Incorporated) Task: {4F42FCE5-DA63-4D9D-AAB6-796F12C4C865} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation) Task: {76C942BA-8F3E-4AD0-97B2-7EC1AA058C1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-28] (Google Inc.) Task: {805450E8-3DA3-499D-A766-9CF3A247AFBF} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA Task: {838A8EB3-D3F7-478D-AAFB-E9F5A665B6BA} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.) Task: {83E3ABCD-A941-44A9-8922-CD58609E7439} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-05-20] (Realtek Semiconductor) Task: {8411BC5A-C5A3-4357-948C-8A3539537295} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2016-11-14] (AsusTek) Task: {8A56350F-F06D-4F43-B093-9C656C8F81CE} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2016-10-12] (ASUS) Task: {9D85EE48-438D-494F-AAC4-78F1F5920C88} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {A7EF60C9-FE98-404F-8CB6-61205C1F27FB} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] () Task: {B186994F-0D7F-4CB3-85A9-A91F25ED4ED5} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-pszeniczko@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {D6B59E63-282D-48D5-A913-D554DAAD7C47} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {D81FF288-7101-479D-A50C-96F80DAFDC0C} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-07-07] (ASUSTek COMPUTER INC.) Task: {DB880212-D144-420D-8100-A87570CD15DB} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-02-23] (ASUSTek Computer Inc.) Task: {E743A755-DFD0-473B-AA6E-CE11922EE2FB} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] () Task: {E8C8C979-E369-4D3D-9D66-9E1B42325ECD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-11-03] () Task: {EC80D973-2395-4B5B-9A64-00B06F2729E4} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] () Task: {F1BF6F52-19A1-4349-A55B-CB0E78E8B23A} - System32\Tasks\WpsExternal_20161114022915 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2016-11-14] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {F8699DA4-5910-44BD-AF7A-2E74664E9B95} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-05-20] (Realtek Semiconductor) Task: {FD9A9618-B60C-4FFA-83FA-C4A5B09F4526} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel(R) Corporation) Task: {FF01A53D-6311-44A1-BB04-39527C27F4C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-28] (Google Inc.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\WpsExternal_20161114022915.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exeÃqing 10.1.0.5644 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll 2017-12-11 17:37 - 2017-12-11 17:37 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-12-11 17:37 - 2017-12-11 17:37 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-12-12 21:20 - 2017-11-26 13:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-12-12 21:20 - 2017-11-26 13:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-12-14 07:59 - 2017-12-06 05:24 - 002873688 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\swiftshader\libglesv2.dll 2017-12-14 07:59 - 2017-12-06 05:24 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\swiftshader\libegl.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-4099042752-900424334-1160265230-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pszen\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{1750c9d0-526b-4fff-8a9a-728a85016506}.jpg DNS Servers: Urządzenie nie jest podłączone do internetu. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeUpdateService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: ATKGFNEXSrv => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: SkypeUpdate => 2 HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-4099042752-900424334-1160265230-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-4099042752-900424334-1160265230-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-4099042752-900424334-1160265230-1001\...\StartupApproved\Run: => "GG" HKU\S-1-5-21-4099042752-900424334-1160265230-1001\...\StartupApproved\Run: => "Skype" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{A898EAB6-BF1E-48F0-AF30-5ACB8D77313C}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe FirewallRules: [{E1F70AF6-BA83-4AC4-9D64-9F4A4F2677D3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe FirewallRules: [{F28FB29D-1C8A-4B83-A2F2-89CC4133F5D8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{0969435B-EB7E-44D7-A45B-93950C9DB8E2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{C1FDF6A0-BCF5-47AC-BF38-3BA3F8496AF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{0C8B7AA4-0580-4652-867A-ED036CA182F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{6FFDB3FF-0001-4E4B-B253-CD252F8BA592}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{3B81CEE4-2B5F-4810-966C-9920713F3CF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{78F43FC5-B6B0-4608-B2FD-FE106238EBC3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{FC9674E5-E37C-4841-8D64-097320152E5E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{250ADDB2-9CFE-44A4-A462-93878B63A5FE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{23D9C523-3687-4263-8562-1D7E55577FEB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{29C8D9D1-A0FD-43E0-A83A-7C9D36E84DBB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{EA6D6C7C-A29A-4324-BF2E-1F98C6FD41EF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{0E2EE5A1-71F4-47AA-904B-CAE10D510B60}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{905A40DD-B07A-423F-8332-552BA3A9C91E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{9108BB73-2D82-483D-830C-868405D75D4B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= UWAGA: Przywracanie systemu jest wyłączone ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Qualcomm Atheros QCA9377 Wireless Network Adapter Description: Qualcomm Atheros QCA9377 Wireless Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Inc. Service: Qcamain10x64 Problem: : Windows cannot initialize the device driver for this hardware. (Code 37) Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (12/19/2017 10:11:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: ) Description: Zainicjowanie obiektu System Writer kopii zapasowej VSS przez Usługi kryptograficzne nie powiodło się. Details: Could not query the status of the EventSystem service. System Error: Trwa proces zamykania systemu. . Error: (12/19/2017 09:50:47 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 4 2017-12-19 21:50:47+02:00 DESKTOP-PKO5OE2\pszen F-Secure Anti-Virus Malicious code found in computer . Infection: Trojan.HackTool.SUP Action: The scanner was unable to remove the infection. Error: (12/19/2017 09:50:24 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 3 2017-12-19 21:50:24+02:00 DESKTOP-PKO5OE2\pszen F-Secure Anti-Virus Malicious code found in file C:\Windows\Temp\SppExtComObjHook.dll. Infection: Trojan.HackTool.SUP Error: (12/19/2017 09:50:18 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 2 2017-12-19 21:50:18+02:00 DESKTOP-PKO5OE2\pszen F-Secure Anti-Virus Malicious code found in computer . Infection: Trojan.HackTool.SUP Action: The scanner was unable to remove the infection. Error: (12/19/2017 09:49:41 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 1 2017-12-19 21:49:41+02:00 SYSTEM F-Secure Anti-Virus Malicious code found in file C:\Windows\Temp\SppExtComObjHook.dll. Infection: Trojan.HackTool.SUP Error: (12/19/2017 09:45:50 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 2 2017-12-19 21:45:50+02:00 DESKTOP-PKO5OE2\pszen F-Secure Anti-Virus Malicious code found in computer . Infection: Trojan.HackTool.SUP Action: The scanner was unable to remove the infection. Error: (12/19/2017 09:45:04 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 1 2017-12-19 21:45:04+02:00 DESKTOP-PKO5OE2\pszen F-Secure Anti-Virus Malicious code found in file C:\Windows\Temp\SppExtComObjHook.dll. Infection: Trojan.HackTool.SUP Error: (12/19/2017 09:41:29 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 2 2017-12-19 21:41:29+02:00 SYSTEM F-Secure Anti-Virus Malicious code found in computer . Infection: Trojan.HackTool.SUP Action: The scanner was unable to remove the infection. Error: (12/19/2017 09:41:02 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 1 2017-12-19 21:41:02+02:00 SYSTEM F-Secure Anti-Virus Malicious code found in file C:\Windows\Temp\SppExtComObjHook.dll. Infection: Trojan.HackTool.SUP Error: (12/19/2017 09:39:28 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 2 2017-12-19 21:39:28+02:00 DESKTOP-PKO5OE2\pszen F-Secure Anti-Virus Malicious code found in computer . Infection: Trojan.HackTool.SUP Action: The scanner was unable to remove the infection. Dziennik System: ============= Error: (12/19/2017 10:25:38 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-PKO5OE2) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi ShellHWDetection z argumentami Niedostępny w celu uruchomienia serwera: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (12/19/2017 10:25:19 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-PKO5OE2) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi ShellHWDetection z argumentami Niedostępny w celu uruchomienia serwera: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (12/19/2017 10:25:07 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-PKO5OE2) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi ShellHWDetection z argumentami Niedostępny w celu uruchomienia serwera: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (12/19/2017 10:23:47 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-PKO5OE2) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi ShellHWDetection z argumentami Niedostępny w celu uruchomienia serwera: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (12/19/2017 10:23:28 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-PKO5OE2) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi WSearch z argumentami Niedostępny w celu uruchomienia serwera: {9E175B6D-F52A-11D8-B9A5-505054503030} Error: (12/19/2017 10:23:27 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-PKO5OE2) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi ShellHWDetection z argumentami Niedostępny w celu uruchomienia serwera: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (12/19/2017 10:23:25 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-PKO5OE2) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi WSearch z argumentami Niedostępny w celu uruchomienia serwera: {9E175B6D-F52A-11D8-B9A5-505054503030} Error: (12/19/2017 10:23:22 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-PKO5OE2) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi ShellHWDetection z argumentami Niedostępny w celu uruchomienia serwera: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (12/19/2017 10:23:16 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-PKO5OE2) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi NVSvc z argumentami Niedostępny w celu uruchomienia serwera: {DCAB0989-1301-4319-BE5F-ADE89F88581C} Error: (12/19/2017 10:23:16 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-PKO5OE2) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi ShellHWDetection z argumentami Niedostępny w celu uruchomienia serwera: {DD522ACC-F821-461A-A407-50B198B896DC} CodeIntegrity: =================================== Date: 2017-11-16 19:26:00.195 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Pakiet Bezpieczeństwa UPC\apps\ComputerSecurity\HIPS\fshook64.dll that did not meet the Microsoft signing level requirements. Date: 2017-11-16 19:25:49.102 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Pakiet Bezpieczeństwa UPC\apps\ComputerSecurity\HIPS\fshook64.dll that did not meet the Microsoft signing level requirements. Date: 2017-11-16 19:24:28.783 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Pakiet Bezpieczeństwa UPC\apps\ComputerSecurity\HIPS\fshook64.dll that did not meet the Microsoft signing level requirements. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz Procent pamięci w użyciu: 16% Całkowita pamięć fizyczna: 8072.53 MB Dostępna pamięć fizyczna: 6716.66 MB Całkowita pamięć wirtualna: 9352.53 MB Dostępna pamięć wirtualna: 8115.91 MB ==================== Dyski ================================ Drive c: (OS) (Fixed) (Total:118.48 GB) (Free:68.74 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:728.39 GB) NTFS Drive e: () (Removable) (Total:7.6 GB) (Free:7.6 GB) FAT32 ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: F2D85C98) Partition: GPT. ======================================================== Disk: 1 (Size: 119.2 GB) (Disk ID: D1B1E1BB) Partition: GPT. ======================================================== Disk: 2 (Size: 7.6 GB) (Disk ID: 500A0DFF) No partition Table on disk 2. ==================== Koniec Addition.txt ============================