Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:27-09-2015 01 Uruchomiony przez Krzych (2015-09-28 23:12:36) Uruchomiony z C:\Pobieranie Windows 7 Home Premium Service Pack 1 (X64) (2015-05-07 21:38:25) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-3646099861-1544004646-182888485-500 - Administrator - Disabled) Gość (S-1-5-21-3646099861-1544004646-182888485-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3646099861-1544004646-182888485-1002 - Limited - Enabled) Krzych (S-1-5-21-3646099861-1544004646-182888485-1000 - Administrator - Enabled) => C:\Users\Krzych ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) @BIOS B13.0402.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 1.00.0000 - GIGABYTE) @BIOS B13.0402.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.) Adobe Reader XI (11.0.12) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.15.0811 - Gigabyte) APP Center (x32 Version: 1.15.0811 - Gigabyte) Hidden Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts) BitTorrent (HKU\S-1-5-21-3646099861-1544004646-182888485-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.) BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team) BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden BUSB B13.0403.1 (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.00.0000 - GIGABYTE) CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform) Copy (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden CPUID HWMonitor 1.27 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden EasyTune B13.0410.2 (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0000 - GIGABYTE) EasyTune B13.0410.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Euro Truck Simulator 2 v1.16.2s (20 DLC) (HKLM-x32\...\Euro Truck Simulator 2 v1.16.2s (20 DLC)1.16.2s) (Version: 1.16.2s - Friends in War) EZSetupN B13.0410.2 (HKLM-x32\...\InstallShield_{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE) EZSetupN B13.0410.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden F2400 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden FireStorm version V1.0.44.000 (HKLM-x32\...\FireStorm_is1) (Version: V1.0.44.000 - ) GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.) Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden Heaven DX11 Benchmark version 3.0 (HKLM\...\Unigine Heaven DX11 Benchmark (Basic Edition)_is1) (Version: 3.0 - Unigine Corp.) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation) ipla 2.8.4 (HKLM-x32\...\ipla) (Version: 2.8.4 - Redefine Sp z o.o.) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden LG Color Cloning (HKLM-x32\...\{F8CAFED7-1D1A-402D-972D-DC31B22DE91B}) (Version: 1.01 - LG Electronics Inc.) Malwarebytes Anti-Malware wersja 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft PowerPoint 2010 (HKLM-x32\...\Office14.POWERPOINT) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Oprogramowanie systemu PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) NVIDIA Sterownik 3D Vision 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.82 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA Sterownik graficzny 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation) NVIDIA Sterownik kontrolera 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.) Panel sterowania NVIDIA 355.82 (Version: 355.82 - NVIDIA Corporation) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.) Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.8.4 - GOG.com) The Witcher 3: Wild Hunt - Alternative Look for Ciri (HKLM-x32\...\Alternative Look for Ciri_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Finisher Animations (HKLM-x32\...\New Finisher Animations_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - NEW GAME + (HKLM-x32\...\NEW GAME +_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden TP-LINK TL-WN725N_TL-WN723N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK) TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden WarThunder (HKLM\...\WarThunder) (Version: - WarThunder) WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden WinRAR 5.21 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-3646099861-1544004646-182888485-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Punkty Przywracania systemu ========================= 12-09-2015 04:11:07 Zainstalowany program DirectX 12-09-2015 04:13:12 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 12-09-2015 05:53:48 Windows Update 13-09-2015 23:24:36 Zainstalowany program DirectX 18-09-2015 14:48:32 ComboFix created restore point 18-09-2015 22:09:34 Windows Update 25-09-2015 16:36:25 Installed LG Color Cloning. 28-09-2015 10:47:54 Removed APP Center ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2015-09-18 14:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {0C298B34-BDC6-4FE1-975B-5F8B856FA90D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-08] (Piriform Ltd) Task: {1EB11F54-EA8E-4E63-9E9E-C0230189E875} - System32\Tasks\{64652996-EB29-49DF-B045-C2E677BDE549} => pcalua.exe -a C:\Users\Krzych\AppData\Local\Temp\Temp1_TL-WN725N_V2_130326.zip\Setup.exe Task: {2271D12F-E444-43B8-AF73-7C6C7F266AB8} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {29BF6665-CB6E-452A-9818-EA5CF91B972D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-07] (Google Inc.) Task: {4651892D-48B3-4F75-9381-DEFBF4B61104} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.) Task: {54B36682-7FE9-46C1-B9A7-CE59FA62535E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {8697CFA1-3EE9-40FF-B6F9-701DD20E4E00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-07] (Google Inc.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Załadowane moduły (filtrowane) ============== 2015-05-08 00:06 - 2015-08-25 16:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-04-14 15:27 - 2015-04-14 15:27 - 00016896 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe 2015-05-08 12:09 - 2015-05-08 12:09 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2014-01-21 16:54 - 2015-09-10 14:55 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe 2015-09-16 16:57 - 2015-09-16 16:57 - 02221048 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.255\deploy\LoLLauncher.exe 2015-09-16 16:57 - 2015-09-16 16:57 - 04049400 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.39\deploy\LoLPatcher.exe 2015-09-10 16:06 - 2015-09-10 16:06 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.160\deploy\LolClient.exe 2015-05-09 13:31 - 2015-05-09 13:31 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-05-09 13:31 - 2015-05-09 13:31 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-09-28 14:47 - 2015-09-28 14:47 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15092800\algo.dll 2015-09-28 22:26 - 2015-09-28 22:26 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15092801\algo.dll 2015-05-09 13:31 - 2015-05-09 13:31 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-09-16 16:57 - 2015-09-16 16:57 - 01581048 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.39\deploy\RiotLauncher.dll 2015-09-10 15:50 - 2015-09-10 15:50 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.160\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll 2015-09-10 15:50 - 2015-09-10 15:50 - 16032616 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.160\deploy\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll 2015-09-25 02:04 - 2015-09-24 04:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll 2015-09-25 02:04 - 2015-09-24 04:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll 2015-09-25 02:04 - 2015-09-24 04:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== EXE - Powiązania (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-3646099861-1544004646-182888485-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Krzych\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows - funkcja włączona. ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Obecnie brak automatycznej naprawy dla tej sekcji.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" MSCONFIG\startupreg: PreRun => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe MSCONFIG\startupreg: SensorDetector => C:\Program Files (x86)\Gigabyte\EasyTune\PreSensorDetector.exe MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{E898EC32-A276-4D87-8FC0-583E945A9A6F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{1ACEAA85-B002-45D2-B1AF-FC0CBD9D08F5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{768AEFE5-022E-4523-B1A0-07E340587732}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{F9DB8BDB-EB10-44EE-BDBC-F998D06A045E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{FD9E0528-D6B5-47F8-B390-29664FD8EEB6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{99F3907D-B6C5-450D-852B-FEC27715A000}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [TCP Query User{4AAB1D74-8DD6-4BE7-877D-32BD78809585}C:\users\krzych\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\krzych\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [UDP Query User{43532625-37D0-4D50-ABD5-C7FFBE58E244}C:\users\krzych\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\krzych\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [{AB928AA4-ACAC-4012-AE8C-F4E6DB683832}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{15322A77-6878-4343-9628-D938A249722F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{9177F7F1-C0F5-450F-87FE-3AF654D20BB0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BF69AA83-84CF-442D-823D-D61D69299F22}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{EEDF96C2-11C9-4EDB-B836-7151A6DA5AC2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{E6CFA027-2E68-452E-961A-D7C6CD6506C8}C:\program files (x86)\fifa 14 demo\game\fifa14_demo.exe] => (Allow) C:\program files (x86)\fifa 14 demo\game\fifa14_demo.exe FirewallRules: [UDP Query User{FEEDF836-FE9E-426E-8145-5726D652613C}C:\program files (x86)\fifa 14 demo\game\fifa14_demo.exe] => (Allow) C:\program files (x86)\fifa 14 demo\game\fifa14_demo.exe FirewallRules: [{F7CABF6C-878A-48B3-BE7E-50EB7D612245}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{A7E15310-E6A1-4AB7-8598-85B3C186ADEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{C9063688-BEFD-482B-A9BE-769764B223D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{133B9547-1874-41A6-B543-582BC6E022C8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{8A0CD1D3-AF38-468D-9712-54507EEBCEB6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{78CE84FA-337D-4903-93E9-D4914192E715}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{E96FE396-947C-4EC8-B5BE-FE54221CC9A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{0FAAC9DD-68E5-4D37-B3F0-C7B037412410}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{D3B66274-87B2-484A-9A8C-A240F732E1CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{FF06002E-3AFA-425D-9332-9E3399EFF5D9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{06BA7703-AE2B-48F5-9C7B-76E6F60F3290}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{20063393-99F3-4A9C-89E4-DCDBA021BA01}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{887AB066-78E7-4767-97D0-67F42CA48928}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{B6DDF518-6584-449C-9236-A514FA8FEC47}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{E8FE214F-E5FA-486C-A57B-B50EFB90485B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{A935A8F5-9462-453F-A3E2-2EE9BAE34539}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{BD6A4F4D-76DF-4D95-9498-708958630D1B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{2C5A9141-66E4-479E-B794-C6958F6C298B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{DC053A77-2FC1-42D7-B2B7-C0A6F7D05668}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{2E6C03FC-9C40-4015-BAF8-534137A24951}] => (Allow) C:\Program Files (x86)\LG Electronics\LG Color Cloning\ColorCloning.exe FirewallRules: [{7FBA4DE2-55E1-416E-92F8-E56421B592B0}] => (Allow) C:\Program Files (x86)\LG Electronics\LG Color Cloning\ColorCloning.exe FirewallRules: [{7E7EFCF5-BEEC-4CCE-8CB5-6E411C5598DF}] => (Allow) LPort=22000 ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Kontroler Uniwersalnej magistrali szeregowej (USB) Description: Kontroler Uniwersalnej magistrali szeregowej (USB) Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Kontroler Ethernet Description: Kontroler Ethernet Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Kontroler magistrali zarządzania systemem Description: Kontroler magistrali zarządzania systemem Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (09/28/2015 10:27:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/28/2015 03:29:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/28/2015 10:46:42 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/27/2015 11:43:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2015 06:20:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2015 05:08:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2015 05:06:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2015 11:08:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2015 01:56:29 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program League of Legends.exe w wersji 5.18.0.300 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: eb8 Godzina rozpoczęcia: 01d0f7ec456dc455 Godzina zakończenia: 117 Ścieżka aplikacji: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.106\deploy\League of Legends.exe Identyfikator raportu: Error: (09/25/2015 03:57:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Dziennik System: ============= Error: (09/28/2015 10:26:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT) Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\Windows\system32\Rtlihvs.dll Kod błędu: 126 Error: (09/28/2015 09:59:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT) Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\Windows\system32\Rtlihvs.dll Kod błędu: 126 Error: (09/28/2015 09:12:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa GIGABYTE Adjust niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (09/28/2015 09:10:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa PnkBstrA niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (09/28/2015 09:10:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Adobe Acrobat Update Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (09/28/2015 03:29:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT) Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\Windows\system32\Rtlihvs.dll Kod błędu: 126 Error: (09/28/2015 03:29:13 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 15:24:48 na ‎2015-‎09-‎28 było nieoczekiwane. Error: (09/28/2015 10:46:18 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT) Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\Windows\system32\Rtlihvs.dll Kod błędu: 126 Error: (09/28/2015 01:00:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Adobe Acrobat Update Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (09/27/2015 11:43:28 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT) Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\Windows\system32\Rtlihvs.dll Kod błędu: 126 CodeIntegrity: =================================== Date: 2015-09-18 14:54:10.268 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-18 14:54:10.244 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz Procent pamięci w użyciu: 31% Całkowita pamięć fizyczna: 8070.8 MB Dostępna pamięć fizyczna: 5493.25 MB Całkowita pamięć wirtualna: 16139.81 MB Dostępna pamięć wirtualna: 13275.57 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:232.66 GB) (Free:66.97 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: C3076843) Partition: GPT. ==================== Koniec Addition.txt ============================