Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:07-02-2016 Uruchomiony przez Tec-7 (2016-04-11 14:33:42) Uruchomiony z F:\ Windows 7 Ultimate Service Pack 1 (X64) (2016-02-14 16:51:41) Tryb startu: Safe Mode (with Networking) ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-1254553527-1768904880-4206112929-500 - Administrator - Disabled) Gość (S-1-5-21-1254553527-1768904880-4206112929-501 - Limited - Disabled) Tec-7 (S-1-5-21-1254553527-1768904880-4206112929-1000 - Administrator - Enabled) => C:\Users\Tec-7 ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) Aktualizacje NVIDIA 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden Bierzerkers (HKLM-x32\...\Steam App 348460) (Version: - Shield Break Studios) CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform) Copa Petrobras de Marcas (HKLM\...\Steam App 359800) (Version: - Reiza Studios) Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 15.5.0 - iolo technologies, LLC) Malwarebytes Anti-Malware wersja 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mozilla Firefox 45.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 pl)) (Version: 45.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA Sterownik 3D Vision 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation) NVIDIA Sterownik graficzny 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation) NVIDIA Sterownik kontrolera 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) Opera 12.18 (HKLM\...\Opera 12.18.1873) (Version: 12.18.1873 - Opera Software ASA) Panel sterowania NVIDIA 341.92 (Version: 341.92 - NVIDIA Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.69.304.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Serena (HKLM-x32\...\Steam App 272060) (Version: - Senscape) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH) The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.615 - Electronic Arts) WinRAR 4.11 (32-bitowy) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) Worms (HKLM-x32\...\Steam App 70640) (Version: - Team17 Digital Ltd) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {0642C9A8-3ECF-455F-80AC-18A9B2B955CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd) Task: {084D7C28-80F8-4481-9723-6217802AA19D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-02-17] (Microsoft Corporation) Task: {09466E3C-3B9A-450C-9EC7-8143DD11969D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-02-17] (Microsoft Corporation) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\iolo Process Governor.job => C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE - Powiązania (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-1254553527-1768904880-4206112929-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Obecnie brak automatycznej naprawy dla tej sekcji.) ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{EEBB9E55-537C-4D5E-BB09-29D0BAE7244B}] => (Allow) H:\Gry\Steam.exe FirewallRules: [{86CAD534-F404-4DAD-AE15-48745DCF74A0}] => (Allow) H:\Gry\Steam.exe FirewallRules: [{C8987666-7F74-4CDA-824E-50FC48E08985}] => (Allow) H:\Gry\bin\steamwebhelper.exe FirewallRules: [{697792E2-5D87-493F-90FB-BE403D8D44F4}] => (Allow) H:\Gry\bin\steamwebhelper.exe FirewallRules: [{BA3605F1-4502-4720-857A-F12B1C670160}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{860F7541-EA13-433F-B0E3-56551A36D31B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{FD1B3A93-6217-4852-BB85-E9B4010AAFA1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{76FDE78A-58E2-4BFD-BF25-76169BBA381E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{E309E7FF-FEEE-4D36-A0F3-1668931E9E67}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{020924F0-0D68-4252-82B1-B2A2F0A70685}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{43DF2CD3-8204-466C-A795-D439755C1AC6}H:\gry\steamapps\common\half-life\hl.exe] => (Allow) H:\gry\steamapps\common\half-life\hl.exe FirewallRules: [UDP Query User{3224C598-5BB8-4109-AB21-80FB27009E21}H:\gry\steamapps\common\half-life\hl.exe] => (Allow) H:\gry\steamapps\common\half-life\hl.exe FirewallRules: [TCP Query User{DF5543C9-1AAA-4448-805A-579D1D2BD27C}I:\counter-strike global offensive\csgo.exe] => (Allow) I:\counter-strike global offensive\csgo.exe FirewallRules: [UDP Query User{2C5FDFBC-1730-4477-908F-812016EE6250}I:\counter-strike global offensive\csgo.exe] => (Allow) I:\counter-strike global offensive\csgo.exe FirewallRules: [{1E84B9E7-B7DE-4CE3-A589-17B7618B5138}] => (Allow) H:\Gry\steamapps\common\Jet Set Radio\jsrsetup.exe FirewallRules: [{9F78802F-C88A-4F9A-A940-B0380E45CBD4}] => (Allow) H:\Gry\steamapps\common\Jet Set Radio\jsrsetup.exe FirewallRules: [{72125E25-7E86-41D2-952C-673952EBB536}] => (Allow) H:\Gry\steamapps\common\Hell Yeah\HELLYEAH.exe FirewallRules: [{68FE21EF-D9BC-4F7B-B3C0-2680DBC76BB9}] => (Allow) H:\Gry\steamapps\common\Hell Yeah\HELLYEAH.exe FirewallRules: [{0353E267-26CC-42D7-A876-314C26EEBC02}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe FirewallRules: [{756A5054-A985-49F5-A9AF-A490856CB478}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe FirewallRules: [{C4574C76-BD39-446F-A15A-431A6C928A18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D2937BEC-1388-4FD7-8F04-EEEA033D6AA6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{8693A657-DE20-4A29-8F2B-ABCD81C77818}H:\gry\steam\kurwachujidupa\common\trackmania nations forever\tmforever.exe] => (Block) H:\gry\steam\kurwachujidupa\common\trackmania nations forever\tmforever.exe FirewallRules: [UDP Query User{2885653B-C72B-43C6-B655-894121E45029}H:\gry\steam\kurwachujidupa\common\trackmania nations forever\tmforever.exe] => (Block) H:\gry\steam\kurwachujidupa\common\trackmania nations forever\tmforever.exe FirewallRules: [{1D48DDFF-73A2-429B-B9C0-3D0426DA0706}] => (Allow) H:\Gry\steamapps\common\Copa Petrobras de Marcas\Marcas.exe FirewallRules: [{970B10CF-8DBD-4D81-A426-FA506754D828}] => (Allow) H:\Gry\steamapps\common\Copa Petrobras de Marcas\Marcas.exe FirewallRules: [{AF41ED8A-4D92-4199-8909-63EE8A20508A}] => (Allow) H:\Gry\steamapps\common\Copa Petrobras de Marcas\Config.exe FirewallRules: [{128CFD44-0163-487A-B2D2-0959FCFD56DC}] => (Allow) H:\Gry\steamapps\common\Copa Petrobras de Marcas\Config.exe ==================== Punkty Przywracania systemu ========================= 07-04-2016 01:07:50 Zaplanowany punkt kontrolny ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: sptd Description: sptd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: sptd Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (04/11/2016 02:33:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/11/2016 02:31:55 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Error: (04/11/2016 02:31:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x8007043C Error: (04/11/2016 02:31:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: ) Description: Zainicjowanie obiektu System Writer kopii zapasowej VSS przez Usługi kryptograficzne nie powiodło się. Details: System Writer object failed to initialize VSS. System Error: Niepoprawna funkcja. . Error: (04/11/2016 11:16:04 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/11/2016 11:08:24 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2016 10:11:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2016 10:07:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2016 09:23:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2016 09:21:58 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Dziennik System: ============= Error: (04/11/2016 02:32:05 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (04/11/2016 02:32:05 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (04/11/2016 02:31:56 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC} Error: (04/11/2016 02:31:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: discache RawDisk3 spldr sptd Wanarpv6 Error: (04/11/2016 02:31:26 PM) (Source: sptd) (EventID: 4) (User: ) Description: Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla . Error: (04/11/2016 11:14:22 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000003b (0x00000000c0000005, 0xfffff80003a0cb05, 0xfffff88008b98f70, 0x0000000000000000)C:\Windows\MEMORY.DMP041116-14430-01 Error: (04/11/2016 11:14:21 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 11:12:36 na ‎2016-‎04-‎11 było nieoczekiwane. Error: (04/11/2016 11:06:40 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 03:42:42 na ‎2016-‎04-‎11 było nieoczekiwane. Error: (04/10/2016 09:22:18 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (04/10/2016 09:22:09 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz Procent pamięci w użyciu: 28% Całkowita pamięć fizyczna: 4094.49 MB Dostępna pamięć fizyczna: 2935.97 MB Całkowita pamięć wirtualna: 8187.19 MB Dostępna pamięć wirtualna: 7054.48 MB ==================== Dyski ================================ Drive c: (Win7 :D) (Fixed) (Total:68.25 GB) (Free:35.9 GB) NTFS Drive d: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive e: () (Fixed) (Total:201.95 GB) (Free:201.85 GB) NTFS Drive f: () (Fixed) (Total:97.66 GB) (Free:93.08 GB) NTFS Drive g: (wszystko) (Fixed) (Total:97.66 GB) (Free:63.17 GB) NTFS Drive h: (steam foty itd) (Fixed) (Total:83.22 GB) (Free:0.33 GB) NTFS Drive i: (Gry nowe ) (Fixed) (Total:195.31 GB) (Free:137.48 GB) NTFS Drive j: () (Fixed) (Total:19.43 GB) (Free:19.35 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000001) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=68.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=202.1 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 298.1 GB) (Disk ID: 28682867) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=19.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=278.5 GB) - (Type=OF Extended) ==================== Koniec Addition.txt ============================