Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 29-10-2016 Uruchomiony przez Łukasz (30-10-2016 00:11:09) Uruchomiony z C:\Users\Łukasz\Downloads Windows 10 Enterprise (X64) (2016-10-18 05:35:09) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2201974653-3557858501-2080791748-500 - Administrator - Disabled) defaultuser0 (S-1-5-21-2201974653-3557858501-2080791748-1000 - Administrator - Disabled) Gość (S-1-5-21-2201974653-3557858501-2080791748-501 - Limited - Disabled) Konto domyślne (S-1-5-21-2201974653-3557858501-2080791748-503 - Limited - Disabled) Łukasz (S-1-5-21-2201974653-3557858501-2080791748-1001 - Administrator - Enabled) => C:\Users\Łukasz ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Aktualizacje NVIDIA 2.11.4.0 (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Atom (HKU\S-1-5-21-2201974653-3557858501-2080791748-1001\...\atom) (Version: 1.11.2 - GitHub Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.27.55 - Conexant) e5 Secure Download Manager (HKLM-x32\...\{9731C87A-24EE-42AE-A169-759C0060B0DB}) (Version: 3.2.243.0 - Kivuto Solutions Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden InterHop (HKLM-x32\...\{A0275D4F-FFAB-4A42-9874-B871B1C4CA3D}) (Version: - ) Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.) Microsoft Office 365 ProPlus - pl-pl (HKLM\...\O365ProPlusRetail - pl-pl) (Version: 16.0.7369.2038 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NVIDIA Sterownik graficzny 368.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.71 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Oracle VM VirtualBox 5.1.6 (HKLM\...\{EEDDD7E2-A7A2-4FA9-8C32-ADB29A5096FF}) (Version: 5.1.6 - Oracle Corporation) Panel sterowania NVIDIA 368.71 (Version: 368.71 - NVIDIA Corporation) Hidden SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Spotify (HKU\S-1-5-21-2201974653-3557858501-2080791748-1001\...\Spotify) (Version: 1.0.41.375.g040056ca - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) War Thunder Launcher 1.0.1.695 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment) World of Warships (HKU\S-1-5-21-2201974653-3557858501-2080791748-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-2201974653-3557858501-2080791748-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Łukasz\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {2495DAA2-376F-41D2-BDA2-DEC2DD17B961} - System32\Tasks\Qokaghtplerfied Manager => C:\Program Files (x86)\Ateyjlick\gukigh.exe [2016-10-25] (Glarysoft Ltd) Task: {36F43AB6-0EBF-483A-8E81-BC449C96E75F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-09] (Microsoft Corporation) Task: {377E4B22-F779-4734-B274-8660AC55367D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-18] (Google Inc.) Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW Task: {5C96F6E4-C316-4FED-B847-970952BFC624} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe [2016-06-30] (Tencent) <==== UWAGA Task: {5E5F9F6F-EF47-4BD6-ACA3-0C04943D36D2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation) Task: {6F17FBA0-DA73-4BAC-AD36-CF01C6686805} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Łukasz\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-10-19] (Microsoft Corporation) Task: {6FA33179-B46C-48A3-BF6C-8535306E7444} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-15] (NVIDIA Corporation) Task: {718F729C-870B-4163-B0B2-B5474F830FB4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-28] (AVAST Software) Task: {BD6611DA-A80E-4842-9FBD-2806C537D2A9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation) Task: {C1D620C5-18EC-4E64-8464-D10702918305} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-18] (Google Inc.) Task: {C2F472B9-C35B-4583-AA84-17819AEE3291} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation) Task: {C7C1D570-1A71-4D20-8DF7-234AD97BD761} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\Users\Łukasz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Nolarry\Application\chrome.exe (Google Inc.) ShortcutWithArgument: C:\Users\Łukasz\Desktop\onemore - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Łukasz\Desktop\user0 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="ChromeDefaultData" ShortcutWithArgument: C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> D:\WarThunder\launcher.exe (Gaijin Entertainment) -> "hxxp://web-start.org//?ssid=1477373898&a=1107468&src=sh&uuid=08db89f1-4285-4041-a5e6-a641995db82b" ShortcutWithArgument: C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://web-start.org//?ssid=1477373898&a=1107468&src=sh&uuid=08db89f1-4285-4041-a5e6-a641995db82b" ShortcutWithArgument: C:\Users\Łukasz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4b45109650d6dd26\Google Chrome.lnk -> C:\Program Files (x86)\Nolarry\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData ShortcutWithArgument: C:\Users\Łukasz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Nolarry\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Nolarry\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\Users\Public\Desktop\WarThunder.lnk -> D:\WarThunder\launcher.exe (Gaijin Entertainment) -> "hxxp://web-start.org//?ssid=1477373898&a=1107468&src=sh&uuid=08db89f1-4285-4041-a5e6-a641995db82b" ==================== Załadowane moduły (filtrowane) ============== 2016-10-18 10:55 - 2015-07-15 04:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll 2016-10-18 10:56 - 2016-09-07 06:29 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll 2016-10-18 23:10 - 2016-06-15 04:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-10-18 23:10 - 2016-06-15 04:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-10-18 23:10 - 2016-06-15 04:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-10-18 23:10 - 2016-06-15 04:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-10-18 23:10 - 2016-06-15 04:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-10-18 23:10 - 2016-06-15 04:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-10-18 23:10 - 2016-06-15 04:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-10-18 23:10 - 2016-06-15 04:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-10-18 08:13 - 2016-06-29 21:23 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-10-18 10:56 - 2016-09-30 08:00 - 02495776 _____ () C:\Windows\system32\CoreUIComponents.dll 2016-10-18 10:56 - 2016-09-30 08:00 - 02495776 _____ () C:\Windows\System32\CoreUIComponents.dll 2016-10-19 12:29 - 2016-10-19 12:29 - 01864384 _____ () C:\Users\Łukasz\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2016-10-18 08:00 - 2016-10-18 08:00 - 00396688 _____ () C:\Windows\system32\igfxTray.exe 2016-10-18 10:55 - 2015-09-17 07:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-07-10 12:59 - 2015-07-10 12:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll 2016-10-18 10:55 - 2015-09-17 08:04 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll 2016-10-18 10:56 - 2016-09-07 06:13 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-10-18 10:55 - 2016-09-07 06:10 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-10-18 10:56 - 2016-09-07 06:10 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-10-18 10:56 - 2015-09-17 07:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 13:00 - 2015-07-10 18:32 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2016-10-18 08:06 - 2010-10-26 12:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2016-10-17 23:20 - 2016-10-17 23:20 - 01582592 _____ () C:\Users\Łukasz\AppData\Roaming\gplyra\gplyra.exe 2016-10-18 23:10 - 2016-06-15 04:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-10-18 23:10 - 2016-06-15 04:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-10-21 00:57 - 2016-10-20 10:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll 2016-10-21 00:57 - 2016-10-20 10:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll 2016-10-25 20:15 - 2016-10-24 11:06 - 31066304 _____ () C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.205\pepflashplayer.dll 2016-10-28 20:31 - 2016-10-28 20:31 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-10-28 20:33 - 2016-10-28 20:33 - 03125136 _____ () C:\Program Files\AVAST Software\Avast\defs\16102800\algo.dll 2016-10-28 20:31 - 2016-10-28 20:31 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-10-29 10:48 - 2016-10-29 10:48 - 03125136 _____ () C:\Program Files\AVAST Software\Avast\defs\16102900\algo.dll 2016-10-26 20:10 - 2016-10-28 03:43 - 00342528 _____ () c:\program files (x86)\winarcher\archer.dll 2016-10-26 20:12 - 2016-10-26 05:25 - 00348160 _____ () c:\programdata\tencent\qq\qmdr\dr.dll 2016-10-26 20:10 - 2016-10-26 04:49 - 00218624 _____ () c:\programdata\winsapsvc\winsap.dll 2016-10-18 23:10 - 2016-06-15 04:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-10-19 12:29 - 2016-10-19 12:29 - 01383616 _____ () C:\Users\Łukasz\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2016-10-19 12:29 - 2016-10-19 12:29 - 00118976 _____ () C:\Users\Łukasz\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll 2016-10-19 15:00 - 2016-10-27 03:09 - 51889264 _____ () C:\Users\Łukasz\AppData\Roaming\Spotify\libcef.dll 2016-10-19 15:00 - 2016-10-27 03:09 - 01803888 _____ () C:\Users\Łukasz\AppData\Roaming\Spotify\libglesv2.dll 2016-10-19 15:00 - 2016-10-27 03:09 - 00086128 _____ () C:\Users\Łukasz\AppData\Roaming\Spotify\libegl.dll 2016-10-28 20:31 - 2016-10-28 20:31 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-10-18 15:52 - 2016-09-08 05:14 - 00784672 _____ () D:\Program Files (x86)\Steam\SDL2.dll 2016-10-18 15:52 - 2016-09-01 03:02 - 04969248 _____ () D:\Program Files (x86)\Steam\v8.dll 2016-10-18 15:52 - 2016-10-13 03:58 - 02321696 _____ () D:\Program Files (x86)\Steam\video.dll 2016-10-18 15:52 - 2016-01-27 09:49 - 02549760 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll 2016-10-18 15:52 - 2016-01-27 09:49 - 00491008 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll 2016-10-18 15:52 - 2016-01-27 09:49 - 00332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll 2016-10-18 15:52 - 2016-01-27 09:49 - 00442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll 2016-10-18 15:52 - 2016-01-27 09:49 - 00485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll 2016-10-18 15:52 - 2016-09-01 03:02 - 01563936 _____ () D:\Program Files (x86)\Steam\icui18n.dll 2016-10-18 15:52 - 2016-09-01 03:02 - 01195296 _____ () D:\Program Files (x86)\Steam\icuuc.dll 2016-10-18 15:52 - 2016-10-13 03:58 - 00836896 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-10-18 15:52 - 2016-07-05 00:17 - 00266560 _____ () D:\Program Files (x86)\Steam\openvr_api.dll 2016-10-18 15:52 - 2016-08-04 22:56 - 49825056 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll 2016-10-18 15:52 - 2015-09-25 01:52 - 00119208 _____ () D:\Program Files (x86)\Steam\winh264.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpf64.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpr64.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpf64.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpr64.sys => ""="Driver" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: ========================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2015-07-10 13:04 - 2016-10-25 07:41 - 00001006 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-2201974653-3557858501-2080791748-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 104.197.191.4 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja wyłączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == HKU\S-1-5-21-2201974653-3557858501-2080791748-1001\...\StartupApproved\Run: => "Steam" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{F8ED2F70-E43C-4F5F-B086-6ACFDD92CCF4}] => (Allow) D:\WarThunder\launcher.exe FirewallRules: [{D7F55E41-591E-4064-8EAB-DE00A4A5CDAA}] => (Allow) D:\WarThunder\launcher.exe FirewallRules: [{BE53B818-7663-4014-B37D-23ACDE93181C}] => (Allow) D:\WarThunder\run.exe FirewallRules: [{F47A431B-00D2-4104-BDA8-5FE7B8E145DD}] => (Allow) D:\WarThunder\run.exe FirewallRules: [{D666982F-290B-4A92-A33E-8D29BB16AC89}] => (Allow) LPort=80 FirewallRules: [{87F21F9C-2AA7-4B6A-98DF-B2C6CAFA7FE8}] => (Allow) LPort=443 FirewallRules: [{01FDECC1-0082-40D4-9D01-76D02510C71B}] => (Allow) LPort=20010 FirewallRules: [{0D39C369-DAD3-4318-AE33-A1AD75A2E7F3}] => (Allow) LPort=3478 FirewallRules: [{A5645DE5-E2CB-4779-8316-92A37684CFC1}] => (Allow) LPort=7850 FirewallRules: [{D03344F0-C716-4A5C-AA51-E5F13D7FBEF8}] => (Allow) LPort=7852 FirewallRules: [{0B133B65-B801-4583-A406-2BFAAB181449}] => (Allow) LPort=7853 FirewallRules: [{0301BA56-9B82-4F6B-B8EB-A19D47802691}] => (Allow) LPort=27022 FirewallRules: [{424D0EE1-AA75-452E-82DF-390930E9A4A9}] => (Allow) LPort=6881 FirewallRules: [{A9409752-8538-460B-9C2D-6AF6E61DBBD2}] => (Allow) LPort=33333 FirewallRules: [{92271553-99BB-4DDC-BC8E-759126E14DDA}] => (Allow) LPort=20443 FirewallRules: [{41CF31D8-D3C0-48D3-8E18-007EC313E8E4}] => (Allow) LPort=8090 FirewallRules: [{AA74C9C6-B3C0-4AB6-AEDB-C461057EB185}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BCD95320-5063-4F6B-B2F8-0F1B4C0A7409}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{DC4BF52B-8C33-4BFB-8F5F-2B2D51C7A936}D:\warthunder\win64\aces.exe] => (Block) D:\warthunder\win64\aces.exe FirewallRules: [UDP Query User{163C61F9-8C8F-4A49-B0CF-848C4BEDE9A3}D:\warthunder\win64\aces.exe] => (Block) D:\warthunder\win64\aces.exe FirewallRules: [{89011F61-0E9B-4041-B08C-1148E36CE1D4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{981610AE-C9DC-4879-94BC-A2F9962370CB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{00E81AA1-A6EE-4C7B-838D-E826AB4F86EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{F4B19A4A-78CC-48B6-A370-ACBCF353CDA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{0C83D73E-12AB-4E42-9005-B8590DB33C13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{1392B228-B1C3-41F5-B8D1-165873E19795}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{427D5139-25A7-42E2-8986-1727BBE4FD7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{F0ED828A-ED92-4810-8298-8EDAAE6E3CD1}C:\users\łukasz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\łukasz\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{FC5B01B9-CFD1-42B4-B948-E387CB842CB2}C:\users\łukasz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\łukasz\appdata\roaming\spotify\spotify.exe FirewallRules: [{21333353-0D8C-4BCD-BF2D-B72D1D22A17E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{3DC94F77-6364-4457-A906-FA93016C4D73}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{ACB5DD32-5988-4D43-A7DF-04861F6DC7D3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{F077A525-D5A7-4327-908C-D60F45DDF830}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{7D569064-91E7-4539-B379-BCB0995237F5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{17421597-CC5E-453D-9CCD-E2BEB8740411}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{B234CA08-9621-4F1F-948B-8314EA8ED0B7}C:\users\łukasz\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\łukasz\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{AF2C11F8-459D-4099-8EEB-A85DAB1A4511}C:\users\łukasz\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\łukasz\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{A26F62A0-0E58-4EB6-A86C-0177A23E6EF3}D:\warthunder\win64\aces.exe] => (Allow) D:\warthunder\win64\aces.exe FirewallRules: [UDP Query User{71AC116E-C529-495B-BC8A-8837EB317A99}D:\warthunder\win64\aces.exe] => (Allow) D:\warthunder\win64\aces.exe FirewallRules: [TCP Query User{0404EA79-2DAC-492E-BBBF-E38CA8D5F01D}D:\warthunder\launcher.exe] => (Allow) D:\warthunder\launcher.exe FirewallRules: [UDP Query User{4DD88BAA-B87D-42FE-916B-43AAE89F4232}D:\warthunder\launcher.exe] => (Allow) D:\warthunder\launcher.exe FirewallRules: [{B82AA885-F541-4984-A87F-4B7FC45C5A52}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{1F1BFEE8-3B78-4B39-96A3-E1E7B0AA5296}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{44EC26E2-FE4D-40DC-ACA3-D3179558CDA4}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{FA6D183A-C68E-4BD5-81C8-361A54FBB4EE}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{B2AE9138-ECCC-494E-8E37-58E8BD8FEAEF}] => (Allow) C:\Program Files (x86)\Nolarry\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= UWAGA: Przywracanie systemu jest wyłączone ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (10/30/2016 12:03:46 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: DESKTOP-V7GJ80M) Description: Nie można ponownie uruchomić aplikacji lub usługi ed2k idle service. Error: (10/29/2016 05:18:22 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to add firewall exception for D:\Program Files (x86)\Steam\bin\steamwebhelper.exe Error: (10/29/2016 11:29:14 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/29/2016 11:28:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/29/2016 11:28:46 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/29/2016 11:27:20 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/29/2016 11:26:41 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/29/2016 10:48:18 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/29/2016 10:48:14 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/29/2016 10:48:09 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=UserLogon;SessionId=2 Dziennik System: ============= Error: (10/30/2016 12:03:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi ed2k idle service z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (10/29/2016 02:05:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Synchronizuj hosta_Session1 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (10/28/2016 08:46:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Stecos zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonej procedury. Error: (10/28/2016 08:46:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Double Spaced Firewall z powodu następującego błędu: Nie można uruchomić aplikacji Double Spaced Firewall w trybie Win32. Error: (10/28/2016 08:46:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi UvConverter z powodu następującego błędu: Nie można uruchomić aplikacji UvConverter w trybie Win32. Error: (10/28/2016 08:46:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Network Packet Manitor z powodu następującego błędu: Nie można uruchomić aplikacji Network Packet Manitor w trybie Win32. Error: (10/28/2016 08:46:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi InterHop z powodu następującego błędu: Nie można uruchomić aplikacji InterHop w trybie Win32. Error: (10/28/2016 08:46:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Background Logic Handler z powodu następującego błędu: Nie można uruchomić aplikacji Background Logic Handler w trybie Win32. Error: (10/28/2016 08:46:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Export Start Menu z powodu następującego błędu: Nie można uruchomić aplikacji Export Start Menu w trybie Win32. Error: (10/28/2016 08:45:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-V7GJ80M) Description: Serwer {9BA05972-F6A8-11CF-A442-00A0C90A8F39} nie zarejestrował się w modelu DCOM w wymaganym czasie. CodeIntegrity: =================================== Date: 2016-10-27 01:34:53.793 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-10-23 22:30:37.031 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-19 14:18:28.389 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz Procent pamięci w użyciu: 40% Całkowita pamięć fizyczna: 8088.36 MB Dostępna pamięć fizyczna: 4810.12 MB Całkowita pamięć wirtualna: 10136.36 MB Dostępna pamięć wirtualna: 6477.79 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:48.83 GB) (Free:10.17 GB) NTFS Drive d: (Nowy) (Fixed) (Total:174.25 GB) (Free:122.01 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 590A239C) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=174.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================