Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 15-03-2017 Uruchomiony przez Magda (25-03-2017 15:09:26) Uruchomiony z C:\Users\Magda\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2015-11-20 16:56:14) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-889502687-1621722843-2806320331-500 - Administrator - Disabled) Gość (S-1-5-21-889502687-1621722843-2806320331-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-889502687-1621722843-2806320331-1002 - Limited - Enabled) Magda (S-1-5-21-889502687-1621722843-2806320331-1000 - Administrator - Enabled) => C:\Users\Magda ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-889502687-1621722843-2806320331-1000\...\uTorrent) (Version: 3.5.0.43534 - BitTorrent Inc.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated) AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam) Ashampoo Burning Studio 2016 v.16.0.0 (HKLM-x32\...\{91B33C97-B4A4-B41A-6B97-C62C82CEB6A9}_is1) (Version: 16.0.0 - Ashampoo GmbH & Co. KG) Audytor C.O. - Deinstalacja programu (HKLM-x32\...\Audytor C.O. 4.0basic EDU_is1) (Version: wersja 4.0basic EDU - SANKOM Sp. z o.o.) Audytor C.O. - Deinstalacja programu (HKLM-x32\...\Audytor C.O. 4.1basic EDU_is1) (Version: wersja 4.1basic EDU - SANKOM Sp. z o.o.) Audytor EKO - Deinstalacja programu (HKLM-x32\...\Audytor EKO 1.0 Edu_is1) (Version: wersja 1.0 Edu - SANKOM Sp. z o.o.) Audytor OZC - Deinstalacja programu (HKLM-x32\...\Audytor OZC 6.6Pro Edu_is1) (Version: wersja 6.6Pro Edu - SANKOM Sp. z o.o.) AutoCAD 2007 - Polski (HKLM-x32\...\{5783F2D7-5001-0415-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk) AutoCAD 2009 - Polski (HKLM\...\AutoCAD 2009 - Polski) (Version: 17.2.56.0 - Autodesk) AutoCAD 2009 - Polski (Version: 17.2.56.0 - Autodesk) Hidden Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.83 - Atheros Communications) CADprofi (x32 Version: 12.0.01 - CADProfi) Hidden CAIRO 3.4.0 (HKLM-x32\...\{FDA0967F-FA92-4543-8E1D-6B0243321658}_is1) (Version: - SECESPOL SP. Z O.O.) CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.) EPA SWMM 5.1 (HKLM-x32\...\EPA SWMM 5.1) (Version: - US EPA) EPA SWMM 5.1 (x32 Version: 5.1.010 - US EPA) Hidden EPANET 2.0 (HKLM-x32\...\EPANET 2.0) (Version: - ) FDBES Ventpack 2.17 [PL-09.04.24] (HKLM-x32\...\FDBES Ventpack_is1) (Version: - Fluid Desk Sp. z o.o., Szczecin) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden HydroCAD (HKLM-x32\...\HydroCAD) (Version: - ) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation) Kan H2O - Deinstalacja programu (HKLM-x32\...\Kan H2O 1.5_is1) (Version: wersja 1.5 - SANKOM Sp. z o.o.) K-Lite Mega Codec Pack 11.7.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.0 - ) Macromedia Flash Player 8 (HKLM-x32\...\ShockwaveFlash) (Version: 8 - Macromedia) Metalplast v1.042 (HKLM-x32\...\Metalplast - program doboru_is1) (Version: - Piotr Przybycin) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23026 (HKLM\...\{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}) (Version: 14.0.23026 - Microsoft Corporation) Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23026 (HKLM\...\{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}) (Version: 14.0.23026 - Microsoft Corporation) Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 (HKLM-x32\...\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}) (Version: 14.0.23026 - Microsoft Corporation) Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 (HKLM-x32\...\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}) (Version: 14.0.23026 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}) (Version: 2.0.50728 - Microsoft Corporation) Mozilla Firefox 42.0 (x64 pl) (HKLM\...\Mozilla Firefox 42.0 (x64 pl)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden NVIDIA Oprogramowanie systemu PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) NVIDIA Sterownik 3D Vision 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA Sterownik graficzny 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation) Pakiet sterowników systemu Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) Panel sterowania NVIDIA 358.91 (Version: 358.91 - NVIDIA Corporation) Hidden PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge) Podatnik.info PIT pro 2016 wersja 2.3.16.0 (HKLM-x32\...\{B239B43B-3E99-40B0-80BF-1B1BCA868D4E}_is1) (Version: 2.3.16.0 - Podatnik.info Sp. z o.o.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software) SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.) VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Wavin-DOR 2.0 PL (HKLM-x32\...\{E9FA39D7-3962-478E-9B83-49DC143216F3}) (Version: 2.00.000 - Wavin - Dobór rurociągów) WinRAR 5.21 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-889502687-1621722843-2806320331-1000_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> E:\Programy\Autocad\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-889502687-1621722843-2806320331-1000_Classes\CLSID\{2F1F7574-ECCA-4361-B4DE-C411BF7EEE23}\localserver32 -> E:\Programy\Autocad\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-889502687-1621722843-2806320331-1000_Classes\CLSID\{6AB55F46-2523-4701-A912-B226F46252BA}\localserver32 -> E:\Programy\Autocad\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-889502687-1621722843-2806320331-1000_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> E:\Programy\Autocad\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-889502687-1621722843-2806320331-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> E:\Programy\Autocad\acadficn.dll (Autodesk, Inc.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {00B15B15-61FB-4D53-B902-757EF1CC1540} - System32\Tasks\SafeZone scheduled Autoupdate 1458423498 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {0B88972D-53BE-4239-B571-1540CE629D7F} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe Task: {12B06DE1-1921-4916-BA6E-D5A87652A948} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-01] (Google Inc.) Task: {131DAA1C-9FE7-41AC-AA6F-F2301B45B246} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {24488882-B1BC-48F4-92CA-1768F11AE6F2} - System32\Tasks\{897FCD0D-6B37-421E-8320-7DBAFE7BD32B} => pcalua.exe -a E:\Programy\2010-07-12_7-16_WAVPL_DOR.exe -d E:\Programy Task: {2558292B-6CAB-4933-8FEC-7535BBECD5BA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-08] (AVAST Software) Task: {337301D7-FCDA-496B-8103-5D956BC20D79} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-12] (AVAST Software) Task: {3CC7B9D8-AAC7-4AF9-BAE7-572169C371AB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd) Task: {3EDF1171-BE6B-4957-A9FC-6A4532DD23B0} - System32\Tasks\{9D3AEDE4-070C-4579-B56D-FC16CB166D34} => pcalua.exe -a I:\Setup.exe -d I:\ Task: {49AC6CEA-2199-4EDC-AA84-76BEC282637D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {6CDB1184-909D-489F-A707-5779E42E9076} - System32\Tasks\{4484ADD0-BD72-43F0-932F-C3FED487EDFD} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.15.0.102&LastError=12029 Task: {725AFD34-4E14-4912-A763-0747BE9739E3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-11-20] () Task: {8352F518-F249-461A-988D-48062037A7CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-01] (Google Inc.) Task: {AE640E7C-2D7C-4780-A188-8C991F89D5D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {CD54FDE7-9FDD-4EF9-9EAF-EB22B658EAFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-25] (Adobe Systems Incorporated) Task: {D7FD9BD0-7C43-40B0-AD53-353D9527AB83} - System32\Tasks\{07507777-5D22-4E3F-81C5-2BA13A7AFAA7} => pcalua.exe -a "E:\Instalki\DAEMON Tools Lite\InstallGadget.exe" -d "E:\Instalki\DAEMON Tools Lite" Task: {F26E8D3E-D1C5-48B4-9E63-EF1EC825C50A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2015-11-20 18:41 - 2015-11-05 18:13 - 00012080 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2015-11-20 18:42 - 2015-11-05 16:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-11-20 18:09 - 2012-11-15 02:03 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-03-02 20:22 - 2007-09-02 13:58 - 00495616 _____ () E:\Programy\RocketDock\RocketDock.exe 2017-03-25 09:03 - 2017-03-25 09:03 - 04031440 _____ () C:\Users\Magda\Desktop\adwcleaner_6.044.exe 2016-10-12 20:34 - 2016-10-12 20:34 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-03-25 08:29 - 2017-03-25 08:29 - 05993232 _____ () C:\Program Files\AVAST Software\Avast\defs\17032400\algo.dll 2016-10-12 20:34 - 2016-10-12 20:34 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2015-11-20 18:41 - 2015-11-05 18:13 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2016-02-29 19:53 - 2007-09-02 13:57 - 00069632 _____ () E:\Programy\RocketDock\RocketDock.dll 2015-11-14 03:30 - 2015-11-14 03:30 - 00147136 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll 2016-10-12 20:34 - 2016-10-12 20:34 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-02-07 18:19 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-07 18:19 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) HKU\S-1-5-21-889502687-1621722843-2806320331-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: ========================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:34 - 2016-02-29 19:52 - 00008814 ____N C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 a-0001.a-msedge.net 0.0.0.0 a-0002.a-msedge.net 0.0.0.0 a-0003.a-msedge.net 0.0.0.0 a-0004.a-msedge.net 0.0.0.0 a-0005.a-msedge.net 0.0.0.0 a-0006.a-msedge.net 0.0.0.0 a-0007.a-msedge.net 0.0.0.0 a-0008.a-msedge.net 0.0.0.0 a-0009.a-msedge.net 0.0.0.0 ads.msn.com 0.0.0.0 ads1.msads.net 0.0.0.0 a.ads1.msn.com 0.0.0.0 a.ads2.msn.com 0.0.0.0 ads1.msads.net 0.0.0.0 ads1.msn.com 0.0.0.0 aidps.atdmt.com 0.0.0.0 apps.skype.com 0.0.0.0 az361816.vo.msecnd.net 0.0.0.0 az512334.vo.msecnd.net 0.0.0.0 a.rad.msn.com 0.0.0.0 bs.serving-sys.com 0.0.0.0 c.atdmt.com 0.0.0.0 c.msn.com 0.0.0.0 ca.telemetry.microsoft.com 0.0.0.0 choice.microsoft.com 0.0.0.0 compatexchange.cloudapp.net 0.0.0.0 corp.sts.microsoft.com 0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com 0.0.0.0 cs1.wpc.v0cdn.net 0.0.0.0 df.telemetry.microsoft.com Wykryto więcej niż wyliczono: 177 linii. ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-889502687-1621722843-2806320331-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.43.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{1CFD242F-96AA-4873-B2A4-04CA3ED658EA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{13A750DC-FD3E-4ADF-B4E8-39798F41EEF3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{A94E94C4-3D17-494A-9B55-AE815804DA98}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{45307E6F-062C-4034-A571-0EB1C7413ABA}C:\users\magda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\magda\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{7D5D2BFA-BA6A-4997-A153-5C7F79820866}C:\users\magda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\magda\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{4552663E-D668-420C-9917-D81635404BD7}] => (Allow) E:\Programy\NapiProjekt\napisy.exe FirewallRules: [{434EECDC-E707-4D5A-AF4B-C014421CB4C5}] => (Allow) E:\Programy\NapiProjekt\napisy.exe FirewallRules: [TCP Query User{CD42B9B4-03CA-45A5-8B04-3B6CE383ACBB}D:\games\pro evolution soccer 2016\pes2016.exe] => (Allow) D:\games\pro evolution soccer 2016\pes2016.exe FirewallRules: [UDP Query User{4318224E-8EBE-4479-B149-556E1AF9CB53}D:\games\pro evolution soccer 2016\pes2016.exe] => (Allow) D:\games\pro evolution soccer 2016\pes2016.exe FirewallRules: [TCP Query User{7ABFAB74-AD47-4293-AF61-97493C10E203}C:\users\magda\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\magda\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{838310FB-A3EC-41F3-A2A0-9EF758E17D9C}C:\users\magda\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\magda\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{23199C9B-B5F8-4A6E-B3CD-625B5BCF9AFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= 25-03-2017 14:49:29 Restore Point Created by FRST ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (03/25/2017 02:53:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/25/2017 02:49:28 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {af274db2-f89e-417d-b2b7-71a5b67c1b74} Error: (03/25/2017 02:29:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/25/2017 09:44:35 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/25/2017 09:06:42 AM) (Source: MsiInstaller) (EventID: 10005) (User: Magda-1) Description: Produkt: AutoCAD 2007 - Polski -- Błąd wewnętrzny 2884. ErrorDialog Error: (03/25/2017 08:58:54 AM) (Source: MsiInstaller) (EventID: 11308) (User: Magda-1) Description: Produkt: AutoCAD 2007 - Polski -- Błąd 1308. Nie znaleziono pliku źródłowego: J:\Bin\AcadFEUI\Program Files\Root\WebDepot\RTAnimDots.js. Sprawdź czy plik istnieje i czy masz do niego dostęp. Error: (03/25/2017 08:49:44 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {8a3f6889-807d-4b2f-be01-f55e8b243774} Error: (03/25/2017 08:29:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: MustangSer35.exe, wersja: 1.0.0.6, sygnatura czasowa: 0x567001d1 Nazwa modułu powodującego błąd: MustangSer35.exe, wersja: 1.0.0.6, sygnatura czasowa: 0x567001d1 Kod wyjątku: 0x40000015 Przesunięcie błędu: 0x00012d34 Identyfikator procesu powodującego błąd: 0xb60 Godzina uruchomienia aplikacji powodującej błąd: 0x01d2a53949bb2073 Ścieżka aplikacji powodującej błąd: C:\ProgramData\TempMoudleSet\MustangSer35.exe Ścieżka modułu powodującego błąd: C:\ProgramData\TempMoudleSet\MustangSer35.exe Identyfikator raportu: cf984786-112c-11e7-8d3e-3859f904ffb0 Error: (03/25/2017 08:28:50 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/19/2017 09:44:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Dziennik System: ============= Error: (03/25/2017 02:52:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi PIT Pro Update Service z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (03/25/2017 02:52:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą PIT Pro Update Service. Error: (03/25/2017 02:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Office 64 Source Engine niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (03/25/2017 02:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Intel(R) Management and Security Application User Notification Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (03/25/2017 02:49:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Intel(R) Management and Security Application Local Management Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (03/25/2017 02:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Disc Soft Lite Bus Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (03/25/2017 02:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa AtherosSvc niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (03/25/2017 02:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Atheros Bt&Wlan Coex Agent niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (03/25/2017 02:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Andrea ST Filters Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (03/25/2017 02:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Adobe Acrobat Update Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. CodeIntegrity: =================================== Date: 2017-03-25 14:33:30.620 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\Machnm32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-25 14:33:30.386 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\Machnm32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-25 14:33:29.482 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\Machnm32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-25 14:33:29.248 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\Machnm32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-25 14:33:15.863 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\Machnm32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-25 14:33:15.629 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\Machnm32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-25 10:07:11.579 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\Machnm32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-25 10:07:11.336 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\Machnm32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-25 10:07:09.641 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\Machnm32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-25 10:07:09.378 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\Machnm32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz Procent pamięci w użyciu: 27% Całkowita pamięć fizyczna: 8099.17 MB Dostępna pamięć fizyczna: 5836.05 MB Całkowita pamięć wirtualna: 16196.53 MB Dostępna pamięć wirtualna: 13696.21 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:48.78 GB) (Free:6.31 GB) NTFS Drive d: () (Fixed) (Total:269.57 GB) (Free:171.83 GB) NTFS Drive e: () (Fixed) (Total:277.72 GB) (Free:266.71 GB) NTFS Drive g: (ACAD2007plk-2) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 0C7A859B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=269.6 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=277.7 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================