Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 15-03-2017 Uruchomiony przez Ciernik81 (29-03-2017 19:15:49) Uruchomiony z C:\Users\Ciernik81\FRST Windows 8.1 (Update) (X64) (2014-11-01 22:21:13) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-4286388990-3003455752-1806294516-500 - Administrator - Disabled) Ciernik81 (S-1-5-21-4286388990-3003455752-1806294516-1002 - Administrator - Enabled) => C:\Users\Ciernik81 Gość (S-1-5-21-4286388990-3003455752-1806294516-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4286388990-3003455752-1806294516-1004 - Limited - Enabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated) AIMP (HKLM-x32\...\AIMP) (Version: v4.11.1841, 09.10.2016 - AIMP DevTeam) AMD Catalyst Install Manager (HKLM\...\{5094145C-9F17-8099-7F4F-E5AADD5E4065}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AVS Media Player 4.3.3 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.3.3.117 - Online Media Technologies Ltd.) AVS Video Converter 9.4.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.4.1.594 - Online Media Technologies Ltd.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3920 - CyberLink Corp.) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) Foxit PhantomPDF (HKLM-x32\...\{5F3E0897-97AA-4FC2-A0A9-130A39D0FDFB}) (Version: 6.0.16.324 - Foxit Corporation) GG (HKU\S-1-5-21-4286388990-3003455752-1806294516-1002\...\GG) (Version: 12 - GG Network S.A.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company) HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.18.2044 - HP Inc.) HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{53AE55F3-8E99-4776-A347-06222894ECD3}) (Version: 1.1.0.0 - Hewlett-Packard) HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.11.10 - Hewlett-Packard Company) HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{A3876D50-4A88-4A34-92E1-5D7BC8F886E1}) (Version: 1.0.1 - Hewlett-Packard Company) HP File Sanitizer (HKLM-x32\...\{6349342F-9CEF-4A70-995A-2CF3704C2603}) (Version: 8.4.27.1 - Hewlett-Packard Company) HP HD Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10284 - Realtek Semiconductor Corp.) HP Hotkey Support (HKLM-x32\...\{F50E6249-63F5-4940-8E13-471A210D293E}) (Version: 6.2.5.1 - Hewlett-Packard Company) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard) HP SoftPaq Download Manager (HKLM-x32\...\{34FF930E-DBF9-4858-BAB5-BAC957BF616E}) (Version: 3.5.1.0 - Hewlett-Packard Company) HP Software Setup (HKLM-x32\...\{F6D61EC9-347B-4019-9F8E-E24169F7C330}) (Version: 8.7.5 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{B11B6E26-63A4-4BB6-AA39-0AF758B26092}) (Version: 12.5.32.203 - Hewlett-Packard Company) HP System Default Settings (HKLM-x32\...\{29641907-0BBA-4832-B6DE-349DAA655883}) (Version: 2.1.1 - Hewlett-Packard Company) HP Theft Recovery (HKLM-x32\...\InstallShield_{B1E569B6-A5EB-4C97-9F93-9ED2AA99AF0E}) (Version: 8.3.0.7 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) HP Wireless Hotspot (HKLM-x32\...\{563ADFC1-38E6-4EF0-8763-7CDA8289944B}) (Version: 1.0.25.1 - Hewlett-Packard Company) ImageShack Uploader 2.2.0 (HKLM-x32\...\{8BCD7AE7-F713-4D50-BAB9-7839B9386870}) (Version: 2.2.0 - ImageShack Corp.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4432 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.8.1002 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{978B5476-EAF9-4EB0-AD34-92689249A016}) (Version: 4.2.41.2499 - Intel Corporation) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab) Kaspersky Anti-Virus (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden Malwarebytes (wersja 3.0.6.1469) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Might and Magic Heroes VII (HKLM-x32\...\Uplay Install 1176) (Version: - Ubisoft) Mozilla Firefox 52.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 pl)) (Version: 52.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla) MyMouse 4.3 (HKLM-x32\...\MyMouse_is1) (Version: 4.3 - Jason Cox) OEM Application Profile (HKLM-x32\...\{29F5A1C9-0BC3-16E6-9384-3BC5D1CB7ACE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) OEM Application Profile (HKLM-x32\...\{FA2905FA-6EB6-F61A-D565-30634F5F673E}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Oprogramowanie mikroukładu Intel® (x32 Version: 10.1.1.11 - Intel(R) Corporation) Hidden PLAY INTERNET (HKLM-x32\...\PLAY INTERNET) (Version: 23.015.11.00.264 - Huawei Technologies Co.,Ltd) PlayChess (HKLM\...\PlayChess) (Version: - ChessBase GmbH) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.119 - Realtek Semiconduct Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.30.328.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7818 - Realtek Semiconductor Corp.) Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.37.4 - Synaptics Incorporated) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer) Tele2 Mobile Partner (HKLM-x32\...\Tele2 Mobile Partner) (Version: 11.300.05.28.56 - Huawei Technologies Co.,Ltd) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) Uplay (HKLM-x32\...\Uplay) (Version: 7.3 - Ubisoft) Validity Fingerprint Sensor Driver (HKLM\...\{ADAA7361-54B8-4FC8-804E-94EC6C11ED68}) (Version: 4.5.133.0 - Validity Sensors, Inc.) YTD Video Downloader 5.8.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.8.2 - GreenTree Applications SRL) <==== UWAGA ZebraDesigner 2 (HKLM-x32\...\ZebraDesigner 2) (Version: 2.2.3.4266 - Zebra Technologies Corporation) ZebraDesigner 2 (x32 Version: 2.2.3.4266 - Zebra Technologies Corporation) Hidden ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-4286388990-3003455752-1806294516-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-4286388990-3003455752-1806294516-1002_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Ciernik81\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {0B7603F6-888B-41E9-9E6D-20CFF8B5B2AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {1A72A5D8-2AA5-405A-979F-6BAF1EE63FB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-23] (Google Inc.) Task: {35324BED-A891-4C60-B7B1-21B71FA0A147} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.) Task: {3BEF8C36-AB09-4933-AF7A-97F80B095827} - System32\Tasks\{AF09EA5E-8AD3-41C7-A7C3-65AF16527BA7} => pcalua.exe -a "C:\Program Files (x86)\ZebraDesigner Pro\Bin\Design.exe" -d C:\Users\Ciernik81\Desktop Task: {44996855-D13E-4CB3-A0C6-70F9E068876D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-23] (Google Inc.) Task: {6419D9C2-D6E6-45BC-B6C0-D7DF49406BF4} - System32\Tasks\{E99DFF34-9CCB-4A69-AC68-61724778C359} => pcalua.exe -a C:\Users\Ciernik81\AppData\Local\{0E03385F-2AAB-54E7-4733-710F635B8D97}\uninst.exe -c -P=/Uninstall /s /noun /DelSelfDir Task: {7B0292C9-3D33-4DAE-8371-589EC11240FA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated) Task: {7D8DAABC-E49B-45C3-B02C-D276DB28A443} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {A7FA3700-64AD-4CE7-BB12-EDACD42ADCFB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2017-03-15] (Microsoft Corporation) Task: {AB761F9A-C1B5-4D36-A888-B2B6DCF76788} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {BE1708AF-2A27-4059-9D6C-59E5077DB66A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.) Task: {C117A835-3632-4B76-B192-2DA546A434A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-02] (HP Inc.) Task: {C4371923-621F-4BF6-8491-E03ADE9C484A} - System32\Tasks\HPCeeScheduleForCiernik81 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {D93760C2-1348-46EB-8C8E-7A9412C3ADF1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.) Task: {F50E31EC-CDCF-4F3E-B726-26E800A976D7} - System32\Tasks\{5A3C49CE-2C94-463A-A324-CB35CF90D677} => pcalua.exe -a "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe" -c uplay://uninstall/895 (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\windows\Tasks\HPCeeScheduleForCiernik81.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ShortcutWithArgument: C:\Users\Public\Desktop\Box offer for HP.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=none&locale=en_*&pf=cmnb&s=Box_50GB&tp=dticon ==================== Załadowane moduły (filtrowane) ============== 2014-05-28 09:14 - 2014-05-28 09:14 - 00336056 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll 2014-03-31 14:28 - 2014-03-31 14:28 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe 2014-11-06 05:36 - 2009-09-23 15:32 - 00110592 _____ () C:\ProgramData\DatacardService\DCSHost.exe 2014-01-15 05:42 - 2014-01-15 05:42 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2013-09-06 18:06 - 2013-09-06 18:06 - 00198120 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-09-06 18:06 - 2013-09-06 18:06 - 00054760 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-09-06 18:05 - 2013-09-06 18:05 - 00034792 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2016-01-04 16:51 - 2013-10-26 11:45 - 00651856 _____ () C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe 2017-03-06 23:56 - 2017-02-24 07:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\kpcengine.2.3.dll 2016-01-04 16:51 - 2013-08-31 07:44 - 02417152 _____ () C:\ProgramData\PLAY INTERNET\OnlineUpdate\QtCore4.dll 2016-01-04 16:51 - 2013-08-31 07:46 - 01148416 _____ () C:\ProgramData\PLAY INTERNET\OnlineUpdate\QtNetwork4.dll 2016-01-04 16:51 - 2009-01-10 20:32 - 00011362 _____ () C:\ProgramData\PLAY INTERNET\OnlineUpdate\mingwm10.dll 2016-01-04 16:51 - 2009-06-23 04:42 - 00043008 _____ () C:\ProgramData\PLAY INTERNET\OnlineUpdate\libgcc_s_dw2-1.dll 2015-02-12 16:05 - 2016-04-22 12:31 - 03716144 _____ () C:\Users\Ciernik81\AppData\Local\GG\Application\xulrunner\mozjs.dll 2014-07-07 08:41 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-10-10 10:37 - 2014-10-10 10:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Windows:nlsPreferences [0] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2013-08-22 15:25 - 2017-01-29 02:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-4286388990-3003455752-1806294516-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\Washing-up-time.jpg DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == HKLM\...\StartupApproved\Run: => "RtsCM" HKU\S-1-5-21-4286388990-3003455752-1806294516-1002\...\StartupApproved\StartupFolder: => "GameRanger.lnk" HKU\S-1-5-21-4286388990-3003455752-1806294516-1002\...\StartupApproved\Run: => "Catcher" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{AEE46D87-E3B3-4A9C-86AC-D63E89955DA3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{64B1F763-B0B4-402F-BB48-B0367732290A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{94345875-75B6-4E76-AAFF-DF32387A7728}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{95A940E9-F1CF-4F11-A7B8-83806A159F75}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{634E0D85-9BF9-409C-B44D-2D6152D6103F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{F868E00C-A11C-49F9-837A-03D1E48B3DEF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{77AC4747-CB33-467A-8CAB-EEB8F8CACA32}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{F89CA75A-9129-458D-91CB-B46E2ECDB618}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{45378F5D-6E1D-4FD3-8E73-FC765CAF3403}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{C3B683C9-EB89-4526-8195-3CF0AD1FAA27}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [TCP Query User{2C61811A-1B03-478E-93E7-148EC19734DE}C:\users\ciernik81\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\ciernik81\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [UDP Query User{2DA75114-0E18-4B20-BB9D-41CFCBA692E9}C:\users\ciernik81\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\ciernik81\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [TCP Query User{4186857A-6D57-4A5D-BD54-F17F2DBD382F}C:\pawel\heroes of might and magic iii complete\heroes3.exe] => (Allow) C:\pawel\heroes of might and magic iii complete\heroes3.exe FirewallRules: [UDP Query User{B624A740-9A9B-47FB-9C53-3A1E320FBABF}C:\pawel\heroes of might and magic iii complete\heroes3.exe] => (Allow) C:\pawel\heroes of might and magic iii complete\heroes3.exe FirewallRules: [TCP Query User{95D40AE8-5529-43E3-951D-70D7632BFB5D}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [UDP Query User{A42CB586-7505-4300-8DDC-6EA54ACE6BAC}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [TCP Query User{D8F86F0A-92CD-4AB9-B14F-6639BCE0EA78}C:\users\ciernik81\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\ciernik81\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [UDP Query User{B5632962-553A-4698-B4CA-1ED0EF83A626}C:\users\ciernik81\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\ciernik81\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [TCP Query User{3B9CB85C-67E3-471D-BAA7-65B235B07C38}C:\pawel\heroes of might and magic iii complete\heroes3.exe] => (Allow) C:\pawel\heroes of might and magic iii complete\heroes3.exe FirewallRules: [UDP Query User{9273657B-3E00-46CD-A5CE-489BA8C7AFB6}C:\pawel\heroes of might and magic iii complete\heroes3.exe] => (Allow) C:\pawel\heroes of might and magic iii complete\heroes3.exe FirewallRules: [TCP Query User{AD841CE9-9DA5-4B2E-93D5-876762EE0646}C:\users\ciernik81\appdata\local\temp\_tc0\heroes of might and magic iii complete\_hd3_data\heroes3.exe] => (Allow) C:\users\ciernik81\appdata\local\temp\_tc0\heroes of might and magic iii complete\_hd3_data\heroes3.exe FirewallRules: [UDP Query User{0370F86C-CBB7-4BE2-8EC5-F9D91E2D5420}C:\users\ciernik81\appdata\local\temp\_tc0\heroes of might and magic iii complete\_hd3_data\heroes3.exe] => (Allow) C:\users\ciernik81\appdata\local\temp\_tc0\heroes of might and magic iii complete\_hd3_data\heroes3.exe FirewallRules: [{F658CD1A-96DC-4394-A57D-46CC8B339171}] => (Block) C:\users\ciernik81\appdata\local\temp\_tc0\heroes of might and magic iii complete\_hd3_data\heroes3.exe FirewallRules: [{E9F51718-DA67-40DA-B989-26F65352D706}] => (Block) C:\users\ciernik81\appdata\local\temp\_tc0\heroes of might and magic iii complete\_hd3_data\heroes3.exe FirewallRules: [{8C636DEB-196D-493B-BA25-62BEEF3BEE48}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3F55D05D-02DD-4940-B26D-BC2BCBCB8F0A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{90B7F884-38C4-4A43-BB8A-043DBBC6392E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{A96B5D48-2EB4-4A5C-91EB-EB78A55001FA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{77EF5A9D-A072-444D-834B-AB79A3E8524E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EE0CBBBB-F837-4E97-B6CB-0C102DBFB56E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{6BC573DD-5CB9-4840-88CB-9A65B78A6CC9}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [UDP Query User{C0A0D4D0-2ED3-4863-8A3A-589A7731DD9C}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [TCP Query User{FC392B77-2135-4325-8E3D-AFC8B696C0A2}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [UDP Query User{86D0D2B6-109B-4297-924E-4F6376776F54}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [{BE6BE613-3EAF-48FC-A8A0-C0D5E72742E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{24E420A6-A9AB-4118-97D0-A4483B218E3A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D3633528-2DD2-40EE-9406-819E21E87B54}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{C829497B-BE62-437A-83C7-C2857E3C7817}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{88EAA59E-5958-45E0-85F2-CB0D6214391D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Might and Magic Heroes VII\Binaries\Win32\MMH7Game-Win32-Shipping.exe FirewallRules: [{D554DCF8-9928-4018-9F04-C73DE17F6FD3}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Might and Magic Heroes VII\Binaries\Win64\MMH7Game-Win64-Shipping.exe FirewallRules: [{7484FEC2-67E3-44AF-B02E-A92A3BE263DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5336B872-7012-4362-87E9-5CB963AFDCDB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= 14-03-2017 17:18:29 Zaplanowany punkt kontrolny 18-03-2017 18:13:04 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 20-03-2017 23:23:27 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 23-03-2017 14:07:15 Restore Point Created by FRST ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (03/29/2017 03:17:47 PM) (Source: Windows Search Service) (EventID: 10021) (User: ) Description: Nie można uzyskać informacji rejestru licznika wydajności dla elementu WSearchIdxPi w wystąpieniu z powodu następującego błędu: Operacja ukończona pomyślnie. 0x0. Error: (03/29/2017 03:17:47 PM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Nie można zainicjować monitorowania wydajności dla obiektu programu zbierającego, ponieważ liczniki nie są załadowane lub nie można otworzyć obiektu pamięci współużytkowanej. Wpływa to tylko na dostępność liczników monitora wydajności. Uruchom ponownie komputer. Kontekst: aplikacja , wykaz SystemIndex Error: (03/29/2017 03:17:47 PM) (Source: Windows Search Service) (EventID: 3006) (User: ) Description: Nie można zainicjować monitorowania wydajności dla usługi zbierającej, ponieważ liczniki nie są załadowane lub nie można otworzyć obiektu pamięci współużytkowanej. Wpływa to tylko na dostępność liczników monitora wydajności. Uruchom ponownie komputer. Error: (03/29/2017 12:55:46 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: Nie powiodło się wykonanie procedury otwierania dla usługi „.NETFramework” w bibliotece DLL „C:\windows\system32\mscoree.dll”. Dane wydajności dla tej usługi nie będą dostępne. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu. Error: (03/29/2017 12:55:40 PM) (Source: HP Active Health) (EventID: 88) (User: ) Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it Error: (03/29/2017 12:55:40 PM) (Source: HP Active Health) (EventID: 88) (User: ) Description: -- SECURITY WARNING -- ActiveHealthState.ini has been tampered with, resetting it Error: (03/29/2017 12:55:40 PM) (Source: HP Active Health) (EventID: 80) (User: ) Description: -- SECURITY WARNING -- Unable to deserialize super secret file hashes. Will assume evil is afoot - all Validate() calls will return DOESNT_MATCH at HP.ActiveHealth.Commons.Security.HashStore.LoadHashesFromFile() Error: (03/29/2017 01:21:31 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1250 Error: (03/29/2017 01:21:31 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1250 Error: (03/29/2017 01:21:31 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Dziennik System: ============= Error: (03/29/2017 03:17:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi PLAY INTERNET. OUC z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (03/29/2017 03:17:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą PLAY INTERNET. OUC. Error: (03/29/2017 03:17:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT) Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\windows\system32\Rtlihvs.dll Kod błędu: 126 Error: (03/29/2017 01:19:35 PM) (Source: DCOM) (EventID: 10010) (User: Ciernik) Description: Serwer {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (03/29/2017 01:19:05 PM) (Source: DCOM) (EventID: 10010) (User: Ciernik) Description: Serwer {1B1F472E-3221-4826-97DB-2C2324D389AE} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (03/29/2017 12:09:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi PLAY INTERNET. OUC z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (03/29/2017 12:09:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą PLAY INTERNET. OUC. Error: (03/29/2017 12:09:54 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT) Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\windows\system32\Rtlihvs.dll Kod błędu: 126 Error: (03/28/2017 05:43:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi PLAY INTERNET. OUC z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (03/28/2017 05:43:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą PLAY INTERNET. OUC. CodeIntegrity: =================================== Date: 2016-02-16 21:06:29.891 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-22 07:50:07.567 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-25 16:43:10.327 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-24 03:49:35.928 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-22 16:17:46.708 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-16 15:06:16.838 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-15 07:34:39.316 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-04 11:24:01.015 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-03 07:21:23.376 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-29 11:30:24.415 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz Procent pamięci w użyciu: 33% Całkowita pamięć fizyczna: 8064.11 MB Dostępna pamięć fizyczna: 5380.94 MB Całkowita pamięć wirtualna: 8464.11 MB Dostępna pamięć wirtualna: 5439.9 MB ==================== Dyski ================================ Drive c: (Windows) (Fixed) (Total:208.54 GB) (Free:122.34 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive d: (Recovery Image) (Fixed) (Total:11.55 GB) (Free:1.24 GB) NTFS Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32 ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (Size: 223.6 GB) (Disk ID: 00000000) Partition: GPT. ==================== Koniec Addition.txt ============================