Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 22.04.2018 Uruchomiony przez Domek (22-04-2018 19:47:10) Uruchomiony z M:\_Install\_Utilites\[vir]farbar-frst Windows 7 Ultimate (X64) (2015-11-28 18:34:45) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-4219144490-829551437-3526682222-500 - Administrator - Disabled) Domek (S-1-5-21-4219144490-829551437-3526682222-1000 - Administrator - Enabled) => C:\Users\Domek Gość (S-1-5-21-4219144490-829551437-3526682222-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4219144490-829551437-3526682222-1002 - Limited - Enabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Panda Protection (Enabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Panda Protection (Enabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D} FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated) Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated) Adobe Reader 9.3.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.3 - Adobe Systems Incorporated) AOMEI Partition Assistant Standard Edition 6.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.) Archiwizator WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - ) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology) Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 7.1.5.0 - Auslogics Labs Pty Ltd) ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) Cool Edit Pro 2.0 (HKLM-x32\...\Cool Edit Pro 2.0) (Version: - ) EasyBCD 2.0 (HKLM-x32\...\EasyBCD) (Version: 2.0 - NeoSmart Technologies) e-Deklaracje Desktop (HKLM-x32\...\{DF37F034-1762-10B8-4727-A1F5CB72E7AB}) (Version: 10.0.1 - Ministerstwo Finansow) Hidden e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 10.0.1 - Ministerstwo Finansow) FastStone Image Viewer 5.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.6 - FastStone Soft) GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.7.5261 - Gretech Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.117 - Google Inc.) Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Kerio Personal Firewall 2.1.4 (HKLM-x32\...\{51C8741C-4A91-42A6-B6A2-CB891F7398A1}) (Version: - ) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.1.2 - PandoraTV) Logitech Options (HKLM\...\LogiOptions) (Version: - Logitech) Malwarebytes (wersja 3.4.5.2467) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes) Mi PC Suite (HKU\S-1-5-21-4219144490-829551437-3526682222-1000\...\MiPhoneManager) (Version: - Xiaomi Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 42.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 pl)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla) MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team) NVIDIA Oprogramowanie systemu PhysX 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA Sterownik graficzny 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation) NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation) Opera Stable 52.0.2871.64 (HKLM-x32\...\Opera 52.0.2871.64) (Version: 52.0.2871.64 - Opera Software) Pakiet zgodności dla systemu Office 2007 (HKLM-x32\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation) Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden Panda Protection (HKLM\...\{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}) (Version: 8.91.00 - Panda Security) Hidden Panda Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.1.0 - Panda Security) Panel sterowania NVIDIA 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 327.23 - NVIDIA Corporation) Hidden PITy2016 IPS 1.8 kompilacja:1.8.1.11 (HKLM-x32\...\PITy2016IPS_is1) (Version: - IPS Przedsiębiorstwo Informatyczne) PITy2017 IPS 1.2017 kompilacja:1.2017.1.19 (HKLM-x32\...\PITy2017IPS_is1) (Version: 1.9 - IPS Przedsiębiorstwo Informatyczne) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.) RoboForm 7-9-21-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-21-5 - Siber Systems) Samsung M2020 Series (HKLM-x32\...\Samsung M2020 Series) (Version: 1.23 (2014-12-24) - Samsung Electronics Co., Ltd.) Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 1.05.28 - NVIDIA Corporation) Hidden SIGMA Photo Pro 4 (HKLM-x32\...\{3A479D3A-2607-4C4C-85F3-B2886D61B964}) (Version: 4.2.2.0 - SIGMA) SUPER © v2015.build.65+Recorder (2015/05/31) wersja v2015.build (HKLM-x32\...\{8E2A29F2-96BF-8859-4DB7-5C16C91728A3}_is1) (Version: v2015.build.65+Recorder - eRightSoft) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Telegram Desktop version 1.2.17 (HKU\S-1-5-21-4219144490-829551437-3526682222-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.17 - Telegram Messenger LLP) The Bat! Professional v5.0.16 (HKLM-x32\...\{CBF0632A-309D-419A-B395-D20A70BF548F}) (Version: 5.0.16 - Ritlabs) Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) USB Multi-Channel Audio Device (HKLM\...\C-Media CM106 Like Sound Driver) (Version: - ) VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.) Wise Disk Cleaner 8.86 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 8.86 - WiseCleaner.com, Inc.) XiaoMiFlash (HKLM-x32\...\{9AF75396-D38E-4F07-831C-9F78923DC015}) (Version: 1.0.0 - XiaoMi) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\_ProgramyW7\Office2007Ent\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\_ProgramyW7\Office2007Ent\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\_ProgramyW7\Office2007Ent\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\_ProgramyW7\Office2007Ent\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\_ProgramyW7\Office2007Ent\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-18] () ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\_Programy\WinRar\rarext64.dll [2010-03-15] () ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\_Programy\WinRar\rarext.dll [2010-03-15] (Alexander Roshal) ContextMenuHandlers1-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\_ProgramyW7\Office2007Ent\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\_Programy\Vmware\vmdkShellExt.dll [2015-11-25] (VMware, Inc.) ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\_Programy\Vmware\x64\vmdkShellExt64.dll [2015-11-25] (VMware, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] () ContextMenuHandlers3-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\_ProgramyW7\Office2007Ent\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\_Programy\WinRar\rarext64.dll [2010-03-15] () ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\_Programy\WinRar\rarext.dll [2010-03-15] (Alexander Roshal) ContextMenuHandlers4-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\_ProgramyW7\Office2007Ent\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-09-12] (NVIDIA Corporation) ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.) ContextMenuHandlers5-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\_ProgramyW7\Office2007Ent\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.) ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] () ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\_Programy\WinRar\rarext64.dll [2010-03-15] () ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\_Programy\WinRar\rarext.dll [2010-03-15] (Alexander Roshal) ContextMenuHandlers6-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\_ProgramyW7\Office2007Ent\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {059372B1-1625-4AA6-AF35-85C8256DEA70} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-09] (Google Inc.) Task: {1DE2B62D-9B2A-4F0B-9119-1EF9C1FC7457} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-18] (Adobe Systems Incorporated) Task: {44A4CF8C-32CF-470E-ACE5-95ADE7A58DA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-09] (Google Inc.) Task: {47AB3257-64E0-46CD-90DF-D36885768765} - System32\Tasks\Opera scheduled Autoupdate 1465735259 => C:\Program Files (x86)\Opera\launcher.exe Task: {7A7D49CB-B6B7-44D8-B33E-370208CE7B98} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMGMNLNLLMPMPMOMLMCNLMMLJLHMCNJLKMHMJLCNMMLMJMOLCNIMNLKMHMHMHMMLOLJLNLOMJLJNJICMIMCNGMCNOMIMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMOMHMMMMMJNHICMEKMICNJJCKJNBJCMLLAJCJKJEJJNKJCMJNNICMJNDJCMPIDJJNMJCMPMFM (dane wartości zawierają 45 znaków więcej). Task: {822019B0-F56F-4221-AB46-C178635CF06E} - System32\Tasks\Go to RoboForm Install page => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMGMNLNLLMPMPMOMLMCNLMMLJLHMCNJLKMHMJLCNMMLMJMOLCNIMNLKMHMHMHMMLOLJLNLOMJLJNJICMIMCNNMCNPMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMOMHMMMMMJNHICMEKMICNJJCKJNBJCMLLAJCJKJEJJNKJCMJNNICMJNDJCMPIDJ" Task: {E4DF5A38-6A76-4916-917C-9460F90FF1DB} - System32\Tasks\Opera scheduled Autoupdate 1524079577 => C:\Program Files\Opera\launcher.exe [2018-04-10] (Opera Software) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2016-01-08 21:34 - 2013-09-12 09:25 - 000097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-07-31 20:05 - 2014-10-30 14:18 - 000029184 _____ () C:\Windows\System32\ssj2mlm.dll 2017-04-17 16:22 - 2016-03-11 06:11 - 000157624 _____ () C:\Users\Domek\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe 2018-04-17 23:23 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-04-17 23:23 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2015-12-15 19:17 - 2015-12-15 19:17 - 000618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll 2015-11-25 19:10 - 2015-11-25 19:10 - 001301696 _____ () C:\_Programy\Vmware\libxml2.dll 2017-04-17 16:23 - 2016-03-11 06:11 - 000136632 _____ () C:\Users\Domek\AppData\Local\MiPhoneManager\main\MiPlugin4NSIS.dll 2017-04-17 16:23 - 2016-03-11 06:11 - 000065976 _____ () C:\Users\Domek\AppData\Local\MiPhoneManager\main\MiFramework.dll 2017-04-17 16:23 - 2016-03-11 06:04 - 000099600 _____ () C:\Users\Domek\AppData\Local\MiPhoneManager\main\zlib1.dll 2017-04-17 16:23 - 2016-03-11 06:11 - 000018360 _____ () C:\Users\Domek\AppData\Local\MiPhoneManager\main\MiTrace.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2018-04-12 23:38 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-4219144490-829551437-3526682222-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{6D38F613-E573-44F2-9A5D-F3AEEECE96E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1BA115C9-9F80-445B-980F-29A844B77553}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{18B198B9-A471-439F-94B0-A7F1DF52A90C}] => (Allow) M:\Gry\WOT_w7\WoTLauncher.exe FirewallRules: [{64EB7DB8-99E2-42D9-B3A4-439D64E7F154}] => (Allow) M:\Gry\WOT_w7\WoTLauncher.exe FirewallRules: [{BCB69012-BD4C-438F-B34B-B123A4FF2AB7}] => (Allow) M:\Gry\WOT_w7\worldoftanks.exe FirewallRules: [{8A05DF73-2977-4294-BB55-EAAC8D405ED0}] => (Allow) M:\Gry\WOT_w7\worldoftanks.exe FirewallRules: [{8846CAA5-D4DC-40A4-B7AD-0CC1A13A18B0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{B7AE0676-4970-4627-A4EF-7D8B99314B2D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{76485BE4-B919-44D1-8FDF-1A04BAE96378}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{169E8761-5151-4518-AE72-7DB0E2FEA832}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{8FEF6D01-8F6E-4948-B253-1357C02BE6A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5DABBBC3-7C1C-4242-94B7-71D04E05BD83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{EDEBCBB8-B1A5-480D-A5CE-DF99DAEF1396}] => (Allow) M:\Gry\WOT_w77\WoTLauncher.exe FirewallRules: [{9A72C75E-2F93-47CE-925C-22FE2F12F10B}] => (Allow) M:\Gry\WOT_w77\WoTLauncher.exe FirewallRules: [{90B3FD24-0211-46B1-9456-A0311EA6D3FB}] => (Allow) M:\Gry\WOT_w77\worldoftanks.exe FirewallRules: [{2FF60CB9-F83D-44D4-8195-1736D4666DCA}] => (Allow) M:\Gry\WOT_w77\worldoftanks.exe FirewallRules: [{5F303602-2379-4D5C-9C13-F58074C05762}] => (Allow) C:\_Programy\Vmware\vmware-authd.exe FirewallRules: [{3AB3EE31-C4E3-4FE2-A07E-80178387A1BE}] => (Allow) C:\_Programy\Vmware\vmware-authd.exe FirewallRules: [{05B921D9-CD93-424F-AC40-C7140DD7A7EE}] => (Allow) D:\_ProgramyW7\Office2007Ent\Office12\GROOVE.EXE FirewallRules: [{C54588B1-A6E8-47AA-A27D-08CE7973E044}] => (Allow) D:\_ProgramyW7\Office2007Ent\Office12\GROOVE.EXE FirewallRules: [{BF81E55E-2B33-4B23-BA73-019F76D070DB}] => (Allow) D:\_ProgramyW7\Office2007Ent\Office12\ONENOTE.EXE FirewallRules: [{9613F92C-9849-4E6D-8526-BB008115D331}] => (Allow) D:\_ProgramyW7\Office2007Ent\Office12\ONENOTE.EXE FirewallRules: [{D43804BC-D060-4BC8-AE6D-939A9E202E92}] => (Allow) C:\Users\Domek\AppData\Local\MiPhoneManager\main\MiPCSuite.exe FirewallRules: [TCP Query User{DA736845-2B60-4B02-B60D-9EAE2127988E}C:\users\domek\desktop\winbox.exe] => (Allow) C:\users\domek\desktop\winbox.exe FirewallRules: [UDP Query User{8601A37C-E759-4F1C-8470-C91121B348E9}C:\users\domek\desktop\winbox.exe] => (Allow) C:\users\domek\desktop\winbox.exe FirewallRules: [{DA9B7177-347C-47E9-98A4-4A20457E0D9E}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE FirewallRules: [TCP Query User{4F464710-13D2-4AD5-87D7-AD5A756D70A2}C:\users\domek\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\domek\appdata\roaming\telegram desktop\telegram.exe FirewallRules: [UDP Query User{81F082DE-4C1A-4F7F-B985-21751243D5DF}C:\users\domek\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\domek\appdata\roaming\telegram desktop\telegram.exe FirewallRules: [{7C802ADA-A135-4510-BC44-51388CF47DE6}] => (Allow) C:\Program Files\Opera\52.0.2871.64\opera.exe FirewallRules: [{C4D457F2-B387-4FEB-BB64-BF9865DF8020}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= 21-04-2018 18:11:14 Zaplanowany punkt kontrolny ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Kontroler PCI Simple Communications Description: Kontroler PCI Simple Communications Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (04/22/2018 06:02:15 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1240) SUS20ClientDataStore: Nie można odczytać nagłówka pliku dziennika C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Błąd -546. Error: (04/22/2018 06:02:15 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1240) SUS20ClientDataStore: Nie można odczytać nagłówka pliku dziennika C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Błąd -546. Error: (04/22/2018 06:02:15 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1240) SUS20ClientDataStore: Nie można odczytać nagłówka pliku dziennika C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Błąd -546. Error: (04/22/2018 06:02:15 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1240) SUS20ClientDataStore: Nie można odczytać nagłówka pliku dziennika C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Błąd -546. Error: (04/22/2018 06:02:15 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1240) SUS20ClientDataStore: Nie można odczytać nagłówka pliku dziennika C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Błąd -546. Error: (04/22/2018 06:02:15 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1240) SUS20ClientDataStore: Nie można odczytać nagłówka pliku dziennika C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Błąd -546. Error: (04/22/2018 06:02:14 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1240) SUS20ClientDataStore: Nie można odczytać nagłówka pliku dziennika C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Błąd -546. Error: (04/22/2018 06:02:14 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1240) SUS20ClientDataStore: Nie można odczytać nagłówka pliku dziennika C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Błąd -546. Dziennik System: ============= Error: (04/22/2018 06:00:01 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: Serwer {995C996E-D918-4A8C-A302-45719A6F4EA7} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (04/22/2018 05:59:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: fwdrv Error: (04/22/2018 05:59:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi SSPORT z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (04/22/2018 05:58:52 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Ładowanie sterownika \SystemRoot\SysWow64\Drivers\fwdrv.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error: (04/22/2018 08:28:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: fwdrv Error: (04/22/2018 08:28:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi SSPORT z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (04/22/2018 08:28:16 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Ładowanie sterownika \SystemRoot\SysWow64\Drivers\fwdrv.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error: (04/21/2018 05:17:37 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. CodeIntegrity: =================================== Date: 2018-04-22 08:59:32.533 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys because the set of per-page image hashes could not be found on the system. Date: 2018-04-22 08:59:32.533 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys because the set of per-page image hashes could not be found on the system. Date: 2018-04-22 08:59:32.533 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys because the set of per-page image hashes could not be found on the system. Date: 2018-04-22 08:59:32.486 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys because the set of per-page image hashes could not be found on the system. Date: 2018-04-22 08:59:32.486 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys because the set of per-page image hashes could not be found on the system. Date: 2018-04-22 08:59:32.486 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys because the set of per-page image hashes could not be found on the system. Date: 2018-04-22 08:59:32.455 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\NNStlsc\NNStlsc.sys because the set of per-page image hashes could not be found on the system. Date: 2018-04-22 08:59:32.455 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\NNStlsc\NNStlsc.sys because the set of per-page image hashes could not be found on the system. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz Procent pamięci w użyciu: 20% Całkowita pamięć fizyczna: 12252.89 MB Dostępna pamięć fizyczna: 9680.71 MB Całkowita pamięć wirtualna: 24503.92 MB Dostępna pamięć wirtualna: 21801.25 MB ==================== Dyski ================================ Drive c: (W7_U2) (Fixed) (Total:64 GB) (Free:7.66 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)] Drive d: (Progr_D2) (Fixed) (Total:31.99 GB) (Free:21.51 GB) NTFS Drive e: (W7_Kopia) (Fixed) (Total:64 GB) (Free:20.09 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive f: (Dane) (Fixed) (Total:1199.63 GB) (Free:5.94 GB) NTFS Drive g: (Kopiuj z Y) (Fixed) (Total:200.86 GB) (Free:74.35 GB) NTFS Drive i: (W7_U) (Fixed) (Total:64 GB) (Free:19.9 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive j: (M_Maximus) (Fixed) (Total:600 GB) (Free:24.13 GB) NTFS Drive k: (temp) (Fixed) (Total:200.86 GB) (Free:74.34 GB) NTFS Drive l: (Copy of C) (Fixed) (Total:32 GB) (Free:10.82 GB) NTFS Drive m: (Maxim_2) (Fixed) (Total:700 GB) (Free:53.92 GB) NTFS Drive n: (D_Programy) (Fixed) (Total:32.01 GB) (Free:23.1 GB) NTFS Drive v: () (Network) (Total:1381.26 GB) (Free:430.67 GB) Drive w: (D_Programy7) (Fixed) (Total:32.01 GB) (Free:23.94 GB) NTFS Drive x: (XP_U2) (Fixed) (Total:32 GB) (Free:13.52 GB) NTFS Drive y: (XP_used) (Fixed) (Total:32 GB) (Free:9.53 GB) NTFS Drive z: () (Network) (Total:286.09 GB) (Free:190.81 GB) ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 351F76E7) Partition 1: (Active) - (Size=64 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=32 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=32 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1735 GB) - (Type=0F Extended) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 10F3C5D4) Partition 1: (Active) - (Size=64 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=32 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=32 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1199.6 GB) - (Type=0F Extended) ======================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 241C241B) Partition 1: (Active) - (Size=64 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=32 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=32 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=800.9 GB) - (Type=0F Extended) ==================== Koniec Addition.txt ============================