Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 15-03-2017 Uruchomiony przez PostraCH (11-04-2017 13:55:56) Uruchomiony z C:\Users\PostraCH\Downloads Windows 7 Home Basic (X64) (2016-12-14 13:20:07) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-3865952795-1007310133-35833665-500 - Administrator - Disabled) Gość (S-1-5-21-3865952795-1007310133-35833665-501 - Limited - Disabled) PostraCH (S-1-5-21-3865952795-1007310133-35833665-1000 - Administrator - Enabled) => C:\Users\PostraCH ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: F-Secure Client Security 10.00 (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17} AS: F-Secure Client Security 10.00 (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: F-Secure Client Security 10.00 (Enabled) {2D7AC0A6-6241-D774-E168-461178D9686C} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated) Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Aktualizacje NVIDIA 2.13.0.21 (Version: 2.13.0.21 - NVIDIA Corporation) Hidden Ansel (Version: 376.33 - NVIDIA Corporation) Hidden Archiwizator WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC) BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.97.6358 - BlueStack Systems, Inc.) Bully - Scholarship Edition (HKLM-x32\...\Bully - Scholarship Edition_is1) (Version: - ) Bully: Scholarship Edition PL wersja 1.0 (HKLM-x32\...\{6EA2AC30-30E8-44AE-A690-04C9B9D2A179}_is1) (Version: 1.0 - BDIP.pl) CCleaner wersja 4.17.4808 (HKLM\...\CCleaner_is1) (Version: 4.17.4808 - ) Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) Deluxe Ski Jump 4 (HKLM-x32\...\Deluxe Ski Jump 4_is1) (Version: 1.6.1 - Mediamond Tmi) F-Secure Client Security — DeepGuard (HKLM-x32\...\F-Secure HIPS) (Version: 4.10.210 - F-Secure Corporation) F-Secure Client Security — kontrola urządzeń (HKLM-x32\...\F-Secure Device Control) (Version: 1.00.17478 - F-Secure Corporation) F-Secure Client Security - Ochrona przed wirusami i szpiegami (HKLM-x32\...\F-Secure Anti-Virus) (Version: 9.50.19031 - F-Secure Corporation) F-Secure Client Security - Ochrona przeglądania (HKLM-x32\...\F-Secure Browsing Protection) (Version: 2.00.349 - F-Secure Corporation) F-Secure Client Security - Osłona internetowa (HKLM-x32\...\F-Secure Internet Shield) (Version: 6.29 - F-Secure Corporation) F-Secure Client Security - Skanowanie poczty e-mail (HKLM-x32\...\F-Secure E-mail Scanning) (Version: 6.00.525 - F-Secure Corporation) F-Secure Client Security — Skanowanie ruchu w sieci Web (HKLM-x32\...\F-Secure Protocol Scanner) (Version: 3.00.339 - F-Secure Corporation) Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - ) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Malwarebytes Anti-Malware wersja 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Mass Effect Ultimate Edition wersja 1.02 (HKLM-x32\...\Mass Effect Ultimate Edition_is1) (Version: 1.02 - Bioware) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 16.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 16.0.1 (x86 pl)) (Version: 16.0.1 - Mozilla) Mozilla Firefox 52.0.2 (x86 pl) (HKU\S-1-5-21-3865952795-1007310133-35833665-1000\...\Mozilla Firefox 52.0.2 (x86 pl)) (Version: 52.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.1 - Mozilla) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NVIDIA Sterownik 3D Vision 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation) NVIDIA Sterownik graficzny 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation) NVIDIA Sterownik kontrolera 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.) Panel sterowania NVIDIA 376.33 (Version: 376.33 - NVIDIA Corporation) Hidden PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd) REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0265 - ) Shadow Tactics - Blades of the Shogun (HKLM-x32\...\1601442230_is1) (Version: 2.0.0.3 - GOG.com) SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden Spotify (HKU\S-1-5-21-3865952795-1007310133-35833665-1000\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB) State of Decay YOSE ver. 1.0 (15.11.3.5751) [update 4] (HKLM-x32\...\{69FFDA0A-89BC-4A14-9886-90C54DCD240B}_is1) (Version: 1.0 (15.11.3.5751) [update 4] - Microsoft Game Studios) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {44547A53-170D-4482-B29B-DFC08456523F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation) Task: {4EEA9A1A-D3B4-455B-9D10-37E83B713681} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation) Task: {55133E16-B1BA-4AFB-B4DE-E20142AB4FEB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation) Task: {9CF4C429-97AF-4A07-8ACE-EF0F05421E39} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-12] (NVIDIA Corporation) Task: {A9FAE101-F4A6-44A8-A98C-96C67B91E6C5} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation) Task: {B48A79BA-81E5-4371-A97B-283FBEA31EF6} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation) Task: {CEDF949F-75DF-45FC-96A2-EAD3A326CF46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated) Task: {D249828A-1484-4492-AC79-D307072B948A} - System32\Tasks\osTip => Chrome.exe <==== UWAGA Task: {F733C384-E564-4E75-9741-7A741145082F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-12] (NVIDIA Corporation) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA ShortcutWithArgument: C:\Users\PostraCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/ ShortcutWithArgument: C:\Users\PostraCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/ ShortcutWithArgument: C:\Users\PostraCH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/ ==================== Załadowane moduły (filtrowane) ============== 2016-12-14 15:49 - 2016-12-11 20:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-04-11 12:07 - 2017-04-11 15:52 - 00965120 ____N () C:\ProgramData\igfxDH.dll 2017-01-30 16:02 - 2017-01-10 23:53 - 00206848 ____N () G:\Counter-Strike 1.6 v43\SteamServerBrowser\SteamServerBrowser.exe 2016-12-14 15:50 - 2016-12-12 04:37 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-12-14 15:50 - 2016-12-12 04:37 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2016-12-14 15:50 - 2016-12-12 04:37 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll 2016-12-14 15:29 - 2014-12-12 18:24 - 00044760 _____ () C:\Windows\runSW.exe 2017-04-11 12:17 - 2013-02-04 18:23 - 00643240 _____ () D:\Program Files (x86)\F-Secure\FSGUI\about.dll 2017-04-11 12:17 - 2013-02-04 18:23 - 00090280 _____ () D:\Program Files (x86)\F-Secure\FSGUI\aboutres.dll 2017-04-11 12:17 - 2013-02-04 18:23 - 00118784 _____ () D:\Program Files (x86)\F-Secure\FSGUI\strres.eng 2017-04-11 12:17 - 2013-02-04 18:23 - 00553128 _____ () D:\Program Files (x86)\F-Secure\FSGUI\gres.dll 2017-04-11 12:17 - 2013-02-04 18:23 - 00045056 _____ () D:\Program Files (x86)\F-Secure\FSGUI\fsavures.eng 2017-04-11 12:17 - 2013-02-04 18:23 - 00143360 _____ () D:\Program Files (x86)\F-Secure\FSGUI\flyerres.eng 2016-12-14 15:50 - 2016-12-12 04:37 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-12-14 15:50 - 2016-12-12 04:37 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-12-14 15:50 - 2016-12-12 04:37 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll 2016-12-14 15:50 - 2016-12-12 04:37 - 60817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2016-12-14 15:50 - 2016-12-12 04:37 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node 2016-12-14 15:50 - 2016-12-12 04:37 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2016-12-14 15:50 - 2016-12-12 04:37 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2016-12-14 15:50 - 2016-12-12 04:37 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2016-12-14 15:50 - 2016-12-12 04:37 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2016-12-14 15:50 - 2016-12-12 04:37 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2016-12-14 15:50 - 2016-12-12 04:37 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node 2016-12-14 15:29 - 2013-02-27 18:17 - 00221184 _____ () C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\EnumDevLib.dll 2017-04-11 12:17 - 2013-02-04 18:23 - 00209064 _____ () d:\program files (x86)\f-secure\daas2\daas2.dll 2017-04-11 12:17 - 2013-02-04 18:23 - 00036864 _____ () D:\Program Files (x86)\F-Secure\Anti-Virus\FSAVHRES.eng ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-3865952795-1007310133-35833665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PostraCH\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 91.236.4.253 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja wyłączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{EBA090DE-CDF7-4AA3-9B4A-78C107343ABD}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~1\RtWlan.exe FirewallRules: [{DFC5F127-C787-4474-9144-B7557A79B07F}] => (Allow) LPort=1542 FirewallRules: [{5F66F547-1D25-451E-BED6-67377BD31CF3}] => (Allow) LPort=1542 FirewallRules: [{45691B98-C25F-4CC2-A881-CC02AE5775E1}] => (Allow) LPort=53 FirewallRules: [{82837FE7-F982-4046-9103-6F59627E55B6}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~1\Rtldhcp.exe FirewallRules: [{42386F14-A555-4CEF-954B-892C927C5594}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe FirewallRules: [{7312484D-C927-4B90-85A0-CE79DEC8FBC6}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe FirewallRules: [{E04A114A-2AC3-49A1-8145-DCE52163272F}] => (Allow) LPort=53 FirewallRules: [{73FBBCB8-B611-4799-8B99-CEB4BC460BAA}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe FirewallRules: [{84B3DD2D-2E27-4C77-8A65-B097539BF81E}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe FirewallRules: [{46DD4B04-5E0C-4249-8A1C-AD0C37F47CBF}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe FirewallRules: [{6F59C737-95A4-40A3-BF87-4300505BFF13}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe FirewallRules: [{B1236AB0-EC0B-4268-9D11-2E61426D9D68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{BD4FA0FF-39E5-4479-B996-EC54911CCE63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{71FF884B-96D7-4FD8-8A21-D6AA69A54E95}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{6E7153FF-328B-4A17-8ACD-D2D772B9313C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{A47C46DF-228A-45A0-B896-511413330D29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{176A1623-6FB8-474F-A378-B36D86C8C24C}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D635E0CE-75FF-4C0C-9D2D-DEBA7489D876}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{B2B2A46F-EE92-4113-A6D1-3A982415D539}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{79F37ED5-550E-45EC-B44E-8A871442B55D}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{390888C5-8CC2-4484-B423-574B6D15D883}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{E96171C6-6922-43C7-B5B9-4099495CB3BA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{527B8280-81C4-43F1-84FE-1D1AF4462F62}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe FirewallRules: [{997B0BDB-7B5A-42A5-969C-A0F3F425C13E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe FirewallRules: [{53B61287-C7EB-412A-8E4C-C56F27014864}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe FirewallRules: [{783BD8FD-AEEE-4BF0-BD43-868F39E687A1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe FirewallRules: [{82010C6F-5B29-4B63-8649-905C023BEB3C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe FirewallRules: [{E27AB0DD-418B-4692-929C-EE940D37B109}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe FirewallRules: [{8E5FB2D7-DE0B-4431-9423-0475D6639310}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe FirewallRules: [{617F61BF-9B92-449A-A33D-D9A5B047336A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe FirewallRules: [{AC2F0D78-15CC-4C94-A925-E2F1843DD338}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe FirewallRules: [{CC5FBBF8-F10B-45B0-AFF3-97312360E18E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe FirewallRules: [TCP Query User{C9C58F65-D1BC-46F6-9CBA-464D07061349}C:\users\postrach\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\postrach\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{05788800-84F6-418F-8CB6-ABF6AAE006A2}C:\users\postrach\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\postrach\appdata\roaming\spotify\spotify.exe FirewallRules: [{C216DA2B-BD47-4608-809A-1DC50D578F79}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe FirewallRules: [{557F776E-4EA1-42F2-AE02-6AF2F329218A}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe FirewallRules: [TCP Query User{F6AA6BF8-A575-4559-B8F3-9B283C81FCC7}C:\users\postrach\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\postrach\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{DD86ECE5-6F7B-4B4B-90BE-D21BCCC0061B}C:\users\postrach\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\postrach\appdata\roaming\spotify\spotify.exe FirewallRules: [{33E972B6-E3B6-49AA-A29F-EDA901AE7AFB}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{A5F87FFE-CBD7-4612-8B5A-9EE7F4D43854}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{52F649EC-F4B8-45E2-B147-ED028BBA26E0}] => (Allow) C:\Users\PostraCH\AppData\Local\Temp\FlowSpritSetup_slnt_5016.exe FirewallRules: [{6E836F9D-28D3-4541-B1BF-E41B1E0B81EF}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\5.5.33.3550\QyKernel.exe FirewallRules: [{E164BC84-C8D0-4459-9417-1070CC8CD8BF}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\5.5.33.3550\QyPlayer.exe FirewallRules: [{FA42C5B6-C47F-4BBD-9CEF-8F9255C2FA9D}] => (Allow) C:\Users\PostraCH\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe FirewallRules: [{55423EC1-13D0-4CE9-838B-1E88AF3C216A}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\5.5.33.3550\QyClient.exe FirewallRules: [{178271CF-4B0D-4386-9251-5A42F4336208}] => (Allow) C:\Windows\System32\PPTVLauncher.exe FirewallRules: [{591A787D-B44C-4B93-8D6D-087FF2653305}] => (Allow) C:\Windows\System32\PPTVLauncher.exe FirewallRules: [{3309BA53-2427-43D5-89C4-B1D9A50993F8}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\4.0.3.0056\PluginInstaller.exe FirewallRules: [{3CA2BD10-494B-4D7C-8901-6D0787623379}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\4.0.3.0056\PluginInstaller.exe ==================== Punkty Przywracania systemu ========================= ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: ucdrv Description: ucdrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ucdrv Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (04/11/2017 01:54:08 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 1 2017-04-11 13:54:08+02:00 postrachpc PostraCHpc\PostraCH F-Secure Anti-Virus Manual scanning was finished - workstation was found infected! Error: (04/11/2017 01:46:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: IObit-Unlocker-26902-AsystentPobierania.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x2a425e19 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0x4000001e Przesunięcie błędu: 0x021a2144 Identyfikator procesu powodującego błąd: 0x1a1c Godzina uruchomienia aplikacji powodującej błąd: 0x01d2b2b935a8dea8 Ścieżka aplikacji powodującej błąd: C:\Users\PostraCH\Downloads\IObit-Unlocker-26902-AsystentPobierania.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 75128adc-1eac-11e7-b4d7-001fd08b89c9 Error: (04/11/2017 12:48:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 17 2017-04-11 12:48:54+02:00 postrachpc PostraCHpc\PostraCH F-Secure Anti-Virus Spyware detected: Type: spyware Family: Name: Adware.GenericKD.4717306 Object: C:\ProgramData\WindowsMsg\chrome.exe Error: (04/11/2017 12:48:45 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 16 2017-04-11 12:48:45+02:00 postrachpc PostraCHpc\PostraCH F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Gen:Variant.Application.Razy Object: C:\ProgramData\service.exe Error: (04/11/2017 12:48:45 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 15 2017-04-11 12:48:45+02:00 postrachpc PostraCHpc\PostraCH F-Secure Anti-Virus Spyware detected: Type: spyware Family: Name: Adware.GenericKD.4487889 Object: C:\Users\PostraCH\AppData\Local\Temp\in2B1860D0\747E53DA_stp\bs-ff-PL.exe Error: (04/11/2017 12:48:44 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 14 2017-04-11 12:48:44+02:00 postrachpc PostraCHpc\PostraCH F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Gen:Variant.Application.Razy Object: C:\Users\PostraCH\AppData\Local\Temp\00021341\service.exe Error: (04/11/2017 12:48:43 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 13 2017-04-11 12:48:43+02:00 postrachpc PostraCHpc\PostraCH F-Secure Anti-Virus Spyware detected: Type: spyware Family: Name: Adware.Generic.1717710 Object: C:\Users\PostraCH\AppData\Local\Temp\00021338\51504.top.exe Error: (04/11/2017 12:48:43 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 12 2017-04-11 12:48:42+02:00 postrachpc PostraCHpc\PostraCH F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Gen:Variant.Application.Razy Object: C:\Users\PostraCH\AppData\Local\Temp\00021175\kpzip.exe Error: (04/11/2017 12:48:39 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 11 2017-04-11 12:48:39+02:00 postrachpc PostraCHpc\PostraCH F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Gen:Variant.Application.Razy Object: C:\ProgramData\service.exe Error: (04/11/2017 12:47:36 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 10 2017-04-11 12:47:36+02:00 postrachpc PostraCHpc\PostraCH F-Secure Anti-Virus Spyware detected: Type: spyware Family: Name: Adware.GenericKD.4717306 Object: C:\ProgramData\WindowsMsg\chrome.exe Dziennik System: ============= Error: (04/11/2017 12:59:23 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error: (04/11/2017 12:55:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Realtek DHCP Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (04/11/2017 12:55:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: ucdrv Error: (04/11/2017 12:55:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi IQIYI Video Platform Service z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (04/11/2017 12:55:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą IQIYI Video Platform Service. Error: (04/11/2017 12:55:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Origin Web Helper Service z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (04/11/2017 12:55:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Origin Web Helper Service. Error: (04/11/2017 12:54:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Windows Audio zależy od usługi Harmonogram klas multimediów, której nie można uruchomić z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (04/11/2017 12:54:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Harmonogram klas multimediów z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (04/11/2017 12:54:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Harmonogram klas multimediów. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM)2 Duo CPU E8600 @ 3.33GHz Procent pamięci w użyciu: 69% Całkowita pamięć fizyczna: 4094.49 MB Dostępna pamięć fizyczna: 1268.89 MB Całkowita pamięć wirtualna: 8187.13 MB Dostępna pamięć wirtualna: 5129.19 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:48.83 GB) (Free:8.37 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)] Drive d: (Programy) (Fixed) (Total:97.65 GB) (Free:5 GB) NTFS Drive e: (Filmy) (Fixed) (Total:97.65 GB) (Free:12.07 GB) NTFS Drive f: (Gry) (Fixed) (Total:97.65 GB) (Free:14.6 GB) NTFS Drive g: (Muzyka) (Fixed) (Total:123.96 GB) (Free:15.44 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0AEA0AE9) Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=416.9 GB) - (Type=OF Extended) ==================== Koniec Addition.txt ============================