Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 15-06-2017 01 Uruchomiony przez lucca (16-06-2017 07:37:43) Uruchomiony z E:\FILMY DOWNLOAD Windows 10 Home Wersja 1607 (X64) (2016-10-01 08:09:24) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-646645915-3493183111-878668481-500 - Administrator - Disabled) Gość (S-1-5-21-646645915-3493183111-878668481-501 - Limited - Disabled) Konto domyślne (S-1-5-21-646645915-3493183111-878668481-503 - Limited - Disabled) lucca (S-1-5-21-646645915-3493183111-878668481-1001 - Administrator - Enabled) => C:\Users\lucca ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated) Alipay Cert Component 2.6.0.0 (HKU\S-1-5-21-646645915-3493183111-878668481-1001\...\AlipayCert) (Version: 2.6.0.0 - Alipay.com Co., Ltd.) AliSafeEngine 5.0.2 (HKLM-x32\...\AliSafeEngine) (Version: 5.0.2 - Alibaba, Inc.) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) BAR-ONE 6.0 Lite (HKLM-x32\...\{423E59BB-0126-443C-885C-0515CBF5B915}) (Version: 6.0.0.0000 - TEKLYNX International) ByteScout BarCode Generator 4.50.0.879 (FREEWARE) (HKLM-x32\...\ByteScout BarCode Generator_is1) (Version: - Bytescout Software) Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.3.31.0 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform) Double Commander 0.6.6 beta (HKLM\...\Double Commander_is1) (Version: - ) Drukarka Google Cloud (HKLM-x32\...\{74AA24E0-AC50-4B28-BA46-9CF05467C9B7}) (Version: 28.0.1489.0 - Google Inc.) Dvr_WebOcx_P version 5.1.26.5 (HKLM-x32\...\{5F749575-DD7B-4678-9685-88AF6CE4A01A}}_is1) (Version: 5.1.26.5 - ) EasyUploader v3.27.5.1 (32/64-bit) (HKLM\...\EasyUploader v3_is1) (Version: 3.27.5 - PhotoSoft Marcin Kozak) ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.) FlexLoader (HKLM-x32\...\FlexLoader.346A729E60C8ACAB5B256CEBF2755FFA037052EC.1) (Version: 1.0.3.3 - UNKNOWN) FlexLoader (x32 Version: 1.0.3 - UNKNOWN) Hidden Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com) Foxmail (HKLM-x32\...\Foxmail) (Version: 7.2 - 腾讯公司) GDR 3077 for SQL Server Database Services 2005 ENU (KB960089) (HKLM-x32\...\KB960089_SQL9) (Version: 9.2.3077 - Microsoft Corporation) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) gkPlugin (HKLM-x32\...\gkPlugin1.0) (Version: 1.0 - Your Company) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden HeroSpeed Cms Uninst (HKLM-x32\...\HeroSpeed CMS_is1) (Version: 6.1.2.5 - Guangzhou HeroSpeed Digital Technology Co.,Ltd) Hvr_WebOcx version 6.1.2.5 (HKLM-x32\...\{B15559EE-8FF5-40F5-ACC7-3EEC730A91CC}}_is1) (Version: 6.1.2.5 - ) ImageMagick 7.0.1-1 Q16 (64-bit) (2016-05-04) (HKLM\...\ImageMagick 7.0.1 Q16 (64-bit)_is1) (Version: 7.0.1 - ImageMagick Studio LLC) Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.) JPEGCrops 0.7.5 beta (HKLM-x32\...\{DEAD07C6-D070-43AB-A60D-D9ABE55E296D}_is1) (Version: - ) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.8.1 - PandoraTV) LenovoUsbDriver 1.1.19 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.19 - Lenovo) LibreOffice 5.2.6.2 (HKLM-x32\...\{443795BA-BBA0-46CF-A07F-DB5B461785F7}) (Version: 5.2.6.2 - The Document Foundation) Magazyn (v17.5.18.1456) (HKLM-x32\...\Magazyn 2016_is1) (Version: 17.5.18.1456 - Meteoryt.pl) Magazyn 2016 (v16.9.5.1500) (HKLM-x32\...\Asystent Magazyn 2016_is1) (Version: 16.9.5.1500 - Meteoryt.pl) Microsoft OneDrive (HKU\S-1-5-21-646645915-3493183111-878668481-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{50822200-2E95-4E62-A8D8-41C3B308DF5E}) (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation) Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) NetClientOCX (wersja 6.4.1.0) (HKLM-x32\...\{09E218A5-2C33-4E05-905E-F622440C1F83}_is1) (Version: 6.4.1.0 - longse, Inc.) Netview_X OCX (HKLM-x32\...\Netview_X OCX) (Version: 2.0.0.1 - ) nexusfont 2.6 (ver 2.6.2.1870) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team) Ö§¸¶±¦°˛Č«żŘĽţ 4.0.0.101 (HKLM-x32\...\alieditplus) (Version: 4.0.0.101 - Alipay.com Co., Ltd.) Object2VR - Garden Gnome Software (HKLM-x32\...\Object2VR) (Version: - ) openElement 1.53 R5 (HKLM-x32\...\{A040B684-E89D-4D8E-B878-8AF8DAD97B8E}) (Version: 1.53.5 - openElement) Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Pakiet sterowników systemu Windows - MediaTek Inc. (wdm_usb) Ports (01/22/2015 3.0.1504.0) (HKLM\...\BD5E2A628C2263FAEC66A4BFF2E88B897427E4C3) (Version: 01/22/2015 3.0.1504.0 - MediaTek Inc.) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge) PDFsam Basic (HKLM-x32\...\{910EA44E-8446-405D-BFE1-82F562F847D0}) (Version: 3.30.0.0 - Andrea Vacondio) Picture Merge Genius 2.8 (HKLM-x32\...\Picture Merge Genius_is1) (Version: - EasyTools,Inc) Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) QPST 2.7 (HKLM-x32\...\{90BA4578-EE5C-47A3-AB5D-2254708AB111}) (Version: 2.7.425 - Qualcomm) Scribus 1.5.2 (64bit) (HKLM\...\Scribus 1.5.2) (Version: 1.5.2 - The Scribus Team) Total Commander Ultima Prime 7.0 (HKLM-x32\...\TC UP) (Version: 7.0.0.1254 - TC UP Team) TradeManager 2016 (HKLM-x32\...\TradeManager) (Version: - Alibaba (China) Network Technology Co., Ltd.) UniConvertor (HKLM-x32\...\{875F0109-0307-4AE2-9439-135AC8BBE881}) (Version: 1.1.5 - Igor E. Novikov) USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - ) WinRAR 5.31 (32-bitowy) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) WYSIWYG Web Builder 11 (HKLM-x32\...\WYSIWYG_Web_Builder_11) (Version: - ) ZebraDesigner 2 (HKLM-x32\...\ZebraDesigner 2) (Version: 2.2.3.4266 - Zebra Technologies Corporation) ZebraDesigner 2 (x32 Version: 2.2.3.4266 - Zebra Technologies Corporation) Hidden Zoner Photo Studio 18 (HKLM\...\ZonerPhotoStudio18_EN_is1) (Version: 18.0.1.6 - ZONER software) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-646645915-3493183111-878668481-1001_Classes\CLSID\{08D512D2-7D97-4E22-B7DB-82791106C086}\InprocServer32 -> C:\Users\lucca\AppData\Roaming\alipay\cf\alicdo_x64.dll (Alipay) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {054B9BE0-4AFF-4545-BCC4-FDBEAAB97F1C} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\lucca\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {174E1A61-9B35-4305-850E-3F5946EF958A} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\lucca\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [2017-03-07] () Task: {2D3CDDEB-E74E-4636-8830-6FD549831261} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-14] (Microsoft Corporation) Task: {A7C85AAA-07A6-4F6E-93E9-545CE7BC9144} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd) Task: {EE6EDC50-E002-43E5-855B-D16EE1FB9364} - System32\Tasks\CloneList => Rundll32.exe "C:\Program Files\CloneList\CloneList.dll",xkYjNSAWtNj <==== UWAGA (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA ShortcutWithArgument: C:\Users\lucca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Pulpit zdalny Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ==================== Załadowane moduły (filtrowane) ============== 2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-05-10 01:49 - 2017-04-28 02:49 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-06-14 12:26 - 2015-06-01 00:41 - 02464768 _____ () C:\Program Files\CloneList\CloneList.dll 2016-10-23 10:54 - 2012-09-18 15:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll 2016-02-15 21:01 - 2016-02-15 21:01 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll 2016-10-23 10:54 - 2012-09-18 15:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll 2016-12-10 07:11 - 2016-11-11 12:13 - 02843336 ____N () C:\Windows\system32\lanmamasterHelp.dll 2016-05-14 08:22 - 2016-03-21 19:47 - 39622144 _____ () C:\SMARTSYSTEM\Smart\serwer\bin\mysqld.exe 2016-05-14 08:22 - 2016-03-21 19:48 - 00333312 _____ () C:\SMARTSYSTEM\Smart\serwer\lib\plugin\keyring_file.dll 2017-06-15 20:23 - 2017-06-16 07:24 - 00483840 _____ () C:\WINDOWS\TEMP\gBCBC.tmp.exe 2016-10-01 10:33 - 2016-10-01 10:33 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-16 04:54 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-16 04:54 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-16 04:54 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-16 04:54 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-05-10 01:49 - 2017-04-28 01:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-05-10 01:49 - 2017-04-28 01:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-06-13 15:08 - 2017-06-13 15:08 - 00069632 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll 2017-05-17 09:40 - 2017-05-09 11:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll 2017-05-17 09:40 - 2017-05-09 11:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll 2016-05-10 11:14 - 2016-05-10 11:14 - 00404640 _____ () C:\Program Files (x86)\AliSafeEngine\5.0.2\ReportEnv.dll 2016-05-10 11:14 - 2016-05-10 11:14 - 00159392 _____ () C:\Program Files (x86)\AliSafeEngine\5.0.2\HealthCheck.dll 2017-06-14 12:26 - 2017-02-17 11:31 - 00237080 ____N () C:\Program Files (x86)\Maoha\JiSuZip\tipsdll.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Windows:nlsPreferences [0] AlternateDataStreams: C:\Users\lucca\OneDrive\Dokumenty\krakow.jpeg:3or4kl4x13tuuug3Byamue2s4b [81] AlternateDataStreams: C:\Users\lucca\OneDrive\Dokumenty\krakow.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\lucca\OneDrive\Dokumenty\warszawa.jpeg:3or4kl4x13tuuug3Byamue2s4b [81] AlternateDataStreams: C:\Users\lucca\OneDrive\Dokumenty\warszawa.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) IE trusted site: HKU\S-1-5-21-646645915-3493183111-878668481-1001\...\alipay.com -> hxxps://alipay.com IE trusted site: HKU\S-1-5-21-646645915-3493183111-878668481-1001\...\alipay.com -> hxxp://alipay.com IE trusted site: HKU\S-1-5-21-646645915-3493183111-878668481-1001\...\alisoft.com -> hxxps://alisoft.com IE trusted site: HKU\S-1-5-21-646645915-3493183111-878668481-1001\...\alisoft.com -> hxxp://alisoft.com IE trusted site: HKU\S-1-5-21-646645915-3493183111-878668481-1001\...\smartmeye.com -> hxxp://www.smartmeye.com IE trusted site: HKU\S-1-5-21-646645915-3493183111-878668481-1001\...\taobao.com -> hxxps://taobao.com IE trusted site: HKU\S-1-5-21-646645915-3493183111-878668481-1001\...\taobao.com -> hxxp://taobao.com IE trusted site: HKU\S-1-5-21-646645915-3493183111-878668481-1001\...\zus.pl -> hxxps://pue.zus.pl ==================== Hosts - zawartość: ========================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2015-07-10 13:04 - 2017-06-14 12:26 - 00001688 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 wemsofts.com 127.0.0.1 bongadoom.com 127.0.0.1 wepcmainsystem.com 127.0.0.1 internalcampaigntargets.com 127.0.0.1 bongadoom.com 127.0.0.1 getthefilenow.com 127.0.0.1 bigpicturepop.com 127.0.0.1 wizzcaster.com 127.0.0.1 bestoffersfortoday.com 127.0.0.1 wepcmainsystem.com 127.0.0.1 agent.wizztrakys.com 127.0.0.1 csdimonetize.com 127.0.0.1 dl.azalee.site 127.0.0.1 titiaredh.com 127.0.0.1 wepcdisplaysystem.com 127.0.0.1 wepcanalyticsystem.com 127.0.0.1 healthydownload.com 127.0.0.1 leading2download.com 127.0.0.1 dwl0.wizzlabs.com 127.0.0.1 dwl1.wizzlabs.com 127.0.0.1 installpixel.com 127.0.0.1 burningcube.ru 127.0.0.1 mess1.wizzmonetize.com 127.0.0.1 dl.azalee.site 127.0.0.1 dl.smashdl.com 127.0.0.1 downloadmyhost.com ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-646645915-3493183111-878668481-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg DNS Servers: 192.168.88.1 - 82.177.142.246 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [UDP Query User{F9D40707-8A70-4F14-AC98-B1F0F74F0F4C}C:\program files (x86)\tc up\totalcmd64.exe] => (Allow) C:\program files (x86)\tc up\totalcmd64.exe FirewallRules: [TCP Query User{D6F143B2-DCED-4EF9-BE66-038A6930FA59}C:\program files (x86)\tc up\totalcmd64.exe] => (Allow) C:\program files (x86)\tc up\totalcmd64.exe FirewallRules: [{BFA2018D-97A5-4E6D-85C9-363C33FBA7D1}] => (Allow) C:\Program Files (x86)\TradeManager\AliIM.exe FirewallRules: [{D53EC29E-66DF-4F2B-A041-5C04E2881633}] => (Allow) C:\Program Files (x86)\TradeManager\AliIM.exe FirewallRules: [{B6AEABA7-95D2-47CF-80EB-3F303C841CDB}] => (Allow) LPort=3307 FirewallRules: [UDP Query User{01B946E2-D135-45AF-8658-D9511D776AC9}C:\program files (x86)\herospeed cms\cms.exe] => (Allow) C:\program files (x86)\herospeed cms\cms.exe FirewallRules: [TCP Query User{4AED1614-A7CC-4F37-929E-5278A5821C70}C:\program files (x86)\herospeed cms\cms.exe] => (Allow) C:\program files (x86)\herospeed cms\cms.exe FirewallRules: [UDP Query User{7C115B9D-4014-4E37-BA1D-FF60F80CE95A}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [TCP Query User{45DA5C40-3D4B-41D8-B9D9-D1889BE5A37A}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{27AF8427-EF39-47E0-AAF9-BF65D6AAEE73}C:\cms\cms.exe] => (Allow) C:\cms\cms.exe FirewallRules: [TCP Query User{4BE754E8-2CDE-4710-8DA0-3E4E206F7491}C:\cms\cms.exe] => (Allow) C:\cms\cms.exe FirewallRules: [{4D0D8905-33BE-4D62-8CA7-6B3A411B6529}] => (Allow) C:\Program Files (x86)\openElement\openElement 1.53 R5\SyncFTP.exe FirewallRules: [{5CC23FE9-C8C6-4BC2-9561-AE530C9EE569}] => (Allow) C:\Program Files (x86)\openElement\openElement 1.53 R5\openElement.exe FirewallRules: [UDP Query User{4EB522FA-BC9C-447C-A1BF-ADB2484893B8}C:\program files (x86)\tc up\totalcmd.exe] => (Allow) C:\program files (x86)\tc up\totalcmd.exe FirewallRules: [TCP Query User{49359715-EDD8-4A3C-9876-10A837E3652D}C:\program files (x86)\tc up\totalcmd.exe] => (Allow) C:\program files (x86)\tc up\totalcmd.exe FirewallRules: [UDP Query User{7371C118-FD2B-4F3C-BEEC-EE81C0047F7E}C:\program files\double commander\doublecmd.exe] => (Allow) C:\program files\double commander\doublecmd.exe FirewallRules: [TCP Query User{15AA3FF2-E72B-4A0E-8A35-BD7182816D7F}C:\program files\double commander\doublecmd.exe] => (Allow) C:\program files\double commander\doublecmd.exe FirewallRules: [{133C932F-F508-4163-9C04-41C752C0F2EE}] => (Allow) C:\Program Files\Zoner\Photo Studio 18\Program32\MediaServer.exe FirewallRules: [{7DF60B68-0440-4952-A02F-436A96283B79}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{DEEC3675-98D1-43D6-8B2D-27E636222DE9}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [TCP Query User{3B1C5B52-64E7-4C04-85AB-F005E98B5295}C:\users\lucca\downloads\portable coreldraw x7\coreldraw x7 17.3 portable.exe] => (Block) %USERPROFILE%\Downloads\PORTABLE CorelDRAW X7\CorelDRAW X7 17.3 Portable.exe FirewallRules: [TCP Query User{F1B5318D-F0CF-4D12-AC62-620E0A851FDF}C:\users\lucca\downloads\portable coreldraw x7\coreldraw x7 17.3 portable.exe] => (Block) C:\users\lucca\downloads\portable coreldraw x7\coreldraw x7 17.3 portable.exe FirewallRules: [UDP Query User{24ED3C53-F8EF-4B46-9B22-7687EBF5CF52}C:\users\lucca\downloads\portable coreldraw x7\coreldraw x7 17.3 portable.exe] => (Block) C:\users\lucca\downloads\portable coreldraw x7\coreldraw x7 17.3 portable.exe FirewallRules: [{00C64ECD-C099-460E-8D37-BB919341FACC}] => (Allow) E:\Program Files\Foxmail 7.2\Foxmail.exe FirewallRules: [{E3454191-CF2B-45AE-800E-521345A29EC0}] => (Allow) E:\Program Files\Foxmail 7.2\Foxmail.exe FirewallRules: [{F4602904-EA43-4099-BC56-B734AD058D4D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{CC1734CD-E3EF-48A9-832B-83DF44C5BE6D}C:\users\lucca\appdata\local\temp\rar$exa0.511\searchtool v1.0.0.5\searchtool.exe] => (Allow) C:\users\lucca\appdata\local\temp\rar$exa0.511\searchtool v1.0.0.5\searchtool.exe FirewallRules: [UDP Query User{6795CF0B-6984-4D29-83D6-366047D0E7E3}C:\users\lucca\appdata\local\temp\rar$exa0.511\searchtool v1.0.0.5\searchtool.exe] => (Allow) C:\users\lucca\appdata\local\temp\rar$exa0.511\searchtool v1.0.0.5\searchtool.exe FirewallRules: [{0B402EB3-D092-4089-ABB4-B2DE2E30D1B6}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [{1C414644-3B2F-4BBD-B3CF-D740F2525EA8}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{85DA6BCD-DD61-4CFC-A18F-E10425C1BEF2}] => (Allow) C:\Windows\System32\rundll32.exe ==================== Punkty Przywracania systemu ========================= UWAGA: Przywracanie systemu jest wyłączone Sprawdź usługę "winmgmt" lub napraw WMI. ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (06/16/2017 07:37:38 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: ShellExperienceHost.exe, wersja: 10.0.14393.447, sygnatura czasowa: 0x5819bf85 Nazwa modułu powodującego błąd: ClockFlyoutExperience.dll, wersja: 10.0.14393.953, sygnatura czasowa: 0x58ba5cc3 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x0000000000016af3 Identyfikator procesu powodującego błąd: 0x1d10 Godzina uruchomienia aplikacji powodującej błąd: 0x01d2e662a9b129a6 Ścieżka aplikacji powodującej błąd: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Ścieżka modułu powodującego błąd: C:\Windows\ShellExperiences\ClockFlyoutExperience.dll Identyfikator raportu: d7d9af74-091f-4aac-93a9-42d5c8369658 Pełna nazwa pakietu powodującego błąd: Microsoft.Windows.ShellExperienceHost_10.0.14393.1198_neutral_neutral_cw5n1h2txyewy Identyfikator aplikacji względem pakietu powodującego błąd: App Error: (06/16/2017 07:37:38 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: LUCCA-ASUS) Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy5 Error: (06/16/2017 07:37:36 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: LUCCA-ASUS) Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy5 Error: (06/16/2017 07:37:36 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: ShellExperienceHost.exe, wersja: 10.0.14393.447, sygnatura czasowa: 0x5819bf85 Nazwa modułu powodującego błąd: ClockFlyoutExperience.dll, wersja: 10.0.14393.953, sygnatura czasowa: 0x58ba5cc3 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x0000000000016af3 Identyfikator procesu powodującego błąd: 0x1858 Godzina uruchomienia aplikacji powodującej błąd: 0x01d2e662a87b08c6 Ścieżka aplikacji powodującej błąd: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Ścieżka modułu powodującego błąd: C:\Windows\ShellExperiences\ClockFlyoutExperience.dll Identyfikator raportu: cd99779f-01d5-43e5-b872-49f948f61d7b Pełna nazwa pakietu powodującego błąd: Microsoft.Windows.ShellExperienceHost_10.0.14393.1198_neutral_neutral_cw5n1h2txyewy Identyfikator aplikacji względem pakietu powodującego błąd: App Error: (06/16/2017 07:37:34 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: LUCCA-ASUS) Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy5 Error: (06/16/2017 07:37:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: ShellExperienceHost.exe, wersja: 10.0.14393.447, sygnatura czasowa: 0x5819bf85 Nazwa modułu powodującego błąd: ClockFlyoutExperience.dll, wersja: 10.0.14393.953, sygnatura czasowa: 0x58ba5cc3 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x0000000000016af3 Identyfikator procesu powodującego błąd: 0x11e4 Godzina uruchomienia aplikacji powodującej błąd: 0x01d2e6617e270e3f Ścieżka aplikacji powodującej błąd: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Ścieżka modułu powodującego błąd: C:\Windows\ShellExperiences\ClockFlyoutExperience.dll Identyfikator raportu: a4eaf7a9-0efa-4fd7-8430-b3b597fab72b Pełna nazwa pakietu powodującego błąd: Microsoft.Windows.ShellExperienceHost_10.0.14393.1198_neutral_neutral_cw5n1h2txyewy Identyfikator aplikacji względem pakietu powodującego błąd: App Error: (06/16/2017 07:24:22 AM) (Source: MySQL) (EventID: 100) (User: ) Description: Plugin keyring_file reported: 'keyring_file initialization failure. Please check if the keyring_file_data points to readable keyring file or keyring file can be created in the specified location. The keyring_file will stay unusable until correct path to the keyring file gets provided'For more information, see Help and Support Center at http://www.mysql.com. Error: (06/16/2017 07:24:22 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 8317) (User: ) Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'. SQL Server performance counters are disabled. Error: (06/16/2017 07:22:33 AM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Nie można zainicjować indeksu. Szczegóły: Odmowa dostępu. (HRESULT : 0x80070005) (0x80070005) Error: (06/16/2017 07:22:33 AM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Nie można zainicjować aplikacji. Kontekst: aplikacja Windows Szczegóły: Odmowa dostępu. (HRESULT : 0x80070005) (0x80070005) Dziennik System: ============= Error: (06/16/2017 07:39:20 AM) (Source: cdrom) (EventID: 7) (User: ) Description: W urządzeniu \Device\CdRom0 wystąpił zły blok. Error: (06/16/2017 07:39:13 AM) (Source: cdrom) (EventID: 7) (User: ) Description: W urządzeniu \Device\CdRom0 wystąpił zły blok. Error: (06/16/2017 07:39:01 AM) (Source: cdrom) (EventID: 7) (User: ) Description: W urządzeniu \Device\CdRom0 wystąpił zły blok. Error: (06/16/2017 07:38:51 AM) (Source: cdrom) (EventID: 7) (User: ) Description: W urządzeniu \Device\CdRom0 wystąpił zły blok. Error: (06/16/2017 07:38:44 AM) (Source: cdrom) (EventID: 7) (User: ) Description: W urządzeniu \Device\CdRom0 wystąpił zły blok. Error: (06/16/2017 07:38:37 AM) (Source: cdrom) (EventID: 7) (User: ) Description: W urządzeniu \Device\CdRom0 wystąpił zły blok. Error: (06/16/2017 07:38:26 AM) (Source: cdrom) (EventID: 7) (User: ) Description: W urządzeniu \Device\CdRom0 wystąpił zły blok. Error: (06/16/2017 07:38:19 AM) (Source: cdrom) (EventID: 7) (User: ) Description: W urządzeniu \Device\CdRom0 wystąpił zły blok. Error: (06/16/2017 07:38:11 AM) (Source: cdrom) (EventID: 7) (User: ) Description: W urządzeniu \Device\CdRom0 wystąpił zły blok. Error: (06/16/2017 07:38:04 AM) (Source: cdrom) (EventID: 7) (User: ) Description: W urządzeniu \Device\CdRom0 wystąpił zły blok. CodeIntegrity: =================================== Date: 2017-06-15 20:29:20.947 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-06-15 20:29:20.946 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-06-15 20:28:47.545 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-06-15 20:28:47.543 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-06-14 11:22:13.559 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-12 10:34:54.787 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-10 22:37:40.118 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-09 10:31:21.787 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-08 15:02:59.921 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-07 11:01:05.201 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz Procent pamięci w użyciu: 53% Całkowita pamięć fizyczna: 3944.5 MB Dostępna pamięć fizyczna: 1842.54 MB Całkowita pamięć wirtualna: 3944.5 MB Dostępna pamięć wirtualna: 1540.68 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:83.5 GB) (Free:35.28 GB) NTFS Drive d: (EOS_DIGITAL) (Removable) (Total:7.39 GB) (Free:3.37 GB) FAT32 Drive e: (DANE) (Fixed) (Total:381.78 GB) (Free:282.84 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 08EEA4E6) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=83.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=381.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000) Partition: GPT. ==================== Koniec Addition.txt ============================