Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 21-10-2017 Uruchomiony przez admin (22-10-2017 12:47:31) Uruchomiony z C:\Users\admin\Desktop\download Windows 10 Pro Wersja 1703 15063.674 (X64) (2017-05-10 15:53:26) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= admin (S-1-5-21-1360549727-2693629194-3738010788-1000 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-1360549727-2693629194-3738010788-500 - Administrator - Disabled) Gość (S-1-5-21-1360549727-2693629194-3738010788-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1360549727-2693629194-3738010788-1003 - Limited - Enabled) Konto domyślne (S-1-5-21-1360549727-2693629194-3738010788-503 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 7-Zip 16.04 (HKLM-x32\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) Adobe Photoshop 7.0 CE (HKLM-x32\...\Adobe Photoshop 7.0 CE) (Version: 7.0 CE - Adobe Systems, Inc.) Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{8DF1EF50-AEB6-902C-F68C-4683C45784E6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks) AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 2.6.0 - philandro Software GmbH) Asystent uaktualnienia do systemu Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation) Avast Pro Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software) Bejeweled 3 (HKLM-x32\...\Bejeweled 31.0.8.6128) (Version: 1.0.8.6128 - Popcap Games) CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DRUKI Gofin 3.1.6.0 (HKLM-x32\...\{4524A16A-77DB-4573-AA94-E83034F98541}) (Version: 3.1.6.0 - Wydawnictwo Podatkowe GOFIN sp. z o.o.) Enigmatis: Duchy Maple Creek. Edycja kolekcjonerska (HKLM-x32\...\Enigmatis: Duchy Maple Creek. Edycja kolekcjonerska) (Version: 1.0.0.0 - Alawar Entertainment Inc.) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-600 Series Printer Uninstall (HKLM\...\EPSON XP-600 Series) (Version: - SEIKO EPSON Corporation) Galeria fotografii (HKLM-x32\...\{77655DF6-A143-4A25-A5F8-127C8CE63EDA}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden gBurner (HKLM-x32\...\gBurner) (Version: 3.5 - Power Software Ltd) GG (HKU\S-1-5-21-1360549727-2693629194-3738010788-1000\...\GG) (Version: 12 - GG Network S.A.) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Photos Backup (HKU\S-1-5-21-1360549727-2693629194-3738010788-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd) HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation) HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.86.4 - HTC) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) K-Lite Codec Pack 11.0.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.0 - ) Komunikator WTW (HKLM\...\{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}) (Version: 0.8.0.1954 - K2T.eu) Malwarebytes Anti-Malware wersja 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden Microsoft Image Composite Editor (HKLM\...\{4ACA6F0A-97D9-4CD0-9F66-2CFB30A97E3C}) (Version: 1.3.5 - Microsoft Corporation) Microsoft Office 2013 dla Użytkowników Domowych i Małych Firm - pl-pl (HKLM\...\HomeBusinessRetail - pl-pl) (Version: 15.0.4753.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1360549727-2693629194-3738010788-1000\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{DAE8CC57-EBF5-4D46-8572-9A0C769D6F16}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) Odkurzacz (HKLM-x32\...\Odkurzacz 14.0_is1) (Version: 14.0.0.4000 - FranmoSoftware - Maciej Opaliński) Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0415-0000-0000000FF1CE}) (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Podstawowe programy Windows Live (HKLM-x32\...\{8FFD72FC-4FFA-472D-9F76-AEC85F602F9D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Polska lokalizacja Adobe Lightroom 3.4 (HKU\S-1-5-21-1360549727-2693629194-3738010788-1000\...\Polska lokalizacja Adobe Lightroom 3.4) (Version: - ) Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) polskiej lokalizacja dla Adobe Lightroom 5.x (HKU\S-1-5-21-1360549727-2693629194-3738010788-1000\...\polskiej lokalizacja dla Adobe Lightroom 5.x) (Version: - ) Real Alternative 1.9.0 Lite (HKLM-x32\...\RealAlt_is1) (Version: 1.9.0 - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.) Smart Organizing Monitor (HKLM-x32\...\{AD66DDE3-33AC-4F26-9EC6-A37454423C4F}) (Version: 1.00.0000 - RICOH) WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-1360549727-2693629194-3738010788-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1360549727-2693629194-3738010788-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\admin\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) CustomCLSID: HKU\S-1-5-21-1360549727-2693629194-3738010788-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-04] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-04] (AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-04] (AVAST Software) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-04] (AVAST Software) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.) ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-04] (AVAST Software) ContextMenuHandlers5_S-1-5-21-1360549727-2693629194-3738010788-1000: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Users\admin\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll [2014-03-20] (GG Network S.A.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {0D23772D-05BA-474E-AE79-1A8C76F80046} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {14B04B29-AA54-4754-ACBA-C934F5E1D459} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {176341CB-5E94-42AB-A688-D761BF1E25B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation) Task: {18C131BD-F74A-415B-AE6D-7F5A0AB7CF9C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1D5D0CC9-55A3-4EE1-A32B-BF0DC0E81732} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1EE1B877-32B5-49D4-A1C4-D7E6E6D61692} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1F3E6948-0709-411C-80FE-0849B23F52C8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {2148EF6C-115B-4CB8-846D-09C0581CB4A4} - System32\Tasks\{F0FC67F6-35B5-4CCA-89DE-074C054B1EFE} => C:\Windows\system32\pcalua.exe -a "C:\Users\admin\Desktop\download\Nowy folder (2)\Peggle Installer.exe" -d "C:\Users\admin\Desktop\download\Nowy folder (2)" Task: {29B857BB-0687-479D-B269-05C011B6CA0D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {307C0253-B45F-41BB-9E9F-19EFB4E6B86E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {323CA827-AA31-42D5-8217-BC2F6ECA3215} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3A6844EB-3117-4E85-9288-02040EFC2962} - System32\Tasks\{8F6E2164-9205-4BBF-BB2B-62BCDB4B5FE9} => C:\Windows\system32\pcalua.exe -a "C:\Users\admin\Desktop\Adobe\Photoshop Lightroom 5.3\Install Lightroom 5.exe" -d "C:\Users\admin\Desktop\Adobe\Photoshop Lightroom 5.3" Task: {6524B585-4CEE-4FE3-9033-BB8FFE22591F} - System32\Tasks\Odkurzacz => C:\Program Files (x86)\Odkurzacz\odkurzacz.exe [2016-04-20] (FranmoSoftware) Task: {85BC9BE0-1F50-4758-98F9-E720B815AFB4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-04] (AVAST Software) Task: {90532DDA-AC29-46E4-B4C9-2BA4C7FAEF00} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {98DC4499-42A4-4CE0-90F2-4CDDAD078AE4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9967C169-4899-4451-9C4C-67221AB3063D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {9A1FBCFD-8CCC-4C3D-9EB0-0C865B2117C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1360549727-2693629194-3738010788-1000Core => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-16] (Google Inc.) Task: {9A98F338-28F6-4AD7-9762-7689A9FD6113} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd) Task: {A1CC1E8E-0BF3-418F-848B-7EF0B5610795} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {A27957BD-8968-4597-B515-BEC34244D4A0} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {A4C85EA6-8F56-4384-A38D-B3C2B15A202E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1360549727-2693629194-3738010788-1000UA => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-16] (Google Inc.) Task: {A7ACFD67-47C1-42FA-B411-6953ACD50D3B} - System32\Tasks\{1EC3E2FA-8A67-4D43-B097-251564FA95ED} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\thriXXX\3D SexVilla\3D_SexVilla_v25_Crack.exe" -d "C:\Program Files (x86)\thriXXX\3D SexVilla" Task: {B777BE63-9261-46BC-8B27-D1337DE1C8E9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {B9E73AC8-BB4B-4832-B84D-9C6634F786E4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {C3961610-B3DD-4481-9596-52480FB09A61} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {C63A955B-C748-4333-8885-669B3DDE3BF5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C697978A-551E-47A7-BF38-BE04A50F2F77} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {C831C5C9-D74E-4F96-97F0-FE651246DD2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-06] (Google Inc.) Task: {D04504A8-72B8-4CCB-8299-7BAFC1B9B54F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {EADD3B24-45A3-4B42-B943-FA0933E09681} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {EC621D38-5B87-4F6F-9AD5-99F7F42957C8} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {ED5E07DF-5F4E-4C60-A239-848CC0EA5FF5} - System32\Tasks\S-1-5-21-1360549727-2693629194-3738010788-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation) Task: {F07C68BB-6F4A-4754-93C7-91A632BBB798} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation) Task: {F20D501F-D26D-4FA7-8BA7-CD8E729D4892} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {FA1326BE-5B41-40D8-891B-FC8867BE154D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-14] (Adobe Systems Incorporated) Task: {FE4C18C8-0194-4C1C-B806-0399FA2A231D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {FF644432-36D8-4862-AE45-14D01F19BE56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-14] (Adobe Systems Incorporated) Task: {FF6FC5B9-CB40-481F-A16D-EE90D16334CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-06] (Google Inc.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Forum.lnk -> hxxp://forum.k2t.eu Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Zgłoś błąd.lnk -> hxxp://bugtraq.k2t.eu Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Zgłoś propozycję.lnk -> hxxp://bugtraq.k2t.eu ==================== Załadowane moduły (filtrowane) ============== 2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-07-26 09:58 - 2017-07-26 09:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe 2015-11-04 16:43 - 2015-11-04 16:43 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 000817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2013-10-17 15:27 - 2013-10-17 15:27 - 000166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2015-08-06 19:34 - 2014-05-20 09:19 - 000105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2017-03-18 22:59 - 2017-03-20 05:59 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-08-23 14:00 - 2017-08-23 14:00 - 000821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe 2017-08-23 14:42 - 2017-08-23 14:43 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-08-23 14:42 - 2017-08-23 14:43 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-08-23 14:42 - 2017-08-23 14:43 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-08-23 14:42 - 2017-08-23 14:43 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll 2017-10-04 16:07 - 2017-10-04 16:07 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll 2017-08-29 14:04 - 2017-08-23 10:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll 2017-08-29 14:04 - 2017-08-23 10:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll 2016-10-21 09:07 - 2016-10-21 09:07 - 000030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll 2017-08-23 14:00 - 2017-08-23 14:00 - 000607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll 2016-10-21 09:07 - 2016-10-21 09:07 - 000059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll 2016-10-21 09:07 - 2016-10-21 09:07 - 000035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll 2016-10-21 09:07 - 2016-10-21 09:07 - 000079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll 2016-10-21 09:08 - 2016-10-21 09:08 - 000129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll 2016-10-21 09:09 - 2016-10-21 09:09 - 000223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll 2017-10-04 16:07 - 2017-10-04 16:07 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-10-04 16:07 - 2017-10-04 16:07 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll 2017-07-11 15:48 - 2017-07-11 15:48 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-10-04 16:07 - 2017-10-04 16:07 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-10-04 16:07 - 2017-10-04 16:07 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2017-10-04 16:07 - 2017-10-04 16:07 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2017-10-04 16:07 - 2017-10-04 16:07 - 000700656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: ========================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2017-03-13 12:09 - 2017-03-13 12:09 - 000514744 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 fr.a2dfp.net 0.0.0.0 m.fr.a2dfp.net 0.0.0.0 mfr.a2dfp.net 0.0.0.0 ad.a8.net 0.0.0.0 asy.a8ww.net 0.0.0.0 static.a-ads.com 0.0.0.0 abcstats.com 0.0.0.0 ad4.abradio.cz 0.0.0.0 a.abv.bg 0.0.0.0 adserver.abv.bg 0.0.0.0 adv.abv.bg 0.0.0.0 bimg.abv.bg 0.0.0.0 ca.abv.bg 0.0.0.0 www2.a-counter.kiev.ua 0.0.0.0 track.acclaimnetwork.com 0.0.0.0 accuserveadsystem.com 0.0.0.0 www.accuserveadsystem.com 0.0.0.0 achmedia.com 0.0.0.0 csh.actiondesk.com 0.0.0.0 ads.activepower.net 0.0.0.0 app.activetrail.com 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie] 0.0.0.0 traffic.acwebconnecting.com 0.0.0.0 office.ad1.ru 0.0.0.0 cms.ad2click.nl 0.0.0.0 ad2games.com 0.0.0.0 ads.ad2games.com 0.0.0.0 content.ad20.net 0.0.0.0 core.ad20.net Wykryto więcej niż wyliczono: 13684 linii. ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-1360549727-2693629194-3738010788-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Tapeta z Galerii fotografii.jpg DNS Servers: 194.204.159.1 - 194.204.152.34 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AnyDesk => 2 MSCONFIG\Services: EpsonScanSvc => 3 MSCONFIG\Services: EPSON_PM_RPCV4_04 => 2 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: MBAMService => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AnyDesk.lnk => C:\Windows\pss\AnyDesk.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wysyłanie do programu OneNote.lnk => C:\Windows\pss\Wysyłanie do programu OneNote.lnk.Startup MSCONFIG\startupreg: AppEx Accelerator UI => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_Plugin.exe -update plugin MSCONFIG\startupreg: GG => "C:\Users\admin\AppData\Local\GG\Application\gghub.exe" MSCONFIG\startupreg: Google Update => C:\Users\admin\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe" MSCONFIG\startupreg: OneDrive => "C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk" HKU\S-1-5-21-1360549727-2693629194-3738010788-1000\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{2E7E5C64-B619-40EF-B58D-407124F43949}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe FirewallRules: [{5F35BD71-AB0A-4AE0-B72D-BA7F1B5CD770}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe FirewallRules: [{137C0C2C-C5A3-4722-AC8C-18745D6C98D4}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe FirewallRules: [{60C8B564-CB92-48D1-8101-3CC1166371DC}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe FirewallRules: [{828E20A2-904F-40FE-8BFB-FE30947AB43A}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe FirewallRules: [{9D8927CD-B6F2-465F-B2C7-F98250089D55}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe FirewallRules: [{CD735093-8EB5-4FD0-91D2-4D738E65B53D}] => (Allow) LPort=1900 FirewallRules: [{56837EA0-1890-404D-BFF6-B82BE56B1289}] => (Allow) LPort=2869 FirewallRules: [{91182B71-55A5-4D0B-9A7D-4C31B0BE03B9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{DDAA5BAA-DCB8-470E-B729-4E08B62412B0}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe FirewallRules: [{903E9A98-774F-45AE-B7C4-E5A77B63D4E0}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe FirewallRules: [{5CD17F65-A8CC-4117-AB7A-A12005BBAC64}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe FirewallRules: [{2FD2BB8B-CEB1-477C-A737-ADEF9A5CCBFC}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe FirewallRules: [{8C0EF1B3-FBE4-45D0-B1F8-8BD6324D4B96}] => (Allow) C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{A2DFB4EE-0A8A-45E5-B45E-3FEE0B5D95DD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{7A6337DE-9C68-492E-8C55-334D976D9A86}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe FirewallRules: [{6F5F7DF5-DF7D-44C5-8632-820EC31520DE}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe FirewallRules: [{542E497A-C886-44AB-8166-C07880C6AC6A}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe FirewallRules: [{1DC1107F-06BD-4FAF-A80A-C879E4B85F41}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{86C43CD3-6E00-44FF-BA44-E3EB563C700E}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe ==================== Punkty Przywracania systemu ========================= 16-10-2017 09:35:23 Zaplanowany punkt kontrolny ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Dziennik System: ============= Error: (10/22/2017 12:40:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi atksgt z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (10/22/2017 12:39:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa NetTcpActivator zależy od usługi NetTcpPortSharing, której nie można uruchomić z powodu następującego błędu: Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia. Error: (10/22/2017 12:39:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi CldFlt z powodu następującego błędu: Żądanie nie jest obsługiwane. Error: (10/22/2017 12:38:37 PM) (Source: DCOM) (EventID: 10010) (User: admin-Komputer) Description: Serwer {9BA05972-F6A8-11CF-A442-00A0C90A8F39} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (10/22/2017 12:38:36 PM) (Source: DCOM) (EventID: 10010) (User: admin-Komputer) Description: Serwer {9BA05972-F6A8-11CF-A442-00A0C90A8F39} nie zarejestrował się w modelu DCOM w wymaganym czasie. CodeIntegrity: =================================== Date: 2017-10-22 12:40:11.928 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: AMD A10-5800K APU with Radeon(tm) HD Graphics Procent pamięci w użyciu: 32% Całkowita pamięć fizyczna: 7371.11 MB Dostępna pamięć fizyczna: 4997.98 MB Całkowita pamięć wirtualna: 14795.11 MB Dostępna pamięć wirtualna: 12285.54 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:149.72 GB) (Free:24.69 GB) NTFS Drive d: () (Fixed) (Total:781.25 GB) (Free:411.7 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F53373B5) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=454 MB) - (Type=27) Partition 4: (Not Active) - (Size=781.2 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================