Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 21.01.2018 Uruchomiony przez tomek (25-01-2018 16:19:18) Uruchomiony z C:\Users\tomek\Downloads\FRST + EDYTOR Windows 7 Professional Service Pack 1 (X64) (2017-08-09 02:42:45) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2387200897-3327319887-1750219088-500 - Administrator - Disabled) Gość (S-1-5-21-2387200897-3327319887-1750219088-501 - Limited - Disabled) tomek (S-1-5-21-2387200897-3327319887-1750219088-1000 - Administrator - Enabled) => C:\Users\tomek ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: ESET NOD32 Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET NOD32 Antivirus (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Reader XI - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated) Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.1.21.2 - Dell) Dell Wireless HSPA Mini-Card Drivers (HKLM-x32\...\{9D583F01-A973-4B04-90BD-FB7886779090}) (Version: 6.1.26.6 - Dell) ESET Security (HKLM\...\{8B35CE46-1F7C-4B22-815E-AB6DC63EE3AB}) (Version: 11.0.149.0 - ESET, spol. s r.o.) Free MP3 Ringtone Maker 2.4 (HKLM-x32\...\Free MP3 Ringtone Maker_is1) (Version: - musetips.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation) LOGO! Soft Comfort v7 (HKLM\...\{A3A6206D-E6CD-4F97-B664-7D785315541E}) (Version: 7.0.30 - Siemens) Malwarebytes (wersja 3.3.1.2183) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) PKZIP Server for Windows 12.40.0008 (HKLM-x32\...\{134A51EB-1BBB-4249-BAF5-494C3D186A06}) (Version: 12.40.0008 - PKWARE, Inc) SIMATIC Device Drivers (HKLM\...\{CCC01ADD-3A54-15D6-92A8-00A0245B3AC6}) (Version: 01.00.0000 - Siemens AG) Hidden SIMATIC S7-PCT (HKLM-x32\...\{D596A641-C584-4667-8802-50FE80241A2E}) (Version: 02.02.0000 - Siemens AG) Hidden Total Uninstall 6 wersja 6.20.0 (HKLM\...\Total Uninstall 6_is1) (Version: 6.20.0 - ) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Phone app for desktop (HKLM-x32\...\{99759E36-8961-43DC-A7E6-4601D6AEF166}) (Version: 1.1.2726.0 - Microsoft Corporation) WinRAR 5.40 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-27] (ESET) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-09-19] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-09-19] (Alexander Roshal) ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2014-09-06] (Alcohol Soft Development Team) ContextMenuHandlers2-x32: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2014-09-06] (Alcohol Soft Development Team) ContextMenuHandlers2-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-27] (ESET) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-02-01] (Intel Corporation) ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-27] (ESET) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-09-19] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-09-19] (Alexander Roshal) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {35325DB0-F885-446D-9FFA-D6A691D2A992} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\SlySoft\CloneCD\ExecuteWithUAC.exe Task: {6B45412D-212C-4141-B929-8DAA91D44DE4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-10] (Google Inc.) Task: {9BA5EAE0-E5E3-4C82-95D7-1B49E93B52CF} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-08-03] () Task: {BA687127-4058-4C9D-8B9C-49B44A216B0D} - System32\Tasks\{8F89416F-8E49-4332-BD10-4E156F568100} => C:\Windows\system32\pcalua.exe -a E:\SETUP.EXE -d E:\ Task: {CB70D577-FB79-4E8E-AE92-37C36B99C309} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-10] (Google Inc.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2010-01-30 01:40 - 2010-01-30 01:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2017-08-24 11:06 - 2017-08-24 11:05 - 000008192 _____ () C:\Windows\SysWOW64\srvany.exe 2017-08-24 11:06 - 2017-08-24 11:05 - 000151552 _____ () C:\Windows\KMService.exe 2017-08-08 07:44 - 2018-01-25 16:01 - 000017920 _____ () C:\Windows\System32\rpcnetp.exe 2011-06-14 18:24 - 2011-06-14 18:24 - 000824320 _____ () C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\sn_regbase.dll 2018-01-09 15:03 - 2018-01-03 10:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll 2018-01-09 15:03 - 2018-01-03 10:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll 2018-01-25 16:08 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-01-25 16:08 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-08-08 08:14 - 2010-02-17 11:20 - 000065576 ____R () C:\Program Files (x86)\Dell\Dell WWAN\WMCore\MBMDebug.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-2387200897-3327319887-1750219088-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\tomek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\startupreg: ALLPlayer WiFi Remote => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe MSCONFIG\startupreg: ALLUpdate => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s MSCONFIG\startupreg: Napisy24Update => "C:\Program Files (x86)\Napisy24\Napisy24Update.exe" "sleep" MSCONFIG\startupreg: S7UB Start => "C:\Program Files (x86)\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{A4103F50-A249-4600-BE20-1B1BB04F39BB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{1B4F9C89-6DC7-4561-8FE9-4DDA14A2292B}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [TCP Query User{A6CBB1C6-857C-4C91-A7F1-042CFD663F0B}C:\users\tomek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tomek\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{4546561F-D6EF-487D-B6A6-AD3315BA3793}C:\users\tomek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tomek\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{17FFAB34-5E25-4832-8276-5EFA178D4615}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [UDP Query User{F4A36590-9920-4CE5-98CE-D24A69B3EB07}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [{AC63F80E-6AEE-4DDA-B301-AE311B793892}] => (Block) C:\Program Files\Total Uninstall 6\TU.exe FirewallRules: [{2D936C71-CF04-49E5-B285-8C670F509B01}] => (Block) C:\Program Files\Total Uninstall 6\TuAgent.exe FirewallRules: [{8B2B9B8B-7125-452A-B8A7-5D8102402019}] => (Allow) C:\Program Files (x86)\Common Files\Siemens\SQLANY\Dbsrv9.exe FirewallRules: [{EE20E73A-94BD-4F8F-B450-04AF3FBE5CEF}] => (Allow) C:\Program Files (x86)\Common Files\Siemens\SQLANY\Dbeng9.exe FirewallRules: [{136ACF65-350B-4803-9BCE-CB9FB7092790}] => (Allow) C:\Windows\system32\S7otbxsx.exe FirewallRules: [TCP Query User{31294937-3ED3-4102-AB11-83A0F994E9BF}C:\users\tomek\appdata\local\dmp services\delta media player\dmplayer.exe] => (Allow) C:\users\tomek\appdata\local\dmp services\delta media player\dmplayer.exe FirewallRules: [UDP Query User{761ECB1A-FE62-46C8-AA77-CA327CC0AD48}C:\users\tomek\appdata\local\dmp services\delta media player\dmplayer.exe] => (Allow) C:\users\tomek\appdata\local\dmp services\delta media player\dmplayer.exe FirewallRules: [{FF5B8698-4602-49AD-B16C-2B1A5D71C27E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= 23-01-2018 14:47:44 Zaplanowany punkt kontrolny 24-01-2018 16:18:28 Odinstalowano za pomocą Total Uinstall "" 24-01-2018 16:20:38 Odinstalowano za pomocą Total Uinstall "" 24-01-2018 16:21:58 Odinstalowano za pomocą Total Uinstall "" 24-01-2018 16:44:14 Removed LEGO® Harry Potter™: Years 5-7 25-01-2018 10:57:15 Removed Oracle VM VirtualBox 5.1.26 25-01-2018 15:57:24 Restore Point Created by FRST ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (01/25/2018 04:02:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Dziennik System: ============= Error: (01/25/2018 04:01:24 PM) (Source: sptd) (EventID: 4) (User: ) Description: Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla . Error: (01/25/2018 04:01:24 PM) (Source: sptd) (EventID: 4) (User: ) Description: Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla . Error: (01/25/2018 04:01:24 PM) (Source: sptd) (EventID: 4) (User: ) Description: Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla . Error: (01/25/2018 04:01:24 PM) (Source: sptd) (EventID: 4) (User: ) Description: Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla . ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz Procent pamięci w użyciu: 49% Całkowita pamięć fizyczna: 3893.83 MB Dostępna pamięć fizyczna: 1953.63 MB Całkowita pamięć wirtualna: 7785.83 MB Dostępna pamięć wirtualna: 5743.31 MB ==================== Dyski ================================ Drive c: (Windows) (Fixed) (Total:244.04 GB) (Free:189.41 GB) NTFS Drive t: (Tomek) (Fixed) (Total:215.44 GB) (Free:196.67 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EBD456BE) Partition 1: (Active) - (Size=6.3 GB) - (Type=27) Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=215.4 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================