Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:07-11-2015 Uruchomiony przez nostra (2015-11-11 03:53:53) Uruchomiony z E:\Pobrane\frst Windows 7 Professional Service Pack 1 (X64) (2013-07-14 19:12:54) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-612798577-3822474249-2596022128-500 - Administrator - Disabled) Gość (S-1-5-21-612798577-3822474249-2596022128-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-612798577-3822474249-2596022128-1002 - Limited - Enabled) nostra (S-1-5-21-612798577-3822474249-2596022128-1000 - Administrator - Enabled) => C:\Users\nostra ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: ESET Smart Security 6.0 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1} AS: ESET Smart Security 6.0 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Zapora osobista ESET (Disabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-612798577-3822474249-2596022128-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.) ACDSee Pro 3 (HKLM-x32\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.386 - ACD Systems International Inc.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) ALLMediaServer (HKLM-x32\...\{FE77909E-B782-4554-A92A-4D887CEF0ACC}_is1) (Version: 0.95 - ALLCinema Ltd.) ALLPlayer V5.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLCinema Ltd.) AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Any Video Converter 5.5.3 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden ESET Smart Security (HKLM\...\{012016C8-FD5C-4C14-801D-98A5F0363098}) (Version: 6.0.316.1 - ESET, spol s r. o.) Fan Xpert (HKLM-x32\...\{62C6F05A-5E4B-40C6-AD5A-B773A1A5624B}) (Version: 1.00.13 - ASUSTeK) Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.13.0 - Androxyde) Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden GG (HKU\S-1-5-21-612798577-3822474249-2596022128-1000\...\GG) (Version: 11 - GG Network S.A.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.) Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.) Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) ISO Recorder (HKLM\...\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}) (Version: 3.1.0 - Alex Feinman) ISO Recorder (HKLM-x32\...\{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}) (Version: 3.0.0 - Alex Feinman) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden K-Lite Mega Codec Pack 11.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.0 - ) Malwarebytes Anti-Malware wersja 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-612798577-3822474249-2596022128-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 35.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 pl)) (Version: 35.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla) ophcrack 3.6.0 (HKLM-x32\...\ophcrack) (Version: 3.6.0 - OS Objectif Sécurité SA) Pillars of Eternity - The White March - Part 1 (HKLM-x32\...\Pillars of Eternity: The White March - Part 1_is1) (Version: 2.0.0.9 - GOG.com) Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.4.0.9 - GOG.com) Poczta usługi Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) RAR Password Recovery v1.1 RC17 (remove only) (HKLM-x32\...\Intelore - RAR Password Recovery) (Version: - ) Real Alternative 1.8.0 (HKLM-x32\...\RealAlt_is1) (Version: 1.8.0 - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.) RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software) Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.) SnapPea (HKLM-x32\...\Wandoujia2) (Version: - Wandou Labs) Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.14.201510090937 - Sony Mobile Communications Inc.) Sony PC Companion 2.10.289 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.289 - Sony) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) SpyHunter (HKLM-x32\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stereoscopic Player (HKLM-x32\...\{0B67DFA8-E3F5-4E1A-893E-526F9F4EFBAE}) (Version: 2.1.4 - 3dtv.at) Toddler Keys (HKLM-x32\...\{7339E7E7-FB6A-46EC-8303-D31E655EF617}) (Version: 00.97.0000 - none) UltraISO Premium V9.61 (HKLM-x32\...\UltraISO_is1) (Version: - ) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes) WinRAR 5.00 beta 7 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.7 - win.rar GmbH) YouWave for Android (HKLM-x32\...\YouWave) (Version: - ) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-612798577-3822474249-2596022128-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\nostra\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) ==================== Punkty Przywracania systemu ========================= 11-11-2015 03:41:35 SPTD setup V1.87 ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:34 - 2015-11-11 03:46 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {018DA328-B5CC-4D7B-B0A5-91B2AC990113} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2011-05-27] (Enigma Software Group USA, LLC.) Task: {095AE438-701D-42ED-BB75-F58D51C4F555} - System32\Tasks\{12F4263F-55F3-42DA-9E90-A62938227B3B} => E:\Torrenty\Ukończone\epc opel 2009\Alcohol_120_1.9.8.7530\Alcohol120_retail_1.9.8.7530.exe Task: {100324CD-F816-4D7F-916E-B02AAD4361EC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {176C8071-AACE-48D8-9475-82C2058A71C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-18] (Adobe Systems Incorporated) Task: {1C588E06-9820-4ADC-A334-6BCAC4EA9420} - System32\Tasks\{1438124C-7BCF-4FF7-843C-2EA448D73A34} => pcalua.exe -a "E:\Torrenty\Ukończone\PROGRAMY\ACDSee\ACDSee\ACDSee\sPoLszczenie ACDSee Pro 3.0.475.PAWJ-ShK.exe" -d E:\Torrenty\Ukończone\PROGRAMY\ACDSee\ACDSee\ACDSee Task: {1EFC9D87-5FD1-49D1-A4D0-72061EAEC302} - System32\Tasks\EDWdrvBC7nxHAK6nkILwXTK => C:\Users\nostra\AppData\Roaming\EDWdrvBC7nxHAK6nkILwXTK.exe <==== UWAGA Task: {20A22F3B-5DA8-4DAA-999B-69D77C2B8167} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET Smart Security 6.0\upgrade.exe [2015-08-10] (ESET) Task: {24013FEA-BC3D-4A89-B666-8B1F65D60F39} - System32\Tasks\{D456FA87-8349-4611-A028-B384936FEE7F} => H:\setup.exe Task: {40C5AEE9-BC4D-4F04-9E59-B4B7BE41384D} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6dcad8a98cfd => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.) Task: {4A0E5B4B-7D45-41CE-B4D3-16E38A958AE7} - System32\Tasks\{FEBACA02-ADF1-4A19-A21C-7162D0E89545} => pcalua.exe -a E:\Pobrane\mp210swin101ea24.exe -d E:\Pobrane Task: {5F445052-B07D-453A-BB79-59B99D819B24} - System32\Tasks\RNfYTxh => C:\Users\nostra\AppData\Roaming\RNfYTxh.exe <==== UWAGA Task: {70B44171-B880-4C28-A299-7CA05E5115C8} - System32\Tasks\{A918531F-9FE0-4549-9DC3-0572FE17AE98} => E:\Torrenty\Ukończone\epc opel 2009\Alcohol_120_1.9.8.7530\Alcohol120_retail_1.9.8.7530.exe Task: {73FAB1C7-2B0D-436A-A132-E8FFB9B6F262} - System32\Tasks\{FED5604B-CFD8-4B18-BE13-6D55F2AD97A2} => pcalua.exe -a E:\Pobrane\mp210swin64101ea24.exe -d E:\Pobrane Task: {99EEEDEC-1B9F-4774-BB49-95569C1EB399} - System32\Tasks\{19F33986-5307-44AD-A2BD-6F6D8189439B} => pcalua.exe -a H:\setup.exe -d H:\ -c /autorun Task: {9CC011FA-37A5-4654-8B31-BA4FD6A09368} - System32\Tasks\{F736E8F6-0B04-4201-ABBD-564C95F95AA7} => pcalua.exe -a E:\Pobrane\samurize_1.64.3_2.exe -d E:\Pobrane Task: {B55606C1-03E2-4028-9D36-77B3D3493FF9} - System32\Tasks\{4A4037BE-58CF-4E23-8906-A65889D19609} => E:\Torrenty\Ukończone\epc opel 2009\Alcohol_120_1.9.8.7530\Alcohol120_retail_1.9.8.7530.exe Task: {D1021059-0694-4F07-B63D-792C908C85F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.) Task: {D3C76578-422F-4BEC-824C-F77E85F35FC0} - System32\Tasks\{903791A1-7891-48D5-903B-C4B1A0EB62FB} => pcalua.exe -a E:\Pobrane\10-2_legacy_vista32-64_dd_ccc.exe -d E:\Pobrane Task: {D50F5E66-C40B-4236-8E7F-4D4946AC8CA0} - System32\Tasks\GoogleUpdateTaskMachineCore1d040a0cf8f9390 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.) Task: {D8B22AB1-32D2-48F2-929F-8BFEFE78B83A} - System32\Tasks\{61C70248-6D8D-410D-88B1-2930FD57085A} => E:\Pobrane\Fan_Xpert_10013_Windows_XP_Vista_7\FanXpert\AsusSetup.exe [2009-12-21] (ASUSTeK Computer Inc.) Task: {F848E646-036D-469D-9428-C9BAD686CEF0} - System32\Tasks\GoogleUpdateTaskMachineUA1cff14194bde1f2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.) Task: {FC848E6E-EE5A-4873-B62D-A0091A056EE0} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> Brak pliku <==== UWAGA (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\EDWdrvBC7nxHAK6nkILwXTK.job => C:\Users\nostra\AppData\Roaming\EDWdrvBC7nxHAK6nkILwXTK.exe <==== UWAGA Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d040a0cf8f9390.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6dcad8a98cfd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cff14194bde1f2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\RNfYTxh.job => C:\Users\nostra\AppData\Roaming\RNfYTxh.exe <==== UWAGA ==================== Załadowane moduły (filtrowane) ============== 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2013-07-16 23:18 - 2007-09-02 12:58 - 00495616 _____ () E:\Program Files (x86)\RocketDock\RocketDock.exe 2013-06-18 14:49 - 2013-06-18 14:49 - 00016384 _____ () e:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2013-04-29 22:08 - 2013-04-29 22:08 - 00369152 _____ () E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-05-18 16:54 - 2010-05-18 16:54 - 00395776 _____ () C:\Program Files (x86)\Enigma Software Group\SpyHunter\ExecutionGuard.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2013-07-16 23:18 - 2007-09-02 12:57 - 00069632 _____ () E:\Program Files (x86)\RocketDock\RocketDock.dll 2015-10-25 14:29 - 2015-10-20 15:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll 2015-10-25 14:29 - 2015-10-20 15:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll 2015-10-25 14:29 - 2015-10-20 15:08 - 16493384 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== EXE - Powiązania (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-612798577-3822474249-2596022128-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\nostra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.4.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Obecnie brak automatycznej naprawy dla tej sekcji.) MSCONFIG\startupfolder: C:^Users^nostra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Client Default.lnk => C:\Windows\pss\Client Default.lnk.Startup MSCONFIG\startupfolder: C:^Users^nostra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Toddler Keys.lnk => C:\Windows\pss\Toddler Keys.lnk.Startup MSCONFIG\startupfolder: C:^Users^nostra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wandoujia_helper.lnk => C:\Windows\pss\wandoujia_helper.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ALLUpdate => "e:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: DAEMON Tools Lite => "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: DAEMON Tools Pro Agent => "E:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun MSCONFIG\startupreg: GG => "C:\Users\nostra\AppData\Local\GG\Application\gghub.exe" MSCONFIG\startupreg: GoogleChromeAutoLaunch_378E32598846845213D62EB3AFC6A03B => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window MSCONFIG\startupreg: KiesAirMessage => E:\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPreload => E:\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => E:\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: QFan Help => "e:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe" MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: Steam => "e:\Program Files (x86)\Steam\steam.exe" -silent MSCONFIG\startupreg: ToolbarTray => e:\Program Files (x86)\Anvisoft\Slim Toolbar\ToolbarTray.exe MSCONFIG\startupreg: VirtualCloneDrive => "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s MSCONFIG\startupreg: WebCake Desktop => "C:\Users\nostra\AppData\Roaming\WebCake\WebCakeDesktop.exe" MSCONFIG\startupreg: xwidget => e:\Program Files (x86)\XWidget\xwidget.exe ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{14E7B1DB-9353-484A-BBEE-034B04C9A939}] => (Allow) C:\Users\nostra\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{8CC45E14-2BD9-416D-92E9-98657A045BB9}] => (Allow) E:\Program Files\WandouLabs\wandoujia2.exe FirewallRules: [{001D4F1A-0752-4A74-89B2-9E31B412968D}] => (Allow) E:\Program Files\WandouLabs\wandoujia2.exe FirewallRules: [{BC1EAA19-7983-43D1-A1D0-ED32D06E60DE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{ABE85572-3E59-4A16-8182-87B73F507D73}] => (Allow) LPort=2869 FirewallRules: [{1F6361C1-889F-4B83-B23E-F9DF6BC10F2A}] => (Allow) LPort=1900 FirewallRules: [{CA9DBC95-B83A-4D78-B4D6-EC954E6F3D3E}] => (Allow) D:\Program Files\Steam\Steam.exe FirewallRules: [{79593200-8B02-4932-9E63-196E4214248B}] => (Allow) D:\Program Files\Steam\Steam.exe FirewallRules: [{CCAD1E0D-44BB-4617-BF1F-1A489842CAA1}] => (Allow) C:\Users\nostra\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{24D04208-6A35-4780-865D-DCAB445DB91E}] => (Allow) C:\Users\nostra\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2BE7BF9E-B134-4437-A06A-EE6C9B62A055}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FC464F44-FD33-4652-B2AE-7BAE3CD6A292}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{169CE79E-D08F-4277-9ACB-65BAC70E7043}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{65D261BA-18A7-4BE7-90FD-20DBA0FD7361}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{87624E28-C9CC-4A4C-A793-BF895AECEE13}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9BEE4B14-6F43-408A-9BBE-6116946845B8}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4580EFF8-C883-446D-89D5-D42296FC91B7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [{4F7A7DB9-4B35-4361-A308-4CD17B5980AF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [{8EB85DAF-61F1-4A44-A3D7-A983FB5F8573}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{36C7C70D-D226-4128-8F40-E33DE53F4EE1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{5A9F8BF3-7EC8-4C7D-BF40-256EE5A929D0}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{E4FA6B33-F89B-4080-A152-78AD6EBD1EA9}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{1833B1CF-BCEA-42EC-A56B-AFD8EA4D4F22}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{E8CBFDE7-40B5-4C1C-BF2B-FC78818DBF15}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{4291BA9D-4019-4E0D-B47A-2045FD1A81A6}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{44EF6AD9-C6D2-488D-A175-1C8067CA214C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: SONY DVD RW DW-Q28A ATA Device Description: Stacja dysków CD-ROM Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe stacje dysków CD-ROM) Service: cdrom Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (11/11/2015 03:47:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2015 03:41:34 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {6443136b-ad64-4346-8a9f-43c03b9617d2} Error: (11/11/2015 03:21:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2015 03:08:28 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/10/2015 09:28:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/10/2015 09:24:12 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x000002f4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000024FEE60.72). hr = 0x80070005, Odmowa dostępu. . Error: (11/10/2015 09:24:12 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x00000720,(null),0,REG_BINARY,000000000226DF60.72). hr = 0x80070005, Odmowa dostępu. . Operacja: Zdarzenie BackupShutdown Kontekst: Kontekst wykonywania: Writer Identyfikator klasy modułu zapisującego: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Nazwa modułu zapisującego: WMI Writer Identyfikator wystąpienia modułu zapisującego: {099b3f81-06a4-4fa4-9050-f7995128c75c} Error: (11/10/2015 09:24:12 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x000001b0,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,00000000023BEA60.72). hr = 0x80070005, Odmowa dostępu. . Operacja: Zdarzenie BackupShutdown Kontekst: Kontekst wykonywania: Writer Identyfikator klasy modułu zapisującego: {afbab4a2-367d-4d15-a586-71dbb18f8485} Nazwa modułu zapisującego: Registry Writer Identyfikator wystąpienia modułu zapisującego: {947a65fd-8cce-43ae-8971-56829048898e} Error: (11/10/2015 09:24:12 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x000001bc,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000000220F390.72). hr = 0x80070005, Odmowa dostępu. . Operacja: Zdarzenie BackupShutdown Kontekst: Kontekst wykonywania: Writer Identyfikator klasy modułu zapisującego: {542da469-d3e1-473c-9f4f-7847f01fc64f} Nazwa modułu zapisującego: COM+ REGDB Writer Identyfikator wystąpienia modułu zapisującego: {bb508fdf-03c4-484d-8945-aff00fa08d57} Error: (11/10/2015 09:24:12 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x00000720,(null),0,REG_BINARY,000000000226DF60.72). hr = 0x80070005, Odmowa dostępu. . Operacja: Zdarzenie BackupShutdown Kontekst: Kontekst wykonywania: Writer Identyfikator klasy modułu zapisującego: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Nazwa modułu zapisującego: WMI Writer Identyfikator wystąpienia modułu zapisującego: {099b3f81-06a4-4fa4-9050-f7995128c75c} Dziennik System: ============= Error: (11/11/2015 03:45:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: NetworkX Error: (11/11/2015 03:45:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Crypkey License z powodu następującego błędu: %%2 Error: (11/11/2015 03:20:21 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: NetworkX Error: (11/11/2015 03:20:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Crypkey License z powodu następującego błędu: %%2 Error: (11/11/2015 03:06:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: NetworkX Error: (11/11/2015 03:06:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Crypkey License z powodu następującego błędu: %%2 Error: (11/10/2015 09:29:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi esgiguard z powodu następującego błędu: %%1275 Error: (11/10/2015 09:29:03 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Ładowanie sterownika \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgi zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error: (11/10/2015 09:26:47 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Usługa HitmanPro 3.7 Crusader (Boot) zakończyła działanie; wystąpił specyficzny dla niej błąd %%0. Error: (11/10/2015 09:26:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: NetworkX CodeIntegrity: =================================== Date: 2015-11-10 21:29:03.202 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-11-10 21:29:03.139 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-11-10 07:19:56.899 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-10 07:18:36.274 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-10 07:18:36.217 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-10 07:18:35.311 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-10 07:18:35.251 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-10 07:17:56.724 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-10 07:17:56.668 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-10 07:17:53.953 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Procent pamięci w użyciu: 48% Całkowita pamięć fizyczna: 4095.05 MB Dostępna pamięć fizyczna: 2092.15 MB Całkowita pamięć wirtualna: 8188.3 MB Dostępna pamięć wirtualna: 5127.39 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:58.63 GB) (Free:6.01 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)] Drive d: () (Fixed) (Total:76.69 GB) (Free:57.92 GB) NTFS Drive e: () (Fixed) (Total:239.46 GB) (Free:57.79 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 76.7 GB) (Disk ID: BD3EBD3E) Partition 1: (Active) - (Size=76.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C5F4C5F4) Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=239.5 GB) - (Type=OF Extended) ==================== Koniec Addition.txt ============================