Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 27-08-2016 Uruchomiony przez Ewa (28-08-2016 21:31:24) Uruchomiony z C:\Users\Ewa\Desktop\FRST Windows 10 Home Wersja 1511 (X64) (2016-05-02 16:00:16) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2818533651-1657455439-3753040178-500 - Administrator - Disabled) Ewa (S-1-5-21-2818533651-1657455439-3753040178-1001 - Administrator - Enabled) => C:\Users\Ewa Gość (S-1-5-21-2818533651-1657455439-3753040178-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2818533651-1657455439-3753040178-1003 - Limited - Enabled) Konto domyślne (S-1-5-21-2818533651-1657455439-3753040178-503 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Norton Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 3DMe (HKLM\...\3DMe 1.1) (Version: 1.1.0.551 - 3D Systems, Inc.) Adobe Reader XI (11.0.17) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Catalyst Control Center Next Localization BR (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Dell Inc.) Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.) Dell System Detect (HKU\S-1-5-21-2818533651-1657455439-3753040178-1001\...\58d94f3ce2c27db0) (Version: 7.4.0.3 - Dell) Dell Update (HKLM-x32\...\{2BE9948C-FD9C-40B0-AC04-EE2AAB4C19D4}) (Version: 1.8.1114.0 - Dell Inc.) Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.) DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4463 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation) Intel(R) USB 3.0 Host Controller Adaptation Driver (HKLM\...\{9472AEE5-5D4D-4329-8BD8-B282FD33B8E0}) (Version: 1.0.0.42 - Intel Corporation) Intel(R) Wireless Bluetooth(R)(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation) Intel® RealSense™ Depth Camera Manager Beta (x86): dptf_com (x32 Version: 2.2.0.52404 - Intel Corporation) Hidden Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ 3D camera IO module (x32 Version: 1.4.27.52404 - Intel Corporation) Hidden Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ Depth Camera Manager Service (x32 Version: 1.4.27.52404 - Intel Corporation) Hidden Intel® RealSense™ SDK 2014 (HKLM-x32\...\ARP_for_prd_rs_sdk_rt_5.0.3.187777) (Version: 5.0.3.187777 - Intel Corporation) Intel® RealSense™ SDK 2014 Runtime (x86): Core (x32 Version: 5.0.3.7777 - Intel Corporation) Hidden Intel® RealSense™ SDK 2014 Runtime (x86): Face Tracking (x32 Version: 5.0.3.7777 - Intel Corporation) Hidden Intel® RealSense™ SDK 2014 Runtime (x86): Face Tracking: Models (x32 Version: 5.0.3.7777 - Intel Corporation) Hidden Intel® RealSense™ SDK 2014 Runtime (x86): Lantern Rock (x32 Version: 5.0.3.7777 - Intel Corporation) Hidden Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Maxx Audio Installer (x64) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden Menedżer kamery z technologią wykrywania głębi Intel® RealSense™ F200 (HKLM-x32\...\ARP_for_prd_dcm_runtime_1.4.27.52404) (Version: 1.4.27.52404 - Intel Corporation) Microsoft Office Professional Plus 2016 - pl-pl (HKLM\...\ProPlusRetail - pl-pl) (Version: 16.0.7167.2040 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23019 (HKLM-x32\...\{2883cce3-040d-45b1-a27a-07934a6d47ec}) (Version: 14.0.23019.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23019 (HKLM-x32\...\{5184c1f9-e1f4-47ff-82ee-92712c162393}) (Version: 14.0.23019.0 - Microsoft Corporation) Mozilla Firefox 48.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 pl)) (Version: 48.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) Norton Security (HKLM-x32\...\NS) (Version: 22.7.1.32 - Symantec Corporation) OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7167.2040 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7167.2040 - Microsoft Corporation) Hidden Oprogramowanie Intel® PROSet/Wireless (HKLM-x32\...\{6a9b3752-dcb7-4394-960b-729dc36aa451}) (Version: 18.10.0 - Intel Corporation) Oprogramowanie mikroukładu Intel® (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.007 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7737 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.) Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) True Color (HKLM-x32\...\{f166c3b1-4877-430c-9ecd-7d7e237b3dd9}) (Version: 6.0.0.23 - Entertainment Experience) True Color (Version: 6.0.0.23 - Entertainment Experience LLC) Hidden Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.) WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-2818533651-1657455439-3753040178-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ewa\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {06D6CED4-9A79-48B7-98E0-3B76468EBFFF} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {1215025E-619D-4D8A-B96E-A217237F74B0} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation) Task: {19E254BD-C57F-45D5-B10A-EFA103842EC3} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-07-18] (Advanced Micro Devices, Inc.) Task: {1B8BE269-84B6-4A96-B0D5-8E51F208D70A} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink) Task: {3CD9E03E-2A2F-4F7C-B0C1-F85060388FEA} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-03-24] (Intel Corporation) Task: {40DCCCC6-A78D-4432-97B2-B357EF9F3CE0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {460C81D9-45D7-4BC9-8AAF-A0C1CF359D90} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-08-12] (Microsoft Corporation) Task: {550A0F0D-FA10-42E3-A24B-15E8DE290997} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {63F1B023-4CF8-419C-89ED-A7F5296D5D36} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation) Task: {660831BD-2B3F-42B0-BAD9-20D01F6E3A72} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {68A351FF-6537-4B4E-91B8-EEEE0CD01837} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2016-08-21] (MSFree Inc.) Task: {77821363-8E9A-425F-8FF1-58301CCAF4C2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation) Task: {8537793C-7E52-4D38-AAAF-9FF55A6F0295} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {A1636EA3-B47B-4EB9-98DA-D05D93C0E1EB} - \PCDoctorBackgroundMonitorTask -> Brak pliku <==== UWAGA Task: {B1F1FBF5-883F-4014-A19F-F1F2153DD857} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation) Task: {B5134E8D-7CD8-4283-9ABF-DCA67E69752A} - \PCDEventLauncherTask -> Brak pliku <==== UWAGA Task: {BDEA4BEC-0828-445A-BB82-05088966EA47} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Ewa\AppData\Roaming\Adobe\Manager.exe [2016-08-20] () Task: {BE49BC7B-A1DB-4F6E-AF34-C32812886E5B} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc) Task: {C5435DFD-89A7-4449-96E8-C563EC66C1FC} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {C6251BCF-501A-4A4B-AC12-A658D5157F82} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {C87C4EF8-B9CD-4763-A112-549FF32B7A30} - \SystemToolsDailyTest -> Brak pliku <==== UWAGA Task: {C8E3056B-9BF3-4F79-AA69-C70E1F7BFA04} - System32\Tasks\{3C64C152-CD1E-4490-A2F8-FFA886AFBFEB} => pcalua.exe -a "C:\Program Files\ZipTool\Uninstall.exe" -c -m=control Task: {D6B781B1-E49A-447A-99B6-A5262464D442} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-29] (CyberLink Corp.) Task: {E21A607D-577E-468A-98B8-647D18BC1568} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-06-17] (Symantec Corporation) Task: {F27AEC93-4279-44F3-B913-E84B944D0763} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {F3A8EA6D-0CEC-4206-8DC8-3A659795F48B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {F4C3056D-0E16-4C94-ACCD-0A349E6388F6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-08-12] (Microsoft Corporation) Task: {F9BBAECE-3A6D-4B61-B8A4-E75AC7BD7C2A} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc) Task: {FCCC4949-FAC9-4774-AE1F-D0AC765E92CD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA ShortcutWithArgument: C:\Users\Ewa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Ewa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc ==================== Załadowane moduły (filtrowane) ============== 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-08-11 15:04 - 2016-08-11 15:04 - 00170496 _____ () C:\Users\Ewa\AppData\Roaming\Geunfy\Geunfy.exe 2015-10-14 19:50 - 2014-04-15 01:59 - 00253776 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2015-04-29 13:56 - 2015-04-29 13:56 - 00093072 _____ () C:\Program Files\TrueColor\TrueColorALS.exe 2016-07-13 16:24 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-13 16:24 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-20 07:39 - 2016-05-20 07:39 - 00959168 _____ () C:\Users\Ewa\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-08-11 15:04 - 2016-08-11 15:04 - 00112128 _____ () C:\Users\Ewa\AppData\Roaming\Geunfy\Yurejjaeb.exe 2016-06-17 00:23 - 2016-06-17 00:23 - 00384496 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-02-13 19:32 - 2016-02-13 19:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-13 16:26 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-13 16:24 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-13 16:25 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-13 16:24 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-13 16:24 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-05-02 19:27 - 2016-05-02 19:27 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2016-08-11 15:04 - 2016-08-11 15:04 - 00258560 _____ () C:\Users\Ewa\AppData\Roaming\Geunfy\Yurejjaeb.dll 2016-05-02 19:27 - 2016-05-02 19:27 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-05-02 19:27 - 2016-05-02 19:27 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2015-10-14 19:48 - 2014-12-08 09:28 - 00627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll 2014-12-08 22:28 - 2014-12-08 22:28 - 00016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll 2015-03-16 18:28 - 2015-03-16 18:28 - 00155528 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2015-07-11 06:37 - 2015-07-11 06:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-10-14 20:08 - 2015-01-27 17:26 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2015-10-14 20:08 - 2012-11-26 05:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2015-10-14 20:07 - 2014-02-18 21:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: ========================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2013-08-22 15:25 - 2016-08-28 19:41 - 00001808 ____A C:\WINDOWS\system32\Drivers\etc\hosts 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com 107.178.248.130 static.doubleclick.net 107.178.247.130 connect.facebook.net 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com 107.178.248.130 static.doubleclick.net 107.178.247.130 connect.facebook.net127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-2818533651-1657455439-3753040178-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg DNS Servers: 37.8.214.2 - 31.11.202.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Obecnie brak automatycznej naprawy dla tej sekcji.) ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{076E992D-BFBA-4B4E-A996-8D9B60E2A929}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{F4D07DA9-D84A-4B73-80C6-0AB17DECF8D9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{96A00BDE-9EC2-4513-9CBF-8AD3F2BA8863}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{37616A5D-3759-4109-AB3E-487155E5C474}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE FirewallRules: [{837F1528-1D6F-4DCD-9C6F-A9B25A575445}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{D29B3915-1A2E-4A14-B79E-8C606539C07A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DC13FF3F-96C1-4B6B-82F7-5C90A90DA3E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8E605DF0-A73F-44B2-911E-68FDEDAB4CE1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{05FA2FF1-45B1-4B4B-AB71-046D082CD43D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{2DB5FC50-A3E1-456B-AA5A-59EAB97A3377}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{7AE2E1DE-0FE5-49D5-B682-ADA191924F06}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{D0DED041-BB96-4EB4-B311-3B4D6FDB867E}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{F1220038-A8C3-4756-B2F1-8E5D840C08F8}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{E704730A-5120-437C-AA16-37C7FE53AFCA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{77BF95EA-2B54-4860-A2A9-676DE287CDBD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{26251596-C88A-43E0-9E41-3BF297DFE8BF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{A72E234A-F439-4D40-B40A-4BDA3958AEA0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{B98A827C-D0B7-4C99-9395-2E5965466B7D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe FirewallRules: [{10D89469-7D1F-40EA-9878-BFC05B082FF8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe FirewallRules: [{63F2A4B3-D69F-4321-A8E3-2BB8420804D8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe FirewallRules: [{FCD3D3F4-689F-46BD-A3C2-1560E615FE20}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe FirewallRules: [{84C8BDDA-AE4B-464C-BBFD-103477A89ECF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{FF76D202-A309-434F-9682-2711D4B379ED}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{717451A3-95B6-4657-BB45-B06B22AA2514}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{10269BB5-689E-49E7-A151-EF9F33733929}] => (Allow) C:\Users\Ewa\AppData\Local\Temp\23583\inst_buychannel_37.exe FirewallRules: [{53659170-68D3-4C0E-8A00-A80D9A7CD11F}] => (Allow) C:\Users\Ewa\AppData\Local\Temp\23583\inst_buychannel_37.exe FirewallRules: [{E6E0C8B3-B754-46C9-B3FB-E718B7F6D006}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe FirewallRules: [{78F9C672-1DC9-4F29-B113-F39D947A782F}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe FirewallRules: [{C02D9EBE-F5B6-43B8-BF46-49ED27807FF2}] => (Allow) C:\Program Files (x86)\LuDaShi\Utils\mininews.exe FirewallRules: [{6CB1343A-0FD9-4099-A230-85B5106344F6}] => (Allow) C:\Program Files (x86)\LuDaShi\Utils\mininews.exe FirewallRules: [{D2278B32-90DA-4913-83AF-700E778262F6}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe FirewallRules: [{695C3D67-E50D-4BFF-9837-7F24EA2BC639}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\DrvUpdate.exe ==================== Punkty Przywracania systemu ========================= 20-08-2016 13:51:26 Dell Update: Realtek High Definition Audio Codec Driver ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (08/28/2016 09:31:49 PM) (Source: TrueColorALS) (EventID: 4) (User: ) Description: TrueColorALSCUISDKaccess(): Error: SetDeviceData IGFX_GET_SET_DPP_INFO_GUID failed. result:7, error:0x7 Error: (08/28/2016 09:31:49 PM) (Source: TrueColorALS) (EventID: 4) (User: ) Description: TrueColorALSDriverConsoleApp:689432 SetDeviceData failed with call error -2147467259 and error code 37 Error: (08/28/2016 09:31:49 PM) (Source: TrueColorALS) (EventID: 4) (User: ) Description: TrueColorALSDriverConsoleApp:689432 SetDeviceData parameters were 1 1 1 3730 3500 70 1 Error: (08/28/2016 09:31:49 PM) (Source: TrueColorALS) (EventID: 4) (User: ) Description: TrueColorALSCUISDKaccess(): Error: SetDeviceData IGFX_GET_SET_DPP_INFO_GUID failed. result:7, error:0x7 Error: (08/28/2016 09:31:49 PM) (Source: TrueColorALS) (EventID: 4) (User: ) Description: TrueColorALSDriverConsoleApp:688392 SetDeviceData failed with call error -2147467259 and error code 37 Error: (08/28/2016 09:31:49 PM) (Source: TrueColorALS) (EventID: 4) (User: ) Description: TrueColorALSDriverConsoleApp:688392 SetDeviceData parameters were 1 1 1 3730 3500 70 1 Error: (08/28/2016 09:31:49 PM) (Source: TrueColorALS) (EventID: 4) (User: ) Description: TrueColorALSCUISDKaccess(): Error: SetDeviceData IGFX_GET_SET_DPP_INFO_GUID failed. result:7, error:0x7 Error: (08/28/2016 09:31:49 PM) (Source: TrueColorALS) (EventID: 4) (User: ) Description: TrueColorALSDriverConsoleApp:688904 SetDeviceData failed with call error -2147467259 and error code 37 Error: (08/28/2016 09:31:49 PM) (Source: TrueColorALS) (EventID: 4) (User: ) Description: TrueColorALSDriverConsoleApp:688904 SetDeviceData parameters were 1 1 1 3730 3500 70 1 Error: (08/28/2016 09:31:49 PM) (Source: TrueColorALS) (EventID: 4) (User: ) Description: TrueColorALSCUISDKaccess(): Error: SetDeviceData IGFX_GET_SET_DPP_INFO_GUID failed. result:7, error:0x7 Dziennik System: ============= Error: (08/28/2016 08:16:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Chkwarduzusp Nodifier z powodu następującego błędu: %%2 = Nie można odnaleźć określonego pliku. Error: (08/28/2016 08:14:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Bokvunnu z powodu następującego błędu: %%2 = Nie można odnaleźć określonego pliku. Error: (08/28/2016 08:13:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT) Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN. Ścieżka modułu: C:\WINDOWS\System32\IWMSSvc.dll Error: (08/28/2016 08:13:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT) Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN. Ścieżka modułu: C:\WINDOWS\System32\IWMSSvc.dll Error: (08/28/2016 08:13:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT) Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN. Ścieżka modułu: C:\WINDOWS\System32\IWMSSvc.dll Error: (08/28/2016 08:13:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Dostęp do danych użytkownika_127de8 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/28/2016 08:13:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Magazyn danych użytkownika_127de8 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/28/2016 08:13:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Dane kontaktowe_127de8 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/28/2016 08:13:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Synchronizuj hosta_127de8 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/28/2016 08:13:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa SoftThinks Agent Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. CodeIntegrity: =================================== Date: 2016-08-28 20:30:59.773 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-26 16:43:02.807 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 16:45:04.277 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 06:35:10.104 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-21 08:50:40.760 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-20 18:38:16.067 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-20 18:22:08.167 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-11 03:42:04.054 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-11 03:32:09.149 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-10 15:44:35.752 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz Procent pamięci w użyciu: 61% Całkowita pamięć fizyczna: 8085.97 MB Dostępna pamięć fizyczna: 3102.79 MB Całkowita pamięć wirtualna: 9365.97 MB Dostępna pamięć wirtualna: 4069.5 MB ==================== Dyski ================================ Drive c: (OS) (Fixed) (Total:227.33 GB) (Free:169.82 GB) NTFS Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.42 GB) FAT32 ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive x: (PBR Image) (Fixed) (Total:9.32 GB) (Free:0.54 GB) NTFS Drive y: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.46 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 15951CBB) Partition: GPT. ==================== Koniec Addition.txt ============================