Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 03-11-2016 Uruchomiony przez Robert (03-11-2016 19:54:30) Uruchomiony z C:\Users\Robert\Desktop Windows 10 Home Wersja 1607 (X64) (2016-10-07 17:07:15) Tryb startu: Safe Mode (minimal) ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-884423482-3915767466-712464105-500 - Administrator - Disabled) Gość (S-1-5-21-884423482-3915767466-712464105-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-884423482-3915767466-712464105-1003 - Limited - Enabled) Konto domyślne (S-1-5-21-884423482-3915767466-712464105-503 - Limited - Disabled) Robert (S-1-5-21-884423482-3915767466-712464105-1001 - Administrator - Enabled) => C:\Users\Robert ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-884423482-3915767466-712464105-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.) Acrylic Wi-Fi Home v3.0 (HKU\S-1-5-21-884423482-3915767466-712464105-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.0 - Tarlogic Security S.L.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.73 - Hulubulu Software) ALLPlayer Pilot (HKLM-x32\...\{146BDBDD-ACD9-4B04-A286-C27471841E8E}_is1) (Version: 1.2 - ALLPlayer Group, Ltd.) ALLPlayer V6.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.) AMD Catalyst Install Manager (HKLM\...\{59523785-63F4-FD2B-5993-964641531A45}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform) CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.1.0.7 - Lenovo) ChomikBox (HKLM-x32\...\{C7B52FAF-58D8-438C-B810-F78C3C927504}) (Version: 2.0.8.0 - Chomikuj.pl) Colin McRae Rally 2 (HKLM-x32\...\{19B72AA9-985A-11D4-9C8A-00D0B75D1498}) (Version: - ) Deep Fritz 14 64-bit (HKLM\...\{678EE564-7768-4E8C-9EEA-35954C4FF423}) (Version: 14.0.0.0 - ChessBase) Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc) e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 8.0.6 - Ministerstwo Finansow) e-Deklaracje Desktop (x32 Version: 8.0.6 - Ministerstwo Finansow) Hidden FileZilla Client 3.17.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.17.0.1 - Tim Kosse) Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - ) HaoZip (HKLM\...\HaoZip_is1) (Version: 5.5.1.10498 - Ruichuang Network Technology Co.,Ltd) Instrukcje użytkownika (x32 Version: 3.0.0.3 - Lenovo) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.6.3.1001 - Intel Corporation) Intel(R) Wireless Bluetooth(R)(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation) IVONA 2 (HKLM-x32\...\IVONA 2) (Version: 1.6.7 - IVO Software Sp. z o.o.) IVONA MiniReader (HKLM-x32\...\IVONA MiniReader) (Version: - IVO Software Sp. z o.o.) IVONA Reader (HKLM-x32\...\IVONA Reader) (Version: - IVO Software Sp. z o.o.) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) K-Lite Codec Pack 11.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.0 - ) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.1.5 - PandoraTV) Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.) Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden Matroska Pack (HKLM-x32\...\Matroska Pack) (Version: - ) Mezzmo (HKU\S-1-5-21-884423482-3915767466-712464105-1001\...\Mezzmo) (Version: 4.1.3.0 - Conceiva Pty. Ltd.) Microsoft Office Language Pack 2013 - Polish/Polski (HKLM\...\Office15.OMUI.pl-pl) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - pl-pl (HKLM\...\ProPlusRetail - pl-pl) (Version: 16.0.7369.2038 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MKVToolNix 9.5.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 9.5.0 - Moritz Bunkus) Mozilla Firefox 43.0.4 (x86 pl) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 pl)) (Version: 43.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Oprogramowanie Intel® PROSet/Wireless (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation) Oprogramowanie mikroukładu Intel® (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7469 - Realtek Semiconductor Corp.) Service Pack 1 for Microsoft Office 2013 Language Pack (KB2817427) 64-Bit Edition (Version: - Microsoft) Hidden Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden SubEdit-Player (HKLM-x32\...\SubEdit-Player_is1) (Version: 4072 - Artur Sikora) Subtitle Workshop 6.0b (HKLM-x32\...\SubtitleWorkshop) (Version: - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.7 - Synaptics Incorporated) UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.3.6 - Lenovo) Unchecky v1.0.1 (HKLM-x32\...\Unchecky) (Version: 1.0.1 - RaMMicHaeL) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0415-1000-0000000FF1CE}_Office15.OMUI.pl-pl_{67847964-08E2-4A8F-B09D-B08D5CE69250}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-012B-0415-1000-0000000FF1CE}_Office15.OMUI.pl-pl_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version: - Microsoft) User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) WinRAR 5.21 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-884423482-3915767466-712464105-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-884423482-3915767466-712464105-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {049DE7E9-AB15-490B-9C6C-7AB35542FEAE} - System32\Tasks\83e152111fd6b517f518a125eb81ca37 => Rundll32.exe "C:\Program Files (x86)\Opera\jl1nl1.dll",e62dc6c6547f46bda862da2d05af6862 <==== UWAGA Task: {145B0B82-9CA7-439E-AE6B-A3411F70D0A8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation) Task: {238B4279-4A85-4504-B94B-A8A9DB2963A3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {3828FAAA-5A20-4C09-A052-61D59830186C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation) Task: {3D2654CE-177F-45AE-9971-42B0E27949D7} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2016-06-10] () Task: {71AC1CAA-CA3D-4E4C-91B5-78199D0AFCCF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {841F60B4-70A8-47F0-A704-266E9C113E31} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-16] (Adobe Systems Incorporated) Task: {909E7E89-DCDD-4CC9-9A5B-5FCE0DA4C137} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-15] (Google Inc.) Task: {9E46D637-02A7-4710-85FC-69129712A644} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {A62B4F9E-4E5D-4963-B428-C52148F64B51} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-08-02] (UCWeb Inc) <==== UWAGA Task: {AE8AF797-ECE7-490E-A0DC-9BFAEE43A4D2} - System32\Tasks\Zihecult Debuger => C:\Program Files (x86)\Lizaward\chqoied.exe [2016-11-02] (Glarysoft Ltd) Task: {BFE8D815-035F-419B-8351-481EAB0EA801} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd) Task: {C3F2EB12-D32A-401E-9EDE-E063B811641F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation) Task: {CB6215DE-FCA8-47AE-BB03-C76D85E91B22} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-12-23] () Task: {D2A4AD8A-04D5-4368-9D07-DFC745E461C8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation) Task: {E184A0DF-6C5E-4233-B100-7E7EF002D832} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-15] (Google Inc.) Task: {FB5A7EAF-A570-4402-AE71-C7E979DE4FC4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {FE44DDF9-A164-44D1-86E1-AAD20E7A3DD9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-10-08 12:09 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-10-08 12:09 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-07 18:15 - 2016-10-07 18:15 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-10-11 21:55 - 2016-10-05 10:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: ========================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2013-08-22 14:25 - 2016-11-03 19:47 - 00004684 ____A C:\WINDOWS\system32\Drivers\etc\hosts 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com 107.178.248.130 static.doubleclick.net 107.178.247.130 connect.facebook.net 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com 107.178.248.130 static.doubleclick.net 107.178.247.130 connect.facebook.net 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com 107.178.248.130 static.doubleclick.net 107.178.247.130 connect.facebook.net 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com Wykryto więcej niż wyliczono: 71 linii. ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-884423482-3915767466-712464105-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta z Przeglądarki fotografii systemu Windows.jpg DNS Servers: Urządzenie nie jest podłączone do internetu. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AxInstSV => 3 MSCONFIG\Services: HomeNetSvc => 2 MSCONFIG\Services: ModuleCoreService => 2 HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKU\S-1-5-21-884423482-3915767466-712464105-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-884423482-3915767466-712464105-1001\...\StartupApproved\Run: => "ALLUpdate" HKU\S-1-5-21-884423482-3915767466-712464105-1001\...\StartupApproved\Run: => "ALLPlayer WiFi Remote" HKU\S-1-5-21-884423482-3915767466-712464105-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-884423482-3915767466-712464105-1001\...\StartupApproved\Run: => "ChomikBox" HKU\S-1-5-21-884423482-3915767466-712464105-1001\...\StartupApproved\Run: => "IROElauncher" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{276E4518-D0BE-49CF-B605-6C04F5597DE3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{D560789D-ACB2-438B-92A8-C9E1E63E6286}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{52E9778C-6677-4232-A4E6-5EF0D788908F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{37825638-68DA-46B3-B5E7-91728BFD8CB5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{524BDE94-B13D-4784-9ED4-EB046558C455}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{AF32EC6B-D9FF-4250-86CA-F29A83B77EB7}] => (Allow) C:\Users\Robert\Downloads\Microsoft Office Professional Plus 2013\Microsoft Toolkit.exe FirewallRules: [{7F440741-4982-42A7-88BE-A99B375EB7DD}] => (Allow) C:\Users\Robert\Downloads\Microsoft Office Professional Plus 2013\Microsoft Toolkit.exe FirewallRules: [UDP Query User{1A571643-45F2-489C-9E9D-ED940AEF9777}C:\users\robert\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\robert\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{18608F8E-EAA2-43AA-A8DD-306509CBF7DD}C:\users\robert\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\robert\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{391B9A0E-C532-4435-AA7E-9E7339A90EFF}] => (Allow) LPort=1900 FirewallRules: [{E4EA4960-3C73-4424-9FB1-BD7076CD0402}] => (Allow) LPort=2869 FirewallRules: [{FDC092ED-7B27-43AA-A23D-39C24B108D1C}] => (Allow) LPort=53168 FirewallRules: [{F0607087-F090-4E56-8EE7-A11AA6D2A090}] => (Allow) LPort=1900 FirewallRules: [{2C9B5E77-C7CD-4BAA-8CC2-0D7AAD72A981}] => (Allow) LPort=2869 FirewallRules: [{C9DE13FA-A7BD-4EE2-A325-455FF558ABCB}] => (Allow) LPort=53168 FirewallRules: [{C36894F6-8C7E-49CA-BC3A-BD80FE328804}] => (Allow) LPort=1900 FirewallRules: [{44941E5A-CE56-4EBB-9551-E236818D57EF}] => (Allow) LPort=2869 FirewallRules: [{27EB5474-2CC7-476A-B994-8511AC5BC929}] => (Allow) LPort=53168 FirewallRules: [{EA2DDF3B-6E19-4958-9A63-D7FA39781B84}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F3656640-E363-42C6-BF8C-445C2276242D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{929F889D-CFCD-47F3-93F1-539F36FF04CB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{93D0AABE-DF1A-418F-85F2-4BABBD481E8D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{92CE8036-3375-4B08-83A7-29BAE1CCC43D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{4C7200B6-24EA-48EA-9013-45357C4453FD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{11E40792-9192-42D2-B401-A6D4A03D6AFF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{11C0E930-A1E8-4DFE-90EE-3DC716B7237F}] => (Allow) C:\Users\Robert\AppData\Local\Temp\is-JR05D.tmp\download\MiniThunderPlatform.exe FirewallRules: [{904B7EBC-1CCC-4689-BD42-73CED4221F52}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{583786E4-973C-420E-854B-B23CD01BE49A}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{C8687C93-79C0-412B-A6AC-501E8721F09F}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe ==================== Punkty Przywracania systemu ========================= 30-10-2016 09:09:49 Windows Update 02-11-2016 22:10:07 Windows Update ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (11/03/2016 07:52:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRABUS) Description: Aktywacja aplikacji Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (11/03/2016 07:52:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRABUS) Description: Aktywacja aplikacji Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (11/03/2016 07:52:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRABUS) Description: Aktywacja aplikacji Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (11/03/2016 07:52:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRABUS) Description: Aktywacja aplikacji Microsoft.Getstarted_4.1.15.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca nie powiodła się. Błąd: -2144927149. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (11/03/2016 07:52:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRABUS) Description: Aktywacja aplikacji Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (11/03/2016 07:52:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRABUS) Description: Aktywacja aplikacji Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (11/03/2016 07:52:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRABUS) Description: Aktywacja aplikacji Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (11/03/2016 07:51:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRABUS) Description: Aktywacja aplikacji Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (11/03/2016 07:50:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRABUS) Description: Aktywacja aplikacji Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (11/03/2016 07:50:30 PM) (Source: lupdate) (EventID: 0) (User: ) Description: Event-ID 0 Dziennik System: ============= Error: (11/03/2016 07:55:11 PM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi EventSystem z argumentami Niedostępny w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (11/03/2016 07:55:08 PM) (Source: DCOM) (EventID: 10005) (User: BRABUS) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi ShellHWDetection z argumentami Niedostępny w celu uruchomienia serwera: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/03/2016 07:54:32 PM) (Source: DCOM) (EventID: 10005) (User: BRABUS) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi WSearch z argumentami Niedostępny w celu uruchomienia serwera: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (11/03/2016 07:54:32 PM) (Source: DCOM) (EventID: 10005) (User: BRABUS) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi WSearch z argumentami Niedostępny w celu uruchomienia serwera: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (11/03/2016 07:54:32 PM) (Source: DCOM) (EventID: 10005) (User: BRABUS) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi ShellHWDetection z argumentami Niedostępny w celu uruchomienia serwera: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/03/2016 07:54:31 PM) (Source: DCOM) (EventID: 10005) (User: BRABUS) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi WSearch z argumentami Niedostępny w celu uruchomienia serwera: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (11/03/2016 07:54:31 PM) (Source: DCOM) (EventID: 10005) (User: BRABUS) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi WSearch z argumentami Niedostępny w celu uruchomienia serwera: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (11/03/2016 07:54:27 PM) (Source: DCOM) (EventID: 10005) (User: BRABUS) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi WSearch z argumentami Niedostępny w celu uruchomienia serwera: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (11/03/2016 07:54:27 PM) (Source: DCOM) (EventID: 10005) (User: BRABUS) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi WSearch z argumentami Niedostępny w celu uruchomienia serwera: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (11/03/2016 07:54:27 PM) (Source: DCOM) (EventID: 10005) (User: BRABUS) Description: Model DCOM odebrał błąd 1084 podczas próby uruchomienia usługi ShellHWDetection z argumentami Niedostępny w celu uruchomienia serwera: {DD522ACC-F821-461A-A407-50B198B896DC} CodeIntegrity: =================================== Date: 2016-11-02 16:04:22.341 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-02 16:04:22.340 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-02 16:04:22.336 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-02 16:03:24.167 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-02 16:03:24.132 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-01 11:04:01.182 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-01 11:04:01.179 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-01 11:04:01.174 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-01 11:04:00.993 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-01 11:04:00.986 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz Procent pamięci w użyciu: 11% Całkowita pamięć fizyczna: 8105.84 MB Dostępna pamięć fizyczna: 7186.6 MB Całkowita pamięć wirtualna: 9385.84 MB Dostępna pamięć wirtualna: 8592.92 MB ==================== Dyski ================================ Drive c: (Windows8_OS) (Fixed) (Total:891.67 GB) (Free:243.5 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22 GB) NTFS Drive v: (Disc) (CDROM) (Total:2.03 GB) (Free:0 GB) CDFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: F7E6B931) Partition: GPT. ==================== Koniec Addition.txt ============================