Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 29-01-2017 Uruchomiony przez Bigi (31-01-2017 13:23:18) Uruchomiony z C:\Users\Bigi\Desktop\Nowy folder Windows 7 Ultimate Service Pack 1 (X64) (2016-11-18 14:46:32) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-3503126366-1218760726-270884174-500 - Administrator - Disabled) Bigi (S-1-5-21-3503126366-1218760726-270884174-1000 - Administrator - Enabled) => C:\Users\Bigi Gość (S-1-5-21-3503126366-1218760726-270884174-501 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-3503126366-1218760726-270884174-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.16.0 - Mirillis) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.) Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated) AIMP (HKLM-x32\...\AIMP) (Version: v4.11.1841, 08.10.2016 - AIMP DevTeam) ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.) ASRock eXtreme Tuner v0.1.53 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - ) ASRock InstantBoot v1.26 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - ) Assassin's Creed III (HKLM-x32\...\Uplay Install 54) (Version: - Ubisoft) ASUS VGA Driver (x32 Version: 3.0.0.1 - Nazwa firmy) Hidden Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.) ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{3FD3FC64-DA16-318E-DFD5-57466FF5FEB5}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) AVG (Version: 16.131.7924 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4739 - AVG Technologies) Hidden AVG Zen (Version: 1.111.9 - AVG Technologies) Hidden Car Mechanic Simulator 2015 (HKLM\...\Steam App 320300) (Version: - Red Dot Games) Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine) Core Temp 1.5.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.5.1 - ALCPU) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0220 - Disc Soft Ltd) Far Cry 4 (HKLM-x32\...\Far Cry 4_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91) Far Cry 4 Update v1.7 (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - ) Farming Simulator 17 (HKLM\...\ZmFybWluZ3NpbXVsYXRvcjE3_is1) (Version: 1 - ) FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.76 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) GTA V version 1.0.350.2 (HKLM-x32\...\{11E1205D-6022-45E0-850E-36B4FCFDD32E}_is1) (Version: 1.0.350.2 - Rockstar Games) HydraVision (x32 Version: 4.2.206.0 - ATI Technologies Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games) League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden Loadout (HKLM\...\Steam App 208090) (Version: - Edge of Reality) Microsoft .NET Framework 4.6.1 (PLK) (HKLM\...\{D93AC424-07D7-3992-B0C8-BDCB79173757}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3146716) (HKLM\...\{E026AF51-E2EB-33CF-AC15-09308053FAA7}) (Version: 4.6.01078 - Microsoft Corporation) Microsoft Office 2013 dla Użytkowników Domowych i Uczniów - pl-pl (HKLM\...\HomeStudentRetail - pl-pl) (Version: 15.0.4893.1002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3503126366-1218760726-270884174-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts) MTA:SA v1.5.3 (HKLM-x32\...\MTA:SA 1.5) (Version: v1.5.3 - Multi Theft Auto) Need for Speed(TM) Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts) NVIDIA PhysX v8.10.17 (HKLM-x32\...\{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}) (Version: 8.10.17 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden OpenOffice 4.0.1 (HKLM-x32\...\{DA0106A3-216E-48DE-9CF6-655DA8FC1D22}) (Version: 4.01.9714 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.) Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam) RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games) SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Setup - Need for Speed World 2014 (c) Electronic Arts ... (HKLM-x32\...\Setup - Need for Speed World 2014 (c) Electronic Arts ...) (Version: ... - Electronic Arts) Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.) Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.4.0 - IObit) Sound Blaster X-Fi MB (HKLM-x32\...\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}) (Version: 1.0 - Creative Technology Limited) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft) trotux - Uninstall (HKLM-x32\...\{60EA6237-0763-4958-AE15-2D55A3A26A04}) (Version: - ) <==== UWAGA Uplay (HKLM-x32\...\Uplay) (Version: 25.0 - Ubisoft) Vegas Pro 11.0 (64-bit) (HKLM\...\{314DDDC0-E935-11E0-8F9F-F04DA23A5C58}) (Version: 11.0.371 - Sony) VIA Platforma Menedżera urządzeń (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) WinRAR 5.40 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) XFastUsb (HKLM-x32\...\XFastUsb) (Version: - ) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-3503126366-1218760726-270884174-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3503126366-1218760726-270884174-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3503126366-1218760726-270884174-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3503126366-1218760726-270884174-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3503126366-1218760726-270884174-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3503126366-1218760726-270884174-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {1AC6446A-B756-4D29-9CCD-79B247DEDE34} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software) Task: {1B289F72-1B1C-4D79-AF5A-E6E3E97CBDB0} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-11-21] (IObit) Task: {21F48190-DAC0-4C4C-8C3C-C8E64FCCF8C4} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-07-22] (IObit) Task: {3EBC62AA-8F95-4C3D-AF51-A3CACB526C7E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-12-28] (AVAST Software) Task: {62C2C353-89F6-4E9F-92DE-64AC1DCD0BB7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation) Task: {7888573E-85B1-4FDB-890E-E21C62107714} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-26] (Google Inc.) Task: {7E56CCE3-C1C1-4CB0-8B6A-614A58F02CFF} - System32\Tasks\SafeZone scheduled Autoupdate 1482924081 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {7E701913-CBFD-4FCA-82E6-7CADE5469411} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {9646BC3A-0E7C-4B78-B7F0-4365AC68E39A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-26] (Google Inc.) Task: {D41CB035-3340-457B-A603-CD49BEF4AC49} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation) Task: {DB51DA26-A462-4532-9166-6AE7CAC24FA1} - System32\Tasks\Bunughtperzot Nodifier => C:\Program Files (x86)\Rucleclupadom\sttain.exe [2016-11-20] (Glarysoft Ltd) Task: {E6ABCD3E-E1B2-4510-8A89-BC24E842FEC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated) Task: {E8A24B69-F87E-4898-8ED6-3580B320DD58} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-10] (Adobe Systems Incorporated) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2016-11-20 10:32 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-12-10 02:19 - 2016-12-11 11:32 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2016-11-18 15:51 - 2011-02-22 07:03 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2016-11-18 15:51 - 2011-02-22 07:03 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2016-11-18 15:51 - 2011-02-22 07:03 - 00621168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll 2011-03-14 14:20 - 2011-03-14 14:20 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-03-14 14:20 - 2011-03-14 14:20 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll 2011-05-24 23:50 - 2011-05-24 23:50 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2016-12-28 12:18 - 2016-12-28 12:18 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-01-30 16:25 - 2017-01-30 16:25 - 04459608 _____ () C:\Program Files\AVAST Software\Avast\defs\17013000\algo.dll 2017-01-31 13:20 - 2017-01-31 13:20 - 04377600 _____ () C:\Program Files\AVAST Software\Avast\defs\17013102\algo.dll 2016-12-28 12:18 - 2016-12-28 12:18 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-01-05 17:22 - 2016-01-11 17:03 - 00899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll 2017-01-05 17:22 - 2016-01-11 17:02 - 00630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll 2017-01-31 13:21 - 2017-01-31 13:21 - 00697884 _____ () C:\Users\Bigi\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~df394b.tmp 2017-01-31 13:21 - 2017-01-31 13:21 - 00592896 _____ () C:\Users\Bigi\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~de6248.tmp 2016-11-18 16:03 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL 2016-11-18 16:03 - 2009-04-20 11:55 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL 2016-12-28 12:18 - 2016-12-28 12:18 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\ProgramData:NT [40] AlternateDataStreams: C:\ProgramData:NT2 [432] AlternateDataStreams: C:\Users\All Users:NT [40] AlternateDataStreams: C:\Users\All Users:NT2 [432] AlternateDataStreams: C:\ProgramData\Application Data:NT [40] AlternateDataStreams: C:\ProgramData\Application Data:NT2 [432] AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT [40] AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 [432] AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40] AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432] AlternateDataStreams: C:\Users\Bigi\Dane aplikacji:NT [40] AlternateDataStreams: C:\Users\Bigi\Dane aplikacji:NT2 [432] AlternateDataStreams: C:\Users\Bigi\AppData\Roaming:NT [40] AlternateDataStreams: C:\Users\Bigi\AppData\Roaming:NT2 [432] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: ========================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2016-11-19 19:15 - 2016-11-20 10:08 - 00000927 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 genuine.microsoft.com 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 sls.microsoft.com ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-3503126366-1218760726-270884174-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bigi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\startupreg: DAEMON Tools Lite Automount => "D:\Programy\DAEMON Tools Lite\DTAgent.exe" -autorun MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Steam => "D:\Steam\steam.exe" -silent ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{F03B94BA-0A19-4A06-80FC-6624B17CB102}] => D:\Steam\Steam.exe FirewallRules: [{5B50FF43-8F46-4FA4-8A07-566C41C28FC2}] => D:\Steam\Steam.exe FirewallRules: [{A430A27A-1B88-4D0F-8019-893C6A627191}] => D:\Steam\steamapps\common\Car Mechanic Simulator 2015\cms2015.exe FirewallRules: [{EBACD39B-D0A2-4FD6-8282-8ECAFF973F9B}] => D:\Steam\steamapps\common\Car Mechanic Simulator 2015\cms2015.exe FirewallRules: [{D15E4CA0-31A2-4BA0-B710-B168C6F2AC89}] => D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{834CC7F4-18BD-4730-8F2F-B4F5BBEB4BEE}] => D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{C24C15B1-7685-4F33-A610-C299F164E07A}] => C:\Users\Bigi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{0B782BA0-0D96-4E1C-9DDE-A263F51065EE}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{AF476BA0-5977-4F5D-B91E-F83E91A50A54}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{FDEA0D66-2B66-4E57-B33A-CC11832B9F09}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{2ECE832F-F562-4B22-9F82-56A312B0E290}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{AE97752D-EC5A-496B-9A47-6A0856F122A9}] => C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{F2D029BB-3CD7-4BEC-8A18-3A85650CC27F}] => C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [TCP Query User{0A104F86-53F8-48A1-8165-0EB1D937B49E}C:\users\bigi\appdata\roaming\utorrent\utorrent.exe] => C:\users\bigi\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{3030B86B-5081-430B-BD13-BE2794E3C42E}C:\users\bigi\appdata\roaming\utorrent\utorrent.exe] => C:\users\bigi\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{D6FB5C33-F320-4A3E-8B5D-6360FBB6F348}C:\users\bigi\appdata\roaming\utorrent\utorrent.exe] => C:\users\bigi\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{03756821-1C1A-4850-A444-69CB6EB204B0}C:\users\bigi\appdata\roaming\utorrent\utorrent.exe] => C:\users\bigi\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{5C995B7B-088D-46BC-B4EB-70DC21DE7F8F}] => D:\Uplay\games\The Crew (Worldwide)\TheCrew.exe FirewallRules: [{41969C04-87F4-42AF-8866-B61B8D164A0F}] => D:\Uplay\games\The Crew (Worldwide)\TheCrew.exe FirewallRules: [{20918BAE-FD78-461A-A689-60558E1E59B5}] => C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{0F2BE22A-0E52-4C4C-9238-C2666D68806A}] => C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{F8038E78-224D-4D1C-9D60-710A76F03EEA}] => C:\Users\Bigi\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{9169E59F-2949-4FB9-8B76-D41CA466243E}] => C:\Program Files (x86)\Coldjob\Application\chrome.exe FirewallRules: [{AC64A166-0E60-422D-92DC-5A76D40DF5BE}] => D:\Uplay\games\Assassin's Creed III\AC3SP.exe FirewallRules: [{22B52B8C-055D-453E-8A68-D27461B89178}] => D:\Uplay\games\Assassin's Creed III\AC3SP.exe FirewallRules: [{726E0E51-FFA1-4DBD-B153-DC57E04F9FF2}] => D:\Uplay\games\Assassin's Creed III\AC3MP.exe FirewallRules: [{45990D8C-3BE5-4FF2-B309-7F5A2390604F}] => D:\Uplay\games\Assassin's Creed III\AC3MP.exe FirewallRules: [{9F2D01A8-BC1A-4AA4-95E2-96C222526154}] => C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{1B2891A9-FE91-4534-94C5-CDA41DB0D130}] => C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{89D273C6-FE4F-41A5-A17A-DBD5B267F455}] => C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{B5F4270E-1FB1-4737-BD0B-66CDAD9E66A7}] => C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{3D5605E2-7FB7-422C-83F6-9D31442F51C6}] => D:\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{9B5A445D-DC7C-4EBC-A243-33F15FA739D8}] => D:\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{41C45EE4-9505-46C4-A315-3EC11AA99698}D:\gry\farming simulator 17\x64\farmingsimulator2017game.exe] => D:\gry\farming simulator 17\x64\farmingsimulator2017game.exe FirewallRules: [UDP Query User{71024972-BA4D-4A42-A8C5-73145B73AF0E}D:\gry\farming simulator 17\x64\farmingsimulator2017game.exe] => D:\gry\farming simulator 17\x64\farmingsimulator2017game.exe FirewallRules: [{48D4FC70-C0C6-43A0-A591-EA81E67164C8}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{E21EBC17-2D2A-419E-B2D1-3F5929BA9C50}] => C:\Windows\system32\rundll32.exe FirewallRules: [{0EDBA591-A8BE-4BC0-B3CD-3AD87AD7B216}] => D:\Gry\mirrors\Binaries\MirrorsEdge.exe FirewallRules: [{0683260D-8F69-4BBC-B251-421C6983E846}] => D:\Gry\mirrors\Binaries\MirrorsEdge.exe FirewallRules: [{E9E870D3-EC31-4B83-86AC-C9FEE5EC9C7A}] => C:\Windows\System32\rundll32.exe FirewallRules: [{A133F575-8F2C-4DE1-928D-0AC134AA6401}] => C:\Windows\System32\rundll32.exe FirewallRules: [{392BD2B8-F034-437E-BC62-26276E740150}] => D:\Steam\steamapps\common\Loadout\Loadout.exe FirewallRules: [{E8B512B9-6DA2-4285-B548-2107E3F02108}] => D:\Steam\steamapps\common\Loadout\Loadout.exe FirewallRules: [{05B3A33D-4462-41B7-B98B-8DE40546AB4B}] => D:\Steam\steamapps\common\Robocraft\Robocraft.exe FirewallRules: [{E3168DE5-6BEC-40B6-AF8F-1822BF88B8AB}] => D:\Steam\steamapps\common\Robocraft\Robocraft.exe FirewallRules: [{E302418B-374F-43F7-B967-EB86E47E01F8}] => C:\Windows\System32\rundll32.exe FirewallRules: [{9584D609-9565-4CC9-92F4-12863665686D}] => C:\Windows\System32\rundll32.exe FirewallRules: [{E350042D-6C18-4B38-98F1-7514273A40FD}] => C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe FirewallRules: [{D9B3840E-D965-4F48-80AD-DE41940B299D}] => C:\Program Files (x86)\Firefox\Firefox.exe FirewallRules: [{F794B278-B1F9-4FF5-8ABD-FAF1EB3C4BD1}] => D:\Gry\nfs\Launcher.exe FirewallRules: [{F5FBDD50-4545-4347-A56B-496AC07E6D08}] => D:\Gry\nfs\Launcher.exe FirewallRules: [TCP Query User{54F1A0A6-78A7-4E6E-B6BB-F1293769A348}D:\gry\nfs\nfs11.exe] => D:\gry\nfs\nfs11.exe FirewallRules: [UDP Query User{7C15C9A0-EC46-4AFB-836F-F07E244660D8}D:\gry\nfs\nfs11.exe] => D:\gry\nfs\nfs11.exe FirewallRules: [TCP Query User{9FE08115-EFA8-4C8A-AB3B-B7EBF0EB9E1A}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe FirewallRules: [UDP Query User{A75087E1-932F-4115-94C3-E7BC3D09E3B3}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe FirewallRules: [{D005E199-F6E2-4148-8E5E-1FE65FB84A81}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= 28-01-2017 11:06:23 Zaplanowany punkt kontrolny 28-01-2017 11:19:51 Removed amuleC 28-01-2017 11:20:42 Removed SmartView for IE. 28-01-2017 11:21:42 Removed SmartView Software Updater. 28-01-2017 11:27:16 Restore Point Created by FRST ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (01/31/2017 01:21:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/31/2017 12:28:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/30/2017 04:26:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/29/2017 03:31:18 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/28/2017 11:31:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/28/2017 11:27:15 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {8f584c6d-1f66-42fd-87eb-63228e4d5eae} Error: (01/28/2017 10:13:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/27/2017 09:44:20 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/27/2017 12:16:08 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/27/2017 12:11:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: FirefoxUpdate.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x587f18ac Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.23572, sygnatura czasowa: 0x57fd0379 Kod wyjątku: 0xe06d7363 Przesunięcie błędu: 0x0000c54f Identyfikator procesu powodującego błąd: 0x11f8 Godzina uruchomienia aplikacji powodującej błąd: 0x01d278065dd53bb8 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe Ścieżka modułu powodującego błąd: C:\Windows\syswow64\KERNELBASE.dll Identyfikator raportu: cdd9053c-e41c-11e6-af3e-002522effb6b Dziennik System: ============= Error: (01/31/2017 01:21:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Avgldx64 Error: (01/31/2017 01:20:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Origin Web Helper Service z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (01/31/2017 01:20:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Origin Web Helper Service. Error: (01/31/2017 01:17:50 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: Jedno wystąpienie usługi już działa. . Error: (01/31/2017 01:17:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Intel(R) Management and Security Application User Notification Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (01/31/2017 01:17:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (01/31/2017 01:17:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (01/31/2017 01:17:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (01/31/2017 01:17:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Sound Blaster X-Fi MB Licensing Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (01/31/2017 01:17:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa VIA Karaoke digital mixer Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Celeron(R) CPU G540 @ 2.50GHz Procent pamięci w użyciu: 48% Całkowita pamięć fizyczna: 2030.7 MB Dostępna pamięć fizyczna: 1040.51 MB Całkowita pamięć wirtualna: 4061.41 MB Dostępna pamięć wirtualna: 2799.91 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:150 GB) (Free:105.42 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)] Drive d: () (Fixed) (Total:274 GB) (Free:180.13 GB) NTFS Drive e: () (Fixed) (Total:274.54 GB) (Free:241.44 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 71F071F0) Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=274 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=274.5 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================