Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 04-03-2017 Uruchomiony przez tru (05-03-2017 10:13:57) Uruchomiony z D:\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2012-09-04 13:48:39) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-1771593470-3012635902-189330645-500 - Administrator - Disabled) Gość (S-1-5-21-1771593470-3012635902-189330645-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1771593470-3012635902-189330645-1003 - Limited - Enabled) postgres (S-1-5-21-1771593470-3012635902-189330645-1005 - Limited - Enabled) => C:\Users\postgres.TRUCIZNA tru (S-1-5-21-1771593470-3012635902-189330645-1001 - Administrator - Enabled) => C:\Users\tru UpdatusUser (S-1-5-21-1771593470-3012635902-189330645-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden µTorrent (HKU\S-1-5-21-1771593470-3012635902-189330645-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated) Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) AIMP (HKLM-x32\...\AIMP) (Version: v4.02.1717, 08.05.2016 - AIMP DevTeam) CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform) Chikrii Softlab TeX2Word (HKLM-x32\...\Chikrii SoftLab TeX2Word) (Version: 3.0 - Chikrii Softlab) Convert DOC to PDF For Word 4.00 (HKLM-x32\...\Convert DOC to PDF For Word_is1) (Version: 4.0.0.0 - 8848Soft, Inc.) CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.) CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.) CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd) Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform) Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.2.0.3 - ) Dropbox (HKLM-x32\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.) Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.) Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.1.16.14 - Samsung Electronics Co., Ltd.) Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung) ETDWare PS/2-X64 10.0.7.2_WHQL (HKLM\...\Elantech) (Version: 10.0.7.2 - ELAN Microelectronic Corp.) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GrindEQ LaTeX-to-Word (remove only) (HKLM-x32\...\GrindEQl2w) (Version: - ) GrindEQ Math Utilities (remove only) (HKLM-x32\...\GrindEQ) (Version: - ) Holdem Manager (HKLM\...\HoldemManager) (Version: - ) Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kaspersky Internet Security Technical Preview (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Kaspersky Internet Security Technical Preview (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden K-Lite Codec Pack 9.3.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - ) Lizardtech DjVu Control (HKLM-x32\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version: - ) Malwarebytes Anti-Malware wersja 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.) Maxima (sbcl) 5.37.2 (HKLM-x32\...\Maxima-sbcl-5.37.2_is1) (Version: 5.37.2 - The Maxima Development Team) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1771593470-3012635902-189330645-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft Virtual PC 2007 SP1 (HKLM\...\{AD483998-2E9A-4405-83FF-6E503AF49CBB}) (Version: 6.0.192.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MiKTeX 2.9 (HKU\S-1-5-21-1771593470-3012635902-189330645-1001\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.14.01.105 - Huawei Technologies Co.,Ltd) Mozilla Firefox 51.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 pl)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla) MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team) NapiProjekt (2.0.0.2151) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation) OSCAR Editor (HKLM-x32\...\InstallShield_{B93E815A-ED3F-436C-8175-C0BB1AD4AA36}) (Version: 5.20.0000 - A4TECH) OSCAR Editor (x32 Version: 5.20.0000 - A4TECH) Hidden PDFConverter Printer Driver (HKLM-x32\...\{74669C8B-4D0A-4237-997F-3E1C92331F7D}) (Version: - ) PDFConverter Printer Driver version 2.00 (HKLM-x32\...\PDFConverter Printer Driver_is1) (Version: 2.00 - PDF-Convert, Inc.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30320 - Microsoft Corporation) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended PLK Language Pack) (Version: 4.0.30320 - Microsoft Corporation) Poprawka dla produktu Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2580188) (HKLM-x32\...\{A49402DD-2781-3782-B0CF-52BDA349E3F3}.KB2580188) (Version: 1 - Microsoft Corporation) Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden psqlODBC_x64 (Version: 09.03.0400 - PostgreSQL Global Development Group) Hidden R for Windows 3.2.2 (HKLM\...\R for Windows 3.2.2_is1) (Version: 3.2.2 - R Core Team) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.) RStudio (HKLM-x32\...\RStudio) (Version: 0.99.902 - RStudio) Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung) SAS 9.4 (HKLM-x32\...\{adfa23ed-d64f-40f3-bd52-8c4a9a1ff982}) (Version: 9.4 - SAS) SAS Add-In 7.1 for Microsoft Office (64-bit) - pl Resources (HKLM\...\{8A311212-0C6F-4DE9-AE7E-BDBEC00E96C9}) (Version: 7.130.2018 - SAS Institute Inc.) SAS Add-In 7.1 for Microsoft Office (64-bit) (HKLM\...\{468D54D9-98AD-4642-BF65-AFFC53A6EDB3}) (Version: 7.100.5386 - SAS Institute Inc.) SAS Document Conversion Server (HKLM-x32\...\SAS Document Conversion Server) (Version: - ) SAS Enterprise Guide 7.1 (32-bit) - pl Resources (x32 Version: 7.110.0 - SAS Institute Inc.) Hidden SAS Enterprise Guide 7.1 (32-bit) (x32 Version: 7.100.2711 - SAS Institute Inc.) Hidden SAS Studio 3.4 Single-User Edition (Version: 3.4.2091.0 - SAS Institute, Inc.) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.) Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung) Stata 13 (HKLM-x32\...\{217BE429-022D-4094-960F-0376E1CBE13E}) (Version: 13.0 - StataCorp LP) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab CYRI (HKLM-x32\...\{E77DA909-3532-4C95-AFEB-06310E88462A}) (Version: 6.0.3.0 - Husdawg, LLC) TouchFreeze (HKLM-x32\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov) User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - ) Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Phone app for desktop (HKLM-x32\...\{99759E36-8961-43DC-A7E6-4601D6AEF166}) (Version: 1.1.2726.0 - Microsoft Corporation) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-1771593470-3012635902-189330645-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\tru\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-1771593470-3012635902-189330645-1001_Classes\CLSID\{8932AEFE-9DB6-4f43-AFB2-5682F55E773A}\InprocServer32 -> D:\Program Files\Microsoft Virtual PC\VPCShExH.DLL (Microsoft Corporation) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {01A759FB-7655-469D-8C7D-F45474D5F74F} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.) Task: {088C3B81-4677-47A7-979A-536DD1261038} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.) Task: {1C489413-AD0B-4F15-A3E8-668AEDB8FFD1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink) Task: {1E410920-D5B0-4B49-9C39-165FAC054F9B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {2CF6E3FD-8751-428E-BE64-99D8EA413FAB} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.) Task: {2E3FE438-5895-4A1E-AAD4-AA0891B67E3E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {35E8013B-1F44-4F8C-97FD-0A71B94A8B76} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated) Task: {4B4E1518-6C2A-4138-B0B4-70D99FB0962A} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd) Task: {55904B27-7D38-489C-BA7C-546BC51A9C8B} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2011-09-15] (Samsung) Task: {59F343FD-DC9B-4332-A6FD-46C522DBB567} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {6AEBD1E6-1092-416D-98EB-766C9C540016} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.) Task: {7025460A-C0E5-4FB6-9AE0-192A88C1FC50} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.) Task: {70DD8F7A-1E41-48D8-B7C0-D62F317C23A6} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-28] (Samsung Electronics) Task: {92A2CFF0-1ADC-4AD5-A4A3-A4EF75BEA5D8} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.) Task: {AA799A3F-281A-44FE-AA1C-2B52E7FCEEFE} - System32\Tasks\DropboxUpdateTaskMachineUA => D:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-10-14] (Dropbox, Inc.) Task: {AA93B3A3-A41C-4709-A74A-E122DA16E0BE} - System32\Tasks\{4A50030C-5B83-4F32-81C7-3173AE6C5647} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/pl/abandoninstall?page=tsProgressBar Task: {AB086D0D-B6D6-4D7B-9144-4388F4D7F7D7} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC) Task: {AB534A5C-595E-4247-A917-BC949CDBB129} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {AC5D1A0A-5F07-4DDE-A3F9-1972F0D977EA} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-29] (SAMSUNG Electronics) Task: {BBB9895A-C579-4E47-B17F-B7C9A538F8B9} - System32\Tasks\{E41B91D7-C8EE-4CBC-8BDF-E9A1EA906434} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.0.105/pl/abandoninstall?page=tsProgressBar Task: {D7520134-EA60-4155-ABFA-1180EF7F3C5D} - System32\Tasks\{69CB8ABF-0977-4E5E-8459-68319E1C587B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsMain Task: {FB881B94-8C1F-4AD3-9BCB-8E717CD7DD66} - System32\Tasks\DropboxUpdateTaskMachineCore => D:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-10-14] (Dropbox, Inc.) Task: {FC7029C3-72DF-48A3-A162-139E4653A8ED} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => D:\Program Files\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => D:\Program Files\Dropbox\Update\DropboxUpdate.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2013-03-25 06:29 - 2013-03-25 06:29 - 00019968 _____ () D:\SASHome\SASTextAnalyticsDocumentConversion\14.1\_tgwinsvc_wrapper.exe 2017-03-02 23:25 - 2017-03-02 23:25 - 00959168 _____ () C:\Users\tru\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll 2014-12-12 23:25 - 2014-12-12 23:25 - 00057344 _____ () D:\Program Files\CCleaner\lang\lang-1045.dll 2014-04-14 20:41 - 2012-12-21 19:33 - 00020288 _____ () D:\Program Files\CCleaner\branding.dll 2015-07-08 22:18 - 2015-07-08 22:18 - 00794920 _____ () D:\Program Files\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\kpcengine.2.3.dll 2011-10-11 11:21 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll 2011-10-11 11:31 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ==================== Alternate Data Streams (filtrowane) ========= ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:34 - 2015-08-24 19:22 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-1771593470-3012635902-189330645-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tru\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) MpsSvc => Usługa "Zapora systemu Windows" nie jest uruchomiona. ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\Services: AxAutoMntSrv => 2 MSCONFIG\Services: GameConsoleService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: HWDeviceService64.exe => 2 MSCONFIG\Services: MASMonitorService => 2 MSCONFIG\Services: Mobile Broadband HL Service => 2 MSCONFIG\Services: Mobile Partner. RunOuc => 2 MSCONFIG\Services: RichVideo => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: StarWindServiceAE => 2 MSCONFIG\Services: STATISTICA License Manager => 2 MSCONFIG\Services: VMAuthdService => 2 MSCONFIG\Services: VMUSBArbService => 2 MSCONFIG\Services: WebSTATISTICA => 2 MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: FlashPlayerUpdate => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe -update plugin ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Punkty Przywracania systemu ========================= 04-03-2017 22:50:13 Removed BlueStacks Notification Center 04-03-2017 23:13:20 Removed Universal SQL Editor 1.4.6.2 04-03-2017 23:14:27 Removed STATISTICA 10.0.228.8. 05-03-2017 09:38:26 Restore Point Created by FRST Sprawdź usługę "winmgmt" lub napraw WMI. ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Karta wirtualnego miniportu WiFi firmy Microsoft Description: Karta wirtualnego miniportu WiFi firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (03/05/2017 10:09:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/05/2017 09:41:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/05/2017 09:38:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed. System Error: 0xC0000039 (unresolvable). Error: (03/05/2017 09:38:26 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {d1f78291-2784-47c9-b7ac-92fa1c721e90} Error: (03/05/2017 09:31:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/04/2017 11:20:32 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „D:\Program Files\CCleaner\ccleaner.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Składnik 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Error: (03/04/2017 11:14:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed. System Error: 0xC0000039 (unresolvable). Error: (03/04/2017 11:14:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed. System Error: 0xC0000039 (unresolvable). Error: (03/04/2017 11:13:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed. System Error: 0xC0000039 (unresolvable). Error: (03/04/2017 11:13:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed. System Error: 0xC0000039 (unresolvable). Dziennik System: ============= Error: (03/05/2017 10:08:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Zapora systemu Windows z powodu następującego błędu: Program wykonywalny, w którym ta usługa (zgodnie z jej konfiguracją) ma być uruchomiona, nie implementuje usługi. Error: (03/05/2017 10:07:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa udostępniania w sieci programu Windows Media Player z powodu następującego błędu: Usługa nie została uruchomiona z powodu nieudanego logowania. Error: (03/05/2017 10:07:27 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Usługa WMPNetworkSvc nie może zalogować się jako NT AUTHORITY\NetworkService za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu: Żądanie nie jest obsługiwane. Aby upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w programie Microsoft Management Console (MMC). Error: (03/05/2017 10:07:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Windows Search z powodu następującego błędu: Usługa nie została uruchomiona z powodu nieudanego logowania. Error: (03/05/2017 10:07:26 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Usługa WSearch nie może zalogować się jako NT AUTHORITY\SYSTEM za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu: Żądanie nie jest obsługiwane. Aby upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w programie Microsoft Management Console (MMC). Error: (03/05/2017 10:06:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Intel(R) Management and Security Application User Notification Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (03/05/2017 10:06:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (03/05/2017 10:06:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Microsoft .NET Framework NGEN v4.0.30319_X86 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (03/05/2017 10:06:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (03/05/2017 10:06:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa SAS Document Conversion Server niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. CodeIntegrity: =================================== Date: 2015-08-24 20:20:34.957 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-08-24 20:20:34.910 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-19 01:57:28.776 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 01:57:28.714 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 01:57:25.500 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 01:57:25.500 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 01:57:04.003 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 01:57:03.988 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 01:57:00.977 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 01:57:00.930 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Procent pamięci w użyciu: 38% Całkowita pamięć fizyczna: 4009.55 MB Dostępna pamięć fizyczna: 2479.79 MB Całkowita pamięć wirtualna: 8017.28 MB Dostępna pamięć wirtualna: 6248.84 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:98.1 GB) (Free:47.83 GB) NTFS Drive d: () (Fixed) (Total:181.39 GB) (Free:56.22 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 3C977812) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=98.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=577.7 GB) - (Type=05) Partition 4: (Not Active) - (Size=22.8 GB) - (Type=27) ==================== Koniec Addition.txt ============================