Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x86) Wersja: 15-03-2017 Uruchomiony przez Mr. Robot (31-03-2017 18:42:04) Uruchomiony z C:\Temp Microsoft Windows 10 Pro Wersja 1511 (X86) (2016-07-08 12:01:08) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2595376921-211916493-2743171331-500 - Administrator - Disabled) Gość (S-1-5-21-2595376921-211916493-2743171331-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2595376921-211916493-2743171331-1003 - Limited - Enabled) Konto domyślne (S-1-5-21-2595376921-211916493-2743171331-503 - Limited - Disabled) Mr. Robot (S-1-5-21-2595376921-211916493-2743171331-1001 - Administrator - Enabled) => C:\Users\Mr. Robot ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKLM\...\uTorrent) (Version: 2.0.4 - ) 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden 7-Zip 16.02 (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) Acronis Disk Director Home (HKLM\...\{9CCC78EF-027E-40E0-9B61-39932C65E3FE}) (Version: 11.0.216 - Acronis) Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (32 Bit) (HKLM\...\{2614BC86-757D-4293-9E25-E4E16F370A9E}) (Version: 16.0 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{6D0F2ABB-E30F-9F89-6022-E3D581CB4155}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Bigasoft Total Video Converter 5.0.10.5862 (HKLM\...\{A72CE741-1F32-4D79-BFFB-A714375C6750}_is1) (Version: - Bigasoft Corporation) Blank ExplorerFrame (HKLM\...\Blank ExplorerFrame) (Version: - neiio) BufferChm (Version: 140.0.298.000 - Hewlett-Packard) Hidden Copy (Version: 140.0.298.000 - Hewlett-Packard) Hidden Corel Graphics - Windows Shell Extension (HKLM\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation) Corel Graphics - Windows Shell Extension (Version: 15.0.487 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Capture (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - EN (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VBA (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VSTA (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 (Version: 15.0 - Corel Corporation) Hidden CorelDRAW(R) Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation) CrystalDiskInfo 3.10.0 (HKLM\...\CrystalDiskInfo_is1) (Version: 3.10.0 - Crystal Dew World) Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform) Destinations (Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 140.0.298.000 - Hewlett-Packard) Hidden DJ_AIO_03_F4200_Software_Min (Version: 140.0.425.000 - Hewlett-Packard) Hidden DocProc (Version: 140.0.185.000 - Hewlett-Packard) Hidden Exact Audio Copy 1.3 (HKLM\...\Exact Audio Copy) (Version: 1.3 - Andre Wiethoff) Ext2 IFS 1.12 for Windows 8/8.1/Server 2012/2012 R2 (HKLM\...\Ext2Ifs_for_NT602) (Version: - ) F4200 (Version: 140.0.425.000 - Hewlett-Packard) Hidden Ghostscript GPL 8.64 (Msi Setup) (HKLM\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (Version: 8.64 - Corel Corporation) Hidden Google Drive (HKLM\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.) Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden GPBaseService2 (Version: 140.0.297.000 - Hewlett-Packard) Hidden HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu) HD Tune Pro 5.50 (HKLM\...\HD Tune Pro_is1) (Version: - EFD Software) HDMI Control Manager (HKLM\...\{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}) (Version: 2.0 - TOSHIBA) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{8C925017-72A8-4C4A-AF21-84901E26638F}) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (Version: 140.0.297.000 - Hewlett-Packard) Hidden Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Komunikator WTW 1.20.0.4800 (HKLM\...\{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}) (Version: 1.20.0.4800 - K2T.eu) LAN Messenger (HKLM\...\LAN Messenger) (Version: 1.2.35 - LAN Messenger) MacType (HKLM\...\{BDFC0905-D76C-47E9-A609-839635BD9E31}) (Version: 1.16.0904 - FlyingSnow) MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden MEGAsync (HKLM\...\MEGAsync) (Version: - Mega Limited) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) mIRC (HKLM\...\mIRC) (Version: 6.35 - mIRC Co. Ltd.) MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 52.0.1 (x86 pl) (HKLM\...\Mozilla Firefox 52.0.1 (x86 pl)) (Version: 52.0.1 - Mozilla) Nero 8 Micro 8.3.6.0 (HKLM\...\Nero8Lite_is1) (Version: 8.3.6.0 - Updatepack.nl) OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Opera Stable 43.0.2442.1144 (HKLM\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software) Pakiet sterowników systemu Windows - MediaTek Inc. (usbser) Ports (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.) Pakiet sterowników systemu Windows - MediaTek Inc. (usbser) Ports (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.) Potplayer (HKLM\...\PotPlayer) (Version: - Kakao Corp.) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.54.02 - ) RoboForm 7-9-18-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-18-5 - Siber Systems) Scan (Version: 140.0.253.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SolutionCenter (Version: 140.0.299.000 - Hewlett-Packard) Hidden SopCast 4.2.0 (HKLM\...\SopCast) (Version: 4.2.0 - www.sopcast.com) SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - ) StartIsBack++ (HKU\S-1-5-21-2595376921-211916493-2743171331-1001\...\StartIsBack) (Version: 1.3.1 - startisback.com) Status (Version: 140.0.342.000 - Hewlett-Packard) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics) Toolbox (Version: 140.0.596.000 - Hewlett-Packard) Hidden TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.11 - TOSHIBA Corporation) TOSHIBA Hardware Setup (HKLM\...\InstallShield_{33ABEB66-85BB-43B2-9448-85CB626C5A5F}) (Version: 5.00.04.00 - TOSHIBA) TrayApp (Version: 140.0.297.000 - Hewlett-Packard) Hidden UxStyle (HKLM\...\{6bf90d91-c5db-454e-a7b4-81bc6cbbe13f}) (Version: 0.2.4.2 - The Within Network, LLC) UxStyle (Version: 0.2.4.2 - The Within Network, LLC) Hidden UXThemePatcher 10 (HKLM\...\UXThemePatcher) (Version: 10 - SkinPack) Vopt 9 (HKLM\...\{548CC5A0-F2E2-11DD-6172-0DC7E1C11916}) (Version: 9.21 - Golden Bow Systems) VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.9 - VSO Software) WebReg (Version: 140.0.297.017 - Hewlett-Packard) Hidden Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) WinRAR 5.20 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 7.8.12.20151119 - Xilisoft) xrecode II 1.0.0.230 (HKLM\...\{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1) (Version: - ) xrecode II shell extension (1.0.0.9) (HKLM\...\{361F3560-6978-4B17-AEA1-3D766A9C5E68}_is1) (Version: - ) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-2595376921-211916493-2743171331-1001_Classes\CLSID\{865e5e76-ad83-4dca-a109-50dc2113ce9b}\InprocServer32 -> C:\Users\Mr. Robot\AppData\Local\StartIsBack\StartIsBack32.dll (www.startisback.com) CustomCLSID: HKU\S-1-5-21-2595376921-211916493-2743171331-1001_Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c9}\InprocServer32 -> C:\Users\Mr. Robot\AppData\Local\StartIsBack\StartIsBack32.dll (www.startisback.com) CustomCLSID: HKU\S-1-5-21-2595376921-211916493-2743171331-1001_Classes\CLSID\{AD1405D2-30CF-4877-8468-1EE1C52C759F}\InprocServer32 -> C:\Users\Mr. Robot\AppData\Local\StartIsBack\StartIsBack32.dll (www.startisback.com) CustomCLSID: HKU\S-1-5-21-2595376921-211916493-2743171331-1001_Classes\CLSID\{c71c41f1-ddad-42dc-a8fc-f5bfc61df958}\InprocServer32 -> C:\Users\Mr. Robot\AppData\Local\StartIsBack\StartIsBack32.dll (www.startisback.com) CustomCLSID: HKU\S-1-5-21-2595376921-211916493-2743171331-1001_Classes\CLSID\{E5C31EC8-C5E6-4E07-957E-944DB4AAD85E}\InprocServer32 -> C:\Users\Mr. Robot\AppData\Local\StartIsBack\StartIsBack32.dll (www.startisback.com) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {2AC14E3E-86FC-4BA8-98C0-63101FCDEA63} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-07-13] (Siber Systems) Task: {5AE73374-F91A-4D29-AD30-FC8DF9766377} - System32\Tasks\off => shutdown Task: {5D80C806-5430-4633-A004-8E3BE0B055FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-24] (Google Inc.) Task: {769DC21E-A3F4-48E4-868C-FD422C21F58B} - System32\Tasks\Liertherjubtion Log => C:\Program Files\Drewespgrerwey\vnesh.exe [2017-03-31] (Glarysoft Ltd) Task: {8E9A4FE3-3041-4328-BC06-181DE0180341} - System32\Tasks\Opera scheduled Autoupdate 1485250916 => C:\Program Files\Opera\launcher.exe [2017-02-27] (Opera Software) Task: {C95BAB15-C4BC-4FCE-8A49-6978D438490C} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-P2IP1F5-Mr. Robot => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated) Task: {D8093D67-A97C-421B-BB55-21D2ACFD056F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\Explorer.exe /NOUACCHECK Task: {D967FFEE-B611-447D-A1E0-D7D4456A32F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-24] (Google Inc.) Task: {DF5E982F-630E-46BE-904D-23F6491397AF} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMMJMLJOMJJLJGMLJCNNMLMMMPMCNLMJJLJOJCNNJLJOJMMCNOJIMLJJJIMOJGMJJLMPMOJMJJNJICMIMCNGMCNOMHMFMOMOMCNLMNMPMCNOMPMKMHMJMFMPMCNPMCNOMPMKMHMJMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMCLNIBNPNNKAJNJAJLIJNKJCMJNNICMJNDJCMPI (dane wartości zawierają 53 znaków więcej). (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\Users\Mr. Robot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Forum.lnk -> hxxp://forum.k2t.eu Shortcut: C:\Users\Mr. Robot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Zgłoś błąd.lnk -> hxxp://bugtraq.k2t.eu Shortcut: C:\Users\Mr. Robot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Zgłoś propozycję.lnk -> hxxp://bugtraq.k2t.eu ==================== Załadowane moduły (filtrowane) ============== 2015-10-30 07:44 - 2015-10-30 07:44 - 00149504 _____ () C:\Windows\SYSTEM32\ism32k.dll 2017-03-31 17:14 - 2017-03-31 17:14 - 00275968 _____ () C:\Program Files\Liertherjubtion Log\local32spl.dll 2016-07-08 18:07 - 2016-03-29 11:37 - 01862008 _____ () C:\Windows\system32\CoreUIComponents.dll 2016-07-08 18:07 - 2016-03-29 11:37 - 01862008 _____ () C:\Windows\System32\CoreUIComponents.dll 2016-10-31 21:43 - 2016-10-31 21:43 - 00564736 _____ () C:\Users\Mr. Robot\AppData\Local\MEGAsync\ShellExtX32.dll 2016-07-08 15:26 - 2016-07-08 15:26 - 00679624 _____ () C:\Users\Mr. Robot\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2016-02-13 13:50 - 2016-02-13 13:50 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-08 18:06 - 2016-04-23 06:20 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-08 18:04 - 2016-05-28 05:59 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-08 18:04 - 2016-05-28 05:54 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-08 18:07 - 2016-05-28 05:54 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-08 18:07 - 2016-05-28 05:57 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-03-31 17:45 - 2016-03-11 14:53 - 00380928 _____ () C:\Temp\gmer.exe ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2015-10-30 07:48 - 2017-03-31 17:19 - 00001101 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-2595376921-211916493-2743171331-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mr. Robot\Pictures\c_h_r_o_m_i_u_m_by_burningmonk-d2tqyqv.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk" HKLM\...\StartupApproved\Run: => "StartCCC" HKLM\...\StartupApproved\Run: => "HDMICtrlMan" HKLM\...\StartupApproved\Run: => "AMD AVT" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "HP Software Update" HKU\S-1-5-21-2595376921-211916493-2743171331-1001\...\StartupApproved\Run: => "OneDrive" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{AFA0F67F-3AC9-4064-90CE-380DAAD77DBB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{197C6326-182A-4FD9-8CD0-9B0F8A72C173}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{E9B85139-54D3-42D5-8CBE-E9632E14F16D}C:\program files\mirc\mirc.exe] => (Allow) C:\program files\mirc\mirc.exe FirewallRules: [UDP Query User{F1A11D3B-B653-4AAE-A8CB-96A98CBA91F3}C:\program files\mirc\mirc.exe] => (Allow) C:\program files\mirc\mirc.exe FirewallRules: [TCP Query User{CA070CF9-F1E8-4E73-9B57-07A00F6786DC}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe FirewallRules: [UDP Query User{46479584-E5CE-4252-90BD-65874C9C4F59}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe FirewallRules: [{B319C780-B599-4A87-9AE5-9FB18C9F06EF}] => (Allow) C:\Program Files\LAN Messenger\lmc.exe FirewallRules: [{E415C7D2-8CED-43A1-BD7A-49FFBDE10820}] => (Allow) C:\Program Files\LAN Messenger\lmc.exe FirewallRules: [TCP Query User{953BC0E0-32CB-4BAB-9142-B789B63A2903}C:\program files\lan messenger\lmc.exe] => (Allow) C:\program files\lan messenger\lmc.exe FirewallRules: [UDP Query User{132B0ADA-0886-4FA3-84EE-996D93F30379}C:\program files\lan messenger\lmc.exe] => (Allow) C:\program files\lan messenger\lmc.exe FirewallRules: [{9BA0E78C-B3B0-497B-BB55-71BBAF188626}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe FirewallRules: [{FFB67B06-D5C6-4545-BE43-99658384FDCD}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe FirewallRules: [{C313869A-3D5C-45C7-8AEF-FFF84AF57810}] => (Allow) C:\Users\Mr. Robot\AppData\Roaming\ACEStream\engine\ace_engine.exe FirewallRules: [{3E6AF82A-BFB2-45CF-8215-32216FA973E9}] => (Allow) C:\Users\Mr. Robot\AppData\Roaming\ACEStream\engine\ace_engine.exe FirewallRules: [TCP Query User{A172A26A-1758-43FA-B992-F2C670D2CD84}C:\users\mr. robot\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\mr. robot\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [UDP Query User{D2A3F172-59A2-4063-B4F9-D04784A24A83}C:\users\mr. robot\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\mr. robot\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{13D35BD6-758C-4705-A993-76705BFA4322}] => (Allow) C:\Program Files\VSO\ConvertX\5\ConvertXtoDvd.exe FirewallRules: [{851511F0-021F-4BD7-A209-2D69A0A05FE0}] => (Allow) C:\Program Files\VSO\ConvertX\5\ConvertXtoDvd.exe FirewallRules: [{03B04A52-349D-436E-84E7-4C66EB28BFD0}] => (Allow) C:\Program Files\VSO\ConvertX\5\ConvertXtoDvd.exe FirewallRules: [{A3084DCB-1F32-4FC9-812C-2EA520E0F042}] => (Allow) C:\Program Files\VSO\ConvertX\5\ConvertXtoDvd.exe FirewallRules: [{873F3118-D22F-4B5B-8768-AA7526B4AB88}] => (Block) C:\Program Files\VSO\ConvertX\5\ConvertXtoDvd.exe FirewallRules: [{0D08E2F3-F195-47B1-9DE6-5219514013FC}] => (Block) C:\Program Files\VSO\ConvertX\5\ConvertXtoDvd.exe FirewallRules: [{FB0E3B13-365E-4E16-9D6C-EB7D7211796C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{940B0B4A-03B7-4C89-9240-82C9C7AB4A1C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{BBCA8CE7-E94D-472F-94DF-3D8A1973CEC8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{3C72B8C7-337E-41F7-AD37-1735AE0212CC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{42967F4E-1325-4D16-B1D7-A6AEA0AF3630}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{C920670F-8D31-4F74-B900-69EDB08FA8F0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{884E5EA0-9CC9-444E-B622-C23F30CFA67F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{07880A68-16D0-40D6-8064-1E11600D7D5D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{4CAAE8FF-FD52-4831-A7A3-AF87D116FC0C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{2470019D-52BF-4CF9-A7ED-0C4A31E51427}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{7A705034-927A-475B-A710-2D6B3082919C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{3DA2B6D3-1004-43A8-8B6C-DE3DC16F0858}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe FirewallRules: [{EC519AF4-FDCA-4B81-B7F7-26059EC90C5A}] => (Allow) C:\Program Files\Opera\43.0.2442.991\opera.exe FirewallRules: [{2C87ABE5-1AD7-4201-8B3C-79441AAA5040}] => (Allow) C:\Program Files\Opera\43.0.2442.1144\opera.exe FirewallRules: [{121BD208-28FB-415B-8F71-BD7EAA54465C}] => (Allow) C:\Program Files\Maoha\MaohaAP\MaohaWifiSvr.exe FirewallRules: [{16A5A276-C82A-4ADD-A4B8-11B04BE43F5A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{30CAC56A-70C6-4B46-8499-D3535257DC02}] => (Allow) C:\Users\Mr. Robot\AppData\Local\SogouExplorer\SogouExplorer.exe FirewallRules: [{0346B24C-3180-422A-930E-5BA3108CD048}] => (Allow) C:\Users\Mr. Robot\AppData\Local\SogouExplorer\SogouExplorer.exe FirewallRules: [{6C80B4C2-3B80-47FA-B5C8-4DED3BE161C0}] => (Allow) C:\Users\Mr. Robot\AppData\Roaming\SogouExplorer\Temp\SogouExplorerUp.exe FirewallRules: [{F6490926-CF57-4D26-B664-7ED1CFEF6065}] => (Allow) C:\Users\Mr. Robot\AppData\Roaming\SogouExplorer\Temp\SogouExplorerUp.exe FirewallRules: [{88DDA017-CF15-467C-A2C8-3A25BC4779B7}] => (Allow) C:\Users\Mr. Robot\AppData\Local\SogouExplorer\7.0.6.23853\SGRepairTool.exe FirewallRules: [{E528F76F-0DAE-40B0-A06E-B49E8403B684}] => (Allow) C:\Users\Mr. Robot\AppData\Local\SogouExplorer\7.0.6.23853\SGRepairTool.exe ==================== Punkty Przywracania systemu ========================= ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Dane Description: WDC WD1600BEVS-00RST0 Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Microsoft Service: WUDFWpdFs Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (03/31/2017 05:37:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (03/31/2017 05:37:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (03/31/2017 05:37:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (03/30/2017 04:43:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (03/30/2017 04:43:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (03/30/2017 04:43:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (03/29/2017 09:02:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary Protokół LLDP (Link-Layer Discovery Protocol) firmy Microsoft. System Error: Odmowa dostępu. . Error: (03/29/2017 08:39:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (03/29/2017 08:39:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (03/29/2017 08:39:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Dziennik System: ============= Error: (03/31/2017 06:38:25 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error: (03/31/2017 05:33:28 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Usługa Wybór systemu operacyjnego zależy od następującej usługi: ProtectedStorage. Ta usługa może nie być zainstalowana. Error: (03/31/2017 05:32:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Synchronizuj hosta_2e594 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (03/31/2017 05:32:25 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (03/31/2017 05:24:23 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: Jedno wystąpienie usługi już działa. . Error: (03/31/2017 05:23:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Bufor wydruku niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (03/31/2017 05:23:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa SSServiceComponent niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (03/31/2017 05:23:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa MaohaWiFiService niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (03/31/2017 05:23:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (03/31/2017 05:23:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. CodeIntegrity: =================================== Date: 2017-03-31 17:21:56.263 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Users\Mr. Robot\Downloads\OldNewExplorer\OldNewExplorer32.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-31 17:18:16.145 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Users\Mr. Robot\Downloads\OldNewExplorer\OldNewExplorer32.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-31 17:17:47.013 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Users\Mr. Robot\Downloads\OldNewExplorer\OldNewExplorer32.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-31 17:17:26.875 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Users\Mr. Robot\Downloads\OldNewExplorer\OldNewExplorer32.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-29 18:51:03.158 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Users\Mr. Robot\Downloads\OldNewExplorer\OldNewExplorer32.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-29 18:50:03.798 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Users\Mr. Robot\Downloads\OldNewExplorer\OldNewExplorer32.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-29 17:31:44.794 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Users\Mr. Robot\Downloads\OldNewExplorer\OldNewExplorer32.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-27 16:59:46.038 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Users\Mr. Robot\Downloads\OldNewExplorer\OldNewExplorer32.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-27 16:58:30.072 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Users\Mr. Robot\Downloads\OldNewExplorer\OldNewExplorer32.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-27 12:18:38.143 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Users\Mr. Robot\Downloads\OldNewExplorer\OldNewExplorer32.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz Procent pamięci w użyciu: 50% Całkowita pamięć fizyczna: 2557.96 MB Dostępna pamięć fizyczna: 1261.35 MB Całkowita pamięć wirtualna: 3005.96 MB Dostępna pamięć wirtualna: 1701.85 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:48.93 GB) (Free:2 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)] Drive e: (Dane) (Fixed) (Total:100.02 GB) (Free:0.4 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 4AC0FE3A) Partition 1: (Active) - (Size=48.9 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================