Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 15-03-2017 Uruchomiony przez Dawid (04-04-2017 09:46:36) Uruchomiony z C:\Users\Dawid\Desktop\Nowy folder Windows 7 Professional Service Pack 1 (X64) (2017-04-03 05:44:08) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-3743078400-2233895165-2922168839-500 - Administrator - Disabled) Dawid (S-1-5-21-3743078400-2233895165-2922168839-1000 - Administrator - Enabled) => C:\Users\Dawid Gość (S-1-5-21-3743078400-2233895165-2922168839-501 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden Dell System Detect (HKU\S-1-5-21-3743078400-2233895165-2922168839-1000\...\d24084d039586cae) (Version: 8.4.0.5 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.2207.101.108 - ALPS ELECTRIC CO., LTD.) DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.215 - Dell Inc.) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.11.1193 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Mozilla Firefox 52.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 pl)) (Version: 52.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla) Pakiet zgodności dla systemu Office 2007 (HKLM-x32\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden SSD Fresh 2017 (HKLM-x32\...\{71149886-0AA3-4F31-81F9-CC90EA0D55EF}_is1) (Version: 6.1 - Abelssoft) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {2471B0B2-7168-4A88-B66F-B9D2AA54862E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel(R) Corporation) Task: {250ADCE2-26E6-49B5-8FF3-E2C4247F5E80} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-03] (AVAST Software) Task: {35569C66-5F98-4C55-AECC-8A87D8023F46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-03] (Adobe Systems Incorporated) Task: {4DCA7C46-6D1C-4DEE-B1F6-B158FF978D8B} - System32\Tasks\SafeZone scheduled Autoupdate 1491199104 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software) Task: {8346FDAA-524A-4BB2-B85F-7CECD22EC13C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {923A6037-B3D4-42DE-BA03-0448A3623E4A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-03] (AVAST Software) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2017-04-03 07:57 - 2017-04-03 07:57 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll 2017-04-03 07:57 - 2017-04-03 07:57 - 00790544 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll 2017-04-03 07:57 - 2017-04-03 07:57 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll 2017-04-03 07:57 - 2017-04-03 07:57 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-04-03 07:57 - 2017-04-03 07:57 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-04-03 21:37 - 2017-04-03 21:37 - 06012984 _____ () C:\Program Files\AVAST Software\Avast\defs\17040301\algo.dll 2017-04-03 07:57 - 2017-04-03 07:57 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-04-03 07:57 - 2017-04-03 07:57 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2017-04-03 07:57 - 2017-04-03 07:57 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-04-03 07:57 - 2017-04-03 07:57 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2016-05-09 22:57 - 2016-05-09 22:57 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (filtrowane) ========= ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) IE trusted site: HKU\S-1-5-21-3743078400-2233895165-2922168839-1000\...\dell.com -> dell.com ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-3743078400-2233895165-2922168839-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{19C4BC29-D055-4848-942D-594C0EEFB398}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe FirewallRules: [{09125C31-8575-49B1-93C8-F7E074D07B3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0840930B-6089-4B10-B0D0-C58F1CA9B877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{0740B382-9836-4C21-B4BF-1AA535079844}C:\users\dawid\downloads\nowy folder\sdi_x64_r539.exe] => (Allow) C:\users\dawid\downloads\nowy folder\sdi_x64_r539.exe FirewallRules: [UDP Query User{F65B4480-88F8-4336-B7CA-F9968BECDE17}C:\users\dawid\downloads\nowy folder\sdi_x64_r539.exe] => (Allow) C:\users\dawid\downloads\nowy folder\sdi_x64_r539.exe ==================== Punkty Przywracania systemu ========================= 03-04-2017 07:57:06 Windows Update 03-04-2017 08:35:27 Windows Update 03-04-2017 15:55:55 Windows Update 03-04-2017 16:05:01 Windows Update 03-04-2017 21:18:51 Windows Update 03-04-2017 21:30:15 Windows Update 03-04-2017 21:54:03 Zainstalowano: Microsoft Office Professional Edition 2003 03-04-2017 23:11:17 Installed drivers 04-04-2017 00:09:50 Windows Update 04-04-2017 00:29:46 Zainstalowano: Pakiet zgodności dla systemu Office 2007 04-04-2017 09:00:33 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 04-04-2017 09:00:45 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 04-04-2017 09:08:22 Intel® Network Connections ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (04/04/2017 09:20:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/04/2017 09:10:19 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/04/2017 09:04:17 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/04/2017 08:51:55 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/04/2017 08:48:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/04/2017 08:44:42 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/04/2017 08:32:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/04/2017 08:13:09 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/04/2017 08:08:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/04/2017 08:07:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Dziennik System: ============= Error: (04/04/2017 09:20:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error: (04/04/2017 09:20:01 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 09:10:15 na ‎2017-‎04-‎04 było nieoczekiwane. Error: (04/04/2017 09:10:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error: (04/04/2017 09:04:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error: (04/04/2017 08:51:53 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error: (04/04/2017 08:51:50 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 08:50:48 na ‎2017-‎04-‎04 było nieoczekiwane. Error: (04/04/2017 08:48:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error: (04/04/2017 08:44:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error: (04/04/2017 08:44:37 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 08:43:12 na ‎2017-‎04-‎04 było nieoczekiwane. Error: (04/04/2017 08:32:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz Procent pamięci w użyciu: 25% Całkowita pamięć fizyczna: 8074.64 MB Dostępna pamięć fizyczna: 6040.84 MB Całkowita pamięć wirtualna: 16147.47 MB Dostępna pamięć wirtualna: 14020.86 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:119.06 GB) (Free:70.27 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 06CC54E7) Partition 1: (Active) - (Size=187 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================