Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 17.03.2019 Uruchomiony przez Wiesław (05-04-2019 15:00:40) Uruchomiony z C:\Users\Wiesław\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2019-01-18 09:52:17) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-4194015989-22722290-3948724286-500 - Administrator - Disabled) Gość (S-1-5-21-4194015989-22722290-3948724286-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4194015989-22722290-3948724286-1002 - Limited - Enabled) Wiesław (S-1-5-21-4194015989-22722290-3948724286-1000 - Administrator - Enabled) => C:\Users\Wiesław ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: IObit Malware Fighter (Enabled - Up to date) {0B81F5C2-9C9F-1DB6-0BF9-02BFE6D63BAF} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.156 - Adobe Systems Incorporated) Advanced SystemCare 12 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 12.3.0 - IObit) AOMEI Partition Assistant Standard Edition 7.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.) Asterisk Password Spy (HKLM-x32\...\{F00E7AC2-7658-414F-857D-8BD8BAC3F65A}) (Version: 8.0 - SecurityXploded) Hidden Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.3.2369 - AVAST Software) BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.327.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7041 - CDBurnerXP) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Dell SupportAssist (HKLM\...\{E98E94E2-12D1-48E5-AC69-2C312F466136}) (Version: 3.1.0.142 - Dell Inc.) DesignPro 5 (HKLM-x32\...\{DF57E946-4885-4EEA-A958-D5F82CB21B99}) (Version: 5.0.1056 - Avery Dennison) Hidden DesignPro 5 (HKLM-x32\...\InstallShield_{DF57E946-4885-4EEA-A958-D5F82CB21B99}) (Version: 5.0.1056 - Avery Dennison) DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden Driver Booster 6 (HKLM-x32\...\Driver Booster_is1) (Version: 6.2.1 - IObit) FastStone Image Viewer 6.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.9 - FastStone Soft) FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden HP Scanjet 3800 (HKLM\...\{34EBE5BE-15BB-42E6-B744-7CB6505C7A43}) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard) hpg3800 (HKLM-x32\...\{C1138DD4-4193-4F2B-9870-56D258E96D6F}) (Version: 14.0.0.0 - Nazwa firmy) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) IObit Malware Fighter 6 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 6.6 - IObit) IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.4.0.7 - IObit) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.173 - MediatekWiFi) MeOCR 1.00 version 1.00 (HKLM-x32\...\{6AA802DE-467B-468D-AAEC-E794754B4692}_is1) (Version: 1.00 - MeOCR Software) Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.7.03062 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.6.1 - Mozilla) Mozilla Thunderbird 60.6.1 (x64 pl) (HKLM\...\Mozilla Thunderbird 60.6.1 (x64 pl)) (Version: 60.6.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PDF-XChange Editor (HKLM\...\{A92947C7-3157-4E71-9EF9-A4296E9DB977}) (Version: 7.0.328.2 - Tracker Software Products (Canada) Ltd.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden SecurityXploded Asterisk Password Spy 8.0 (HKLM-x32\...\Asterisk Password Spy 8.0) (Version: 8.0 - SecurityXploded) Smart Defrag 6 (HKLM-x32\...\Smart Defrag_is1) (Version: 6.2 - IObit) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk) WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.128.017 - Hewlett-Packard) Hidden Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) YouTube Song Downloader 2018 (HKLM-x32\...\AbAppId-55_is1) (Version: 18.15 - Abelssoft) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-4194015989-22722290-3948724286-1000_Classes\CLSID\{61A59B96-92C6-31F2-E6D0-AD88E711A63C}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4194015989-22722290-3948724286-1000_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xF168B5D303B1D401A5D77363EBE7D401040000002B00000000000000 => Brak pliku ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2019-02-13] (IObit Information Technology -> IObit) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-14] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2018-07-06] (IObit Information Technology -> IObit) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-14] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2019-02-13] (IObit Information Technology -> IObit) ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit) ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2019-01-28] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.) ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit Information Technology -> IObit) ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2018-07-06] (IObit Information Technology -> IObit) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-14] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2018-07-06] (IObit Information Technology -> IObit) ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2019-02-13] (IObit Information Technology -> IObit) ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-14] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2019-02-13] (IObit Information Technology -> IObit) ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit) ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit Information Technology -> IObit) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {0B57B677-7520-49F6-9C62-18B542F33206} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software) Task: {1857CC1B-B803-48AC-BA33-202632CF875C} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe (IObit Information Technology -> IObit) Task: {31D43357-863D-4EAB-9BF6-93AB64621035} - System32\Tasks\Uninstaller_SkipUac_Wiesław => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe (IObit Information Technology -> IObit) Task: {32D97EC6-A46E-410A-A03C-7C175A0F8A01} - System32\Tasks\{02A93906-9B8D-4BCB-A2C5-CBAC6F51854C} => C:\Windows\system32\pcalua.exe -a C:\Users\Wiesław\Downloads\mp3gain-win-full-1_2_5.exe -d C:\Users\Wiesław\Desktop Task: {40C315BA-15F6-4A7D-AEC9-C342EF7DBF0E} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe (IObit Information Technology -> IObit) Task: {6E9918D2-59B9-4917-ADA6-6E2F829ECAA9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) Task: {70A2A46B-C67B-4E14-B171-E80364022FDB} - System32\Tasks\ASC12_SkipUac_Wiesław => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe (IObit Information Technology -> IObit) Task: {7EF66F65-89ED-4E3C-8434-920FDAF6B543} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software) Task: {81EB5084-056B-4EE3-B315-C9D0D38F170A} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\6.2.1\Scheduler.exe (IObit Information Technology -> IObit) Task: {8F9D6717-AA54-4AF7-A761-BC260828A27F} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe (Dell Inc. -> Dell Inc.) Task: {A5C01AB8-B7DD-4B2A-8105-39320ACEEE61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {CB3F356A-EBA0-4495-BFEF-17CC39B650F9} - System32\Tasks\DB Bigupgrade Task ( One Time ) => C:\Program Files (x86)\IObit\Driver Booster\6.2.1\BigUpgrade.exe (IObit Information Technology -> IObit) Task: {CE6BF8A8-70E7-4762-A80F-FDE095ED80A9} - System32\Tasks\ASC12_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe (IObit Information Technology -> IObit) Task: {D189E89C-4739-4661-94EE-3B4398A4EAB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {E2AE5C33-7997-4EFE-97E9-09600D844404} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd) Task: {E2D64BDC-75A2-4BD4-9C77-D51E0458188D} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe (IObit Information Technology -> IObit) Task: {EAE4D4E0-2ACE-44A3-B9A9-00A04E64B5CB} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\Windows\system32\sipnotify.exe (Microsoft Windows -> Microsoft Corporation) Task: {F09A3579-CA23-4AD8-96BB-EA99236DBFE3} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\Windows\system32\sipnotify.exe (Microsoft Windows -> Microsoft Corporation) Task: {FD78F143-864A-46E2-8575-46EACB98DF46} - System32\Tasks\Driver Booster SkipUAC (Wiesław) => C:\Program Files (x86)\IObit\Driver Booster\6.2.1\DriverBooster.exe (IObit Information Technology -> IObit) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Załadowane moduły (filtrowane) ============== 2019-01-18 12:07 - 2012-08-01 17:46 - 001115648 _____ (Ralink Technology, Corp.) [Brak podpisu cyfrowego] C:\Windows\system32\RAIHV.dll 2009-08-18 12:24 - 2009-08-18 12:24 - 000167424 _____ (Microsoft Corporation) [Brak podpisu cyfrowego] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll 2018-03-26 14:07 - 2018-03-26 14:07 - 000126976 _____ (Microsoft Corporation) [Brak podpisu cyfrowego] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) HKLM\...\.reg: => <==== UWAGA HKLM\...\regfile\DefaultIcon: <==== UWAGA HKLM\...\regfile\shell\open\command: <==== UWAGA ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2019-02-10 22:47 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ HKU\S-1-5-21-4194015989-22722290-3948724286-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Wiesław\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == Załączenie wejścia w fixlist spowoduje jego usunięcie. ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{B3BDA4F1-0C82-41AA-9548-996D964809EB}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe (MEDIATEK INC. -> Mediatek Inc.) [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{EFEC9176-A3A3-49B3-9F1D-2E4EF12F5A1C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{DC6926B4-CE84-411A-B9D2-756B91B88AAA}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{4AC8EC13-0AF7-42C8-8532-A1BD018B7D4F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{FB46CB55-56A3-4EDA-966A-1862A448760B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{ADB81F7B-393F-4CF4-BAF1-86F6233A3D94}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.2.1\DriverBooster.exe (IObit Information Technology -> IObit) FirewallRules: [{334BAB7C-5B46-4517-A45B-3224691D924A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.2.1\DriverBooster.exe (IObit Information Technology -> IObit) FirewallRules: [{D569D922-D544-4A9F-B5E1-134668ED6F9A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.2.1\DBDownloader.exe (IObit Information Technology -> IObit) FirewallRules: [{2E643298-1AD3-4FC2-8AD2-BA563D68116C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.2.1\DBDownloader.exe (IObit Information Technology -> IObit) FirewallRules: [{55B3291E-54F7-4396-B46E-34DB09D6CD0E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.2.1\AutoUpdate.exe (IObit Information Technology -> IObit) FirewallRules: [{86DD401E-A490-42D0-8D87-187772EA818B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.2.1\AutoUpdate.exe (IObit Information Technology -> IObit) FirewallRules: [{15C379EB-984F-409E-BA7B-465C3F5ABC33}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{BFDD3CA3-C6E0-44CB-9B1F-1E156A34C547}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{1F03AB02-4459-4BBA-8830-8CEC690E0F41}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{48276CBE-56E5-4738-8037-8476FBDC7A3C}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard) FirewallRules: [{9348F073-80C3-4341-BFB4-576AF02E9FE5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) ==================== Punkty Przywracania systemu ========================= 18-03-2019 20:25:23 Removed Scan 18-03-2019 20:26:17 Removed Destinations 18-03-2019 20:26:51 Installed Scan 18-03-2019 20:28:19 Installed Destinations 19-03-2019 12:11:46 Windows Update 19-03-2019 20:08:17 Installed Passware Kit Demo 2019 v1 (64-bit) 20-03-2019 10:10:31 Instalator modułów systemu Windows 20-03-2019 10:12:14 Instalator modułów systemu Windows 27-03-2019 10:05:41 Windows Update 27-03-2019 17:11:00 Windows Update 27-03-2019 19:48:07 Windows Update 27-03-2019 23:03:24 Windows Update 04-04-2019 10:49:49 UnHackMe Malware Removal 04-04-2019 14:07:12 UnHackMe Malware Removal 04-04-2019 14:16:02 UnHackMe Malware Removal 04-04-2019 14:18:23 RegRun Reanimator restore point 04-04-2019 15:09:23 Windows Update ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (04/05/2019 02:39:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/05/2019 10:27:47 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/05/2019 09:53:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/04/2019 04:11:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/04/2019 03:09:50 PM) (Source: SupportAssistAgent) (EventID: 0) (User: ) Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Obiekt docelowy wywołania zgłosił wyjątek. ---> System.TypeLoadException: Nie można odnaleźć typu „Windows.UI.Notifications.ToastNotificationManager” środowiska wykonawczego systemu Windows. ---> System.PlatformNotSupportedException: Operacja nie jest obsługiwana na tej platformie. --- Koniec śladu stosu wyjątków wewnętrznych --- w Dell.Services.SupportAssist.Notification.Command.NotificationCommand.d__23.MoveNext() w System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine) w Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall() w Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription) --- Koniec śladu stosu wyjątków wewnętrznych --- w System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) w System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) w System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) w Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription) w Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription) Error: (04/04/2019 02:04:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/04/2019 10:53:42 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/04/2019 10:26:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Dziennik System: ============= Error: (04/05/2019 02:57:31 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 20. Error: (04/05/2019 10:45:57 AM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 20. Error: (04/04/2019 03:06:26 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 20. Error: (04/04/2019 03:05:02 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 20. Error: (04/04/2019 10:53:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi aswbIDSAgent z powodu następującego błędu: Potok został zakończony. Error: (04/04/2019 10:53:05 AM) (Source: volmgr) (EventID: 46) (User: ) Description: Inicjowanie zrzutu awaryjnego nie powiodło się! Error: (04/03/2019 06:05:07 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 70. Error: (04/03/2019 01:27:34 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 70. CodeIntegrity: =================================== Date: 2019-01-19 18:01:17.617 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\cpuz146\cpuz146_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-01-19 18:01:17.555 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\cpuz146\cpuz146_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-01-19 17:40:27.399 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\cpuz146\cpuz146_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-01-19 17:40:27.274 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\cpuz146\cpuz146_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Procent pamięci w użyciu: 82% Całkowita pamięć fizyczna: 3956.61 MB Dostępna pamięć fizyczna: 698.14 MB Całkowita pamięć wirtualna: 7911.36 MB Dostępna pamięć wirtualna: 3468.26 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:200 GB) (Free:155.98 GB) NTFS Drive e: () (Fixed) (Total:263.46 GB) (Free:262.64 GB) NTFS \\?\Volume{f6a1a9bc-1b0f-11e9-89cd-806e6f6e6963}\ (Zastrzeżone przez system) (Fixed) (Total:2.3 GB) (Free:2.26 GB) NTFS ==================== MBR & Tablica partycji ================== ==================== Koniec Addition.txt ============================