Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x86) Wersja: 23-07-2017 Uruchomiony przez Administrator (26-07-2017 08:32:57) Uruchomiony z C:\Documents and Settings\Administrator\Moje dokumenty\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) (2017-07-20 16:28:51) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-1409082233-838170752-1644491937-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-1409082233-838170752-1644491937-1003 - Limited - Enabled) Gość (S-1-5-21-1409082233-838170752-1644491937-501 - Limited - Disabled) Pomocnik (S-1-5-21-1409082233-838170752-1644491937-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-1409082233-838170752-1644491937-1002 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6} AV: IObit Malware Fighter (Enabled - Up to date) {0ED16AC2-4656-4907-BD42-21EA693640D6} AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-1409082233-838170752-1644491937-500\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software) Battlefield 1942 (HKLM\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version: - ) Battlefield 1942 Server (HKLM\...\{D1C5A99A-7727-41A2-9BD1-EDA9888D5E59}) (Version: - ) Broadcom NetXtreme Ethernet Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.52.10 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform) Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform) Dodatek SP2 na potrzeby zgodności z poprzednimi wersjami Klienta programu Zarządzanie prawami Windows (HKLM\...\{EC905264-BCFE-423B-9C42-C3A106266790}) (Version: 5.2.95 - Microsoft) Hidden GG (HKU\S-1-5-21-1409082233-838170752-1644491937-500\...\GG) (Version: 12 - GG Network S.A.) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.) Loaris Trojan Remover 3.0.11 (HKLM\...\{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1) (Version: 3.0.11 - Loaris, LLC.) Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK (HKLM\...\{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK (HKLM\...\{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}) (Version: 3.2.30729 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Hidden Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - plk) (Version: - Microsoft Corporation) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) PowerISO (HKLM\...\PowerISO) (Version: 6.9 - Power Software Ltd) SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.4070 - Analog Devices) Spotify (HKU\S-1-5-21-1409082233-838170752-1644491937-500\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB) VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN) WebFldrs XP (HKLM\...\{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden Win_XP_E (HKLM\...\Win_XP_E) (Version: - Molex) WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-1409082233-838170752-1644491937-500_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1409082233-838170752-1644491937-500_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Documents and Settings\Administrator\Dane aplikacji\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2017-06-23] (Tonec Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-26] (AVAST Software) ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-26] (AVAST Software) ContextMenuHandlers01: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2016-03-08] (Piriform Ltd) ContextMenuHandlers01: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-07-06] (Power Software Ltd) ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-26] (AVAST Software) ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-07-06] (Power Software Ltd) ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2006-10-06] (Intel Corporation) ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-26] (AVAST Software) ContextMenuHandlers06: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2016-03-08] (Piriform Ltd) ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-07-06] (Power Software Ltd) ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1_S-1-5-21-1409082233-838170752-1644491937-500: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\Administrator\Dane aplikacji\GG\ggdrive\ggdrive-menu.dll [2014-03-20] (GG Network S.A.) ContextMenuHandlers4_S-1-5-21-1409082233-838170752-1644491937-500: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\Administrator\Dane aplikacji\GG\ggdrive\ggdrive-menu.dll [2014-03-20] (GG Network S.A.) ContextMenuHandlers5_S-1-5-21-1409082233-838170752-1644491937-500: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\Administrator\Dane aplikacji\GG\ggdrive\ggdrive-menu.dll [2014-03-20] (GG Network S.A.) ==================== Zaplanowane zadania============================= (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2017-07-26 01:18 - 2017-07-26 01:18 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-07-26 01:18 - 2017-07-26 01:18 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-07-26 01:18 - 2017-07-26 01:18 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2017-07-26 01:23 - 2017-07-26 01:23 - 05886720 _____ () C:\Program Files\AVAST Software\Avast\defs\17072502\algo.dll 2017-07-26 01:18 - 2017-07-26 01:18 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-07-26 01:18 - 2017-07-26 01:18 - 01059160 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll 2017-07-26 01:18 - 2017-07-26 01:18 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-07-23 21:05 - 2017-07-23 21:05 - 00066872 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2017-07-26 01:18 - 2017-07-26 01:18 - 00134928 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll 2017-07-26 01:18 - 2017-07-26 01:18 - 00231664 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll 2017-07-21 04:48 - 2016-09-06 12:00 - 05197312 _____ () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll 2017-07-21 04:48 - 2016-09-06 12:00 - 00147456 _____ () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2017-07-20 15:57 - 2017-07-25 10:36 - 00000109 _____ C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.0 serius.mwbsys.com ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-1409082233-838170752-1644491937-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp DNS Servers: 192.168.1.1 Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent\uTorrent.exe] => Enabled:μTorrent StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe] => Enabled:Spotify StandardProfile\AuthorizedApplications: [C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe] => Enabled:BF1942 StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004 StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005 StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001 StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002 StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007 StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008 ==================== Punkty Przywracania systemu ========================= 25-07-2017 07:33:04 Revo Uninstaller's restore point - Avast Premier 25-07-2017 07:44:18 Installed Windows XP Wdf01009. 25-07-2017 08:07:12 Revo Uninstaller's restore point - Avast Premier 25-07-2017 08:22:34 Installed Windows XP Wdf01009. 25-07-2017 09:13:45 Revo Uninstaller's restore point - AVG AntiVirus FREE 25-07-2017 10:31:22 Revo Uninstaller's restore point - 360 Total Security 25-07-2017 10:33:58 Revo Uninstaller's restore point - AVBoost version 1.0 25-07-2017 10:34:27 Revo Uninstaller's restore point - HPWombat 25-07-2017 10:34:52 Revo Uninstaller's restore point - WebFldrs XP 25-07-2017 10:48:56 Revo Uninstaller's restore point - iolo technologies' System Mechanic 25-07-2017 10:50:25 Revo Uninstaller's restore point - Malwarebytes (wersja 3.0.6.1469) 25-07-2017 10:52:49 Revo Uninstaller's restore point - CCleaner 25-07-2017 10:53:30 Revo Uninstaller's restore point - Defraggler 25-07-2017 10:53:39 Revo Uninstaller's restore point - World of Tanks 25-07-2017 11:02:10 Revo Uninstaller's restore point - Kerish Doctor 25-07-2017 11:12:48 Revo Uninstaller's restore point - Kerish Doctor 2017 25-07-2017 11:31:09 Revo Uninstaller's restore point - Kerish Doctor 2017 26-07-2017 01:11:21 Revo Uninstaller's restore point - Panda Protection 26-07-2017 01:20:38 Installed Windows XP Wdf01009. 26-07-2017 01:40:27 Installed Windows XP Wdf01009. 26-07-2017 06:48:41 WINner Tweak 3 Point 26-07-2017 06:58:32 Revo Uninstaller's restore point - WINner Tweak 3.9.5 26-07-2017 07:44:38 Revo Uninstaller's restore point - Kerish Doctor 2017 ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Mysz zgodna z PS/2 Description: Mysz zgodna z PS/2 Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standardowa klawiatura 101/102 klawisze lub Microsoft Natural Keyboard PS/2 Description: Standardowa klawiatura 101/102 klawisze lub Microsoft Natural Keyboard PS/2 Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318} Manufacturer: (Klawiatury standardowe) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Dziennik System: ============= Error: (07/26/2017 08:25:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: i8042prt MBAMChameleon qutmipc Error: (07/26/2017 08:24:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (07/26/2017 08:24:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą Usługa Google Update (gupdate). ==================== Statystyki pamięci =========================== Procesor: Intel(R) Pentium(R) 4 CPU 2.80GHz Procent pamięci w użyciu: 40% Całkowita pamięć fizyczna: 2551.43 MB Dostępna pamięć fizyczna: 1527.71 MB Całkowita pamięć wirtualna: 4444.32 MB Dostępna pamięć wirtualna: 3485.96 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:37.26 GB) (Free:19.92 GB) NTFS ==>[dysk z komponentami startowymi (Windows XP)] ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (Size: 37.3 GB) (Disk ID: 00050F7F) Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================