Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x86) Wersja: 08-07-2017 Uruchomiony przez szymon (09-07-2017 09:49:21) Uruchomiony z C:\Users\szymon\Downloads Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) (2009-01-17 23:31:57) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-3182861355-789584673-1566108675-500 - Administrator - Disabled) Gość (S-1-5-21-3182861355-789584673-1566108675-501 - Limited - Disabled) szymon (S-1-5-21-3182861355-789584673-1566108675-1003 - Administrator - Enabled) => C:\Users\szymon ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems) Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0415-0000-0000000FF1CE}_PROHYBRIDR_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0415-0000-0000000FF1CE}_PROHYBRIDR_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0415-0000-0000000FF1CE}_PROHYBRIDR_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version: - Microsoft) Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - ) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software) AVG PC Tuneup 2011 (HKLM\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.26 - AVG) Business Contact Manager z dodatkiem SP2 dla programu Outlook 2007 (HKLM\...\{4ac40384-37ba-421c-b14c-2ecbe4403817}) (Version: 3.0.8619.1 - Microsoft Corporation) Hidden Business Contact Manager z dodatkiem SP2 dla programu Outlook 2007 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.2.4.1430 - CDBurnerXP) CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2403 - CyberLink Corp.) CyberLink Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.0.3825 - CyberLink Corp.) Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - ) Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung) Easy Network Manager 3.0 (HKLM\...\{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Samsung) Hidden Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Samsung) e-pity 2010 (HKLM\...\{670A2206-F20A-490C-8C13-25EA88BF8E53}_is1) (Version: - e-file sp. z o.o.) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Earth Plug-in (HKLM\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: .2406 - CyberLink Corp.) MegaFon Internet (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM\...\{90A40415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM\...\{90850415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) mpps 13.02 13.02 (HKLM\...\mpps 13.02 13.02) (Version: - ) MPPS (HKLM\...\MPPS) (Version: 12.00 - Amt-Cartech Ltd) Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation) NirSoft IE PassView (HKLM\...\NirSoft IE PassView) (Version: - ) Oprogramowanie Intel(R) PROSet/Wireless WiFi (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation) Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - plk) (Version: - Microsoft Corporation) Pakiet sterowników systemu Windows - AUTO M3 Ltd OPCOM USB V2 Driver (10/22/2009 2.06.00) (HKLM\...\14142D0B613CE5CBC33FEB9457C6C1F9409DFD52) (Version: 10/22/2009 2.06.00 - AUTO M3 Ltd) Pakiet sterowników systemu Windows - Ross-Tech USB Driver Package (05/12/2014 2.10.00) (HKLM\...\F99E6C5A14B5EBAB27FDFE2637878DF8208069E7) (Version: 05/12/2014 2.10.00 - Ross-Tech) Pity 2009 (HKLM\...\Pity 2009_is1) (Version: - Biuro Informatyki Stosowanej FORMAT) Play AVStation (HKLM\...\{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.50 - Samsung Electronics Co., LTD) Hidden Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.50 - Samsung Electronics Co., LTD) Play Camera (HKLM\...\{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}) (Version: 2.0.0.13 - Samsung Electronics) Hidden Play Camera (HKLM\...\InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}) (Version: 2.0.0.13 - Samsung Electronics) PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 5.0.3927 - CyberLink Corp.) PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 085120(3.7)_Vista_SSPC - CyberLink Corp.) SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD) Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.5 - Samsung) Samsung Update Plus (HKLM\...\{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Składniki łączności pakietu Microsoft Office Small Business (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation) Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.) swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - ) VCDS AKP 17.1.3 (HKLM\...\VCDS AKP) (Version: 17.1.3 - ADAKO) Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation) Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.1.9 - Shark007) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.) WinRAR 5.31 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-3182861355-789584673-1566108675-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\szymon\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-08] (AVAST Software) ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-08] (AVAST Software) ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-08] (Alexander Roshal) ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-08] (AVAST Software) ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation) ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-08] (AVAST Software) ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-08] (Alexander Roshal) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {056F2320-8DE4-486F-B0CF-FCD7EC708DD9} - System32\Tasks\{E8A5ECBE-9722-4C07-AA36-9FA670860CAC} => pcalua.exe -a C:\Windows\system32\igfxcpl.cpl -c Intel(R) GMA Driver for Mobile Task: {1F8E01CF-D433-482A-A2B5-CC9244B534D8} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On szymon Logon => C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe Task: {200170B1-4A09-4522-8DC0-BCA6838748B8} - System32\Tasks\SafeZone scheduled Autoupdate 1499539407 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software) Task: {408EAC7D-7A65-4493-8CCE-CA1048289018} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2017-03-15] (Oracle Corporation) Task: {435C6376-2B59-43B6-AEDA-97A9DF837CE5} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-05] (Samsung Electronics Co., Ltd.) Task: {492BA401-A91F-4458-9D72-F9B3FEE811A4} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.) Task: {5EE56422-3F69-4CBB-AA32-A2AD788073F3} - System32\Tasks\{4B0605B9-C818-444E-8274-07BD3DEA882F} => pcalua.exe -a "E:\op-com\op-com\op-com\Before the firmware upgrade using\OPCOM081016_EN\OPCOM081016_EN\DPInst.exe" -d "E:\op-com\op-com\op-com\Before the firmware upgrade using\OPCOM081016_EN\OPCOM081016_EN" Task: {75E9A7A4-45E1-40EA-BE23-CC53F9E439F3} - System32\Tasks\{0DF26784-6926-4AC8-AEC0-FA182434B8B6} => pcalua.exe -a "E:\op-com\op-com\op-com\Before the firmware upgrade using\OPCOM081016_EN\OPCOM081016_EN\OPCOMUSBUninstall.exe" -d "E:\op-com\op-com\op-com\Before the firmware upgrade using\OPCOM081016_EN\OPCOM081016_EN" Task: {77799886-6B72-410D-89E6-133F708791E2} - System32\Tasks\Microsoft\Windows\RestartManager\{925D4EB2-5BD7-47fc-BBA4-8CD53B67AE9D} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {7EC01DE6-D30F-4ECB-9AA5-72E6945DD0A1} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => Rundll32.exe Task: {857F89EA-C1D4-40A9-A032-3D9A98ABF545} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation) Task: {A3D491D0-BDE0-4257-8658-AD432D7BB398} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {A7BC9715-C276-4E2A-B106-85EB178326ED} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-08] (AVAST Software) Task: {BF68538D-E876-4EA4-87EA-5014706BF96A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {C29F7C19-2589-45F7-A31E-921530A20AF8} - System32\Tasks\{D5E89D88-FA2D-41C2-98B2-B168850DADAF} => pcalua.exe -a "C:\Users\szymon\Desktop\op-com\op-com\op-com\Before the firmware upgrade using\OPCOM081016_EN\OPCOM081016_EN\Driver\OPCOMUSBUninstall.exe" -d "C:\Users\szymon\Desktop\op-com\op-com\op-com\Before the firmware upgrade using\OPCOM081016_EN\OPCOM081016_EN\Driver" Task: {D0559160-A845-4FBF-96C6-289209F14C70} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated) Task: {DB769959-E816-4F3B-B012-9A884864AE71} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3182861355-789584673-1566108675-1003UA => C:\Users\szymon\AppData\Local\Google\Update\GoogleUpdate.exe Task: {DD9BAEF1-AAF3-4FB0-817F-6DB70AD73AE9} - System32\Tasks\Microsoft\Windows\RestartManager\{F23690A2-5E13-4b45-9B6D-F9370438C0F9} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {E3E920BF-ABFE-47BB-8CB3-FDA6E85ACA8D} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-10-06] (SAMSUNG Electronics) Task: {EDFB3816-6781-42CA-99DB-78DAF233B019} - System32\Tasks\{6FE3A374-6644-4C0C-AC9A-AB67306BBB47} => C:\Program Files\Skype\Phone\Skype.exe (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ShortcutWithArgument: C:\Users\Public\Desktop\MegaFon Internet.lnk -> C:\Program Files\4G Hostless Modem\MegaFon Internet\LaunchWebUI.exe () -> hxxp://status.megafon.ru ==================== Załadowane moduły (filtrowane) ============== 2017-07-08 20:36 - 2017-07-08 20:36 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-07-08 20:36 - 2017-07-08 20:36 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-07-08 20:36 - 2017-07-08 20:36 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2017-07-08 20:42 - 2017-07-08 20:42 - 05684224 _____ () C:\Program Files\AVAST Software\Avast\defs\17070700\algo.dll 2017-07-08 20:36 - 2017-07-08 20:36 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-07-08 20:36 - 2017-07-08 20:36 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2009-08-03 23:15 - 2009-07-13 23:18 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe 2008-07-29 10:07 - 2006-12-19 15:23 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2008-07-29 10:13 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll 2008-07-29 10:12 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll 2016-08-02 21:04 - 2015-11-09 18:43 - 00468736 _____ () C:\Program Files\4G Hostless Modem\MegaFon Internet\CheckNDISPort_df.exe 2016-08-02 21:04 - 2015-11-09 18:43 - 00447744 _____ () C:\Program Files\4G Hostless Modem\MegaFon Internet\CancelAutoPlay_df.exe 2017-07-08 20:36 - 2017-07-08 20:36 - 01032744 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll 2017-07-08 20:36 - 2017-07-08 20:36 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-07-08 20:35 - 2017-07-08 20:35 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2017-07-08 20:35 - 2017-07-08 20:37 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [276] AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112] AlternateDataStreams: C:\Users\Public\DRM:احتضان [98] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-3182861355-789584673-1566108675-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\szymon\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{8A6C83B9-51F5-46C0-B336-39DD506C80B2}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR.EXE FirewallRules: [TCP Query User{64C955C4-334D-4967-99A5-E7EEDBC61E4E}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe FirewallRules: [UDP Query User{EB027EBC-C543-4353-8657-293787DD8D73}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe FirewallRules: [TCP Query User{3A35745C-6147-409F-B60D-D55657F924CB}C:\users\szymon\appdata\local\screamer radio\screamer.exe] => (Block) C:\users\szymon\appdata\local\screamer radio\screamer.exe FirewallRules: [UDP Query User{4A44051A-57E1-45BB-A6D5-98663124BC07}C:\users\szymon\appdata\local\screamer radio\screamer.exe] => (Block) C:\users\szymon\appdata\local\screamer radio\screamer.exe FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [{3120AB5E-79D5-4FE5-965E-EE988C227CE6}] => (Allow) LPort=80 FirewallRules: [{042856E5-D7A9-4EC6-8855-B4FB0C67C5D3}] => (Allow) LPort=80 FirewallRules: [{4A2CE5BF-6434-4419-9049-4113AD482FDA}] => (Allow) LPort=80 FirewallRules: [{CE1EAD43-834C-4119-B491-E81EC694199B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{4FFBD5AF-05E2-4C89-9CBE-8951082DECDC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{B9EDC2BC-815D-475B-B47B-E6E30528A738}] => (Allow) C:\Ross-Tech\VCDS-AKP\VCDS.EXE ==================== Punkty Przywracania systemu ========================= 09-04-2017 12:34:55 Removed AVG 09-04-2017 12:42:32 Removed AVG 2016 23-05-2017 23:39:59 Instalacja pakietu sterownika urządzenia: AVG Technologies Usługa sieciowa 15-06-2017 01:04:58 Removed Skype™ 7.0 15-06-2017 01:06:09 Removed Skype Toolbars 15-06-2017 01:06:46 Removed Skype Toolbars 15-06-2017 01:10:13 Removed Skype Toolbars 15-06-2017 01:11:03 Removed LightScribe System Software 1.12.37.1. 15-06-2017 01:42:24 Removed Skype Toolbars ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: 6TO4 Adapter Description: Karta Microsoft 6to4 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: isatap.{F964C826-2F29-4BFC-A275-694A10570E3A} Description: Karta Microsoft ISATAP Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (07/09/2017 08:30:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (07/09/2017 01:12:45 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (07/09/2017 01:09:15 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program adwcleaner_6.047 (3).exe w wersji 6.0.4.7 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 125c Godzina rozpoczęcia: 01d2f83d247da1a3 Godzina zakończenia: 0 Error: (07/09/2017 12:50:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd mbamtray.exe, wersja 3.0.0.1068, sygnatura czasowa 0x59125d35, moduł powodujący błąd mbamtray.exe, wersja 3.0.0.1068, sygnatura czasowa 0x59125d35, kod wyjątku 0xc0000005, przesunięcie błędu 0x000047db, identyfikator procesu 0xd24, godzina rozpoczęcia aplikacji 0x01d2f835ffea9c53. Error: (07/09/2017 12:04:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (07/08/2017 11:22:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (07/08/2017 11:10:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd ProgramManager.exe, wersja 10.0.0.26, sygnatura czasowa 0x4ddb6d5b, moduł powodujący błąd rtl120.bpl, wersja 6.0.6002.19623, sygnatura czasowa 0x56ec3707, kod wyjątku 0xc0000135, przesunięcie błędu 0x00009f55, identyfikator procesu 0xaf0, godzina rozpoczęcia aplikacji 0x01d2f82ea5e7f512. Error: (07/08/2017 11:07:05 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: Nie powiodło się wykonanie procedury otwierania dla usługi „PNRPsvc” w bibliotece DLL „C:\Windows\system32\pnrpperf.dll”. Dane wydajności dla tej usługi nie będą dostępne. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu. Error: (07/08/2017 11:06:31 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: Procedura zbierania danych dla usługi „EmdCache” w bibliotece DLL „C:\Windows\system32\emdmgmt.dll” wygenerowała wyjątek lub zwróciła nieprawidłowy stan. Dane o wydajności zwrócone przez bibliotekę DLL licznika nie będą zwracane w bloku danych Perf Data. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod wyjątku lub kod stanu. Error: (07/08/2017 11:04:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Dziennik System: ============= Error: (07/09/2017 08:34:57 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: ZARZĄDZANIE NT) Description: Event-ID 1001 Error: (07/09/2017 08:32:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Microsoft .NET Framework NGEN v4.0.30319_X86. Error: (07/09/2017 08:30:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: ESProtectionDriver Error: (07/09/2017 08:30:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Parallel port driver z powodu następującego błędu: Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia. Error: (07/09/2017 08:29:44 AM) (Source: Dhcp) (EventID: 1002) (User: ) Description: Serwer DHCP 192.168.0.1 odmówił dzierżawy adresu IP 192.168.0.100 dla karty sieciowej o adresie 002163DBC8CA. (Serwer DHCP wysłał komunikat DHCPNACK). Error: (07/09/2017 01:17:10 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: ZARZĄDZANIE NT) Description: Event-ID 1001 Error: (07/09/2017 01:12:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: ESProtectionDriver Error: (07/09/2017 01:12:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Parallel port driver z powodu następującego błędu: Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia. Error: (07/09/2017 01:11:41 AM) (Source: Dhcp) (EventID: 1002) (User: ) Description: Serwer DHCP 192.168.0.1 odmówił dzierżawy adresu IP 192.168.0.100 dla karty sieciowej o adresie 002163DBC8CA. (Serwer DHCP wysłał komunikat DHCPNACK). Error: (07/09/2017 01:03:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Instalator modułów systemu Windows z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. CodeIntegrity: =================================== Date: 2017-07-09 00:09:36.988 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-09 00:09:36.240 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-09 00:09:35.460 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-09 00:09:34.446 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-09 00:09:33.166 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-09 00:09:31.840 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-09 00:09:30.405 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-09 00:09:29.563 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-04-09 12:38:15.225 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\Av\Drivers\avgunivx.sys because the set of per-page image hashes could not be found on the system. Date: 2017-04-09 12:38:14.507 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\Av\Drivers\avgunivx.sys because the set of per-page image hashes could not be found on the system. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz Procent pamięci w użyciu: 59% Całkowita pamięć fizyczna: 3031.87 MB Dostępna pamięć fizyczna: 1216.02 MB Całkowita pamięć wirtualna: 6300.1 MB Dostępna pamięć wirtualna: 4262.37 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:111.88 GB) (Free:33.34 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)] Drive d: () (Fixed) (Total:111 GB) (Free:104.1 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 3E68B302) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=111.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=111 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================