Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Daga (04-03-2018 17:45:11)
Running from F:\
Windows 10 Pro Version 1607 (X64) (2017-01-26 23:15:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3912383615-3260148415-1536492470-500 - Administrator - Disabled)
Daga (S-1-5-21-3912383615-3260148415-1536492470-1001 - Administrator - Enabled) => C:\Users\Daga
DefaultAccount (S-1-5-21-3912383615-3260148415-1536492470-503 - Limited - Disabled)
Guest (S-1-5-21-3912383615-3260148415-1536492470-501 - Limited - Disabled)
Mateusz (S-1-5-21-3912383615-3260148415-1536492470-1002 - Limited - Enabled) => C:\Users\Mateusz

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Brother MFL-Pro Suite DCP-J100 (HKLM-x32\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 44.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
e5 Secure Download Manager (HKLM-x32\...\{B4B27A42-67BC-4728-A993-D567B37B6ACF}) (Version: 3.2.248.0 - Kivuto Solutions Inc.)
e-pity 8.0.14 za rok 2016 (HKLM-x32\...\{80D8170E-5590-218-B9ED-E24E4C99A11D}_is1) (Version: 8.0.14 - e-file sp. z o.o. sp.k.)
ETDWare PS/2-X64 10.7.17.5_WHQL (HKLM\...\Elantech) (Version: 10.7.17.5 - ELAN Microelectronic Corp.)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3912383615-3260148415-1536492470-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Project 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}) (Version:  - Microsoft)
Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPROR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x64 pl) (HKLM\...\Mozilla Firefox 55.0.3 (x64 pl)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (HKLM\...\{90150000-001F-0415-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
nexusfont 2.6 (ver 2.6.2.1870) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version:  - xiles)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
OpenOffice 4.1.4 (HKLM-x32\...\{BA41785F-1DB1-4CEA-830A-149E940786B8}) (Version: 4.14.9788 - Apache Software Foundation)
OSPS-Odinstaluj (HKLM-x32\...\OSPS_is1) (Version:  - )
Pakiet zgodności dla systemu Office 2007 (HKLM-x32\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Promotic8 (HKLM-x32\...\{FCBAD026-A1B2-4AE5-97E2-709D7B50BD98}) (Version: 3.16.0000 - Microsys spol. s r. o.)
qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Skype (wersja 8.11) (HKLM-x32\...\Skype_is1) (Version: 8.11 - Skype Technologies S.A.)
SourceTreeBeta (HKU\S-1-5-21-3912383615-3260148415-1536492470-1001\...\SourceTreeBeta) (Version: 2.0.7-beta-001 - Mike Minns, Mike Corsaro)
Spotify (HKU\S-1-5-21-3912383615-3260148415-1536492470-1001\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
STATISTICA TRIAL PL 64-bit 13.1.336.0 (HKLM\...\{35010F8F-E551-4594-B2CD-9B486D3F7E03}) (Version: 13.1.336.0 - Dell, Inc.)
STATNOVAPDF (novaPDF 7.7 printer) (HKLM\...\STATNOVAPDF_is1) (Version:  - Softland)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.40.0 - Synaptics Incorporated)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
UpdateAssistant (HKLM-x32\...\{035FFC43-55D6-4F5C-BCC5-21FED122C8B4}) (Version: 1.11.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3912383615-3260148415-1536492470-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-02-19] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0615622A-B36E-435A-9443-AECE75AB63E5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {0C46497F-D463-4FE9-96A5-F1748CDC029E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-03] (Microsoft Corporation)
Task: {16B5570E-D48A-4138-A003-FA515491AAE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-03] (Microsoft Corporation)
Task: {DC903D2F-56F4-4A5C-89B3-D0A85C4F7EA6} - System32\Tasks\Optimize Thumbnail Cache Files => wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini" <==== ATTENTION
Task: {E5D00639-C581-460E-A2CA-3C7D5C0016BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-03] (Microsoft Corporation)
Task: {EE381FBC-FBFE-4DCC-9658-34BB0B250C95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-03] (Microsoft Corporation)
Task: {FB5E85EC-E708-42F4-A0B6-758E07DF3E66} - System32\Tasks\InstallShield® Update Service Scheduler => C:\Program Files (x86)\Common Files\InstallShield\Update\ISUSPM.exe [2017-10-07] (InstallShield®)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 12:42 - 2018-03-04 16:23 - 002681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-01-27 00:07 - 2016-12-29 14:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-16 12:42 - 2018-03-04 16:18 - 000130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-07-16 12:42 - 2018-03-04 16:19 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 12:43 - 2018-03-04 16:21 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-16 12:43 - 2018-03-04 16:22 - 009761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-16 12:43 - 2018-03-04 16:22 - 001400320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 12:43 - 2018-03-04 16:22 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-07-16 12:43 - 2018-03-04 16:22 - 002438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-16 12:43 - 2018-03-04 16:22 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2018-02-27 08:32 - 2018-02-22 04:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-27 08:32 - 2018-02-22 04:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2018-02-04 21:54 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-03-01 08:56 - 2018-02-26 12:24 - 000746312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-03-01 08:56 - 2018-02-26 12:24 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-21 18:29 - 2018-02-26 12:24 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-06-15 09:43 - 2018-02-26 12:24 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-06-15 09:43 - 2018-02-26 12:26 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-10-05 11:20 - 2018-02-26 12:24 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-06-15 09:43 - 2018-02-26 12:24 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-03-01 08:56 - 2018-02-26 12:24 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-03-01 08:56 - 2018-02-26 12:24 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-07-13 21:57 - 2018-02-26 12:24 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-09-21 18:29 - 2018-02-26 12:26 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-03-01 08:56 - 2018-02-26 12:24 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000116184 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-03-01 08:56 - 2018-02-26 12:24 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-09-21 18:29 - 2018-02-26 12:26 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-09-21 18:29 - 2018-02-26 12:26 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-21 18:29 - 2018-02-26 12:27 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-09-21 18:29 - 2018-02-26 12:26 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-06-15 09:43 - 2018-02-26 12:24 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-09-21 18:29 - 2018-02-26 12:27 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-09-21 18:29 - 2018-02-26 12:27 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-21 18:29 - 2018-02-26 12:26 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-09-21 18:29 - 2018-02-26 12:26 - 000087904 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-09-21 18:29 - 2018-02-26 12:26 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-21 18:29 - 2018-02-26 12:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-21 18:29 - 2018-02-26 12:27 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-21 18:29 - 2018-02-26 12:24 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-09-21 18:29 - 2018-02-26 12:27 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-03-01 08:56 - 2018-02-26 12:24 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-03-01 08:56 - 2018-02-26 12:26 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-03-01 08:56 - 2018-02-26 12:24 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-01-11 23:50 - 2018-02-26 12:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-09-21 18:29 - 2018-02-26 12:26 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-03-01 08:56 - 2018-02-26 12:26 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-09-21 18:29 - 2018-02-26 12:26 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-03-01 08:56 - 2018-02-26 12:26 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Daga\Desktop\Standard Kartotek.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Daga\Desktop\~WRL0791.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Daga\Desktop\~WRL0791.tmp:com.dropbox.attrs [58]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3912383615-3260148415-1536492470-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Daga\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{614e83cc-eb37-4186-8526-57c28f3b5815}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3912383615-3260148415-1536492470-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3912383615-3260148415-1536492470-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F2A14CCD-E0DB-4AB2-81C8-FE953CA0EBEA}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{E1A9C4F7-319B-42E1-9F4C-D1061E9388B9}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{A830CEDC-D876-4DCE-9B0B-E6A86FCAA32C}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{FC35EAE4-9806-40B9-8570-30B22724A321}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{D775C986-E4FD-4438-9D29-90CC09BFFDC4}] => (Allow) C:\WINDOWS\system32\hasplms.exe
FirewallRules: [TCP Query User{CA460C37-DA89-4839-9B4C-DD6008C3957E}C:\pm\promotic.exe] => (Block) C:\pm\promotic.exe
FirewallRules: [UDP Query User{C2030CEA-AB4C-4866-8D14-C481EE67F50F}C:\pm\promotic.exe] => (Block) C:\pm\promotic.exe
FirewallRules: [{6AA513C6-EFC8-4C5A-8C41-499528126291}] => (Allow) C:\Program Files (x86)\Mouse Server\MouseServer.exe
FirewallRules: [{7589757D-A969-41BF-BDC3-6E239C1F5627}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3F8FE89C-C054-4306-ACA5-326C258DE29C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{85DF3AA5-C6BA-4A39-8D70-26102E75A4A7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{33C89DC9-3C3E-453A-A423-AF55C9C6C176}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{7CA58735-2DF0-435D-9DAC-07CE3F257647}C:\users\daga\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daga\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E867C772-104F-4FF5-ADA1-8C680F67BB31}C:\users\daga\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daga\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7A32F5B0-39C3-4062-9691-94B26BFC941C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{576B9BFB-0993-4305-8887-0F33A7AA23BF}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2018 05:45:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-04-03T14:41:07Z. Kod błędu: 0x80070002.

Error: (03/04/2018 05:44:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-04-03T14:40:37Z. Kod błędu: 0x80070002.

Error: (03/04/2018 05:44:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-04-03T14:41:07Z. Kod błędu: 0x80070002.

Error: (03/04/2018 05:43:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-04-03T14:40:37Z. Kod błędu: 0x80070002.

Error: (03/04/2018 05:43:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-04-03T14:41:07Z. Kod błędu: 0x80070002.

Error: (03/04/2018 05:42:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-04-03T14:40:37Z. Kod błędu: 0x80070002.

Error: (03/04/2018 05:42:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-04-03T14:41:07Z. Kod błędu: 0x80070002.

Error: (03/04/2018 05:41:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-04-03T14:40:37Z. Kod błędu: 0x80070002.


System errors:
=============
Error: (03/04/2018 04:56:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 i identyfikatorem aplikacji APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (03/04/2018 04:56:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 i identyfikatorem aplikacji APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 użytkownikowi NT AUTHORITY\LOCAL SERVICE o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (03/04/2018 04:56:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 i identyfikatorem aplikacji APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 użytkownikowi NT AUTHORITY\LOCAL SERVICE o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (03/04/2018 04:55:04 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JBOVC3M)
Description: Serwer {F9717507-6651-4EDB-BFF7-AE615179BCCF} nie zarejestrował się w modelu DCOM w wymaganym czasie.

Error: (03/04/2018 04:35:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 i identyfikatorem aplikacji APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 użytkownikowi NT AUTHORITY\LOCAL SERVICE o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (03/04/2018 04:35:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 i identyfikatorem aplikacji APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 użytkownikowi NT AUTHORITY\LOCAL SERVICE o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (03/04/2018 04:35:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 i identyfikatorem aplikacji APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (03/04/2018 04:27:21 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: Usługa rejestrowania zdarzeń napotkała błąd (5) podczas włączania wydawcy {0BF2FB94-7B60-4B4D-9766-E82F658DF540} w kanale Microsoft-Windows-Kernel-ShimEngine/Operational. Nie wpływa to na działanie kanału, ale wpływa na zdolność wydawcy do wywoływania zdarzeń w kanale. Często ten błąd wynika z faktu, że dostawca korzysta z zabezpieczeń dostawcy ETW i nie udzielił tożsamości usługi Dziennik zdarzeń uprawnień do włączania.


Windows Defender:
===================================
Date: 2018-03-04 15:32:23.865
Description: 
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nazwa: HackTool:MSIL/AutoKMS
Identyfikator: 2147711767
Ważność: Medium
Kategoria: Tool
Ścieżka: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program Files\KMSpico\KMSELDI.exe;file:_C:\Program Files\KMSpico\Service_KMS.exe;file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\WINDOWS\System32\Tasks\AutoPico Daily Restart;process:_pid:2504,ProcessStart:131646474792854533;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0759F7A7-CD99-4EC2-A192-6D610D4D4B72};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1;service:_Service KMSELDI;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk;taskscheduler:_C:\WINDOWS\System32\Tasks\AutoPico Daily Restart;uninstall:_HKLM\SOFTWARE\MICROSOFT\W
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: Konkretne
Źródło wykrycia: System
Użytkownik: NT AUTHORITY\SYSTEM
Nazwa procesu: C:\Program Files\KMSpico\Service_KMS.exe
Wersja podpisu: AV: 1.263.129.0, AS: 1.263.129.0, NIS: 118.2.0.0
Wersja aparatu: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-04 15:32:23.864
Description: 
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nazwa: HackTool:Win32/AutoKMS
Identyfikator: 2147685180
Ważność: Medium
Kategoria: Tool
Ścieżka: file:_C:\Program Files\KMSpico\scripts\Install_Service.cmd;file:_C:\Program Files\KMSpico\scripts\Install_Task.cmd;file:_C:\Users\Daga\AppData\Local\Temp\is-6E0I8.tmp\_setup.exe
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: Konkretne
Źródło wykrycia: System
Użytkownik: NT AUTHORITY\SYSTEM
Nazwa procesu: Unknown
Wersja podpisu: AV: 1.263.129.0, AS: 1.263.129.0, NIS: 118.2.0.0
Wersja aparatu: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-04 13:34:34.527
Description: 
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nazwa: HackTool:MSIL/AutoKMS
Identyfikator: 2147711767
Ważność: Medium
Kategoria: Tool
Ścieżka: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program Files\KMSpico\KMSELDI.exe;file:_C:\Program Files\KMSpico\Service_KMS.exe;file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\WINDOWS\System32\Tasks\AutoPico Daily Restart;process:_pid:2388,ProcessStart:131646403808262868;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0759F7A7-CD99-4EC2-A192-6D610D4D4B72};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1;service:_Service KMSELDI;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk;taskscheduler:_C:\WINDOWS\System32\Tasks\AutoPico Daily Restart;uninstall:_HKLM\SOFTWARE\MICROSOFT\W
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: Konkretne
Źródło wykrycia: System
Użytkownik: NT AUTHORITY\SYSTEM
Nazwa procesu: C:\Program Files\KMSpico\Service_KMS.exe
Wersja podpisu: AV: 1.263.71.0, AS: 1.263.71.0, NIS: 118.2.0.0
Wersja aparatu: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-04 13:34:34.525
Description: 
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nazwa: HackTool:Win32/AutoKMS
Identyfikator: 2147685180
Ważność: Medium
Kategoria: Tool
Ścieżka: file:_C:\Program Files\KMSpico\scripts\Install_Service.cmd;file:_C:\Program Files\KMSpico\scripts\Install_Task.cmd;file:_C:\Users\Daga\AppData\Local\Temp\is-6E0I8.tmp\_setup.exe
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: Konkretne
Źródło wykrycia: System
Użytkownik: NT AUTHORITY\SYSTEM
Nazwa procesu: Unknown
Wersja podpisu: AV: 1.263.71.0, AS: 1.263.71.0, NIS: 118.2.0.0
Wersja aparatu: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-04 13:34:24.189
Description: 
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nazwa: HackTool:MSIL/AutoKMS
Identyfikator: 2147711767
Ważność: Medium
Kategoria: Tool
Ścieżka: file:_C:\Program Files\KMSpico\Service_KMS.exe;process:_pid:2388,ProcessStart:131646403808262868
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: Konkretne
Źródło wykrycia: System
Użytkownik: NT AUTHORITY\SYSTEM
Nazwa procesu: C:\Program Files\KMSpico\Service_KMS.exe
Wersja podpisu: AV: 1.263.71.0, AS: 1.263.71.0, NIS: 118.2.0.0
Wersja aparatu: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-04 16:38:49.552
Description: 
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu: 
Poprzednia wersja podpisu: 1.263.131.0
Źródło aktualizacji: Serwer usługi Microsoft Update
Typ podpisu: Oprogramowanie antywirusowe
Typ aktualizacji: Pełne
Użytkownik: NT AUTHORITY\SYSTEM
Bieżąca wersja aparatu: 
Poprzednia wersja aparatu: 1.1.14600.4
Kod błędu: 0x80240438
Opis błędu: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2018-03-04 16:21:58.167
Description: 
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu: 
Poprzednia wersja podpisu: 1.263.131.0
Źródło aktualizacji: Serwer usługi Microsoft Update
Typ podpisu: Oprogramowanie antywirusowe
Typ aktualizacji: Pełne
Użytkownik: NT AUTHORITY\SYSTEM
Bieżąca wersja aparatu: 
Poprzednia wersja aparatu: 1.1.14600.4
Kod błędu: 0x80240438
Opis błędu: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2018-03-04 15:56:28.695
Description: 
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu: 
Poprzednia wersja podpisu: 1.263.131.0
Źródło aktualizacji: Serwer usługi Microsoft Update
Typ podpisu: Oprogramowanie antywirusowe
Typ aktualizacji: Pełne
Użytkownik: NT AUTHORITY\SYSTEM
Bieżąca wersja aparatu: 
Poprzednia wersja aparatu: 1.1.14600.4
Kod błędu: 0x80240438
Opis błędu: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2018-03-04 15:41:29.760
Description: 
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu: 
Poprzednia wersja podpisu: 1.263.129.0
Źródło aktualizacji: Serwer usługi Microsoft Update
Typ podpisu: Oprogramowanie antywirusowe
Typ aktualizacji: Pełne
Użytkownik: NT AUTHORITY\SYSTEM
Bieżąca wersja aparatu: 
Poprzednia wersja aparatu: 1.1.14600.4
Kod błędu: 0x80240438
Opis błędu: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2018-02-28 09:07:15.702
Description: 
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu: 
Poprzednia wersja podpisu: 1.261.1676.0
Źródło aktualizacji: Centrum firmy Microsoft ds. ochrony przed złośliwym oprogramowaniem
Typ podpisu: Oprogramowanie antyszpiegowskie
Typ aktualizacji: Pełne
Użytkownik: NT AUTHORITY\NETWORK SERVICE
Bieżąca wersja aparatu: 
Poprzednia wersja aparatu: 1.1.14500.5
Kod błędu: 0x80072ee2
Opis błędu: The operation timed out 

CodeIntegrity:
===================================

Date: 2018-03-04 14:55:45.108
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\nvsmwu.inf_amd64_40e2f893a8ddfad8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-03-04 14:55:45.048
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-03-04 13:33:02.248
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-04 13:33:02.244
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-26 12:27:51.564
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\nvsmwu.inf_amd64_40e2f893a8ddfad8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-02-26 12:27:51.508
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-02-25 11:30:59.875
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\nvsmwu.inf_amd64_40e2f893a8ddfad8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-02-25 11:30:59.824
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 7973.53 MB
Available physical RAM: 5572.05 MB
Total Virtual: 9253.53 MB
Available Virtual: 7018.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.8 GB) (Free:23.2 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Dysk lokalny) (Fixed) (Total:110.89 GB) (Free:30.02 GB) NTFS
Drive f: () (Removable) (Total:3.65 GB) (Free:2.09 GB) FAT32

\\?\Volume{42556465-0000-0000-0000-70f31b000000}\ () (Fixed) (Total:0.87 GB) (Free:0.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 42556465)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=895 MB) - (Type=27)
Partition 3: (Not Active) - (Size=110.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0C)

==================== End of Addition.txt ============================