Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 30.01.2019 Uruchomiony przez Grzegorz (31-01-2019 16:20:06) Uruchomiony z F:\Instalacje\NARZEDZIA\Diagnostyka\FRST64 Windows 7 Professional Service Pack 1 (X64) (2017-05-12 09:11:15) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2218688497-3484540407-2543524471-500 - Administrator - Disabled) Gość (S-1-5-21-2218688497-3484540407-2543524471-501 - Limited - Enabled) Grzegorz (S-1-5-21-2218688497-3484540407-2543524471-1001 - Administrator - Enabled) => C:\Users\Grzegorz HomeGroupUser$ (S-1-5-21-2218688497-3484540407-2543524471-1002 - Limited - Enabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) ACDSee Free (HKLM-x32\...\ACDSee Free) (Version: 1.1.21 - ACD Systems International Inc.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated) Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.148 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Archiwizator WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - ) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Brother MFL-Pro Suite DCP-J105 (HKLM-x32\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.) Cakewalk Pro Audio 9 (HKLM-x32\...\Cakewalk Pro Audio 9) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform) CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev) Cool Edit Pro 2.0 (HKLM-x32\...\Cool Edit Pro 2.0) (Version: - ) Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation) Corel Graphics - Windows Shell Extension (HKLM-x32\...\{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.686 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 64 Bit (HKLM\...\{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}) (Version: 15.2.686 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Capture (HKLM-x32\...\{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (HKLM-x32\...\{CA3861BA-1D96-4D66-B577-318E1602C4F3}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (HKLM-x32\...\{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (HKLM-x32\...\{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - CZ (HKLM-x32\...\{356658C7-8C60-4A43-AF50-75CA8E642934}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (HKLM-x32\...\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (HKLM-x32\...\{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (HKLM-x32\...\{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM (HKLM-x32\...\{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (HKLM-x32\...\{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (HKLM-x32\...\{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PL (HKLM-x32\...\{938C2383-A692-4D2C-AE45-024F91EF7B1D}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (HKLM-x32\...\{59123CCF-FED2-46FF-9293-D1DC80042219}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (HKLM-x32\...\{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (HKLM-x32\...\{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (HKLM-x32\...\{9244E956-5939-4B88-930C-0699D4AB2B95}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 (HKLM-x32\...\{368FCA18-C510-4F87-B60E-192B9BDBAE3D}) (Version: 15.3 - Corel Corporation) Hidden CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation) CPUID CPU-Z 1.80 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== UWAGA DRUKI Gofin 3.3.16.0 (HKLM-x32\...\{3a6d69d5-c2b9-4e0e-8e6c-c5fa16db937b}) (Version: 3.3.16.0 - Wydawnictwo Podatkowe GOFIN sp. z o.o.) DRUKI Gofin 3.3.16.0 (HKLM-x32\...\{F6A72089-810C-4054-8555-A13B5D4DAE4E}) (Version: 3.3.16.0 - Wydawnictwo Podatkowe GOFIN sp. z o.o.) Hidden e-mikrofirma (HKLM-x32\...\{FD8B3CEE-530D-4E86-BA16-E3A78A315147}) (Version: 1.0.0.0 - Aplikacje Krytyczne sp. z o. o.) Farming Simulator 17 (HKLM-x32\...\FarmingSimulator2017_is1) (Version: 1.0.0.0 - GIANTS Software) FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts) Freemake Video Converter wersja 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation) HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software) IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit) Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation) Klient JPK 2.0 (HKLM\...\{E7A7C846-8A41-459B-8F0B-110E4F98CD6F}) (Version: 1.0.2.6 - Aplikacje Krytyczne sp. z o. o.) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LibreOffice 5.4.4.2 (HKLM\...\{36E72E7B-9992-4C69-88B1-5E466E4A1386}) (Version: 5.4.4.2 - The Document Foundation) Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare) Malwarebytes (wersja 3.6.1.2711) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation) Microsoft Office 97, wersja Professional (HKLM-x32\...\Office8.0) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation) NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports) NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) Odkurzacz (HKLM-x32\...\Odkurzacz 14.3_is1) (Version: 14.3.0.4600 - FranmoSoftware - Maciej Opaliński) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.5 (HKLM-x32\...\{7076105B-6FE8-464A-AC28-FFBB2686B68F}) (Version: 4.15.9789 - Apache Software Foundation) Opera Stable 45.0.2552.888 (HKLM-x32\...\Opera 45.0.2552.888) (Version: 45.0.2552.888 - Opera Software) Opera Stable 57.0.3098.116 (HKLM-x32\...\Opera 57.0.3098.116) (Version: 57.0.3098.116 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 10.5.26.8488 - Electronic Arts, Inc.) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.2.2 - pdfforge GmbH) PDFsam Basic (HKLM-x32\...\{7444ECDC-3221-4973-BE7A-FD37CA95FAF0}) (Version: 4.0.0.0 - Sober Lemur S.a.s. di Vacondio Andrea) Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden Potplayer (HKLM-x32\...\PotPlayer) (Version: - Daum Kakao Corp.) Rodos 7 (HKLM-x32\...\Rodos 7) (Version: 7 - KOPRINET Sp. z o.o.) Rodos Ekspres 2 (HKLM-x32\...\Rodos Ekspres 2) (Version: 7.1 - KOPRINET Sp. z o.o.) Rodos_LE 7 (HKLM-x32\...\Rodos_LE 7) (Version: 7 - KOPRINET Sp. z o.o.) Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.) SimplySign Desktop (HKLM-x32\...\{9766A015-4A97-44A5-9B87-318FA95203AE}) (Version: 1.0.0.28 - Certum) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.) SopCast 4.2.0 (HKLM-x32\...\SopCast) (Version: 4.2.0 - www.sopcast.com) Sound Blaster Audigy 2 ZS (HKLM-x32\...\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}) (Version: 1.0 - Creative Technology Limited) USB Network Joystick (HKLM-x32\...\{2A558A06-A44E-400D-95AD-D9FAA89AFD36}) (Version: 2007.03.12 - ) USB RACING WHEEL (HKLM-x32\...\SM33C1) (Version: - ) VIA Platforma Menedżera urządzeń (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.01 - NCH Software) VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN) Winamp (remove only) (HKLM-x32\...\Winamp) (Version: - ) Wings 3D 2.1.5 (HKLM-x32\...\Wings 3D 2.1.5) (Version: - ) WinZip (HKLM-x32\...\WinZip) (Version: 9.0 SR-1 (6224) - WinZip Computing, Inc.) Wtyczka e-Deklaracje (HKLM-x32\...\{B999C8C7-659D-4722-B9FA-0B03E9546A25}) (Version: 6.0.1 - Ministerstwo Finansów) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => F:\Programy\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [SmartSign] -> {A9F3EE64-2047-49CF-8522-FE41C75C158B} => F:\Programy\Xades\proCertum SmartSign\RSContext64.dll [2017-06-30] (Unizeto Technologies SA) ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => F:\Programy\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\Programy\WinRar\rarext.dll [2002-05-26] () ContextMenuHandlers1-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => F:\PROGRAMY\WINZIP\WZSHLSTB.DLL [2004-12-17] (WinZip Computing, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => F:\Programy\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => F:\Programy\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => F:\Programy\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\Programy\WinRar\rarext.dll [2002-05-26] () ContextMenuHandlers4-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => F:\PROGRAMY\WINZIP\WZSHLSTB.DLL [2004-12-17] (WinZip Computing, Inc.) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => D:\Programy\ATI\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => F:\Programy\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => F:\Programy\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers6: [SmartSign] -> {A9F3EE64-2047-49CF-8522-FE41C75C158B} => F:\Programy\Xades\proCertum SmartSign\RSContext64.dll [2017-06-30] (Unizeto Technologies SA) ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => F:\Programy\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\Programy\WinRar\rarext.dll [2002-05-26] () ContextMenuHandlers6-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => F:\PROGRAMY\WINZIP\WZSHLSTB.DLL [2004-12-17] (WinZip Computing, Inc.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {0A10FFF1-A5B5-41CC-8C51-8BBE22BDCDEC} - System32\Tasks\CCleaner Update => D:\Programy\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd) Task: {2387D705-1ED4-492E-BAC5-3622E077C1E5} - System32\Tasks\Opera scheduled Autoupdate 1494795823 => C:\Program Files\Opera\launcher.exe [2019-01-09] (Opera Software) Task: {2B2CDDD6-D549-4CB7-A448-CA392AFFF8F7} - System32\Tasks\{3AA56329-B5D2-43D7-BF15-E9FDCB773253} => C:\Windows\system32\pcalua.exe -a C:\Users\Grzegorz\Desktop\RAINSTED.exe -d C:\Users\Grzegorz\Desktop Task: {3C1EA345-B34C-4947-83AD-82D33D2786AD} - System32\Tasks\CCleanerSkipUAC => D:\Programy\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd) Task: {4B17E59A-E9C8-4A77-A910-DF0EAC22F235} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {60679A09-7B51-4563-A7E9-64A3DCFE56CC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2019-01-17] (AVAST Software) Task: {713ADF03-8E9C-4075-93A6-78C3F3B64D1E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_pepper.exe [2018-11-18] (Adobe Systems Incorporated) Task: {72163066-18D6-4AEF-90F5-471C61B4526A} - System32\Tasks\{84015FDA-180D-427F-A83C-D0299BD9208A} => C:\Windows\system32\pcalua.exe -a C:\Users\Grzegorz\AppData\Local\Temp\7zOCCB6A0CF\Setup.exe -d C:\Users\Grzegorz\AppData\Local\Temp\7zOCCB6A0CF\ <==== UWAGA Task: {7D46D16E-468C-436E-9013-4211DE831C28} - System32\Tasks\{237D4A42-655C-4D1D-B611-AB72E63A2507} => C:\Windows\system32\pcalua.exe -a "F:\Instalacje\SYSTEMOWE\Karta dźwiękowa\Setup.exe" -d "F:\Instalacje\SYSTEMOWE\Karta dźwiękowa" Task: {9532773A-EFDB-4213-A2DF-A3AE859B1D01} - System32\Tasks\{81D06194-598A-4BF4-A1BE-980A889F7B7A} => C:\Windows\system32\pcalua.exe -a F:\GIERY\RAINSTED.exe -d F:\GIERY Task: {ECB3C12E-BC31-42D3-8FB9-9F9333D20562} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated) Task: {F18F29DB-3162-40D9-9D82-BE04CC2179AA} - System32\Tasks\{0E031B25-FC63-4C17-B3D3-D7D9BCF42664} => C:\Windows\system32\pcalua.exe -a C:\Users\Grzegorz\Desktop\RAINSTED.exe -d C:\Users\Grzegorz\Desktop (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] Shortcut: C:\Users\Grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ministerstwo Finansów\Aplikacje Krytyczne sp. z o. o..lnk -> hxxp://akmf.pl Shortcut: C:\Users\Grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ministerstwo Finansów\Jednolity Plik Kontrolny.lnk -> hxxp://www.mf.gov.pl/kontrola-skarbowa/dzialalnosc/jednolity-plik-kontroln Shortcut: C:\Users\Grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ministerstwo Finansów\Ministerstwo Finansów.lnk -> hxxp://www.mf.gov.pl ==================== Załadowane moduły (filtrowane) ============== 2017-05-13 00:00 - 2005-04-22 05:36 - 000143360 ____R () C:\Windows\system32\BrSNMP64.dll 1997-03-18 23:00 - 1997-03-18 23:00 - 005600016 _____ () D:\programy\office\Office\excel.exe 2019-01-10 17:20 - 2019-01-09 07:52 - 000688216 _____ () C:\Program Files\Opera\57.0.3098.116\opera_elf.dll 2019-01-10 17:20 - 2019-01-10 17:19 - 107562072 _____ () C:\Program Files\Opera\57.0.3098.116\opera_browser.dll 2019-01-10 17:20 - 2019-01-10 17:18 - 004991576 _____ () C:\Program Files\Opera\57.0.3098.116\libglesv2.dll 2019-01-10 17:20 - 2019-01-10 17:18 - 000116824 _____ () C:\Program Files\Opera\57.0.3098.116\libegl.dll 1997-03-18 23:00 - 1997-03-18 23:00 - 003770128 _____ () D:\programy\office\Office\MSO97.DLL 1997-03-18 23:00 - 1997-03-18 23:00 - 000012288 ____R () D:\programy\office\Office\scanload.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:34 - 2019-01-06 22:30 - 000000028 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost 2017-05-22 19:27 - 2017-05-22 19:27 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-2218688497-3484540407-2543524471-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 83.145.129.234 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == Załączenie wejścia w fixlist spowoduje jego usunięcie. MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AsioThk32Reg => REGSVR32.EXE /S CTASIO.DLL MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun MSCONFIG\startupreg: CTHelper => CTHELPER.EXE MSCONFIG\startupreg: EADM => "D:\Gry\FIFA14\Origin\Origin.exe" -AutoStart MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_pepper.exe -update pepperplugin MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r MSCONFIG\startupreg: kX Mixer => "C:\Program Files\kX Project\kxmixer.exe" --startup MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "D:\Programy\ATI\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe MSCONFIG\startupreg: WinampAgent => "F:\Programy\Winamp\Winampa.exe" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation) FirewallRules: [{4B444D7A-D969-49D3-B4B8-5C8DC7D498A2}] => (Allow) LPort=54925 FirewallRules: [{0A81BF0E-1D7E-492A-8A6A-327C6F5F1E25}] => (Allow) D:\Programy\ATI\ATI.ACE\Core-Static\CCC.exe (Advanced Micro Devices Inc.) FirewallRules: [{8B214562-76B2-4D7C-9DBD-21809117FD6F}] => (Allow) D:\Programy\ATI\ATI.ACE\Core-Static\CCC.exe (Advanced Micro Devices Inc.) FirewallRules: [{502C33E0-765A-42A6-9705-6B253A3F6F48}] => (Allow) D:\Programy\ATI\ATI.ACE\Core-Static\CCC.exe (Advanced Micro Devices Inc.) FirewallRules: [{7AEE11B9-3903-4DE2-9284-662E088AD33A}] => (Allow) D:\Programy\ATI\ATI.ACE\Core-Static\CCC.exe (Advanced Micro Devices Inc.) FirewallRules: [{3C93F820-7543-42C6-9678-BEA0ADFD98A7}] => (Allow) F:\Programy\PotPlayer\PotPlayerMini.exe (Daum Kakao) FirewallRules: [{0F6CF9B6-23FF-4A2E-BF5E-4C4BE7EAC466}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe (Electronic Arts) FirewallRules: [{D41761EC-7A5B-48F6-9EF3-3309E41FD771}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe (Electronic Arts) FirewallRules: [{9036E60A-E397-42AE-97A3-A4E8458B23A0}] => (Allow) F:\Programy\Lightworks\lightworks.exe () FirewallRules: [{F4D59F6D-AD62-4635-8B48-F7431AC4A245}] => (Allow) F:\Programy\Lightworks\lightworks.exe () FirewallRules: [{0FDC0A45-F39F-43A0-ADA8-D60A0384122A}] => (Allow) F:\Programy\Lightworks\ntcardvt.exe (Editshare EMEA) FirewallRules: [{682B44E5-0E95-401A-94CB-C5AE35B9F610}] => (Allow) F:\Programy\Lightworks\ntcardvt.exe (Editshare EMEA) FirewallRules: [{1C85C471-7118-46AC-9A17-70C7863E22EF}] => (Allow) F:\Programy\NBA\nba2k14.exe (2K Sports) FirewallRules: [{5E8B3BDE-BF4E-4AD8-A56C-962B9875A196}] => (Allow) F:\Programy\NBA\nba2k14.exe (2K Sports) FirewallRules: [{59FA450E-491F-4BAA-9339-2F833B879C62}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) FirewallRules: [{0DC95D10-4276-4899-B1CB-6710C0820C96}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) FirewallRules: [{E5A0B74B-FFAF-4BC0-AB53-8E5981273AB1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) FirewallRules: [{533CFC2C-7254-46DB-852A-4EBB7D0EDE07}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) FirewallRules: [{604CD076-7CAB-4A35-87E8-A77D58624EF1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) FirewallRules: [{533CD98B-01F3-4411-A5B9-087EBF641383}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) FirewallRules: [{B3B5A526-1D1F-45FA-B9AA-5B65088E7653}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation) FirewallRules: [{0A38F8A1-511A-404D-91A2-74BF34F420CF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation) FirewallRules: [{CDEF19A6-C924-404B-8E83-F00CCD1C7017}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) FirewallRules: [{6606F2A3-5690-4374-A81A-55A70BC65D27}] => (Allow) F:\GIERY\Farming Simulator 2017\FarmingSimulator2017.exe (GIANTS Software GmbH) FirewallRules: [{6A3D6974-54AD-4281-93E5-D8CA0C1E28E3}] => (Allow) F:\GIERY\Farming Simulator 2017\FarmingSimulator2017.exe (GIANTS Software GmbH) FirewallRules: [{B8932961-4F6D-4142-A080-67D93A63CF87}] => (Allow) F:\GIERY\Farming Simulator 2017\x86\FarmingSimulator2017Game.exe (GIANTS Software GmbH) FirewallRules: [{7932E59C-0B2A-441D-B7A4-59507411EB50}] => (Allow) F:\GIERY\Farming Simulator 2017\x86\FarmingSimulator2017Game.exe (GIANTS Software GmbH) FirewallRules: [{62D61BCB-877F-4066-B1AF-376D961196E9}] => (Allow) F:\GIERY\Farming Simulator 2017\x64\FarmingSimulator2017Game.exe (GIANTS Software GmbH) FirewallRules: [{E6ACDF14-1068-486A-B822-9573B3559E8D}] => (Allow) F:\GIERY\Farming Simulator 2017\x64\FarmingSimulator2017Game.exe (GIANTS Software GmbH) FirewallRules: [TCP Query User{46076F80-3C5F-41F7-8F86-73C41A8F0147}D:\programy\sopcast\sopcast.exe] => (Allow) D:\programy\sopcast\sopcast.exe (www.sopcast.com) FirewallRules: [UDP Query User{C1F26FCB-DE5C-4CF2-ABEE-A311E2575EAE}D:\programy\sopcast\sopcast.exe] => (Allow) D:\programy\sopcast\sopcast.exe (www.sopcast.com) FirewallRules: [{9E71F942-8E5B-431C-AF50-ED45EF3F6965}] => (Allow) F:\GIERY\SteamLibrary\steamapps\common\RailWorks\RailWorks.exe () FirewallRules: [{D1BE4AE1-0BA3-4A5F-916B-C7803DC3D5F9}] => (Allow) F:\GIERY\SteamLibrary\steamapps\common\RailWorks\RailWorks.exe () FirewallRules: [{982287F3-519C-46ED-A9B5-608B1C1D785A}] => (Allow) F:\GIERY\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software) FirewallRules: [{408E1E56-AA3C-4CEA-8667-8496C258BE5F}] => (Allow) F:\GIERY\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software) FirewallRules: [{B927CF9D-145B-47FB-876F-DC8B9F4D757F}] => (Allow) F:\GIERY\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software) FirewallRules: [{43C5A2D2-86B0-4327-860E-33454D40F36F}] => (Allow) F:\GIERY\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software) FirewallRules: [{29479459-3D54-4F52-BF35-1DE6C122CC3F}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\Steam.exe (Valve Corporation) FirewallRules: [{5F11BBE5-A63A-439F-BA14-C12A5A9C8FA1}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\Steam.exe (Valve Corporation) FirewallRules: [{5BC443E1-E9F6-46C6-B1DA-A8253E7D08CD}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software) FirewallRules: [{5D5D142B-6FE1-4AE5-B588-D829C7DB389C}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software) FirewallRules: [{84A0B446-CF66-4BF0-B01B-D482FB44FDEF}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software) FirewallRules: [{3B29F224-5A16-4235-ACE2-1BDC3D0D78C0}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software) FirewallRules: [{14D26A64-7A57-4EBB-BEA5-D19A60858103}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) FirewallRules: [{DDAA30D6-7759-41F2-80D5-75B4D845EC18}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) FirewallRules: [{2B0A938F-4C4E-417B-8BEE-8159B0107122}] => (Allow) D:\Programy\CCleaner\CCUpdate.exe (Piriform Ltd) FirewallRules: [{2D470BB1-E96C-494A-87BD-781D255EF22E}] => (Allow) D:\Programy\CCleaner\CCUpdate.exe (Piriform Ltd) FirewallRules: [{4070849F-253A-4C15-A028-4D07F6A4546C}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\SteamApps\common\RailWorks\RailWorks.exe () FirewallRules: [{13E9134F-D742-487E-839C-84BF954B36A5}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\SteamApps\common\RailWorks\RailWorks.exe () FirewallRules: [{6ACC34C1-4BAD-48CB-A6BD-6781B2D7B1E2}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\SteamApps\common\RailWorks\RailWorks64.exe () FirewallRules: [{089E433D-A35A-4B67-BFEB-7BDCBF7DB1FE}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\SteamApps\common\RailWorks\RailWorks64.exe () FirewallRules: [{FA003D49-60D3-4DF2-92A9-39A9E582CC30}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software) FirewallRules: [{2286A9D4-44A5-4661-B7A2-A0A17F2A4C37}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software) FirewallRules: [{A282496C-CE3D-4298-8CF9-B6A9BA666F40}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software) FirewallRules: [{0F030E90-7FC7-4748-AFE7-82992B6F37B1}] => (Allow) F:\GIERY\SteamLibrary\Steam_kopia\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software) FirewallRules: [{04A8FEF7-49EF-428C-B798-126C3EC74C81}] => (Allow) C:\Program Files\Opera\57.0.3098.106\opera.exe (Opera Software) FirewallRules: [{C2DC0BE9-10B7-460D-918C-9E9BECEC4426}] => (Allow) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software) ==================== Punkty Przywracania systemu ========================= 31-01-2019 15:37:57 ComboFix created restore point ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (01/31/2019 03:20:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/31/2019 10:12:47 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/31/2019 09:36:19 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/31/2019 07:12:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/31/2019 12:22:02 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/30/2019 11:32:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/30/2019 11:14:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/30/2019 10:25:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Dziennik System: ============= Error: (01/31/2019 03:19:36 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Uruchom do aplikacji serwera COM z identyfikatorem klasy CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} i identyfikatorem aplikacji APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} użytkownikowi ZARZĄDZANIE NT\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (użycie LRPC). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (01/31/2019 03:19:34 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Uruchom do aplikacji serwera COM z identyfikatorem klasy CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} i identyfikatorem aplikacji APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (01/31/2019 03:18:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT) Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\Windows\system32\Rtlihvs.dll Kod błędu: 126 Error: (01/31/2019 10:37:00 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (01/31/2019 10:35:04 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (01/31/2019 10:12:53 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Uruchom do aplikacji serwera COM z identyfikatorem klasy CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} i identyfikatorem aplikacji APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} użytkownikowi ZARZĄDZANIE NT\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (użycie LRPC). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (01/31/2019 10:12:52 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Uruchom do aplikacji serwera COM z identyfikatorem klasy CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} i identyfikatorem aplikacji APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (01/31/2019 10:11:18 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT) Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\Windows\system32\Rtlihvs.dll Kod błędu: 126 CodeIntegrity: =================================== Date: 2018-03-24 12:33:40.834 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-03-24 12:33:40.741 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-12 19:18:41.409 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-12 19:18:41.409 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-12 13:51:53.949 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-12 13:51:53.924 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Procent pamięci w użyciu: 52% Całkowita pamięć fizyczna: 4095.05 MB Dostępna pamięć fizyczna: 1937.38 MB Całkowita pamięć wirtualna: 8188.25 MB Dostępna pamięć wirtualna: 5745.52 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:40.42 GB) (Free:5.49 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)] Drive d: () (Fixed) (Total:34.1 GB) (Free:2.76 GB) NTFS Drive e: (SUPERMIND) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS Drive f: (TOSHIBA EXT) (Fixed) (Total:698.64 GB) (Free:154.12 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: 05910591) Partition 1: (Active) - (Size=40.4 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=34.1 GB) - (Type=0F Extended) ======================================================== Disk: 1 (Size: 698.6 GB) (Disk ID: 2FF80F08) Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================