Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x86) Wersja: 25-02-2019 01 Uruchomiony przez Piotr (25-02-2019 20:15:20) Uruchomiony z E:\downloads Microsoft Windows 10 Home Wersja 1803 17134.590 (X86) (2018-05-09 17:59:24) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2399471354-2781755390-4139130681-500 - Administrator - Enabled) => C:\Users\Administrator Gość (S-1-5-21-2399471354-2781755390-4139130681-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2399471354-2781755390-4139130681-1003 - Limited - Enabled) Konto domyślne (S-1-5-21-2399471354-2781755390-4139130681-503 - Limited - Disabled) Piotr (S-1-5-21-2399471354-2781755390-4139130681-1000 - Administrator - Enabled) => C:\Users\Piotr WDAGUtilityAccount (S-1-5-21-2399471354-2781755390-4139130681-504 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: COMODO Antivirus (Enabled - Up to date) {9E3E06E3-F8E0-3C44-2336-BBD8AF8F84B8} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: COMODO Advanced Protection (Enabled - Up to date) {255FE707-DEDA-33CA-1986-80AAD408CE05} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Enabled) {A60587C6-B28F-3D1C-0869-12ED515CC3C3} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-2399471354-2781755390-4139130681-1000\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.) 7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Acrobat Reader DC - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated) Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated) Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated) Aktualizacje NVIDIA 15.3.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 15.3.33 - NVIDIA Corporation) Hidden Apowersoft Online Launcher (wersja 1.7.1) (HKU\S-1-5-21-2399471354-2781755390-4139130681-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.1 - APOWERSOFT LIMITED) Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 8.0.22.0 - Auslogics Labs Pty Ltd) AviSynth 2.5 (HKLM\...\AviSynth) (Version: - ) BankBrowser (HKU\S-1-5-21-2399471354-2781755390-4139130681-1000\...\BankBrowser) (Version: 3.6 - DialCom24 Sp. z o.o.) BitPim 1.0.6 (HKLM\...\{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1) (Version: 1.0.6 - Joe Pham ) calibre (HKLM\...\{A7D3A0B5-FC41-4C92-BF3E-3064B61CEBB0}) (Version: 3.30.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6229 - CDBurnerXP) COMODO Internet Security Premium (HKLM\...\{C10F36A6-C6A4-4027-9219-25E273B751E1}) (Version: 11.0.0.6744 - COMODO Security Solutions Inc.) Hidden COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 11.0.0.6744 - COMODO Security Solutions Inc.) Core Temp 1.13 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.13 - ALCPU) CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.) Document Express DjVu Plug-in (HKLM\...\{4AADE2ED-9FED-479E-9FB7-CEE4FB6ACDA0}) (Version: 6.1.35472 - Cuminas Corporation) e-pity 10.1.6 za rok 2018 (HKLM\...\{80D8170E-5590-218-B9ED-E24E4C99A11D}_is1) (Version: 10.1.6 - e-file sp. z o.o. sp.k.) EuroOffice 2017 (HKLM\...\{E8FD8964-F15D-479D-A4F4-634482CE89C4}) (Version: 2017 - MultiRacio Ltd.) Firefox Developer Edition 65.0 (x86 en-US) (HKLM\...\Firefox Developer Edition 65.0 (x86 en-US)) (Version: 65.0 - Mozilla) FLAC 1.2.1b (remove only) (HKLM\...\FLAC) (Version: 1.2.1b - Xiph.org) foobar2000 v1.4 (HKLM\...\foobar2000) (Version: 1.4 - Peter Pawlowski) Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: 2.2.0.0205 - Foxit Software) Foxit PDF IFilter (HKLM\...\{761B4ADA-254C-461F-A446-A167E41FA6DD}) (Version: 2.1.1.1503 - Foxit Software) Git version 2.17.0 (HKLM\...\Git_is1) (Version: 2.17.0 - The Git Development Community) Google Chrome (HKLM\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden Hack Fonts version 1.6.0 (HKLM\...\HackWindowsInstaller_is1) (Version: 1.6.0 - Michael Hex / Source Foundry) HD Tune Pro 5.70 (HKLM\...\HD Tune Pro_is1) (Version: - EFD Software) HP Deskjet 3540 series — podstawowe oprogramowanie urządzenia (HKLM\...\{4EDA7928-5429-46E4-8933-B231FBA0009D}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) HP Deskjet 3540 series Pomoc (HKLM\...\{327F1AB6-8DD7-4F5D-9227-3D8B9CFBF1C1}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HWiNFO32 Version 5.92 (HKLM\...\HWiNFO32_is1) (Version: 5.92 - Martin Malík - REALiX) Internet Security Essentials (HKLM\...\ComodoIse) (Version: 1.3.453193.152 - Comodo) Java 8 Update 201 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation) Java SE Development Kit 8 Update 151 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180151}) (Version: 8.0.1510.12 - Oracle Corporation) Legimi dla Kindle (HKLM\...\{21FB815F-CF7D-48DA-96EC-E51CA896D27B}) (Version: 1.0.43.0 - Legimi) Lizardtech DjVu Control (HKLM\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version: - ) Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.10.13 - Magical Jelly Bean) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (Polish) (HKLM\...\{95120000-00AF-0415-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2399471354-2781755390-4139130681-1000\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation) Microsoft Visual Studio Code (HKLM\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 1.31.1 - Microsoft Corporation) Microsoft Visual Studio Code (User) (HKU\S-1-5-21-2399471354-2781755390-4139130681-1000\...\{D628A17A-9713-46BF-8D57-E671B46A741E}_is1) (Version: 1.26.1 - Microsoft Corporation) MozBackup 1.4.10 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 65.0.1 (x86 pl) (HKLM\...\Mozilla Firefox 65.0.1 (x86 pl)) (Version: 65.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.1.6981 - Mozilla) Mozilla Thunderbird 60.5.0 (x86 pl) (HKLM\...\Mozilla Thunderbird 60.5.0 (x86 pl)) (Version: 60.5.0 - Mozilla) Mp3tag v2.84a (HKLM\...\Mp3tag) (Version: 2.84a - Florian Heidenreich) MrvlUsgTracking (HKLM\...\{A82D052A-0806-42DF-80CD-1730A1AC0ED3}) (Version: 1.0.7 - Marvell) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSYS2 32bit (HKU\S-1-5-21-2399471354-2781755390-4139130681-1000\...\{0a8293cd-92ad-4836-8241-dfd2b42cba82}) (Version: 20180531 - The MSYS2 Developers) Node.js (HKLM\...\{67FC9D9F-BA7B-4D29-AA5E-3E55B052D0CD}) (Version: 8.11.2 - Node.js Foundation) NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA Sterownik kontrolera 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) Odkurzacz (HKLM\...\Odkurzacz 14.3_is1) (Version: 14.3.0.4600 - FranmoSoftware - Maciej Opaliński) OpenOffice 4.1.6 (HKLM\...\{F03D2388-158B-4F8A-B195-CBCA5F459197}) (Version: 4.16.9790 - Apache Software Foundation) Oracle VM VirtualBox 5.2.18 (HKLM\...\{67D7F8C2-7D29-4A39-AAED-946CE7692412}) (Version: 5.2.18 - Oracle Corporation) Panel sterowania NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden Polski (Akcent) (HKLM\...\{E09BE865-9D80-4440-A740-B1E620ABCC7C}) (Version: 1.0.3.40 - FontyPL) Polski ISO (HKLM\...\{0252C05A-6AD1-429B-A776-043A99AFF59C}) (Version: 1.0.3.40 - FontyPL) RailsInstaller 3.4.0 (HKU\S-1-5-21-2399471354-2781755390-4139130681-1000\...\{613C3EA5-1248-4E35-B61A-6D0B31BBC0DB}_is1) (Version: 3.4.0 - RailsInstaller Team) Rainlendar2 (remove only) (HKLM\...\Rainlendar2) (Version: 2.14 - Rainy) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8397 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.100 - NVIDIA Corporation) Hidden Simple Adblock (HKLM\...\{3B1BB051-1DC0-4108-B447-EE6D8FEABA06}) (Version: 0.8.4 - Simple Adblock) Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.) Smart 6 B10.0422.1 (HKLM\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE) Sp5 (HKLM\...\{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}) (Version: 5.1.4324.0 - Microsoft) Hidden Sp5Intl (HKLM\...\{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}) (Version: 5.1.4324.0 - Microsoft) Hidden Sp5TTInt (HKLM\...\{E415C943-37E5-473F-8BAE-043C56734124}) (Version: 5.1.4324.0 - Microsoft) Hidden SpCommon (HKLM\...\{6C3959C6-943E-44B3-BAAD-570B04B134E5}) (Version: 5.1.4324.0 - Microsoft) Hidden SpPhones (HKLM\...\{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}) (Version: 6.0.3122.0 - Microsoft) Hidden Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 9.12 - Ghisler Software GmbH) TP-LINK TL-WN725N_TL-WN723N Driver (HKLM\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK) TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation) WiScan (HKLM\...\{C584F8EF-CFA4-4493-95AA-C43F66A74D61}) (Version: 1.3.0 - GroupWyse.com) XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version: - ) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-2399471354-2781755390-4139130681-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO) ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> Brak pliku ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO) ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-04] () [Brak podpisu cyfrowego] ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> Brak pliku ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-04] () [Brak podpisu cyfrowego] ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {16544D63-7EB0-4EF3-9C63-FCBE1D6E71E6} - System32\Tasks\update-S-1-5-21-2399471354-2781755390-4139130681-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe (OOO Lightshot -> TODO: ) Task: {182C39AB-11F8-4973-9A0A-B6C38DAFD22B} - System32\Tasks\Git for Windows Updater => C:\Program Files\Git\git-bash.exe (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> The Git Development Community) [Brak podpisu cyfrowego] Task: {1C69EDEF-1B62-4161-9AD5-E4E329F506DD} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {29161768-758E-4D29-A9A0-DB1672A9927C} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {2D80E162-C606-49B8-A421-A69650ADD4FC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe (Microsoft Corporation -> Microsoft Corporation) Task: {3986F2E2-BE26-4840-916F-6F947379FCFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {44B71655-AB7E-4D3E-BFB3-36F31F2C107D} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {5224DB95-6272-4395-972E-351B685FB85E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {5285C375-7313-4C5F-80EE-9C6C3406962E} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => %windir%\system32\rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1 Task: {675F9F75-DFA9-4005-80F5-55B01B1D41A2} - System32\Tasks\HPCustParticipation HP Deskjet 3540 series => C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPCustPartic.exe (Hewlett Packard -> Hewlett-Packard Co.) Task: {6ACDB63A-A803-4E6D-AB88-AB410EB510D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd) Task: {727E857C-9E51-4285-B2B2-0C338088FA7F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) Task: {79EE17EB-E58F-4F95-A60A-468BAD5DACE0} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => %windir%\system32\rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl Task: {7A08E344-A36B-4AA5-B70E-ECDA932D1A65} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software) Task: {7D07E23A-2A11-4258-8B98-4EB174D6B6FC} - System32\Tasks\e-pity2018_kwiecien => C:\Program Files\e-file\e-pity\Assets\signxml.exe (e-file sp. z o.o. -> e-file sp. z o.o. sp. k.) Task: {7E874EA1-10CB-458E-9380-FBA1E78B2D03} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe (OOO Lightshot -> TODO: ) Task: {83B19D6B-54A3-4D42-8CF2-193CFE15E429} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {8B5059E1-8755-4BA8-9498-4DEC3DB71224} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {CB79074F-5906-497F-9AD9-43D3C212B815} - System32\Tasks\e-pity2018_styczen => C:\Program Files\e-file\e-pity\Assets\signxml.exe (e-file sp. z o.o. -> e-file sp. z o.o. sp. k.) Task: {D9283EEC-DD5E-496B-AF90-17F784F7A998} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {E212E4C0-BE79-4451-B884-1F1133D69D9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {ED892FF9-CCCB-4AB8-ABDD-EC2C9393173C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {F835D316-B975-451A-BBA3-6AA1A38040DB} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {FF1F2460-461B-4ED9-B4E9-5CB035F9F4AA} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\Command Prompt with Ruby and Rails.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\RailsInstaller\Ruby2.3.3\setup_environment.bat C:\RailsInstaller ==================== Załadowane moduły (filtrowane) ============== 2018-01-19 10:06 - 2018-01-19 09:58 - 000614400 _____ () C:\WINDOWS\system32\Rtlihvs.dll 2014-03-19 17:37 - 2013-04-04 05:00 - 000317952 _____ () C:\WINDOWS\System32\CNMLMBV.DLL 2014-03-19 17:44 - 2013-01-24 08:23 - 000366592 _____ () C:\WINDOWS\System32\CNMNPPM.DLL 2011-07-07 23:32 - 2007-08-29 15:06 - 000057344 _____ () C:\WINDOWS\system32\spool\PRTPROCS\W32X86\ZIMFPRNT.DLL 2011-07-07 23:30 - 2007-08-29 15:06 - 000061440 _____ () C:\WINDOWS\System32\ZIMF.dll 2011-07-07 23:30 - 2007-08-29 15:06 - 000106496 _____ () C:\WINDOWS\System32\ZSPOOL.dll 2011-07-07 23:30 - 2007-08-29 15:06 - 000053248 _____ () C:\WINDOWS\System32\ZTAG.dll 2011-07-09 14:00 - 2009-10-13 15:39 - 000114688 _____ () C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe 2016-12-14 14:51 - 2016-12-14 14:51 - 000331776 _____ () C:\Program Files\Wondershare\WAF\2.3.1.204\WsAppCommon.dll 2016-12-14 14:51 - 2016-12-14 14:51 - 000489984 _____ () C:\Program Files\Wondershare\WAF\2.3.1.204\Newtonsoft.Json.dll 2016-12-14 14:51 - 2016-12-14 14:51 - 000072704 _____ () C:\Program Files\Wondershare\WAF\2.3.1.204\WsAppCollect.dll 2018-10-24 02:50 - 2018-10-24 02:50 - 000445440 _____ () C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll 2010-07-04 22:32 - 2010-07-04 22:32 - 000010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2017-02-20 18:53 - 2016-10-04 16:12 - 000049664 _____ () C:\Program Files\7-Zip\7-zip.dll 2014-11-08 12:19 - 2014-11-08 12:19 - 000287232 _____ () C:\Program Files\Rainlendar2\libcurl.dll 2015-08-14 07:31 - 2015-08-14 07:31 - 000051200 _____ () C:\Program Files\Rainlendar2\libicalss.dll 2015-08-14 07:31 - 2015-08-14 07:31 - 000252928 _____ () C:\Program Files\Rainlendar2\libical.dll 2014-05-04 11:48 - 2014-05-04 11:48 - 000197632 _____ () C:\Program Files\Rainlendar2\lua52.dll 2014-11-08 12:28 - 2014-11-08 12:28 - 000139776 _____ () C:\Program Files\Rainlendar2\wxbase30u_xml_vc_rny.dll 2014-11-08 12:26 - 2014-11-08 12:26 - 002153984 _____ () C:\Program Files\Rainlendar2\wxbase30u_vc_rny.dll 2014-11-08 12:27 - 2014-11-08 12:27 - 001311744 _____ () C:\Program Files\Rainlendar2\wxmsw30u_adv_vc_rny.dll 2014-11-08 12:28 - 2014-11-08 12:28 - 000618496 _____ () C:\Program Files\Rainlendar2\wxmsw30u_html_vc_rny.dll 2014-11-08 12:28 - 2014-11-08 12:28 - 000113152 _____ () C:\Program Files\Rainlendar2\wxmsw30u_webview_vc_rny.dll 2014-11-08 12:29 - 2014-11-08 12:29 - 000719360 _____ () C:\Program Files\Rainlendar2\wxmsw30u_propgrid_vc_rny.dll 2014-11-08 12:14 - 2014-11-08 12:14 - 000270848 _____ () C:\Program Files\Rainlendar2\SSLEAY32.dll 2014-11-08 12:28 - 2014-11-08 12:28 - 000693760 _____ () C:\Program Files\Rainlendar2\wxmsw30u_xrc_vc_rny.dll 2014-11-08 12:27 - 2014-11-08 12:27 - 004944384 _____ () C:\Program Files\Rainlendar2\wxmsw30u_core_vc_rny.dll 2014-11-08 12:13 - 2014-11-08 12:13 - 001172480 _____ () C:\Program Files\Rainlendar2\LIBEAY32.dll 2014-05-04 11:49 - 2014-05-04 11:49 - 000027648 _____ () C:\Program Files\Rainlendar2\lfs.dll 2011-07-09 14:00 - 2010-04-22 14:05 - 001011712 _____ () C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe 2011-07-09 14:00 - 2009-10-13 15:35 - 000155648 _____ () C:\Program Files\GIGABYTE\Smart6\Timelock\SmartLock.dll 2011-07-09 14:00 - 2009-10-13 15:35 - 000122880 _____ () C:\Program Files\GIGABYTE\Smart6\Timelock\slmSecret.dll 2011-07-09 14:00 - 2009-12-16 20:59 - 000249856 _____ () C:\Program Files\GIGABYTE\Smart6\Timelock\BPassDLL.dll 2011-07-09 14:00 - 2009-10-13 15:35 - 000204800 _____ () C:\Program Files\GIGABYTE\Smart6\Timelock\slmDB.dll 2011-07-09 14:00 - 2009-10-13 15:35 - 000110592 _____ () C:\Program Files\GIGABYTE\Smart6\Timelock\slmWeekCtrlRule.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\JTHTML_portable.zip:$CmdTcID [64] AlternateDataStreams: C:\JTHTML_portable.zip:$CmdZnID [26] AlternateDataStreams: C:\WINDOWS\system32\AERTACap.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AERTARen.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CX32APO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOProp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOv201.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOv211.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DTSU2PGFX32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DTSU2PLFX32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DTSU2PREC32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FMAPO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\HiFiDAX2API.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpinkcoiC711.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpinkinsC711.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpinkstsC711LM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\HPScanTRDrv_DJ3540.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\HPWia2_DJ3540.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ICEsoundAPO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\jswscsup.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\KAAPORT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO20.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO30.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO40.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO50.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO60.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO70.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPOShell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioEQ.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioRealtek.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxSpeechAPO.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO20.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO30.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxVolumeSDAPO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MISS_APO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msstdfmt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NAHIMICAPOlfx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NahimicAPONSControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NAHIMICV2apo.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvcompiler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvcuda.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvcuvid.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvd3dum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco3234144.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco3234174.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco3234200.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco3234201.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco3234144.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco3234174.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco3234200.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco3234201.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NvFBC.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvhdagenco3220103.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvhdap32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NvIFR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvoglv32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvopencl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvwgf2um.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\powertracker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RdpGroupPolicyExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RP3DAA32.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\RP3DHT32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTEED32A.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTEEG32A.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTEEL32A.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTEEP32A.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RtNicProp32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTNUninst32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SEAPO32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SECOMN32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SEHDRA32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SFAPO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SFCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SFNHK.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SFSS_APO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sl3apo32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\slcnt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\slprp32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sltech32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRAPO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRRPTR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRSHP360.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRSTSHD.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRSTSXT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRSWOW.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tadefxapo.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tadefxapo2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TepeqAPO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tosade.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tosasfapo32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\toseaeapo32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tossaeapo32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tossaemaxapo32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WavesGUILib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WavesLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\jswpslwf.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvhda32v.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvlddmkm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\RimSerial.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\Rt86win7.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ss_bus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ss_cm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ss_cmnt.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ss_mdfl.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ss_mdm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ss_wh.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ss_whnt.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl.sys:$CmdTcID [130] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:04 - 2018-10-05 08:28 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Cuminas\Document Express DjVu Plug-in\;C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\Skype\Phone\;C:\Program Files\Git\cmd;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\nodejs\;C:\Program Files\Microsoft VS Code\bin HKU\S-1-5-21-2399471354-2781755390-4139130681-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Tapeta pulpitu.bmp DNS Servers: 194.204.152.34 - 194.204.159.1 HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Brak pliku) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == Załączenie wejścia w fixlist spowoduje jego usunięcie. HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk" HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "PrnStatusMX" HKLM\...\StartupApproved\Run: => "Lightshot" HKLM\...\StartupApproved\Run: => "SoftPerfectRamDisk" HKU\S-1-5-21-2399471354-2781755390-4139130681-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2399471354-2781755390-4139130681-1000\...\StartupApproved\Run: => "Legimi dla Kindle" HKU\S-1-5-21-2399471354-2781755390-4139130681-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{1C491EE8-89EE-422C-9A8E-F6BF9C43991F}] => (Block) E:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH) FirewallRules: [{6C21C07C-D2FE-4C0C-8744-7CAC3CA54A51}] => (Block) E:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH) FirewallRules: [UDP Query User{F0BB5E42-C4D6-4369-B15A-6A9AD92D9D95}E:\totalcmd\totalcmd.exe] => (Allow) E:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH) FirewallRules: [TCP Query User{E5FB33D1-27B1-4F7E-8A42-DEA5267B9F25}E:\totalcmd\totalcmd.exe] => (Allow) E:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH) FirewallRules: [UDP Query User{19FA1AC0-78F0-4BFA-853F-CEB7E94CFCB2}C:\program files\java\jdk1.8.0_151\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_151\jre\bin\java.exe FirewallRules: [TCP Query User{56806550-E4AE-4831-AAC0-F0C448DF24B6}C:\program files\java\jdk1.8.0_151\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_151\jre\bin\java.exe FirewallRules: [{E21AF28E-AC4D-4D11-B9C8-65BF1AB4EC7C}] => (Allow) LPort=5357 FirewallRules: [{259DF7F6-280C-40F7-98A9-79976720B4EE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [UDP Query User{CA7D27D4-0049-4A4B-BE46-A3FC657FF3EB}C:\program files\foobar2000\foobar2000.exe] => (Allow) C:\program files\foobar2000\foobar2000.exe (Piotr Pawlowski) [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{8EF99C57-3D06-4F0E-8730-063D62A09E5A}C:\program files\foobar2000\foobar2000.exe] => (Allow) C:\program files\foobar2000\foobar2000.exe (Piotr Pawlowski) [Brak podpisu cyfrowego] FirewallRules: [{A46C83B3-A956-4B12-9A3B-42C5D7DB72F1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{2BF0E750-EE4F-4AD3-BE24-82006D3472F2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{5F487A3E-2D30-4C84-A68D-FFAB319292F0}C:\users\piotr\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\piotr\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{1807BBC0-08F9-450D-B15B-F6BF934F4715}C:\users\piotr\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\piotr\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{F0BDC61E-9E28-4F23-B341-3898D4789C52}C:\users\piotr\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\piotr\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{BF08F033-B2C9-490D-AA49-A55A4994A040}C:\users\piotr\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\piotr\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{F90A49C8-448F-454C-A2DE-9A5695281AE1}] => (Allow) C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{E7CB37E1-5870-410C-8C45-144FC2FE2D1E}] => (Allow) C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{33640803-C398-4E18-8868-71D45F1ECE3E}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{BAC432B7-055A-441B-A2F7-F284F631DF6A}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{7C58E694-5E8A-4B32-B42F-816E70A15058}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js) FirewallRules: [UDP Query User{958EC555-66A7-49FC-B1C0-722F081834A6}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js) FirewallRules: [{8594E7F7-14C2-431E-954C-6B84128DD323}] => (Block) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js) FirewallRules: [{FF3FF897-5AFD-4750-8345-7D21B9748B09}] => (Block) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js) FirewallRules: [TCP Query User{3A017ED2-92AA-4D82-9A7B-5C72A8AA7F95}C:\program files\microsoft vs code\code.exe] => (Allow) C:\program files\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{46987256-183E-4F1E-801B-C3B01B1435D2}C:\program files\microsoft vs code\code.exe] => (Allow) C:\program files\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9578D789-0532-45F6-8D89-1CAC2B174BBE}] => (Block) C:\program files\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CE0AD734-F90A-4152-9F6B-E39A625E9D44}] => (Block) C:\program files\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{09A43FDA-1EA4-45C5-AA8C-9F550A893311}C:\program files\java\jdk1.8.0_151\bin\jmc.exe] => (Block) C:\program files\java\jdk1.8.0_151\bin\jmc.exe (Oracle America, Inc. -> ) FirewallRules: [UDP Query User{EE27BE6E-3F21-4EBA-8391-9C6CF25D5811}C:\program files\java\jdk1.8.0_151\bin\jmc.exe] => (Block) C:\program files\java\jdk1.8.0_151\bin\jmc.exe (Oracle America, Inc. -> ) FirewallRules: [TCP Query User{61315EB9-6073-4C1D-A442-B68A41045394}C:\railsinstaller\ruby2.3.3\bin\ruby.exe] => (Allow) C:\railsinstaller\ruby2.3.3\bin\ruby.exe (hxxp://www.ruby-lang.org/) [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{A7EFAB77-C0C1-45FB-9801-8D269EDAEE8F}C:\railsinstaller\ruby2.3.3\bin\ruby.exe] => (Allow) C:\railsinstaller\ruby2.3.3\bin\ruby.exe (hxxp://www.ruby-lang.org/) [Brak podpisu cyfrowego] FirewallRules: [{3219D30F-51DE-4868-A482-9AA366D13C81}] => (Block) C:\railsinstaller\ruby2.3.3\bin\ruby.exe (hxxp://www.ruby-lang.org/) [Brak podpisu cyfrowego] FirewallRules: [{3DCA4DB9-0EE2-4BAA-84B7-1940DE55D148}] => (Block) C:\railsinstaller\ruby2.3.3\bin\ruby.exe (hxxp://www.ruby-lang.org/) [Brak podpisu cyfrowego] FirewallRules: [{31B85E7D-3C57-438D-9350-22273AFEE779}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{BC233F20-8C5E-4506-BBFD-E23BE70A03B6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [TCP Query User{A6C7FD88-929C-4A58-8CBC-728126DBB355}C:\program files\oracle\virtualbox\virtualbox.exe] => (Block) C:\program files\oracle\virtualbox\virtualbox.exe (Oracle Corporation -> Oracle Corporation) FirewallRules: [UDP Query User{681C9DB1-D216-463E-818F-3FCCE674C480}C:\program files\oracle\virtualbox\virtualbox.exe] => (Block) C:\program files\oracle\virtualbox\virtualbox.exe (Oracle Corporation -> Oracle Corporation) FirewallRules: [{A3AAEA7E-2B65-48B6-A423-380A7D37A72F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) ==================== Punkty Przywracania systemu ========================= ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (02/25/2019 08:05:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: Event-ID 1 Error: (02/25/2019 08:05:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: Event-ID 1 Dziennik System: ============= Error: (02/25/2019 08:08:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa Program antywirusowy Windows Defender z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (02/25/2019 08:06:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi AppX Deployment Service (AppXSVC) z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (02/25/2019 08:06:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą AppXSvc. Error: (02/25/2019 08:05:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi DrvCovEx z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (02/25/2019 08:05:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą DrvCovEx. CodeIntegrity: =================================== Date: 2019-02-25 20:16:30.913 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-02-25 20:11:55.726 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-02-25 20:08:12.663 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-02-25 20:07:25.548 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-02-25 20:07:25.544 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-02-25 20:06:25.216 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-02-25 20:04:37.865 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-02-25 19:59:08.890 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz Procent pamięci w użyciu: 66% Całkowita pamięć fizyczna: 3319.49 MB Dostępna pamięć fizyczna: 1120.62 MB Całkowita pamięć wirtualna: 4319.49 MB Dostępna pamięć wirtualna: 1587.57 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:194.77 GB) (Free:30.05 GB) NTFS Drive d: (CD176A2) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS Drive e: (Drugi) (Fixed) (Total:270.44 GB) (Free:10.71 GB) NTFS \\?\Volume{f36089ba-a7b5-11e0-ad3a-806e6f6e6963}\ (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{8e81c2bf-0000-0000-0000-e0b730000000}\ () (Fixed) (Total:0.44 GB) (Free:0.04 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 8E81C2BF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=194.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================