Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 04-07-2020 01 Uruchomiony przez Jola (05-07-2020 10:30:36) Uruchomiony z C:\Users\Jola\Music Windows 10 Home Wersja 1909 18363.900 (X64) (2019-08-05 21:10:35) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-1146579958-381356915-3942461415-500 - Administrator - Disabled) Dawid (S-1-5-21-1146579958-381356915-3942461415-1002 - Administrator - Enabled) => C:\Users\Dawid Gość (S-1-5-21-1146579958-381356915-3942461415-501 - Limited - Disabled) Jola (S-1-5-21-1146579958-381356915-3942461415-1001 - Administrator - Enabled) => C:\Users\Jola Konto domyślne (S-1-5-21-1146579958-381356915-3942461415-503 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1146579958-381356915-3942461415-504 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Pakiet Bezpieczeństwa UPC by F-Secure (Disabled - Up to date) {8AC831E5-DF57-0DC0-D07B-4DE1A5FFFD9A} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Pakiet Bezpieczeństwa UPC by F-Secure (Enabled - Up to date) {31A9D001-F96D-024E-EACB-7693DE78B727} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-48a530bf-e0d2-4546-8ca9-330e01d1ed94) (Version: 3.0.2.118 - WildTangent) Hidden abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: - ) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: - ) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 20.009.20067 - Adobe Systems Incorporated) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden App Explorer (HKU\S-1-5-21-1146579958-381356915-3942461415-1002\...\Host App Service) (Version: 0.273.2.800 - SweetLabs) <==== UWAGA BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.18.2302 - BlueStack Systems, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.67 - Piriform) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5917.02 - CyberLink Corp.) F-Secure Ultralight 1.0.5438.0 (release) (cc0c4f981bd2f23d1e5e325af11ed0a0ecf2a348) (HKLM-x32\...\{C75644E8-5FB5-4B8F-8FD2-08CC5D7ECD87}) (Version: 1.0.5438.0 - F-Secure Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Home Makeover (HKLM-x32\...\WTA-365bbc02-f8be-42a4-9d5b-abf6f80ab673) (Version: 3.0.2.59 - WildTangent) Hidden HP LaserJet MFP M28-M31 — podstawowe oprogramowanie urządzenia (HKLM\...\{4CE24BB8-93E6-4C7E-AB56-BD9768A05080}) (Version: 46.2.2636.18185 - HP Inc.) Intel(R) Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6286 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation) Jewel Match 3 (HKLM-x32\...\WTA-1eb7bcbe-d7ae-4c84-b301-409878b1952c) (Version: 2.2.0.97 - WildTangent) Hidden Jewel Match Snowscapes (HKLM-x32\...\WTA-70d2f668-a65b-4fab-80fc-b76c09de7465) (Version: 3.0.2.118 - WildTangent) Hidden K-Lite Mega Codec Pack 12.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.9.5 - KLCP) Magic Academy (HKLM-x32\...\WTA-afbd2202-2653-4b86-9eab-e98c5437c6d6) (Version: 2.2.0.97 - WildTangent) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.58 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.31 - ) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1146579958-381356915-3942461415-1001\...\OneDriveSetup.exe) (Version: 20.084.0426.0007 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1146579958-381356915-3942461415-1002\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (HKLM\...\{90150000-001F-0415-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Pakiet Bezpieczeństwa UPC (HKLM-x32\...\{9DEBA07D-5FCD-42F8-88F7-0232DC284B47}) (Version: 17.7 - F-Secure Corporation) Panel sterowania NVIDIA 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 382.05 - NVIDIA Corporation) Hidden Polar Bowler 1st Frame (HKLM-x32\...\WTA-1c8e44d1-2249-482a-839e-fd2aadf099a5) (Version: 3.0.2.59 - WildTangent) Hidden Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10299 - Qualcomm Atheros) Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.191 - Qualcomm Atheros) Rayman3 (HKLM-x32\...\{BAF5914B-5730-4373-B038-9F436AC6A0D6}) (Version: 1.00.0000 - Ubi Soft) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8569 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Rory's Restaurant (HKLM-x32\...\WTA-0f3dd366-b9f5-4c36-98b1-11bf976c544f) (Version: 3.0.2.126 - WildTangent) Hidden Runefall (HKLM-x32\...\WTA-06d0ffa3-2868-4619-be80-8538fb874a1e) (Version: 3.0.2.126 - WildTangent) Hidden SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 5.1.0270 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.10.2.40 - NVIDIA Corporation) Hidden Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.7.6 - TeamViewer) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.1.1.12 - WildTangent) Hidden WinRAR 5.40 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Packages: ========= Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.171.500.0_x86__kgqvnymyfvs32 [2020-07-03] (king.com) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.2.169.0_x64__rz1tebttyb220 [2020-04-17] (Dolby Laboratories) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-27] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-19] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-19] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-05] (Microsoft Studios) [MS Ad] MSN Pogoda -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad] MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad] Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-03-19] (MAGIX) Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-12] (Netflix, Inc.) Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2020-03-19] (Samsung Electronics Co. Ltd.) Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2020-03-19] (Twitter Inc.) ==================== Niestandardowe rejestracje CLSID (filtrowane): ============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated -> Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated -> Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated -> Acer Incorporated) ShellIconOverlayIdentifiers: [F-Secure DataGuard Icon Overlay] -> {CA789262-D278-40F7-AC12-19C0395F9DD9} => C:\Program Files (x86)\Pakiet Bezpieczeństwa UPC\FsShellExtension64.dll [2019-11-01] (F-Secure Corporation -> F-Secure Corporation) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-09-19] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-09-19] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\igfxDTCM.dll [2018-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-09-19] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-09-19] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3642880 2016-05-08] (x264vfw project) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [309248 2015-12-18] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3613696 2016-05-08] (x264vfw project) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [Brak podpisu cyfrowego] ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ShortcutWithArgument: C:\Users\Jola\Desktop\Poczta.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=bpidnlocdigmigganjfkmhjkpgigjecm ShortcutWithArgument: C:\Users\Jola\Desktop\Terapiamed Kraków - przychodnia zdrow.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=nofgekjmabjkfbfbenafmlmkjjllicoj ShortcutWithArgument: C:\Users\Jola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Allegro.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=jgdhjjnhpikfdmmhbgmgcnmadfoioafc ShortcutWithArgument: C:\Users\Jola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Facebook.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=celnaknmndcdcjcagffhbhciignkeokb ShortcutWithArgument: C:\Users\Jola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Groupon.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=kkppdjhjafoajbkhnbmopbadhfgcmmch ShortcutWithArgument: C:\Users\Jola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\LIBRUS Synergia.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=enpnngfdkfdnfpagggmifgacmahpnnom ShortcutWithArgument: C:\Users\Jola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Poczta.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=bpidnlocdigmigganjfkmhjkpgigjecm ShortcutWithArgument: C:\Users\Jola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Terapiamed Kraków - przychodnia zdrow.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=nofgekjmabjkfbfbenafmlmkjjllicoj ==================== Załadowane moduły (filtrowane) ============= 2017-10-30 19:26 - 2015-03-18 17:09 - 000022528 _____ () [Brak podpisu cyfrowego] C:\WINDOWS\System32\ssm1mlm.dll 2017-05-06 21:07 - 2014-04-16 10:22 - 000029184 _____ () [Brak podpisu cyfrowego] C:\WINDOWS\System32\uxs01l.dll 2016-12-09 20:40 - 2016-02-17 08:40 - 001249872 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Brak podpisu cyfrowego] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll 2017-10-30 19:26 - 2015-03-18 17:09 - 000043520 _____ (Windows (R) Codename Longhorn DDK provider) [Brak podpisu cyfrowego] C:\WINDOWS\system32\spool\PRTPROCS\x64\ssm1mpc.dll ==================== Alternate Data Streams (filtrowane) ======== ==================== Tryb awaryjny (filtrowane) ================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) ================= ==================== Internet Explorer - Witryny zaufane i z ograniczeniami ========== ==================== Hosts - zawartość: ========================= (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2015-10-30 09:24 - 2015-10-30 09:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Inne obszary =========================== (Obecnie brak automatycznej naprawy dla tej sekcji.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Skype\Phone\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-1146579958-381356915-3942461415-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jola\Pictures\19732_en_1.jpg HKU\S-1-5-21-1146579958-381356915-3942461415-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 62.179.1.62 - 62.179.1.63 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Załączenie wejścia w fixlist spowoduje jego usunięcie.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "NvBackend" HKLM\...\StartupApproved\Run32: => "SecurityHealth" HKU\S-1-5-21-1146579958-381356915-3942461415-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1146579958-381356915-3942461415-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1146579958-381356915-3942461415-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-1146579958-381356915-3942461415-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== Reguły Zapory systemu Windows (filtrowane) ================ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{929A7AB7-FAA4-46EE-A4F7-D915F17A12BA}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) FirewallRules: [{4AF55083-26A9-4FAE-BE87-DE8B5CFB4662}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2BE73893-BFBD-457E-95E3-50DB9E939E7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{B15ED31B-9483-4386-8E32-0F421A90B6CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{C59DB5D8-0165-41DE-8282-5AD40AF11A0D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{DEA66A9C-5A89-47A0-8810-542F1888D049}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A0F8FF53-B658-4EE9-A296-4D18F6CB3729}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{C68EF013-4574-4A05-9937-69D005AA7AF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{838BE081-0A1C-4445-8E32-A01CFF037DEF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{D34C67DF-3DA5-4BC5-902B-8406F6B28219}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{90F8E26B-FFAC-41AA-9EB1-FED13BC6A443}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology) FirewallRules: [{3C2C53B6-E8E1-4E28-9417-E9EC2D793987}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology) FirewallRules: [{9C35B053-0376-4B18-BE87-98ECC0964784}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{5885212C-9E2A-436F-BD66-E0DBFB01798E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{821A8C9F-956C-415E-86CC-EFDE14CE3A94}C:\users\jola\appdata\roaming\microsoft\windows\start menu\programs\startup\jajuwaserver.exe] => (Allow) C:\users\jola\appdata\roaming\microsoft\windows\start menu\programs\startup\jajuwaserver.exe () [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{6978D0BE-BE92-409B-944C-242D8EED83C3}C:\users\jola\appdata\roaming\microsoft\windows\start menu\programs\startup\jajuwaserver.exe] => (Allow) C:\users\jola\appdata\roaming\microsoft\windows\start menu\programs\startup\jajuwaserver.exe () [Brak podpisu cyfrowego] FirewallRules: [{C56E257D-4EC5-4132-BC92-1BCE2E4D9298}] => (Allow) LPort=2200 FirewallRules: [{DC525EEF-CEC1-49C0-9265-2939C606A4FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{A1120CB1-3B85-4D43-8E56-5CCED2654F6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{CFE837E8-C88E-4BB1-9B46-FEA44C31273D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{81BCFE53-E549-4CF4-8B6B-945917F93662}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{A21393DD-1EB8-4204-8E54-94250EC22BBC}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\bin\EWSProxy.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{3029667C-3D3A-46BE-ADD5-883613F85407}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{A972576E-BC4A-4FEF-9859-18EA59C01AB1}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{B269F1D3-9ED2-4683-9737-5C43808AFB3B}] => (Allow) LPort=5357 FirewallRules: [{A0B11024-D807-4855-8932-A06A7EE79541}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{2419F2D9-3A34-4B6F-A358-4ADD2087AA1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{20B8D6E7-3FE7-4923-B740-56424CAFF3B8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{EC4BEB23-A7F9-444C-9840-8D06A00612CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{2582FBFF-B674-4284-9836-04DFDC69D502}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{3808E57E-7880-454E-8383-40353F971C11}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) ==================== Punkty Przywracania systemu ========================= 12-06-2020 23:00:36 Instalator modułów systemu Windows 22-06-2020 18:52:59 Zaplanowany punkt kontrolny 03-07-2020 10:35:07 Zaplanowany punkt kontrolny ==================== Wadliwe urządzenia w Menedżerze urządzeń ============ ==================== Błędy w Dzienniku zdarzeń: ======================== Dziennik Aplikacja: ================== Error: (07/05/2020 09:52:23 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (6872,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (07/05/2020 09:17:44 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (1364,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (07/05/2020 09:10:20 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (07/04/2020 09:25:01 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (12332,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (07/04/2020 09:14:05 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (11976,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (07/04/2020 08:57:26 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (4816,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (07/04/2020 07:50:29 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7152,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (07/04/2020 04:36:27 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (11788,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Dziennik System: ============= Error: (07/05/2020 09:51:59 AM) (Source: DCOM) (EventID: 10000) (User: LAPTOP-SIDJI4VS) Description: Nie można uruchomić serwera DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Błąd: 2147942767 Błąd wystąpił podczas uruchamiania polecenia: C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} Error: (07/03/2020 10:18:26 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-SIDJI4VS) Description: Serwer DolbyLaboratories.DolbyAccess_3.2.169.0_x64__rz1tebttyb220!App.AppXtzbhf6k67jn9be72jwc3zje4rv3bb4am.mca nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (06/24/2020 05:06:45 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-SIDJI4VS) Description: Serwer Microsoft.AAD.BrokerPlugin_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider nie zarejestrował się w modelu DCOM w wymaganym czasie. CodeIntegrity: =================================== Date: 2020-07-05 10:23:56.191 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Pakiet Bezpieczeństwa UPC\apps\Ultralight\ulcore\1592476117\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-07-05 09:08:01.637 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Pakiet Bezpieczeństwa UPC\apps\Ultralight\ulcore\1592476117\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-07-05 09:08:01.630 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Pakiet Bezpieczeństwa UPC\apps\Ultralight\ulcore\1592476117\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-07-05 09:08:01.620 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Pakiet Bezpieczeństwa UPC\apps\Ultralight\ulcore\1592476117\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-07-05 09:08:01.613 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Pakiet Bezpieczeństwa UPC\apps\Ultralight\ulcore\1592476117\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-07-05 09:07:58.641 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Pakiet Bezpieczeństwa UPC\apps\Ultralight\ulcore\1592476117\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-07-04 11:24:24.012 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Pakiet Bezpieczeństwa UPC\apps\Ultralight\ulcore\1592476117\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-07-04 11:24:24.006 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Pakiet Bezpieczeństwa UPC\apps\Ultralight\ulcore\1592476117\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== BIOS: Insyde Corp. V1.18 10/21/2016 Płyta główna: Acer Ironman_SK Procesor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz Procent pamięci w użyciu: 46% Całkowita pamięć fizyczna: 8060.22 MB Dostępna pamięć fizyczna: 4336 MB Całkowita pamięć wirtualna: 9788.22 MB Dostępna pamięć wirtualna: 5876.14 MB ==================== Dyski ================================ Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:785 GB) NTFS \\?\Volume{f74ede40-d7e9-4a01-a6b5-eb71c97c7c84}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.57 GB) NTFS \\?\Volume{a22f77fd-2a0d-4bc1-afa4-b5b3e9c84048}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32 ==================== MBR & Tablica partycji ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 28D5EA80) Partition: GPT. ==================== Koniec Addition.txt =======================