Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 19-05-2021 Uruchomiony przez Admin (19-05-2021 22:25:48) Uruchomiony z C:\Users\Admin\AppData\Local\Temp\scoped_dir2180_1201449069 Windows 10 Home Wersja 20H2 19042.928 (X64) (2021-05-02 18:59:21) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Admin (S-1-5-21-2922760720-4043368837-1713385151-1001 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-2922760720-4043368837-1713385151-500 - Administrator - Disabled) Gość (S-1-5-21-2922760720-4043368837-1713385151-501 - Limited - Disabled) Konto domyślne (S-1-5-21-2922760720-4043368837-1713385151-503 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-2922760720-4043368837-1713385151-504 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe) AdoptOpenJDK JRE with Hotspot 11.0.3.7 (x64) (HKLM\...\{EB1A316D-D3D6-40F7-A70C-F0F02365F835}) (Version: 11.0.3.7 - AdoptOpenJDK) AdoptOpenJDK JRE with Hotspot 8.0.212.03 (x64) (HKLM\...\{318E3208-3ABD-44AE-AF80-089F13306CC6}) (Version: 8.0.212.03 - AdoptOpenJDK) AdoptOpenJDK JRE with Hotspot 8.0.212.03 (x86) (HKLM-x32\...\{69DA9C42-5C94-4FD9-8DB4-1FCA95C06CFE}) (Version: 8.0.212.03 - AdoptOpenJDK) AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1497, 15.07.2015 - AIMP DevTeam) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.) Canon G2010 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_G2010_series) (Version: 1.00 - Canon Inc.) Canon G2010 series Podręcznik ekranowy (HKLM-x32\...\Canon G2010 series Podręcznik ekranowy) (Version: 1.0.0 - Canon Inc.) Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.05.1.51 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.4.0.16 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.0.3 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.1 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.79 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7042 - CDBurnerXP) CPUID HWMonitor 1.44 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.44 - CPUID, Inc.) Google Chrome (HKLM\...\{7F544E85-3FC4-3F6B-BE1C-679880E73AD3}) (Version: 90.0.4430.93 - Google LLC) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden HiSuite (HKLM-x32\...\Hi Suite) (Version: 9.1.0.305 - ) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation) K-Lite Codec Pack 15.0.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.0.0 - KLCP) Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro) Lenovo Service Bridge (HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.2 - Lenovo) Mi PC Suite (HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\...\MiPhoneManager) (Version: - Xiaomi Inc.) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\...\Teams) (Version: 1.3.00.21759 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation) Mozilla Firefox 67.0.4 (x64 pl) (HKLM\...\Mozilla Firefox 67.0.4 (x64 pl)) (Version: 67.0.4 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla) NVIDIA Oprogramowanie systemu PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Opera Stable 76.0.4017.123 (HKLM-x32\...\Opera 76.0.4017.123) (Version: 76.0.4017.123 - Opera Software) Rejestracja drukarki (HKLM-x32\...\Canon EISRegistration) (Version: 1.5.0 - Canon Inc.) Skype (wersja 8.52) (HKLM-x32\...\Skype_is1) (Version: 8.52 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated) VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN) Wargaming.net Game Center (HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\...\Wargaming.net Game Center) (Version: 21.2.3.5077 - Wargaming.net) WinRAR 5.71 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) Zoom (HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\...\ZoomUMX) (Version: 5.4.0 (58636.1026) - Zoom Video Communications, Inc.) Packages: ========= Dodatek Aparat multimediów dla aplikacji Zdjęcia -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-16] (Microsoft Corporation) Dodatek Zdjęcia -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-02] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-02] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4213.0_x64__8wekyb3d8bbwe [2021-05-02] (Microsoft Studios) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0 [2021-05-02] (Spotify AB) [Startup Task] ==================== Niestandardowe rejestracje CLSID (filtrowane): ============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-2922760720-4043368837-1713385151-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2922760720-4043368837-1713385151-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2019-06-27] (AIMP DevTeam) [Brak podpisu cyfrowego] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-05-07] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-05-07] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2019-06-27] (AIMP DevTeam) [Brak podpisu cyfrowego] ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-05-07] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-05-07] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (filtrowane) ==================== ==================== Skróty & WMI ======================== ==================== Załadowane moduły (filtrowane) ============= 2019-09-05 19:31 - 2017-12-07 11:25 - 000123904 _____ (CANON INC.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Canon\IJPLM\CNMPU.DLL ==================== Alternate Data Streams (filtrowane) ======== ==================== Tryb awaryjny (filtrowane) ================== ==================== Powiązania plików (filtrowane) ================= ==================== Internet Explorer (filtrowane) ========== HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.global-pl.com/ SearchScopes: HKU\S-1-5-21-2922760720-4043368837-1713385151-1001 -> DefaultScope {E27A8949-E562-4E02-833A-E8F1403C6750} URL = hxxp://www.global-pl.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2922760720-4043368837-1713385151-1001 -> {E27A8949-E562-4E02-833A-E8F1403C6750} URL = hxxp://www.global-pl.com/search?q={searchTerms} BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2020-06-08] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2020-06-08] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.) ==================== Hosts - zawartość: ========================= (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2019-03-19 06:49 - 2021-05-19 18:36 - 000004665 _____ C:\WINDOWS\system32\drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 rp.yefeneri2.com 0.0.0.0 os.yefeneri2.com 0.0.0.0 os2.yefeneri2.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com ==================== Inne obszary =========================== (Obecnie brak automatycznej naprawy dla tej sekcji.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\AdoptOpenJDK\jre-8.0.212.03-hotspot\bin;C:\Program Files (x86)\AdoptOpenJDK\jre-8.0.212.03-hotspot\bin;C:\Program Files\AdoptOpenJDK\jre-11.0.3.7-hotspot\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\pokemon pikachu.jpg DNS Servers: 192.168.31.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Załączenie wejścia w fixlist spowoduje jego usunięcie.) HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant" HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\...\StartupApproved\Run: => "Skype for Desktop" HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\...\StartupApproved\Run: => "MiPhoneManager" HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\...\StartupApproved\Run: => "Wargaming.net Game Center" HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\...\StartupApproved\Run: => "OneDrive" ==================== Reguły Zapory systemu Windows (filtrowane) ================ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{4CE26248-DA72-4B2D-B89A-3D6D92290BA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A2F730BB-7B9F-4012-AB04-19122EDCF502}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{1F3FA9BE-361A-4E93-B2E1-C0CE092A734F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{21469E7D-BC58-4830-9E50-04EA5D82C6E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9CB00F3E-58A3-42C8-9555-5E98ACC50C34}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{8EE2FF3C-5B82-4CA5-8AA4-49AD82956E9B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{101CB505-BAB7-474D-817B-B8F803A6A568}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{01522E7E-3E91-46C3-9EE0-2B0AAD7F2B89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{ECC1FF87-540E-4A83-9A5D-55F40E04CEE4}] => (Allow) C:\Program Files\Opera\75.0.3969.243\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{6CC02172-3A5A-4C47-B7D7-E6962863B296}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{5E299742-6BD5-4BB0-ADBA-6221F5B4769B}C:\users\admin\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\admin\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{D7E0824D-EBB5-468D-8F0C-7B87598F58A1}C:\users\admin\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\admin\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{3E3102DB-CCE4-418A-952E-9F0E0B53818C}C:\program files (x86)\steam\steamapps\common\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\spellbreak\g3\binaries\win64\spellbreak.exe (Proletariat Inc. -> Proletariat, Inc.) FirewallRules: [TCP Query User{07A6371A-7AB0-4898-B18B-E5453B4F88FD}C:\program files (x86)\steam\steamapps\common\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\spellbreak\g3\binaries\win64\spellbreak.exe (Proletariat Inc. -> Proletariat, Inc.) FirewallRules: [UDP Query User{1A05B9D9-AF9F-42CB-9C99-EEB3CC8AC026}C:\program files (x86)\steam\steamapps\common\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\spellbreak\g3\binaries\win64\spellbreak.exe (Proletariat Inc. -> Proletariat, Inc.) FirewallRules: [TCP Query User{72B43A9C-1C62-4CDD-9D4F-20EC782266E8}C:\program files (x86)\steam\steamapps\common\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\spellbreak\g3\binaries\win64\spellbreak.exe (Proletariat Inc. -> Proletariat, Inc.) FirewallRules: [{C98703A4-5B19-4667-8F43-AB5364ED3730}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spellbreak\Launch_Spellbreak.exe (EasyAntiCheat Oy -> Epic Games, Inc) FirewallRules: [{272A5916-13CE-49D3-90AC-77F66D2DE0F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spellbreak\Launch_Spellbreak.exe (EasyAntiCheat Oy -> Epic Games, Inc) FirewallRules: [{3D1272F9-8CC4-4A23-9608-443646FF152E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Brak pliku FirewallRules: [{915DD4EA-7E10-44F1-836E-3DC45AFFC9AA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Brak pliku FirewallRules: [{B9C775ED-ED98-406F-BDFA-6784FFF150C2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{CBD9891C-E88B-41F3-9C95-74D2295984D3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{6F4EC953-D215-4CE6-994E-F166EA0EDCF4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{58455CD3-E07A-4807-B9A9-5619E8CC0364}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{BCE08965-B57B-41C4-A866-FD5E76BD228A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{BABDFBCE-8830-49A8-870B-B43A8C0141C1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [UDP Query User{75B52C22-DDEE-4FC3-AC97-EF1C6BB15185}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [TCP Query User{7E482268-C08B-4BF8-B3FA-2526430B7EEB}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{5E580375-4734-4A79-9934-2F5302D681B6}C:\users\admin\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\admin\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{1413CCDF-C5F6-4E18-A336-180321E1F5E2}C:\users\admin\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\admin\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CE380615-7967-48E9-B065-946ACD3CB198}] => (Allow) C:\Users\Admin\AppData\Roaming\Zoom\bin\airhost.exe => Brak pliku FirewallRules: [{4DDEDB65-E101-40CA-BA1E-9D65D6CD00C9}] => (Allow) C:\Users\Admin\AppData\Roaming\Zoom\bin\airhost.exe => Brak pliku FirewallRules: [{A91AA82C-9186-4CCF-B04A-1130A58EED5A}] => (Allow) C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [UDP Query User{FCBD9525-DF57-489D-BF86-6E65EE24485E}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [TCP Query User{DE849BB1-514B-4F81-9F19-CECFA4E662DE}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{5B0AE3DE-65C6-4255-A05D-2F5C8D8DD8E5}C:\games\world_of_tanks_eu_(2)\win64\worldoftanks.exe] => (Block) C:\games\world_of_tanks_eu_(2)\win64\worldoftanks.exe => Brak pliku FirewallRules: [TCP Query User{9258B244-47B1-4383-9575-C65453397464}C:\games\world_of_tanks_eu_(2)\win64\worldoftanks.exe] => (Block) C:\games\world_of_tanks_eu_(2)\win64\worldoftanks.exe => Brak pliku FirewallRules: [{D2EF3F52-FD0B-4C81-A461-BCDB1953098E}] => (Allow) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{0962B7CD-1605-4D34-B60E-9868AA47E44A}C:\users\admin\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\admin\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [TCP Query User{A3FC96E9-E9B6-400D-AD8B-B5C215AC0710}C:\users\admin\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\admin\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [{DC22B818-D79F-4D04-9D31-961FB640CBB4}] => (Allow) C:\Users\Admin\AppData\Local\MiPhoneManager\main\MiPCSuite.exe (Xiaomi Technology Inc -> Xiaomi.Inc) FirewallRules: [{3E848A50-0CD6-411C-A5E4-925F2A2AF8F3}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{1D0840B7-F825-4186-8A49-7F7285E303C5}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{E886EFF4-73B7-4300-B700-4A1F6541B66B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{DF76308E-CA34-4289-B314-C126D7569777}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{79E6DDE9-3BA1-44CC-BE3A-6CB2AC96B389}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{C69107BA-B8DF-44A4-9472-58223E3157FF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{03C104C2-7ED9-4A6E-A151-E686FFE9F683}] => (Allow) C:\Program Files\Opera\76.0.4017.123\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [TCP Query User{30EAC5C5-2B7E-4445-A78D-5D84478D62EE}C:\users\admin\desktop\sdi\sdi_x64_r2102.exe] => (Allow) C:\users\admin\desktop\sdi\sdi_x64_r2102.exe => Brak pliku FirewallRules: [UDP Query User{225DB41A-7AF0-405F-AC5D-42C740F93B96}C:\users\admin\desktop\sdi\sdi_x64_r2102.exe] => (Allow) C:\users\admin\desktop\sdi\sdi_x64_r2102.exe => Brak pliku ==================== Punkty Przywracania systemu ========================= ==================== Wadliwe urządzenia w Menedżerze urządzeń ============ ==================== Błędy w Dzienniku zdarzeń: ======================== Dziennik Aplikacja: ================== Error: (05/19/2021 09:44:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program YourPhone.exe w wersji 1.21022.215.0 przestał współpracować z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemów w oknie Zabezpieczenia i konserwacja w Panelu sterowania. Identyfikator procesu: 1f18 Godzina rozpoczęcia: 01d74ce4d4d992e2 Godzina zakończenia: 4294967295 Ścieżka aplikacji: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21022.215.0_x64__8wekyb3d8bbwe\YourPhone.exe Identyfikator raportu: ea961940-3fd9-4e0e-9d90-e4ed20599898 Pełna nazwa pakietu powodującego błąd: Microsoft.YourPhone_1.21022.215.0_x64__8wekyb3d8bbwe Identyfikator aplikacji powiązanej z pakietem powodującym błąd: App Typ zawieszenia: Quiesce Error: (05/19/2021 09:31:43 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {2f45edab-4743-45ee-8213-efbb9bfbd8bc} Error: (05/19/2021 08:02:57 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury CoCreateInstance. hr = 0x8007045b, Trwa proces zamykania systemu. . Error: (05/19/2021 08:02:57 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} i nazwą CEventSystem. [0x8007045b, Trwa proces zamykania systemu. ] Error: (05/19/2021 08:02:57 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury CoCreateInstance. hr = 0x8007045b, Trwa proces zamykania systemu. . Error: (05/19/2021 08:02:56 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} i nazwą CEventSystem. [0x8007045b, Trwa proces zamykania systemu. ] Error: (05/19/2021 07:17:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: LSB.exe, wersja: 5.0.2.2, sygnatura czasowa: 0x608f8f4a Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 10.0.19041.906, sygnatura czasowa: 0x2f2f77bf Kod wyjątku: 0xe0434352 Przesunięcie błędu: 0x0000000000034b59 Identyfikator procesu powodującego błąd: 0x360 Godzina uruchomienia aplikacji powodującej błąd: 0x01d74cd2c7dddb6c Ścieżka aplikacji powodującej błąd: C:\Users\Admin\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe Ścieżka modułu powodującego błąd: C:\WINDOWS\System32\KERNELBASE.dll Identyfikator raportu: eff71ba8-81d1-4932-98df-acae95ed3c9e Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (05/19/2021 07:17:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplikacja: LSB.exe Wersja architektury: v4.0.30319 Opis: proces został przerwany z powodu nieobsłużonego wyjątku. Informacje o wyjątku: System.PlatformNotSupportedException w System.Net.HttpListener..ctor() w LSB.HTTPServer.Start(System.Object) w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) w System.Threading.ThreadHelper.ThreadStart(System.Object) Dziennik System: ============= Error: (05/19/2021 09:33:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Usługa Broker monitorów czasu wykonywania funkcji System Guard zawiesiła się podczas uruchamiania. Error: (05/19/2021 09:26:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (05/19/2021 09:26:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0. Error: (05/19/2021 09:25:19 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 21:18:17 na ‎19.‎05.‎2021 było nieoczekiwane. Error: (05/19/2021 09:08:43 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GH23FUV) Description: Serwer {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (05/19/2021 09:00:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Usługa Usługa koordynatora aktualizacji zawiesiła się podczas uruchamiania. Error: (05/19/2021 08:55:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Usługa Menedżer pobranych map zawiesiła się podczas uruchamiania. Error: (05/19/2021 08:53:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Usługa Optymalizacja dostarczania zawiesiła się podczas uruchamiania. CodeIntegrity: =============== Date: 2021-05-19 18:39:38 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-05-19 18:32:18 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. ==================== Statystyki pamięci =========================== BIOS: LENOVO 8ECN95WW 05/12/2014 Płyta główna: LENOVO Ginkgo 7A1 Procesor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz Procent pamięci w użyciu: 53% Całkowita pamięć fizyczna: 7956.27 MB Dostępna pamięć fizyczna: 3704.1 MB Całkowita pamięć wirtualna: 10004.27 MB Dostępna pamięć wirtualna: 5696.44 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:487.65 GB) (Free:355.55 GB) NTFS Drive d: (Nowy) (Fixed) (Total:443.23 GB) (Free:383.94 GB) NTFS \\?\Volume{55b4d1c9-cf6b-44da-8d75-26405dd41aab}\ () (Fixed) (Total:0.52 GB) (Free:0.04 GB) NTFS \\?\Volume{372f838f-b168-4258-84bb-c403b49063f9}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Tablica partycji ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 01F4A3A4) Partition: GPT. ==================== Koniec Addition.txt =======================