Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 31-05-2022 01 Uruchomiony przez Andrzej (01-06-2022 21:57:00) Uruchomiony z C:\Users\Andrzej\Downloads Microsoft Windows 7 Home Premium Service Pack 1 (X64) (2012-10-14 14:19:04) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= (Załączenie wejścia w fixlist spowoduje jego usunięcie.) Administrator (S-1-5-21-2770710654-563048816-2845096244-500 - Administrator - Disabled) Andrzej (S-1-5-21-2770710654-563048816-2845096244-1000 - Administrator - Enabled) => C:\Users\Andrzej Gość (S-1-5-21-2770710654-563048816-2845096244-501 - Limited - Enabled) => C:\Users\Gość.ADMIN HomeGroupUser$ (S-1-5-21-2770710654-563048816-2845096244-1006 - Limited - Enabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: ESET Security (Enabled - Up to date) {64EA0B2F-B2F3-2E04-491D-9CF1192F8FAB} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Zapora (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated) AdGuard (HKLM-x32\...\{aa20a42b-6cff-4300-aa71-505c4a58c8be}) (Version: 7.9.3869.0 - Adguard Software Ltd) Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version: - Microsoft) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Ashampoo UnInstaller 8 (HKLM-x32\...\{4209F371-D192-F401-E058-BBF7CF126AEA}_is1) (Version: 8.00.12 - Ashampoo GmbH & Co. KG) Ashampoo WinOptimizer 18 (HKLM-x32\...\{4209F371-3AF1-5998-2DFB-FC430324C91A}_is1) (Version: 18.00.19 - Ashampoo GmbH & Co. KG) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.) AutoCAD 2005 - English (HKLM-x32\...\{5783F2D7-0301-0409-0002-0060B0CE6BBA}) (Version: 16.1.63.10 - Autodesk) AutoCAD 2005 Express Tools Volumes 1-9 (HKLM-x32\...\{5783F2D7-0311-0409-0000-0060B0CE6BBA}) (Version: 1.0.0.0 - Autodesk) Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 4.1 - Autodesk, Inc.) Autodesk DWG TrueView 2016 - English (HKLM\...\DWG TrueView 2016 - English) (Version: 20.1.49.0 - Autodesk) Backup Manager V3 (HKLM-x32\...\{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Hidden Bullzip PDF Printer 10.25.0.2552 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.25.0.2552 - Bullzip) clear.fi (HKLM-x32\...\{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}) (Version: 1.0.1517_36458 - CyberLink Corp.) Hidden clear.fi (HKLM-x32\...\{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}) (Version: 9.0.8026 - CyberLink Corp.) Hidden clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated) CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - CSR Plc.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform) Detektor Winampa (HKU\S-1-5-21-2770710654-563048816-2845096244-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) EncFlac 1.1.2 (HKLM-x32\...\EncFlac) (Version: 1.1.2 - Michael Facquet) EncVorbis 1.1 (HKLM-x32\...\EncVorbis) (Version: 1.1 - Michael Facquet) ESET Security (HKLM\...\{7640EC0A-921E-44D1-9165-DE31D473EAE3}) (Version: 15.1.12.0 - ESET, spol. s r.o.) EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - FinalWire Ltd.) foobar2000 v1.6.4 (HKLM-x32\...\foobar2000) (Version: 1.6.4 - Peter Pawlowski) Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Foxit Creator (HKLM-x32\...\Foxit Creator) (Version: 3,0,1,0109 - Foxit Corporation) Free PDF Image Extractor (remove only) (HKLM\...\Free PDF Image Extractor) (Version: - ) Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (HKLM-x32\...\{4736B0ED-F6A1-48EC-A1B7-C053027648F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (HKLM-x32\...\{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (HKLM-x32\...\{CB66242D-12B1-4494-82D2-6F53A7E024A3}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 102.0.5005.63 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) IrfanView 4.58 (64-bit) (HKLM\...\IrfanView64) (Version: 4.58 - Irfan Skiljan) Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kerish Doctor 2022 (HKLM-x32\...\{EF70A54F-E09E-4570-8F21-C7674CDDB5B6}_is1) (Version: 4.90 - Kerish Products) Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.) LenovoUsbDriver 1.0.8 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.8 - Lenovo) Malwarebytes version 4.5.9.198 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes) Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited) Nitro Pro 8 (HKLM\...\{62721310-3C83-442A-81D1-6BB454A5B17E}) (Version: 8.5.1.10 - Nitro) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation) OBS Multiplatform (HKLM-x32\...\OBS Multiplatform) (Version: 0.12.0 - OBS Project) Obsługa programów Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Omron Health Management Software (HKLM-x32\...\{E01DFD45-F13A-4F12-AC38-8EEE2163E52E}) (Version: 1.60.0004 - Omron Healthcare) OpenOffice 4.1.4 (HKLM-x32\...\{BA41785F-1DB1-4CEA-830A-149E940786B8}) (Version: 4.14.9788 - Apache Software Foundation) Opera Stable 86.0.4363.58 (HKLM-x32\...\Opera 86.0.4363.58) (Version: 86.0.4363.58 - Opera Software) PageExpress A3 USB 600 Pro V1.1 (HKLM-x32\...\{900581ED-9396-428C-A277-119DAADB1D0A}) (Version: 1.1 - Nazwa firmy) Hidden PageExpress A3 USB 600 Pro V1.1 (HKLM-x32\...\InstallShield_{900581ED-9396-428C-A277-119DAADB1D0A}) (Version: 1.1 - Nazwa firmy) PC Win Booster Free (HKLM-x32\...\PC Win Booster Free_is1) (Version: 10.0.3.155 - Sorentio Systems Ltd.) PDF24 Creator 9.2.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 9.2.2 - PDF24.org) PDFCreator (HKLM\...\{00010FEF-82A2-497E-983A-7105A0167FA7}) (Version: 4.0.3 - pdfforge GmbH) PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 13.0 - PlotSoft LLC) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.10 - Tracker Software Products Ltd) PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.211.0 - Tracker Software Products (Canada) Ltd.) PerformanceTest v7.0 (64-bit) (HKLM\...\PerformanceTest 7_is1) (Version: 7.0 - Passmark Software) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Poczta usługi Windows Live (HKLM-x32\...\{64376910-1860-4CEF-8B34-AA5D205FC5F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\{7A9D47BA-6D50-4087-866F-0800D8B89383}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (HKLM-x32\...\{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden PrivaZer (HKLM-x32\...\PrivaZer) (Version: 4.0.31.0 - Goversoft LLC) PROFIT v. 3.06.003 START (HKLM-x32\...\PROFIT_is1) (Version: - IZIS SOFT) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden RadioSure (HKU\S-1-5-21-2770710654-563048816-2845096244-1000\...\RadioSure) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8432 - Realtek Semiconductor Corp.) Resource Hacker Version 4.5.30 (HKLM-x32\...\ResourceHacker_is1) (Version: - ) RogueKiller version 15.5.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.5.1.0 - Adlice Software) Screamer Radio (HKU\S-1-5-21-2770710654-563048816-2845096244-1000\...\Screamer) (Version: 1.7265.31862 - Steamcore) Security Task Manager 2.4 (HKLM-x32\...\Security Task Manager) (Version: 2.4 - Neuber Software) SharewareOnSale Notifier (HKU\S-1-5-21-2770710654-563048816-2845096244-1000\...\SharewareOnSale Notifier) (Version: 20 - SharewareOnSale) Skype (wersja 8.83) (HKLM-x32\...\Skype_is1) (Version: 8.83 - Skype Technologies S.A.) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Surfshark (HKLM-x32\...\{296A8EB2-464A-4692-9513-76CB1B5D9483}) (Version: 4.0.0999 - Surfshark) Hidden Surfshark (HKLM-x32\...\Surfshark 4.0.0999) (Version: 4.0.0999 - Surfshark) Surfshark TAP Driver Windows (HKLM-x32\...\{1BE56F4D-46EC-4372-B4B2-A397E417102E}) (Version: 1.0.1 - Surfshark) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated) TapinRadio 2.14.8 (x32) (HKLM-x32\...\TapinRadio_is1) (Version: - Raimersoft) UnHackMe 13.80 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VLC media player (HKLM\...\VLC media player) (Version: 3.0.15 - VideoLAN) VueScan x64 (HKLM\...\VueScan x64) (Version: - ) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH) Συλλογή φωτογραφιών του Windows Live (HKLM-x32\...\{C00C2A91-6CB3-483F-80B3-2958E29468F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (HKLM-x32\...\{E83DC314-C926-4214-AD58-147691D6FE9F}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (HKLM-x32\...\{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}) (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (HKLM-x32\...\{77F69CA1-E53D-4D77-8BA3-FA07606CC851}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (HKLM-x32\...\{4444F27C-B1A8-464E-9486-4C37BAB39A09}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (HKLM-x32\...\{CE929F09-3853-4180-BD90-30764BFF7136}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (HKLM-x32\...\{0A4C4B29-5A9D-4910-A13C-B920D5758744}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (HKLM-x32\...\{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Niestandardowe rejestracje CLSID (filtrowane): ============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-2770710654-563048816-2845096244-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2016 - English\dwgviewr.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2770710654-563048816-2845096244-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2016 - English\en-US\dwgviewrficn.dll (Autodesk, Inc -> Autodesk, Inc.) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-06] (Autodesk, Inc -> Autodesk) ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2021-09-14] (IP Izmaylov Artem Andreevich -> AIMP DevTeam) ContextMenuHandlers1: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => -> Brak pliku ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-03-15] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> Brak pliku ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => -> Brak pliku ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-03-05] (Nitro PDF Software -> Nitro PDF) ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2019-11-19] (pdfforge GmbH -> pdfforge GmbH) ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2020-03-08] (Goversoft LLC -> ) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => -> Brak pliku ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-03-15] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> Brak pliku ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2020-03-08] (Goversoft LLC -> ) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-01] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2020-03-08] (Goversoft LLC -> ) ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> ) ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2021-09-14] (IP Izmaylov Artem Andreevich -> AIMP DevTeam) ContextMenuHandlers4: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => -> Brak pliku ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => -> Brak pliku ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2020-03-08] (Goversoft LLC -> ) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-03-15] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> Brak pliku ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => -> Brak pliku ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-01] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2020-03-08] (Goversoft LLC -> ) ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> ) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\system32\ficvdec_x64.dll [652288 2013-05-28] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-14] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS) HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [246736 2017-06-23] (Cole Williams Software Limited -> ) HKLM\...\Drivers32-x32: [vidc.x264] => x264vfw.dll HKLM\...\Drivers32: [vidc.lags] => C:\Windows\SysWOW64\lagarith.dll [230080 2016-09-21] (Cole Williams Software Limited -> ) HKLM\...\Drivers32: [msacm.divxa32] => C:\Windows\SysWOW64\DivXa32.acm [291408 2013-12-17] (Packed With Joy !) [Brak podpisu cyfrowego] ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ShortcutWithArgument: C:\Users\Andrzej\Desktop\Nie ja ale TY.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=hojeimjoloiannkkcmdedkelcfmgaacp ShortcutWithArgument: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Nie ja ale TY.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=hojeimjoloiannkkcmdedkelcfmgaacp ==================== Załadowane moduły (filtrowane) ============= 2022-02-01 08:41 - 2022-02-01 08:41 - 000263680 _____ () [Brak podpisu cyfrowego] C:\Program Files (x86)\Surfshark\Resources\x64\Surfshark.Firewall.dll 2021-10-27 11:41 - 2021-10-27 11:41 - 001601536 _____ () [Brak podpisu cyfrowego] C:\Program Files (x86)\Surfshark\runtimes\win-x64\native\e_sqlite3.dll 2020-03-08 21:18 - 2020-03-08 21:18 - 000016384 _____ () [Brak podpisu cyfrowego] C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\90a8e8dcf782610b49a199387a6f6073\PSIClient.ni.dll 2016-04-05 02:35 - 2016-08-29 14:59 - 000218112 _____ (Bullzip) [Brak podpisu cyfrowego] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll 2016-09-30 22:46 - 2009-04-16 14:08 - 000136704 _____ (Hewlett-Packard Company) [Brak podpisu cyfrowego] C:\Windows\System32\hpf3l70v.dll 2016-09-30 23:10 - 2009-04-16 14:08 - 000248320 _____ (Hewlett-Packard Corporation) [Brak podpisu cyfrowego] C:\Windows\system32\spool\PRTPROCS\x64\hpfpp70v.dll 2009-05-14 16:49 - 2009-05-14 16:49 - 000071680 _____ (Hewlett-Packard) [Brak podpisu cyfrowego] c:\windows\system32\hpzinw12.dll 2019-07-22 17:44 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [Brak podpisu cyfrowego] C:\Program Files\7-Zip\7-zip.dll 2020-03-08 21:18 - 2020-03-08 21:18 - 000019968 _____ (Intel Corp.) [Brak podpisu cyfrowego] C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\ff531e48b178902583e5d57461c5572d\IAStorCommon.ni.dll 2017-01-10 01:43 - 2012-07-09 14:46 - 000269312 _____ (Intel Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\PsiData.dll 2017-01-10 01:43 - 2012-07-09 14:46 - 000497664 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll 2018-01-25 16:43 - 2013-11-08 08:27 - 000261632 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Intel\Media SDK\mfx_mft_h264ve_w7_32.dll 2020-03-08 21:18 - 2020-03-08 21:18 - 000075264 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgr\fbdf2290bd7a779b39a94e6fa8549d13\IAStorDataMgr.ni.dll 2020-03-08 21:18 - 2020-03-08 21:18 - 000379392 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\0f6c29489ec9a4b43dfbdf255a650fc5\IAStorUtil.ni.dll 2020-03-08 21:19 - 2020-03-08 21:19 - 001114624 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorViewModel\84022df9a0855dc68e676c1bb1b7ea51\IAStorViewModel.ni.dll 2020-03-08 21:18 - 2020-03-08 21:18 - 003864576 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Windows\assembly\NativeImages_v4.0.30319_32\PSI\ec81389ba66d057d93cf223e588e4453\PSI.ni.dll 2020-03-08 21:18 - 2020-03-08 21:18 - 000643584 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Windows\assembly\NativeImages_v4.0.30319_32\PsiData\0bc29e06aac607eabf404fcde012d010\PsiData.ni.dll 2016-01-28 00:36 - 2016-01-28 00:36 - 000225280 _____ (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll 2016-01-28 00:13 - 2016-01-28 00:13 - 000097280 _____ (Microsoft Corporation) [Brak podpisu cyfrowego] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL 2020-03-08 21:18 - 2020-03-08 21:18 - 000027136 _____ (Microsoft) [Brak podpisu cyfrowego] C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\690596fd26747698c1477648497825ec\IAStorDataMgrSvcInterfaces.ni.dll 2013-03-19 13:59 - 2018-10-17 00:56 - 000117248 _____ (pdfforge GmbH) [Brak podpisu cyfrowego] C:\Windows\System32\pdfcmon.dll ==================== Alternate Data Streams (filtrowane) ======== (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\W obronie Wiary i Tradycji Katolickiej.website:DESTICON_ec11134e5693a65a149a87d7e3d27cf5-1379509959 [1698] AlternateDataStreams: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\W obronie Wiary i Tradycji Katolickiej.website:DESTICON_ec11134e5693a65a149a87d7e3d27cf5-1587315079 [1698] AlternateDataStreams: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\W obronie Wiary i Tradycji Katolickiej.website:DESTICON_ec11134e5693a65a149a87d7e3d27cf5-2144400857 [1698] AlternateDataStreams: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\W obronie Wiary i Tradycji Katolickiej.website:DESTICON_ec11134e5693a65a149a87d7e3d27cf5175198541 [1698] AlternateDataStreams: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\W obronie Wiary i Tradycji Katolickiej.website:DESTICON_ec11134e5693a65a149a87d7e3d27cf5638546998 [1698] AlternateDataStreams: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\W obronie Wiary i Tradycji Katolickiej.website:TASKICON_0ec11134e5693a65a149a87d7e3d27cf51514041266 [1698] AlternateDataStreams: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\W obronie Wiary i Tradycji Katolickiej.website:TASKICON_1favicon818190576 [10862] AlternateDataStreams: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\W obronie Wiary i Tradycji Katolickiej.website:TASKICON_2favicon856924206 [10862] AlternateDataStreams: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\W obronie Wiary i Tradycji Katolickiej.website:TASKICON_3favicon-778822629 [10862] ==================== Tryb awaryjny (filtrowane) ================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) ================= ==================== Internet Explorer (Wersja 11) (filtrowane) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://niejaalety.blogspot.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://niejaalety.blogspot.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank DownloadDir: C:\Users\Andrzej\Downloads SearchScopes: HKU\S-1-5-21-2770710654-563048816-2845096244-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2770710654-563048816-2845096244-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_301\bin\ssv.dll [2021-09-06] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_301\bin\jp2ssv.dll [2021-09-06] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKLM-x32 - PDF Architect 5 Toolbar - {84F23192-A475-4038-B5C0-8584777F2DF4} - C:\Program Files (x86)\PDF Architect 5\creator-ie-plugin.dll [2017-05-08] (pdfforge GmbH -> pdfforge GmbH) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-02] (Skype Software Sarl -> Skype Technologies) ==================== Hosts - zawartość: ========================= (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2022-06-01 18:39 - 000029298 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 0x1f4b0.com 0.0.0.0 1q2w3.life 0.0.0.0 1q2w3.website 0.0.0.0 2giga.dowload 0.0.0.0 2giga.link 0.0.0.0 8jd2lfsq.me 0.0.0.0 aalbbh84.info 0.0.0.0 acbp0020171456.page.tl 0.0.0.0 ad-miner.com 0.0.0.0 adplusplus.fr 0.0.0.0 adrenali.gq 0.0.0.0 afflow.18-plus.net 0.0.0.0 afminer.com 0.0.0.0 ajcryptominer.com 0.0.0.0 ajplugins.com 0.0.0.0 akvideo.stream 0.0.0.0 allfontshere.press 0.0.0.0 altavista.ovh 0.0.0.0 amhixwqagiz.ru 0.0.0.0 analytics.blue 0.0.0.0 andlache.com 0.0.0.0 a-o.ninja 0.0.0.0 apdrive.win 0.0.0.0 api.inwemo.com 0.0.0.0 appelamule.com 0.0.0.0 arizona-miner.tk 0.0.0.0 aservices.party 0.0.0.0 aster18cdn.nl 0.0.0.0 auroramine.com Wykryto więcej niż wyliczono: 1149 linii. ==================== Inne obszary =========================== (Obecnie brak automatycznej naprawy dla tej sekcji.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\Wbem;C:\ProgramData\Oracle\Java\javapath;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\PROGRAM FILES (X86)\EGISTEC MYWINLOCKER;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\Common Files\Autodesk Shared;C:\Program Files (x86)\Skype\Phone;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64 HKU\S-1-5-21-2770710654-563048816-2845096244-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2770710654-563048816-2845096244-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Gość.ADMIN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.8.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == ==================== Reguły Zapory systemu Windows (filtrowane) ================ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{1EAC93C1-A9D8-43BC-BBD1-7464D06BE022}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B610CA07-DB94-4D5E-BFBF-07733516E88E}] => (Allow) LPort=2869 FirewallRules: [{98327F05-1C5E-4A41-B8DF-EABA7910E324}] => (Allow) LPort=1900 FirewallRules: [{BC3556D0-2FDF-48E7-BABD-A5E026D36A56}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B6F055CD-A25B-489C-84B5-E20A5B3DC639}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7B2E7628-A8FD-4756-8951-D57B7763F099}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{431D1045-45A5-4E56-92E2-02ECF128096A}] => (Allow) C:\Program Files (x86)\Opera\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{51C214A0-5F9A-4E6A-B823-3641F8C6CBE2}] => (Allow) C:\Program Files (x86)\Opera\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [TCP Query User{1F294A2D-E4DA-4D08-AF94-8412732C2AEF}C:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe (Oracle America, Inc. -> Oracle Corporation) FirewallRules: [UDP Query User{2794E6D9-C7D2-4597-BAC8-07475124C0C3}C:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe (Oracle America, Inc. -> Oracle Corporation) FirewallRules: [{95622432-A629-4903-B297-3AB8171AED8F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.) FirewallRules: [{65A33A57-8996-48A4-98A9-9B87D8F36CBD}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.) FirewallRules: [{36BE5E19-2F5D-4029-B455-4DDBCCD782F1}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard) FirewallRules: [{08DF01E6-AA76-4FCE-893A-56C8FF930E4F}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) FirewallRules: [{C547C96D-FFD4-49C5-9D03-5E8E07524512}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) FirewallRules: [TCP Query User{43D8EC54-C825-40FE-BEB3-CDE1C35EFE9C}C:\windows\twain_32\l6u16u2\srvmod.exe] => (Block) C:\windows\twain_32\l6u16u2\srvmod.exe (NetWork Scanner) [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{4810DC52-7BC3-4167-A4D1-AE24095F82F0}C:\windows\twain_32\l6u16u2\srvmod.exe] => (Block) C:\windows\twain_32\l6u16u2\srvmod.exe (NetWork Scanner) [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{BD7E47BE-1053-4A36-911B-CBCE62F21573}C:\windows\twain_32\l6u16u2\srvmod.exe] => (Allow) C:\windows\twain_32\l6u16u2\srvmod.exe (NetWork Scanner) [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{C52F0CA8-FF57-40B7-A677-A4C57A50B7A0}C:\windows\twain_32\l6u16u2\srvmod.exe] => (Allow) C:\windows\twain_32\l6u16u2\srvmod.exe (NetWork Scanner) [Brak podpisu cyfrowego] FirewallRules: [{DDBA0FAC-B67B-444A-8F9B-3013F799065D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.) FirewallRules: [{E438D69E-D29B-490D-82BF-B3B8D8001E23}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D5A7DC17-C0F7-466C-A0DA-8CFE92461090}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{870BD7FC-4F21-48D7-9E73-818E8D2C3CD8}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) FirewallRules: [{CA2A570C-09F6-4046-91E9-170016135180}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) FirewallRules: [{BEE99D5A-DFA3-4C63-AF8A-B592A75F6746}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) FirewallRules: [{C6B81467-B063-4A04-930B-92FBFF9CE3DA}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) FirewallRules: [{982F9010-7ACE-4AE8-BE9B-BD83B3711FD4}] => (Allow) C:\Program Files (x86)\Opera\86.0.4363.59\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{4685EFF8-7B69-4FBE-8F44-4DBA716E2AA1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{15A26632-43C3-4E2F-9D11-DFFBACF783F6}] => (Allow) C:\Program Files (x86)\Opera\86.0.4363.58\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{E246BDD2-D400-4DA4-A6D7-A754AFF07C2A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2B27F715-80B8-4AF3-A467-E8212BE775BF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{DD281A24-65FF-47F4-8A35-2F8E3CC285B2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) ==================== Punkty Przywracania systemu ========================= 30-05-2022 23:28:16 Removed ESET Security 30-05-2022 23:31:00 Removed ESET Security 30-05-2022 23:55:55 Removed ESET Security 31-05-2022 00:58:47 Removed ESET Security 31-05-2022 22:17:22 Punkt przywracania utworzony przez HitmanPro 31-05-2022 22:17:50 Punkt przywracania utworzony przez HitmanPro 31-05-2022 22:18:01 Punkt przywracania utworzony przez HitmanPro 31-05-2022 22:18:26 Punkt przywracania utworzony przez HitmanPro 31-05-2022 22:20:36 Punkt przywracania utworzony przez HitmanPro 31-05-2022 22:21:09 Punkt przywracania utworzony przez HitmanPro 01-06-2022 02:03:42 Installed Surfshark 01-06-2022 16:34:19 Installed Surfshark ==================== Wadliwe urządzenia w Menedżerze urządzeń ============ ==================== Błędy w Dzienniku zdarzeń: ======================== Dziennik Aplikacja: ================== Error: (06/01/2022 07:42:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/01/2022 07:32:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/01/2022 07:31:57 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Nie można utworzyć punktu przywracania (Proces = C:\Program Files (x86)\UnHackMe\reanimator.exe Files (x86)\UnHackMe\reanimator.exe" /wiz /full; Opis = UnHackMe Malware Removal; Błąd = 0x8007043c). Error: (06/01/2022 07:30:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: CsrBtOBEXService.exe, wersja: 2.1.63.0, sygnatura czasowa: 0x4f68683b Nazwa modułu powodującego błąd: CsrBtOBEXService.exe, wersja: 2.1.63.0, sygnatura czasowa: 0x4f68683b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000006f58 Identyfikator procesu powodującego błąd: 0x6d8 Godzina uruchomienia aplikacji powodującej błąd: 0x01d875d963da5e05 Ścieżka aplikacji powodującej błąd: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe Ścieżka modułu powodującego błąd: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe Identyfikator raportu: 883484bd-e1d0-11ec-a236-e89a8febb777 Error: (06/01/2022 06:47:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/01/2022 06:45:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: CsrBtOBEXService.exe, wersja: 2.1.63.0, sygnatura czasowa: 0x4f68683b Nazwa modułu powodującego błąd: CsrBtOBEXService.exe, wersja: 2.1.63.0, sygnatura czasowa: 0x4f68683b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000006f58 Identyfikator procesu powodującego błąd: 0x5c8 Godzina uruchomienia aplikacji powodującej błąd: 0x01d875d57e536590 Ścieżka aplikacji powodującej błąd: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe Ścieżka modułu powodującego błąd: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe Identyfikator raportu: 31ee8da2-e1ca-11ec-96f6-e89a8febb777 Error: (06/01/2022 06:36:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/01/2022 06:33:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: CsrBtOBEXService.exe, wersja: 2.1.63.0, sygnatura czasowa: 0x4f68683b Nazwa modułu powodującego błąd: CsrBtOBEXService.exe, wersja: 2.1.63.0, sygnatura czasowa: 0x4f68683b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000006f58 Identyfikator procesu powodującego błąd: 0x70c Godzina uruchomienia aplikacji powodującej błąd: 0x01d875b4548e2beb Ścieżka aplikacji powodującej błąd: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe Ścieżka modułu powodującego błąd: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe Identyfikator raportu: 9ecc5a0a-e1c8-11ec-9651-e89a8febb777 Dziennik System: ============= Error: (06/01/2022 09:59:49 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: Serwer {BB6DF56B-CACE-11DC-9992-0019B93A3A84} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (06/01/2022 07:30:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: discache eamonm ehdrv HWiNFO32 spldr Wanarpv6 Error: (06/01/2022 07:30:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa PDF24 zależy od usługi Bufor wydruku, której nie można uruchomić z powodu następującego błędu: Uruchomienie usługi zależności lub grupy nie powiodło się. Error: (06/01/2022 07:30:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa CSR OBEX Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. Error: (06/01/2022 06:58:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Ashampoo LiveTuner 2 Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (06/01/2022 06:58:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Funkcja Audio CSR Bluetooth niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (06/01/2022 06:58:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Surfshark Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (06/01/2022 06:58:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa RogueKiller RTP niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. ==================== Statystyki pamięci =========================== BIOS: INSYDE V1.06 09/29/2011 Płyta główna: Acer HMA51_HR Procesor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz Procent pamięci w użyciu: 54% Całkowita pamięć fizyczna: 8043.86 MB Dostępna pamięć fizyczna: 3644.45 MB Całkowita pamięć wirtualna: 16085.86 MB Dostępna pamięć wirtualna: 8821.63 MB ==================== Dyski ================================ Drive c: (Acer) (Fixed) (Total:461.84 GB) (Free:301.64 GB) (Model: ATA SSDPR-CX400-512- SCSI Disk Device) NTFS \\?\Volume{d60ec125-1b59-11e1-8919-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS \\?\Volume{d60ec124-1b59-11e1-8919-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:15 GB) (Free:2.78 GB) NTFS ==================== MBR & Tablica partycji ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 452F36E5) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=461.8 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt =======================