EDgar8
-
Postów
208 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez EDgar8
-
-
Pokazuje ten sam komunikat.
Nie wiem czy ten trop jest prawdziwy, ale na tym odblokowanym koncie administratora UAC było prawidłowe, więc skopiowałem tam wszystkie pliki z tego konta (łącznie z AppData) a dziś patrzę i UAC jest podwyższone.
-
Mam nadzieję, że nie ma różnicy to, że mam włączone konto "Administrator" (to ukryte).
Repozytorium WMI jest spójne.
-
Właśnie dlatego uruchomiłem:
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-03-23 17:12:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST750LM022_HN-M750MBB rev.2BA30001 698,64GB
Running: gmer.exe; Driver: C:\Users\Asus\AppData\Local\Temp\fwlcqaoc.sys
---- Kernel code sections - GMER 2.2 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000f5600 7 bytes [C0, 5F, F3, FF, 41, 6F, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000f5608 3 bytes [C0, 06, 02]
---- User code sections - GMER 2.2 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000779fa400 7 bytes JMP 000000006fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077a03f20 5 bytes JMP 000000006fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077a1ffe0 5 bytes JMP 000000006fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a2f390 5 bytes JMP 000000006fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a59ae0 7 bytes JMP 000000006fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a69570 5 bytes JMP 000000006fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a88890 7 bytes JMP 000000006fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd942db0 5 bytes JMP 000007fefd910180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd943700 7 bytes JMP 000007fefd9100d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd949140 5 bytes JMP 000007fefd910148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd94a2b0 5 bytes JMP 000007fefd910110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc689d0 8 bytes JMP 000007fefd9101f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc6be40 8 bytes JMP 000007fefd9101b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe067470 11 bytes JMP 000007fefd910228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe07bee0 7 bytes JMP 000007fefd910260
.text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd942db0 5 bytes JMP 000007fefd910180
.text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd943700 7 bytes JMP 000007fefd9100d8
.text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd949140 5 bytes JMP 000007fefd910148
.text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd94a2b0 5 bytes JMP 000007fefd910110
.text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc689d0 8 bytes JMP 000007fefd9101f0
.text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc6be40 8 bytes JMP 000007fefd9101b8
.text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fefa49dc88 5 bytes JMP 000007fefa4700d8
.text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fefa49de10 5 bytes JMP 000007fefa470110
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774d1f0e 7 bytes JMP 0000000072d03c50
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774d5bad 7 bytes JMP 0000000072d04290
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000774e1409 7 bytes JMP 0000000072d03ea0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000774eea5d 7 bytes JMP 0000000072d03c40
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077578f8c 7 bytes JMP 0000000072d036c0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077579011 5 bytes JMP 0000000072d03770
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077579367 5 bytes JMP 0000000072d036d0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076fc1e3d 5 bytes JMP 0000000072d03680
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076fc1eeb 5 bytes JMP 0000000072d03640
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076fc2bcd 5 bytes JMP 0000000072d03780
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076fc2e7f 5 bytes JMP 0000000072d03480
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ea8b9a 5 bytes JMP 0000000072d02b20
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076eb4c48 5 bytes JMP 0000000072d03400
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076eb6bdc 5 bytes JMP 0000000072d03470
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076ef092e 5 bytes JMP 0000000072d02960
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076f07bec 5 bytes JMP 0000000072d033e0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000757bd2b4 5 bytes JMP 0000000072d02c60
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000757bd4ee 5 bytes JMP 0000000072d02c70
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ef5ea5 5 bytes JMP 0000000072d02ae0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f29ccb 5 bytes JMP 0000000072d02a70
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072d31003 2 bytes [D3, 72]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1132] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072d31016 2 bytes [D3, 72]
.text C:\Windows\system32\taskeng.exe[1584] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd942db0 5 bytes JMP 000007fefd910180
.text C:\Windows\system32\taskeng.exe[1584] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd943700 7 bytes JMP 000007fefd9100d8
.text C:\Windows\system32\taskeng.exe[1584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd949140 5 bytes JMP 000007fefd910148
.text C:\Windows\system32\taskeng.exe[1584] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd94a2b0 5 bytes JMP 000007fefd910110
.text C:\Windows\system32\taskeng.exe[1584] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc689d0 8 bytes JMP 000007fefd9101f0
.text C:\Windows\system32\taskeng.exe[1584] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc6be40 8 bytes JMP 000007fefd9101b8
.text C:\Windows\system32\taskeng.exe[1584] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe067470 11 bytes JMP 000007fefd910228
.text C:\Windows\system32\taskeng.exe[1584] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe07bee0 7 bytes JMP 000007fefd910260
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774d1f0e 7 bytes JMP 0000000072d03c50
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774d5bad 7 bytes JMP 0000000072d04290
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000774e1409 7 bytes JMP 0000000072d03ea0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000774eea5d 7 bytes JMP 0000000072d03c40
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077578f8c 7 bytes JMP 0000000072d036c0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077579011 5 bytes JMP 0000000072d03770
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077579367 5 bytes JMP 0000000072d036d0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076fc1e3d 5 bytes JMP 0000000072d03680
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076fc1eeb 5 bytes JMP 0000000072d03640
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076fc2bcd 5 bytes JMP 0000000072d03780
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076fc2e7f 5 bytes JMP 0000000072d03480
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ea8b9a 5 bytes JMP 0000000072d02b20
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076eb4c48 5 bytes JMP 0000000072d03400
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076eb6bdc 5 bytes JMP 0000000072d03470
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076ef092e 5 bytes JMP 0000000072d02960
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076f07bec 5 bytes JMP 0000000072d033e0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000757bd2b4 5 bytes JMP 0000000072d02c60
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000757bd4ee 5 bytes JMP 0000000072d02c70
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072d31003 2 bytes [D3, 72]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072d31016 2 bytes [D3, 72]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ef5ea5 5 bytes JMP 0000000072d02ae0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f29ccb 5 bytes JMP 0000000072d02a70
.text C:\Windows\system32\taskeng.exe[2308] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd942db0 5 bytes JMP 000007fefd910180
.text C:\Windows\system32\taskeng.exe[2308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd943700 7 bytes JMP 000007fefd9100d8
.text C:\Windows\system32\taskeng.exe[2308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd949140 5 bytes JMP 000007fefd910148
.text C:\Windows\system32\taskeng.exe[2308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd94a2b0 5 bytes JMP 000007fefd910110
.text C:\Windows\system32\taskeng.exe[2308] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc689d0 8 bytes JMP 000007fefd9101f0
.text C:\Windows\system32\taskeng.exe[2308] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc6be40 8 bytes JMP 000007fefd9101b8
.text C:\Windows\system32\taskeng.exe[2308] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe067470 11 bytes JMP 000007fefd910228
.text C:\Windows\system32\taskeng.exe[2308] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe07bee0 7 bytes JMP 000007fefd910260
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774d1f0e 7 bytes JMP 0000000072d03c50
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774d5bad 7 bytes JMP 0000000072d04290
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000774e1409 7 bytes JMP 0000000072d03ea0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000774eea5d 7 bytes JMP 0000000072d03c40
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077578f8c 7 bytes JMP 0000000072d036c0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077579011 5 bytes JMP 0000000072d03770
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077579367 5 bytes JMP 0000000072d036d0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076fc1e3d 5 bytes JMP 0000000072d03680
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076fc1eeb 5 bytes JMP 0000000072d03640
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076fc2bcd 5 bytes JMP 0000000072d03780
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076fc2e7f 5 bytes JMP 0000000072d03480
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ea8b9a 5 bytes JMP 0000000072d02b20
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076eb4c48 5 bytes JMP 0000000072d03400
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076eb6bdc 5 bytes JMP 0000000072d03470
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076ef092e 5 bytes JMP 0000000072d02960
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076f07bec 5 bytes JMP 0000000072d033e0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000757bd2b4 5 bytes JMP 0000000072d02c60
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000757bd4ee 5 bytes JMP 0000000072d02c70
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ef5ea5 5 bytes JMP 0000000072d02ae0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f29ccb 5 bytes JMP 0000000072d02a70
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072d31003 2 bytes [D3, 72]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2440] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072d31016 2 bytes [D3, 72]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774d1f0e 7 bytes JMP 0000000072d03c50
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774d5bad 7 bytes JMP 0000000072d04290
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000774e1409 7 bytes JMP 0000000072d03ea0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000774eea5d 7 bytes JMP 0000000072d03c40
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077578f8c 7 bytes JMP 0000000072d036c0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077579011 5 bytes JMP 0000000072d03770
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077579367 5 bytes JMP 0000000072d036d0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076fc1e3d 5 bytes JMP 0000000072d03680
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076fc1eeb 5 bytes JMP 0000000072d03640
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076fc2bcd 5 bytes JMP 0000000072d03780
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076fc2e7f 5 bytes JMP 0000000072d03480
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ea8b9a 5 bytes JMP 0000000072d02b20
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076eb4c48 5 bytes JMP 0000000072d03400
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076eb6bdc 5 bytes JMP 0000000072d03470
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076ef092e 5 bytes JMP 0000000072d02960
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076f07bec 5 bytes JMP 0000000072d033e0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000757bd2b4 5 bytes JMP 0000000072d02c60
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000757bd4ee 5 bytes JMP 0000000072d02c70
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072d31003 2 bytes [D3, 72]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072d31016 2 bytes [D3, 72]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ef5ea5 5 bytes JMP 0000000072d02ae0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2160] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f29ccb 5 bytes JMP 0000000072d02a70
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774d1f0e 7 bytes JMP 0000000072d03c50
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774d5bad 7 bytes JMP 0000000072d04290
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000774e1409 7 bytes JMP 0000000072d03ea0
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000774eea5d 7 bytes JMP 0000000072d03c40
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077578f8c 7 bytes JMP 0000000072d036c0
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077579011 5 bytes JMP 0000000072d03770
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077579367 5 bytes JMP 0000000072d036d0
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076fc1e3d 5 bytes JMP 0000000072d03680
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076fc1eeb 5 bytes JMP 0000000072d03640
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076fc2bcd 5 bytes JMP 0000000072d03780
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076fc2e7f 5 bytes JMP 0000000072d03480
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ea8b9a 5 bytes JMP 0000000072d02b20
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076eb4c48 5 bytes JMP 0000000072d03400
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076eb6bdc 5 bytes JMP 0000000072d03470
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076ef092e 5 bytes JMP 0000000072d02960
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076f07bec 5 bytes JMP 0000000072d033e0
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000757bd2b4 5 bytes JMP 0000000072d02c60
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000757bd4ee 5 bytes JMP 0000000072d02c70
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ef5ea5 5 bytes JMP 0000000072d02ae0
.text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2196] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f29ccb 5 bytes JMP 0000000072d02a70
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2492] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000779fa400 7 bytes JMP 000000006fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2492] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077a03f20 5 bytes JMP 000000006fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2492] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077a1ffe0 5 bytes JMP 000000006fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2492] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a2f390 5 bytes JMP 000000006fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2492] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a59ae0 7 bytes JMP 000000006fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2492] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a69570 5 bytes JMP 000000006fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2492] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a88890 7 bytes JMP 000000006fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2492] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd942db0 5 bytes JMP 000007fefd910180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd943700 7 bytes JMP 000007fefd9100d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd949140 5 bytes JMP 000007fefd910148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd94a2b0 5 bytes JMP 000007fefd910110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2492] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc689d0 8 bytes JMP 000007fefd9101f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2492] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc6be40 8 bytes JMP 000007fefd9101b8
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774d1f0e 7 bytes JMP 0000000072d03c50
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774d5bad 7 bytes JMP 0000000072d04290
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000774e1409 7 bytes JMP 0000000072d03ea0
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000774eea5d 7 bytes JMP 0000000072d03c40
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077578f8c 7 bytes JMP 0000000072d036c0
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077579011 5 bytes JMP 0000000072d03770
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077579367 5 bytes JMP 0000000072d036d0
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076fc1e3d 5 bytes JMP 0000000072d03680
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076fc1eeb 5 bytes JMP 0000000072d03640
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076fc2bcd 5 bytes JMP 0000000072d03780
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076fc2e7f 5 bytes JMP 0000000072d03480
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000757bd2b4 5 bytes JMP 0000000072d02c60
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000757bd4ee 5 bytes JMP 0000000072d02c70
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076eb4c48 5 bytes JMP 0000000072d03400
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076eb6bdc 5 bytes JMP 0000000072d03470
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076ef092e 5 bytes JMP 0000000072d02960
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076f07bec 5 bytes JMP 0000000072d033e0
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072d31003 2 bytes [D3, 72]
.text C:\Users\Asus\Desktop\gmer\gmer.exe[2776] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072d31016 2 bytes [D3, 72]
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\84a6c8046c75
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\84a6c8046c75@805719f9031f 0xA2 0x3E 0xC3 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\84a6c8046c75@78471d512c61 0xBD 0xE1 0xED 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\84a6c8046c75 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\84a6c8046c75@805719f9031f 0xA2 0x3E 0xC3 0xA5 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\84a6c8046c75@78471d512c61 0xBD 0xE1 0xED 0x84 ...
---- EOF - GMER 2.2 ---- -
OK. Mam Daemon Tools, ale obecnie wyłączony i bez żadnego napędu. Sterownika nie mogę odinstalować, bo pokazuje że go nie ma. (może to być spowodowane starszą wersją)
-
Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:05-03-2016 01
Uruchomiony przez Asus (2016-03-23 14:57:30) Run:2
Uruchomiony z C:\Users\Asus\Desktop
Załadowane profile: Asus (Dostępne profile: Asus & Administrator)
Tryb startu: Normal
==============================================
fixlist - zawartość:
*****************
CMD: icacls C:\Windows\System32\LogFiles\WMI\RtBackup /grant SYSTEM:F /T
Reboot:
*****************
========= icacls C:\Windows\System32\LogFiles\WMI\RtBackup /grant SYSTEM:F /T =========
przetworzono plik: C:\Windows\System32\LogFiles\WMI\RtBackup
przetworzono plik: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
przetworzono plik: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
przetworzono plik: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
przetworzono plik: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
przetworzono plik: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Liczba plików przetworzonych pomyślnie: 6; liczba plików, których przetwarzanie nie powiodło się: 0.
========= Koniec CMD: =========
System wymagał restartu.
==== Koniec Fixlog 14:57:30 ====
http://wklej.to/efIX-
http://wklej.to/WeBJ-
http://wklej.to/MXVq- -
Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:05-03-2016 01
Uruchomiony przez Asus (2016-03-22 21:01:12) Run:1
Uruchomiony z C:\Users\Asus\Desktop
Załadowane profile: Asus (Dostępne profile: Asus & Administrator)
Tryb startu: Normal
==============================================
fixlist - zawartość:
*****************
CMD: sc query winmgmt
CMD: winmgmt /salvagerepository
ListPermissions: C:\Windows\System32\LogFiles\WMI
ListPermissions: C:\Windows\System32\LogFiles\WMI\RtBackup
*****************
========= sc query winmgmt =========
SERVICE_NAME: winmgmt
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
========= Koniec CMD: =========
========= winmgmt /salvagerepository =========
Repozytorium WMI jest spójne.
========= Koniec CMD: =========
===================================
uprawnienia "C:\Windows\System32\LogFiles\WMI":
Owner: BUILTIN\Administrators
DACL(PAI):
NT AUTHORITY\SYSTEM ALLOW FULL (OI-CI)
NT AUTHORITY\LOCAL SERVICE ALLOW FULL (OI-CI)
NT AUTHORITY\NETWriteOwner+RK SERVICE ALLOW FULL (OI-CI)
BUILTIN\Administrators ALLOW FULL (OI-CI)
LU ALLOW FULL (OI-CI)
===================================
===================================
uprawnienia "C:\Windows\System32\LogFiles\WMI\RtBackup":
Owner: BUILTIN\Administrators
DACL(P):
BUILTIN\Administrators ALLOW FULL (OI-CI)
===================================
==== Koniec Fixlog 21:01:16 ====
-
SystemLook 30.07.11 by jpshortstuff
Log created at 18:39 on 22/03/2016 by Asus
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
(No values found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit]
(No values found)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt]
"DisplayName"="@%Systemroot%\system32\wbem\wmisvc.dll,-205"
"ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs"
"Description"="@%Systemroot%\system32\wbem\wmisvc.dll,-204"
"ObjectName"="localSystem"
"ErrorControl"= 0x0000000000 (0)
"Start"= 0x0000000002 (2)
"Type"= 0x0000000020 (32)
"DependOnService"="RPCSS"
"ServiceSidType"= 0x0000000001 (1)
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 c0 d4 01 00 01 00 00 00 e0 93 04 00 00 00 00 00 00 00 00 00 (REG_BINARY)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters]
"ServiceDllUnloadOnStop"= 0x0000000001 (1)
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
"ServiceMain"="ServiceMain"
-= EOF =-
Przywracałem aż do 20.02
SystemLook 30.07.11 by jpshortstuff
Log created at 18:52 on 22/03/2016 by Asus
Administrator - Elevation successful
No Context:
========== reg ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
(No values found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit]
(No values found)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt]
"DisplayName"="@%Systemroot%\system32\wbem\wmisvc.dll,-205"
"ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs"
"Description"="@%Systemroot%\system32\wbem\wmisvc.dll,-204"
"ObjectName"="localSystem"
"ErrorControl"= 0x0000000000 (0)
"Start"= 0x0000000002 (2)
"Type"= 0x0000000020 (32)
"DependOnService"="RPCSS"
"ServiceSidType"= 0x0000000001 (1)
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 c0 d4 01 00 01 00 00 00 e0 93 04 00 00 00 00 00 00 00 00 00 (REG_BINARY)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters]
"ServiceDllUnloadOnStop"= 0x0000000001 (1)
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
"ServiceMain"="ServiceMain"
-= EOF =-
Przywracałem nawet dalej i to w trybie awaryjnym.
Może nie działa dlatego, że program przywraca swoje zmiany?
-
Chodzi o to, że w trybie awaryjnym są te klucze, ale i tak zmian żadnych na tryb normalny nie zapisze.
Punktu nie mam.
Inni konsultanci za bardzo nic nie poradzili i nie kazali zmieniać przez jakieś zaawansowane opcje. Tylko polecali np. dysk naprawy, dodanie wpisów czy użycie narzędzia MS.
http://prntscr.com/ahsq4i
http://prntscr.com/ahsqdw
http://prntscr.com/ahsqn1Już piszę. Jedyny użytkownik (Administrator).
http://prntscr.com/ahstco
Patrząc na to to nawet mogę podejrzewać że ten program coś pomajstrował, ale nie zauważałem, żadnych błędów od grudnia, a programu nie aktualizowałem. -
Nie poskutkowało.
Nie wiem czy pisałem, ale w safe mode można powiedzieć, że działa.
Więcej można poczytać tutaj: http://forum.komputerswiat.pl/topic/197628-uac-samo-zmienia-się-na-najwyższy-poziom/page-2#entry1190114 nie chcę kopiować screenów i wszystkiego
-
Tak jak pisałem (lub nie) wpisy się jakby same kasują.
SystemLook 30.07.11 by jpshortstuff
Log created at 09:50 on 19/03/2016 by Asus
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
(No values found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit]
(No values found)
-= EOF =-
Logi są aktualne bo wykonywałem je kiedy chciałem uzyskać pomoc właśnie na ten temat, ale proszę świeże:
http://wklejaj.pl/551x
http://wklejaj.pl/551x -
-
-
Tak jak w temacie. Nie mogę obniżyć UAC, wcześniej miałem na najniższym.
-
Nie ma tam linku do Windowsa 8. Instalowałem pl_windows_8_x64_dvd_915436.iso
-
Też właśnie chciałem tak zrobić, ale nie mogę aktywować bo to jest klucz OEM, a ja nie instalowałem wersji OEM. Taka wersja jest na partycji recovery której nie mam. Muszę wysłać laptop do serwisu lub
piracko pobrać windows 8 oem i aktywować moim kluczykiem.pożegnać się z aktywacją. -
Krótko moja historia:
- Komputer był z W8 od producenta (klucz z UEFI)
- W sklepie zmienili mu go na pirata W7
- Dostałem komputer i chcę być legalny więc wyciągnąłem klucz z UEFI za pomocą programu.
- Zainstalowałem W10 za pomocą ISO i bootowalnego pendrive zrobionego Rufusem.
- Coś mi się sknociło i zainstalowałem jeszcze raz.
- Chcę aktywować i nie mogę
UAC - samo zmienia się na najwyższy poziom
w Windows 7
Opublikowano
Na którym koncie zrobić log? Stare czy nowe? I czy sprawdzić czy na nowym koncie działa UAC czy jeszcze nie?
Administrator ukryłem.