Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 02-11-2017 Uruchomiony przez Wojtek (07-11-2017 19:05:30) Uruchomiony z C:\Users\Wojtek\Desktop Windows 10 Enterprise Wersja 1703 15063.674 (X64) (2017-05-10 12:32:24) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-1883005379-2761239155-3550619939-500 - Administrator - Disabled) defaultuser0 (S-1-5-21-1883005379-2761239155-3550619939-1000 - Limited - Disabled) => C:\Users\defaultuser0 Gość (S-1-5-21-1883005379-2761239155-3550619939-501 - Limited - Disabled) Konto domyślne (S-1-5-21-1883005379-2761239155-3550619939-503 - Limited - Disabled) Wojtek (S-1-5-21-1883005379-2761239155-3550619939-1001 - Administrator - Enabled) => C:\Users\Wojtek ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated) Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated) Aktualizacje NVIDIA 29.1.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 29.1.0.0 - NVIDIA Corporation) Hidden Aragami (HKLM-x32\...\{FD629F2E-E9F9-4AE9-98D9-8437D52B889D}) (Version: 0.0.01.08 - Lince Works) Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team) CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform) Cuphead (HKLM-x32\...\Cuphead_is1) (Version: - ) Discord (HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\...\Discord) (Version: 0.0.298 - Discord Inc.) Epic Games Launcher (HKLM-x32\...\{6A930A1F-661B-4C41-A781-77CC9B42F9E3}) (Version: 1.1.121.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation) Kaspersky Anti-Virus (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden League of Legends (HKLM-x32\...\{EA8630BD-0DCC-4154-B972-AAA6C8989E1A}) (Version: 4.2.1 - Riot Games) Hidden League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games) Microsoft OneDrive (HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Need for Speed™ (HKLM-x32\...\{F8643E83-A868-4EE8-A0B9-389386830453}) (Version: 1.3.0.0 - Electronic Arts) Nightbot (HKLM-x32\...\{c59fdb2c-3f60-4455-b0a8-c45b5aee5447}_is1) (Version: 0.0.5 - NightDev, LLC) NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) NVIDIA Sterownik 3D Vision 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation) NVIDIA Sterownik graficzny 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation) NVIDIA Sterownik kontrolera 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project) Opera Stable 48.0.2685.52 (HKLM-x32\...\Opera 48.0.2685.52) (Version: 48.0.2685.52 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 10.5.5.6040 - Electronic Arts, Inc.) Panel sterowania NVIDIA 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.13 - NVIDIA Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.) Resident Evil 7 Biohazard (HKLM-x32\...\{1ECBF8F3-7079-44CA-AD32-B2AECBCF636F}_is1) (Version: - Capcom) SHU (HKLM-x32\...\{DF11DD92-DBB8-4F3F-9564-A8BBDBE986F5}_is1) (Version: 1.0 - ScreenShu Software) Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.101 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SteelSeries Engine 3.11.7 (HKLM\...\SteelSeries Engine 3) (Version: 3.11.7 - SteelSeries ApS) TeamSpeak 3 Client (HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\...\TeamSpeak 3 Client) (Version: 3.1.3 - TeamSpeak Systems GmbH) Unity Web Player (HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 43.1 - Ubisoft) Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) WinRAR 5.40 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\ShellEx.dll [2017-11-06] (AO Kaspersky Lab) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-09-19] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2016-09-19] (Alexander Roshal) ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\ShellEx.dll [2017-11-06] (AO Kaspersky Lab) ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\ShellEx.dll [2017-11-06] (AO Kaspersky Lab) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation) ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\ShellEx.dll [2017-11-06] (AO Kaspersky Lab) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-09-19] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2016-09-19] (Alexander Roshal) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {0061B06A-F746-4BEC-89B0-340C0AB31460} - System32\Tasks\Driver Booster SkipUAC (Wojtek) => D:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe Task: {052765F3-50E9-4954-9506-21060207A4AF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation) Task: {0FE0A18E-8A9F-44EC-934F-9A6E75CB9D5E} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: {33CA8E1C-0828-4A55-ABD1-FCC1C368DB3F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-25] (Adobe Systems Incorporated) Task: {3C66C025-FDF5-4967-85D3-41FB8E57DF4F} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: {4365F8F5-D16A-4FDE-95D4-329007E9238A} - System32\Tasks\ndjbf => C:\Users\Wojtek\AppData\Local\kvcha.bat [2017-11-06] () <==== UWAGA Task: {4AF8294C-41DA-4DF0-9549-D65110DE3C04} - System32\Tasks\bjjbf => C:\Users\Wojtek\AppData\Local\oaatvxkte.bat [2017-11-06] () <==== UWAGA Task: {51851334-DE2D-4343-BB87-D589A713E57F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11] (NVIDIA Corporation) Task: {6188C6ED-A1E4-4A92-97CC-10F563475189} - System32\Tasks\{EF0EEE88-E7DA-4DEE-9391-4E51A072AB3A} => C:\Windows\system32\pcalua.exe -a "D:\Users\Wojtek\Downloads\Sitting Ducks\AUTORUN.EXE" -d "D:\Users\Wojtek\Downloads\Sitting Ducks" Task: {65F61C55-06D3-4771-AA23-E181B3538399} - System32\Tasks\UeYyDHMzhc0p => ueyydhmzhc0p.exe Task: {7CB93845-42A3-469E-882F-7483EB5A646F} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: {844B6E76-3278-4E41-93B1-69BD5B57BBE6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-11] (NVIDIA Corporation) Task: {8EB4BEA7-FC54-4B1A-90C8-4AB5B7FF0D6B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation) Task: {9EFE91DA-3CF2-417C-BD50-34C18EB17C27} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-11] (NVIDIA Corporation) Task: {A0024194-7C4A-4647-8EE0-F949DB61E44A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated) Task: {BB16F433-3C62-4FF6-94E8-048420D1A497} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-11] (NVIDIA Corporation) Task: {CD1E9156-866E-4036-AE74-0CEFC668E0BF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation) Task: {CECCD1DB-9DD9-4DBC-B9D9-4F2B46E69F21} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation) Task: {ECD20EC8-DAF8-4975-9BB7-7A0D60D21F16} - System32\Tasks\Opera scheduled Autoupdate 1502024622 => C:\Program Files\Opera\launcher.exe [2017-10-24] (Opera Software) Task: {F4EE01DA-7742-43F8-BF96-216016D07D1C} - System32\Tasks\{D46FD3EA-391D-42A3-8FD0-F6D475119177} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.36.0.101/pl/go/help.faq.installer?LastError=1603 Task: {FB7E5095-9344-4D6C-9BB2-D45E003DF1C9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2017-03-30 00:32 - 2017-10-11 02:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 21:59 - 2017-03-20 05:04 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-10-27 17:41 - 2017-10-27 17:41 - 091487832 _____ () C:\Program Files\Opera\48.0.2685.52\opera_browser.dll 2017-10-27 17:41 - 2017-10-27 17:41 - 004197464 _____ () C:\Program Files\Opera\48.0.2685.52\libglesv2.dll 2017-10-27 17:41 - 2017-10-27 17:41 - 000101464 _____ () C:\Program Files\Opera\48.0.2685.52\libegl.dll 2017-11-06 23:44 - 2017-11-06 23:44 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\kpcengine.2.3.dll 2017-03-30 00:32 - 2017-10-11 02:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-11-06 23:28 - 2017-11-06 23:28 - 001105704 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\KasperskyLab.Ksde.NativeInterop.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Users\Wojtek:Heroes & Generals [38] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2017-03-30 07:45 - 2017-03-30 07:42 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-1883005379-2761239155-3550619939-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\Control Panel\Desktop\\Wallpaper -> e:\pulpit\tapeta.jpg DNS Servers: 82.163.142.8 - 95.211.158.136 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\...\StartupApproved\Run: => "ManyCam" HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\...\StartupApproved\Run: => "GalaxyClient" HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\...\StartupApproved\Run: => "EADM" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{85394E26-5A97-443D-A55A-B7FDF5B5BE07}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{7340C8F4-4311-47D9-A6BE-06A9D8680B90}] => (Allow) C:\Users\Wojtek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E845E8B5-B1ED-497F-B5B3-9F94E31E0473}] => (Allow) C:\Users\Wojtek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{C2D5BE23-E4A2-400A-89CC-86FC6AEF0ABC}] => (Allow) C:\Users\Wojtek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0F4462C1-3576-49FF-B8A4-D127051BF797}] => (Allow) C:\Users\Wojtek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EA7300DD-8A68-42B7-A3D1-BE8D62573387}] => (Allow) C:\Users\Wojtek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6E328664-8066-42B5-853D-A42FACA2488C}] => (Allow) C:\Users\Wojtek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [UDP Query User{24BB3797-9150-4F64-BFF9-F3CD061DA160}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe FirewallRules: [TCP Query User{24E84830-2AC9-49E1-912A-610F3EF82971}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe FirewallRules: [{67DE66CD-39B2-46C1-9031-C57F947D9FB2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe FirewallRules: [{7832B4CF-7564-4035-BC4E-C8527AF5D744}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe FirewallRules: [{72164FB8-0C1E-4EB3-9035-005C67FD8B37}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{6EC6FADF-E326-413A-B3EB-BB6D90458CD0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{7866482A-9593-4879-83A0-6450779065FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{FC07DA8B-2CD8-4446-8614-8FFA892EAB9B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{350858EA-2871-49E6-AB36-1198A140C977}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{AE5FE2A5-6466-4025-8CCC-EE4DF91CFB46}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{11E69589-E047-461F-81DC-7E58A920F169}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{CE5B6A68-20CB-4566-AAAC-A1D9B0985423}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{99862979-363D-41CA-86C9-CFD791FF35E6}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{92196CE7-312E-4591-A3CA-4145EFED2890}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{3026176F-8CBC-4FAE-8713-DB9CE13A3828}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe FirewallRules: [UDP Query User{A5178D90-4293-4DBA-B2EC-CD10888FF993}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe FirewallRules: [{EEC487CA-4BE7-4635-ACE7-554C9188F0A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{08E8EAEB-92E4-4F7C-8537-AF2A4DE57712}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{AF0CFE60-5C99-431B-913A-B64F424B70AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{9EF80308-785A-4B16-A205-5C25A025EC70}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{59A20C9F-F724-4D09-9DBA-DBD198B91CCD}C:\users\wojtek\desktop\gry\dead.cells.update.13.05.2017\deadcells.exe] => (Allow) C:\users\wojtek\desktop\gry\dead.cells.update.13.05.2017\deadcells.exe FirewallRules: [UDP Query User{F14B26A2-27D2-49D0-A818-ED2664097F6F}C:\users\wojtek\desktop\gry\dead.cells.update.13.05.2017\deadcells.exe] => (Allow) C:\users\wojtek\desktop\gry\dead.cells.update.13.05.2017\deadcells.exe FirewallRules: [{5FB89A56-F49D-4FC7-A1A1-E85997A83A4E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{96B0C0C2-1AE6-455F-96E3-4ED961B9CE54}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [TCP Query User{BD953A3F-5BBE-4B2C-8FE0-67672B0B61B2}C:\users\wojtek\appdata\roaming\utorrent\updates\3.5.0_44090.exe] => (Allow) C:\users\wojtek\appdata\roaming\utorrent\updates\3.5.0_44090.exe FirewallRules: [UDP Query User{29D4B083-0690-461C-B339-F153658E8AD2}C:\users\wojtek\appdata\roaming\utorrent\updates\3.5.0_44090.exe] => (Allow) C:\users\wojtek\appdata\roaming\utorrent\updates\3.5.0_44090.exe FirewallRules: [{B18CAEEA-5B35-4E77-AB72-EDB72693061F}] => (Allow) C:\Program Files\Opera\48.0.2685.50\opera.exe FirewallRules: [{9451B05F-FCF8-4E32-84BA-542FF092547A}] => (Allow) C:\Program Files\Opera\48.0.2685.52\opera.exe FirewallRules: [{272F8949-21C4-46A3-B104-458D4A4D1482}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{C9232FE6-E3C6-4DF5-8E00-2448B9F6F237}] => (Allow) D:\Nowy folder\Aragami\Aragami.exe FirewallRules: [{DB187A91-4ECB-4AE0-85CF-09EAA3156A16}] => (Allow) D:\Nowy folder\Aragami\Aragami.exe FirewallRules: [{578CDFF0-2F45-40E8-9237-94F8398B1A1D}] => (Allow) D:\Nowy folder\Need for Speed\NFS16.exe FirewallRules: [{D23D9E26-FF56-4C5A-9075-7385F0A8903C}] => (Allow) D:\Nowy folder\Need for Speed\NFS16.exe FirewallRules: [{CFC404D7-22A6-4785-8941-69824A3B8124}] => (Allow) D:\Nowy folder\Need for Speed\NFS16_trial.exe FirewallRules: [{C768A75A-FC97-4A45-BF01-D05B6D5C7B9C}] => (Allow) D:\Nowy folder\Need for Speed\NFS16_trial.exe FirewallRules: [{9B1E0D4E-5BA3-41D4-BD45-89DE9C0DBDD5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{34785F4C-FFC1-4894-9CCC-0BBF425D6CBF}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{06688BCF-DC74-4E93-B50F-F34498436159}] => (Allow) C:\Users\Wojtek\AppData\Local\Go!\Application\go.exe FirewallRules: [{02A3121F-7A78-4C7C-84F6-A3E29CAB120D}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe FirewallRules: [{F3A26878-D1D7-4B34-B532-E514CCE97662}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe ==================== Punkty Przywracania systemu ========================= UWAGA: Przywracanie systemu jest wyłączone ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (11/07/2017 07:04:29 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „D:\Program Files (x86)\Audacity\audacity.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Składnik 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Error: (11/07/2017 06:49:25 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „D:\Program Files (x86)\Audacity\audacity.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Składnik 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Error: (11/07/2017 06:49:24 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Błąd podczas aktualizowania stanu na wartość SECURITY_PRODUCT_STATE_OFF. Error: (11/07/2017 06:47:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/07/2017 06:47:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (11/07/2017 06:44:49 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „D:\Program Files (x86)\Audacity\audacity.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Składnik 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Error: (11/07/2017 06:42:40 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Błąd podczas aktualizowania stanu na wartość SECURITY_PRODUCT_STATE_OFF. Error: (11/07/2017 06:37:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/07/2017 06:37:25 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (11/07/2017 06:33:55 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Błąd podczas aktualizowania stanu na wartość SECURITY_PRODUCT_STATE_OFF. Dziennik System: ============= Error: (11/07/2017 06:47:42 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: Nastąpił ponowny rozruch komputera po operacji wykrywania błędów. Wyniki tej operacji były następujące: 0x0000003b (0x00000000c0000005, 0xfffff8001df50b72, 0xffff8401c84d8020, 0x0000000000000000). Zrzut zapisano w: C:\WINDOWS\MEMORY.DMP. Identyfikator raportu: f5aebfd7-e2ff-4e80-a9df-1114531efb26. Error: (11/07/2017 06:47:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Origin Web Helper Service z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (11/07/2017 06:47:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Origin Web Helper Service. Error: (11/07/2017 06:46:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi UeYyDHMzhc0p Updater z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (11/07/2017 06:46:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi CldFlt z powodu następującego błędu: Żądanie nie jest obsługiwane. Error: (11/07/2017 06:46:40 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 18:36:40 na ‎07.‎11.‎2017 było nieoczekiwane. Error: (11/07/2017 06:37:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Origin Web Helper Service z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (11/07/2017 06:37:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Origin Web Helper Service. Error: (11/07/2017 06:36:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi UeYyDHMzhc0p Updater z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (11/07/2017 06:36:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi CldFlt z powodu następującego błędu: Żądanie nie jest obsługiwane. CodeIntegrity: =================================== Date: 2017-08-13 10:12:19.596 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-06 15:05:47.133 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz Procent pamięci w użyciu: 36% Całkowita pamięć fizyczna: 6088 MB Dostępna pamięć fizyczna: 3884.9 MB Całkowita pamięć wirtualna: 11368 MB Dostępna pamięć wirtualna: 9000.22 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:123.51 GB) (Free:88.93 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)] Drive d: (novy2) (Fixed) (Total:195.31 GB) (Free:25.21 GB) NTFS Drive e: (novy3) (Fixed) (Total:146.49 GB) (Free:93.73 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C301C301) Partition 1: (Active) - (Size=123.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) Partition 3: (Not Active) - (Size=341.8 GB) - (Type=OF Extended) ==================== Koniec Addition.txt ============================