Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 10-05-2020 Uruchomiony przez Mateusz (10-05-2020 00:07:22) Uruchomiony z C:\Users\Mateusz\Downloads Windows 10 Pro Wersja 1909 18363.778 (X64) (2020-03-19 11:23:39) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-330719071-74167495-820415541-500 - Administrator - Disabled) Gość (S-1-5-21-330719071-74167495-820415541-501 - Limited - Disabled) Konto domyślne (S-1-5-21-330719071-74167495-820415541-503 - Limited - Disabled) Mateusz (S-1-5-21-330719071-74167495-820415541-1001 - Administrator - Enabled) => C:\Users\Mateusz WDAGUtilityAccount (S-1-5-21-330719071-74167495-820415541-504 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Norton 360 (Disabled - Out of date) {A2708B76-6835-6565-CB96-694212954A75} AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\uTorrent) (Version: 3.5.5.45449 - BitTorrent Inc.) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe) Aktualizacje NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden Brackets (HKLM-x32\...\{43086E55-5B37-4DA8-852F-EEC6C75ECFE9}) (Version: 1.14.17770 - brackets.io) CCleaner (HKLM\...\CCleaner) (Version: 5.66 - Piriform) Discord (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\Discord) (Version: 0.0.306 - Discord Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Facebook Gameroom 1.22.7235.32722 (HKLM-x32\...\{2867E3AE-18BA-4BCF-8268-F797A401ED86}) (Version: 1.22.7235.32722 - Facebook) FACEIT (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\FACEITApp) (Version: 1.24.0 - FACEIT Ltd.) FACEIT AC version 2.0 (HKLM\...\{1419E44C-0EF4-4822-9194-9F1A4D43973D}_is1) (Version: 2.0 - FACEIT LTD) foobar2000 v1.5.2 (HKLM-x32\...\foobar2000) (Version: 1.5.2 - Peter Pawlowski) GCFScape 1.8.6 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 3.10.3 - ) Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes) MediaInfo 20.03 (HKLM\...\MediaInfo) (Version: 20.03 - MediaArea.net) MEmu (HKLM-x32\...\MEmu) (Version: 7.1.6.0 - Microvirt Software Technology Co. Ltd.) Microsoft Office 365 ProPlus - pl-pl (HKLM\...\O365ProPlusRetail - pl-pl) (Version: 16.0.12730.20236 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\Teams) (Version: 1.3.00.362 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.20.27508 (HKLM-x32\...\{7b178cda-9740-4701-a92a-f168d213b343}) (Version: 14.20.27508.1 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.20.27508 (HKLM-x32\...\{8c3f057e-d6a6-4338-ac6a-f1c795a6577b}) (Version: 14.20.27508.1 - Microsoft Corporation) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.20.3.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.3.63 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation) NVIDIA Sterownik graficzny 442.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.74 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.4 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12730.20206 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12730.20206 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0415-1000-0000000FF1CE}) (Version: 16.0.12730.20206 - Microsoft Corporation) Hidden Opera GX Stable 67.0.3575.130 (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\Opera GX 67.0.3575.130) (Version: 67.0.3575.130 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 10.5.69.40136 - Electronic Arts, Inc.) Pomocnik Hamstera (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\Pomocnik Hamstera) (Version: - ) Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.) Sandboxie 5.33.3 (64-bit) (HKLM\...\Sandboxie) (Version: 5.33.3 - Sandboxie Holdings, LLC) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.362 - Microsoft Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.3.2 - TeamSpeak Systems GmbH) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.5.3 - TeamViewer) VALORANT (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc) VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software) VEGAS Pro 17.0 (HKLM\...\{E649B5F0-B27C-11E9-B856-A5146957F833}) (Version: 17.0.284 - VEGAS) VMware Workstation (HKLM\...\{067A1C2B-0B50-4B40-A29A-01FD37620D9D}) (Version: 15.5.2 - VMware, Inc.) Wargaming.net Game Center (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\Wargaming.net Game Center) (Version: 20.1.1.9717 - Wargaming.net) WinRAR 5.80 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH) World_of_Warships_EU (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\WOWS.EU.PRODUCTION) (Version: - Wargaming.net) Zoom (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.) Packages: ========= Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.5.9.0_x86__kgqvnymyfvs32 [2020-03-19] (king.com) Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.33.4.0_x86__kgqvnymyfvs32 [2020-03-19] (king.com) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-19] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-19] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2020-03-19] (Microsoft Studios) [MS Ad] MSN Pogoda -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20503.0_x64__8wekyb3d8bbwe [2020-03-19] (Microsoft Corporation) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2020-03-20] (NVIDIA Corp.) Poczta i Kalendarz -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe [2020-03-19] (Microsoft Corporation) [MS Ad] Rozszerzenie wideo MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-03-31] (Microsoft Corporation) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0 [2020-03-19] (Spotify AB) [Startup Task] ==================== Niestandardowe rejestracje CLSID (filtrowane): ============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19317.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19317.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => D:\VmWare\vmdkShellExt.dll [2020-03-07] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => D:\VmWare\x64\vmdkShellExt64.dll [2020-03-07] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f5de485bfda7bb25\nvshext.dll [2020-03-16] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-25] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (filtrowane) ==================== ==================== Skróty & WMI ======================== ==================== Załadowane moduły (filtrowane) ============= 2020-03-19 13:56 - 2020-03-16 15:05 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\LIBEAY32.dll 2020-03-19 13:56 - 2020-03-16 15:06 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\ssleay32.dll 2020-03-19 13:56 - 2020-03-19 13:56 - 001611264 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\platforms\qwindows.dll 2020-05-01 13:50 - 2020-03-19 13:56 - 005487104 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\Qt5Core.dll 2020-05-01 13:50 - 2020-03-19 13:56 - 005841920 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\Qt5Gui.dll 2020-05-01 13:50 - 2020-03-19 13:56 - 001179136 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\Qt5Network.dll 2020-05-01 13:50 - 2020-03-19 13:56 - 000146432 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\Qt5WebSockets.dll 2020-05-01 13:50 - 2020-03-19 13:56 - 005089792 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\Qt5Widgets.dll 2020-05-01 13:50 - 2020-03-19 13:56 - 000184832 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\Qt5Xml.dll ==================== Alternate Data Streams (filtrowane) ======== (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [490] ==================== Tryb awaryjny (filtrowane) ================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) ================= ==================== Internet Explorer - Witryny zaufane i z ograniczeniami ========== ==================== Hosts - zawartość: ========================= (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2020-03-19 13:11 - 2020-05-04 13:29 - 000001334 _____ C:\WINDOWS\system32\drivers\etc\hosts 0.0.0.0 analytics.ff.avast.com 0.0.0.0 analytics.ns1.ff.avast.com 0.0.0.0 v7event.stats.avcdn.net 0.0.0.0 v7.stats.avcdn.net 0.0.0.0 flow.lavasoft.com 0.0.0.0 telemetry.malwarebytes.com 0.0.0.0 ws.mcafee.com 0.0.0.0 analytics.ccs.mcafee.com 0.0.0.0 analyticsdcs.ccs.mcafee.com 0.0.0.0 carcharodon.trendmicro.com ==================== Inne obszary =========================== (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-330719071-74167495-820415541-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Zapora systemu Windows [funkcja włączona] Network Binding: ============= Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled) VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Załączenie wejścia w fixlist spowoduje jego usunięcie.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run: => "Riot Vanguard" HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKLM\...\StartupApproved\Run32: => "vmware-tray.exe" HKLM\...\StartupApproved\Run32: => "ClamWin" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_AD39DCBBF0C8E335115CF32EE510DE61" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "FACEIT" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "Gaijin.Net Updater" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "Wargaming.net Game Center" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "EADM" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== Reguły Zapory systemu Windows (filtrowane) ================ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{37F2F1E1-025D-4A03-99D1-975EDE96C925}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{046AFA82-D8FC-44D2-BCC1-41974753DBEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{1B5B6034-6595-477B-B6E5-2F876BE5DF76}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{190B7B63-3338-4D5E-B746-725C88C44E4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{47975AF5-D20A-4FA8-AEB2-AE2CEB9918C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{2151F569-C59E-4C15-9502-23457F83C859}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{15B9F471-2F47-4AD4-8F5A-A53C36E343DB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{112F7F61-E9EA-40AA-807C-1329319BCB12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{EB41357E-36A3-46B2-9052-FD4DD57820D2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{7ADBE066-8F62-499E-ABDC-739255AA71C2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{9CBFABA7-9A0F-4FEC-8B0E-56D17BF67D09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{A9E1860B-3E00-46D4-A160-7843EC499075}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [TCP Query User{47B5DCE3-7EDB-43F7-B99A-1D65CF399243}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Inc. -> Node.js) FirewallRules: [UDP Query User{5E90F728-37B1-4FE9-A11E-46A69D8530CC}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Inc. -> Node.js) FirewallRules: [{9A543A30-C862-4D34-A24C-C7A70AEB123D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{36D1CA71-7550-4E61-A533-40E2F9790A81}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{D4BFEA78-D66C-4576-88E8-BF1BE3D06E1B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CA01CC65-B667-4BF5-8641-8B675E992927}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{36E74B42-0B12-4BE8-BC54-6301C04C0BAE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{23C9E2F5-B3BA-4888-9564-B519F13B1CD7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{91C1322F-CDDE-4918-8C01-DB42F74C050B}] => (Allow) D:\VmWare\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{32DDBFB7-5C80-40EA-93FD-208D183299D5}] => (Allow) D:\VmWare\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{099E9927-EB9E-452C-A6D4-DE82F2888B99}] => (Allow) D:\VmWare\vmware-hostd.exe (VMware, Inc. -> ) FirewallRules: [{CB18BAF6-648F-40B7-82CE-3C1C9A07F53C}] => (Allow) D:\VmWare\vmware-hostd.exe (VMware, Inc. -> ) FirewallRules: [{7CCEA5C3-D2B8-4CAF-B71E-0536B3FFDDBF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{4C378349-FAA1-485D-BD36-37C613413591}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{FA94D7E1-12B7-4AB3-B03D-1EF14994F299}D:\warthunder\launcher.exe] => (Allow) D:\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment) FirewallRules: [UDP Query User{E1688922-7E39-4633-A918-FD7526B60D4C}D:\warthunder\launcher.exe] => (Allow) D:\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment) FirewallRules: [TCP Query User{61A377E5-EE90-4D2B-9BA8-50430EB89195}D:\warthunder\win64\aces.exe] => (Allow) D:\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment) FirewallRules: [UDP Query User{50CE6222-DE55-453C-8DF3-C0791DEDF753}D:\warthunder\win64\aces.exe] => (Allow) D:\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment) FirewallRules: [TCP Query User{274AAC95-50BD-4624-B599-B71EEB35A8A7}C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.105\opera.exe] => (Allow) C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.105\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [UDP Query User{FC89AC53-37AC-4BD8-81B7-758B086EF45B}C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.105\opera.exe] => (Allow) C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.105\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [TCP Query User{A576EF73-AD48-4E4E-97B2-E9D70B423D12}D:\wargaming\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\wargaming\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{DA2F2EB4-57B4-4060-A3BC-E2AD4B086DF2}D:\wargaming\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\wargaming\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{216F1798-E19F-442A-8FE5-897770FC9012}] => (Allow) C:\Users\Mateusz\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{453761E1-FCD6-4F75-B991-F1DB0F56C53F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{38D9456E-4317-4E88-8E03-1C46F4148EC5}C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.130\opera.exe] => (Allow) C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.130\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [UDP Query User{9CF78CAE-F922-4244-AD0F-2907BE77C455}C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.130\opera.exe] => (Allow) C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.130\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{8EE161F6-4D50-430C-8E7C-ABFB8B830EB9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{88C85A00-F9D3-4781-A7F1-EDAAE1AEC0B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B6EC5BC9-9C5B-4E29-9C6C-8E396E3E8088}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{42C5B93E-0F4F-409A-82F5-17151E9CC68A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{9089A97D-2D88-49E4-A447-30977FC9C516}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{8E419571-2538-4628-82D8-6BE1910CBD33}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{B3BF4A44-6411-47CC-8410-5E7BEEC20F9A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{6D3AA9FF-0B67-4C5D-A650-02D788839652}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{15C3D9A0-AA30-4F8B-910A-7C80431E3CDF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{022D50B9-F2CA-466D-9BC7-4B1DADEC51CC}C:\users\mateusz\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mateusz\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{3C80487A-8422-4D6D-A003-B364F30091BD}C:\users\mateusz\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mateusz\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) ==================== Punkty Przywracania systemu ========================= UWAGA: Przywracanie systemu jest wyłączone (Total:110.64 GB) (Free:17.81 GB) (16%) ==================== Wadliwe urządzenia w Menedżerze urządzeń ============ ==================== Błędy w Dzienniku zdarzeń: ======================== Dziennik Aplikacja: ================== Error: (05/10/2020 12:06:44 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (05/10/2020 12:06:32 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (05/10/2020 12:04:35 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (05/10/2020 12:04:31 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (05/10/2020 12:02:28 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (05/10/2020 12:02:16 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (05/10/2020 12:02:01 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (05/10/2020 12:00:37 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury CoCreateInstance. hr = 0x8007045b, Trwa proces zamykania systemu. . Dziennik System: ============= Error: (05/10/2020 12:04:49 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JLSG7MF) Description: Serwer {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (05/10/2020 12:04:49 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JLSG7MF) Description: Serwer {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (05/10/2020 12:04:49 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JLSG7MF) Description: Serwer {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (05/10/2020 12:04:49 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JLSG7MF) Description: Serwer {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (05/10/2020 12:04:49 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JLSG7MF) Description: Serwer {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (05/10/2020 12:04:48 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JLSG7MF) Description: Serwer {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (05/10/2020 12:04:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Origin Web Helper Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (05/10/2020 12:04:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa NVIDIA LocalSystem Container niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 6000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Windows Defender: =================================== Date: 2020-05-09 23:59:23.277 Description: Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Vbinder.CO&threatid=2147652688&enterprise=0 Nazwa: VirTool:Win32/Vbinder.CO Identyfikator: 2147652688 Ważność: Poważny Kategoria: Narzędzie Ścieżka: file:_C:\Users\Mateusz\AppData\LocalLow\IGDump\gywoxgwumtvdiqqkqctvglutefxgtupl\gywoxgwumtvdiqqkqctvglutefxgtupl.ext Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: DESKTOP-JLSG7MF\Mateusz Nazwa procesu: C:\Users\Mateusz\AppData\LocalLow\IGDump\gywoxgwumtvdiqqkqctvglutefxgtupl\ig.exe Wersja analizy zabezpieczeń: AV: 1.315.322.0, AS: 1.315.322.0, NIS: 1.315.322.0 Wersja aparatu: AM: 1.1.17000.7, NIS: 1.1.17000.7 Date: 2020-05-09 23:11:49.254 Description: Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0 Nazwa: Trojan:Win32/Tiggre!plock Identyfikator: 2147723626 Ważność: Poważny Kategoria: Koń trojański Ścieżka: file:_C:\Users\Mateusz\Downloads\pliki\openbullet\Openbullet-1_4_1-Mhmmmm\Openbullet\Anomaly_Updater.exe Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: DESKTOP-JLSG7MF\Mateusz Nazwa procesu: D:\VMware\vmware.exe Wersja analizy zabezpieczeń: AV: 1.315.322.0, AS: 1.315.322.0, NIS: 1.315.322.0 Wersja aparatu: AM: 1.1.17000.7, NIS: 1.1.17000.7 Date: 2020-05-09 23:11:49.247 Description: Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0 Nazwa: Trojan:Win32/Tiggre!rfn Identyfikator: 2147723625 Ważność: Poważny Kategoria: Koń trojański Ścieżka: file:_C:\Users\Mateusz\Downloads\Cracking Pack by rappa\Cracking Pack by rappa\2. Dork generating\TSP Dork generator v.15.0.exe; file:_C:\Users\Mateusz\Downloads\Cracking Pack by rappa\Cracking Pack by rappa\3. Link Gathering\Newer ezdork, use if u want\Searcher Cracked .exe; file:_C:\Users\Mateusz\Downloads\Cracking Pack by rappa\Cracking Pack by rappa\5. Combo Dumping\SQli dumper 8.3\sqli dumper.exe; file:_C:\Users\Mateusz\Downloads\Cracking Pack by rappa\Cracking Pack by rappa\5. Combo Dumping\SQli dumper 8.3\sqli dumper.exe ; file:_C:\Users\Mateusz\Downloads\SQLi Dumper 8.3 Clean\SQLi Dumper 8.3 Clean\SQLi Dumper.exe Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: DESKTOP-JLSG7MF\Mateusz Nazwa procesu: D:\VMware\vmware.exe Wersja analizy zabezpieczeń: AV: 1.315.322.0, AS: 1.315.322.0, NIS: 1.315.322.0 Wersja aparatu: AM: 1.1.17000.7, NIS: 1.1.17000.7 Date: 2020-05-09 23:11:42.278 Description: Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0 Nazwa: Trojan:Win32/Tiggre!plock Identyfikator: 2147723626 Ważność: Poważny Kategoria: Koń trojański Ścieżka: file:_C:\Users\Mateusz\Downloads\pliki\openbullet\Openbullet-1_4_1-Mhmmmm\Openbullet\Anomaly_Updater.exe Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: DESKTOP-JLSG7MF\Mateusz Nazwa procesu: D:\VMware\vmware.exe Wersja analizy zabezpieczeń: AV: 1.315.322.0, AS: 1.315.322.0, NIS: 1.315.322.0 Wersja aparatu: AM: 1.1.17000.7, NIS: 1.1.17000.7 Date: 2020-05-09 23:11:42.235 Description: Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0 Nazwa: Trojan:Win32/Tiggre!rfn Identyfikator: 2147723625 Ważność: Poważny Kategoria: Koń trojański Ścieżka: file:_C:\Users\Mateusz\Downloads\Cracking Pack by rappa\Cracking Pack by rappa\2. Dork generating\TSP Dork generator v.15.0.exe; file:_C:\Users\Mateusz\Downloads\Cracking Pack by rappa\Cracking Pack by rappa\3. Link Gathering\Newer ezdork, use if u want\Searcher Cracked .exe; file:_C:\Users\Mateusz\Downloads\Cracking Pack by rappa\Cracking Pack by rappa\5. Combo Dumping\SQli dumper 8.3\sqli dumper.exe; file:_C:\Users\Mateusz\Downloads\Cracking Pack by rappa\Cracking Pack by rappa\5. Combo Dumping\SQli dumper 8.3\sqli dumper.exe ; file:_C:\Users\Mateusz\Downloads\SQLi Dumper 8.3 Clean\SQLi Dumper 8.3 Clean\SQLi Dumper.exe Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: DESKTOP-JLSG7MF\Mateusz Nazwa procesu: D:\VMware\vmware.exe Wersja analizy zabezpieczeń: AV: 1.315.322.0, AS: 1.315.322.0, NIS: 1.315.322.0 Wersja aparatu: AM: 1.1.17000.7, NIS: 1.1.17000.7 CodeIntegrity: =================================== Date: 2020-05-04 12:45:28.932 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-04 12:45:19.388 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-02 22:15:17.468 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-05-02 22:15:17.342 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-05-02 22:15:17.150 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-05-02 22:15:12.036 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-05-02 22:12:33.513 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-02 22:12:33.487 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements. ==================== Statystyki pamięci =========================== BIOS: American Megatrends Inc. F4 11/09/2017 Płyta główna: Gigabyte Technology Co., Ltd. Z370M D3H-CF Procesor: Intel(R) Core(TM) i3-8100 CPU @ 3.60GHz Procent pamięci w użyciu: 37% Całkowita pamięć fizyczna: 8143.61 MB Dostępna pamięć fizyczna: 5072.24 MB Całkowita pamięć wirtualna: 12495.61 MB Dostępna pamięć wirtualna: 8371.09 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:110.64 GB) (Free:17.81 GB) NTFS Drive d: (Dysk lokalny) (Fixed) (Total:465.76 GB) (Free:99.97 GB) NTFS \\?\Volume{721befa5-8f09-4173-b701-e006c103182d}\ (Odzyskiwanie) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS \\?\Volume{fb9fe135-930b-42fc-9e60-61d90c620e36}\ () (Fixed) (Total:0.54 GB) (Free:0.08 GB) NTFS \\?\Volume{ca687e66-f91a-4276-9fc0-472465373a3b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Tablica partycji ==================== ========================================================== Disk: 0 (Size: 111.8 GB) (Disk ID: 2B9A19AE) Partition: GPT. ========================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: 97BE5B6A) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt =======================