Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 30-10-2019 01 Uruchomiony przez Dybka (31-10-2019 17:54:28) Uruchomiony z C:\Users\Dybka\Downloads Windows 10 Pro Wersja 1903 18362.418 (X64) (2019-10-03 15:57:23) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-762045367-3458221261-1261059786-500 - Administrator - Disabled) Dybka (S-1-5-21-762045367-3458221261-1261059786-1001 - Administrator - Enabled) => C:\Users\Dybka Gość (S-1-5-21-762045367-3458221261-1261059786-501 - Limited - Disabled) Konto domyślne (S-1-5-21-762045367-3458221261-1261059786-503 - Limited - Disabled) postgres (S-1-5-21-762045367-3458221261-1261059786-1002 - Limited - Enabled) => C:\Users\postgres WDAGUtilityAccount (S-1-5-21-762045367-3458221261-1261059786-504 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 7-Zip 19.01 alpha (x64) (HKLM\...\7-Zip) (Version: 19.01 alpha - Igor Pavlov) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated) Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated) Aktualizacje NVIDIA 38.0.1.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.1.0 - NVIDIA Corporation) Hidden Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team) Blackmagic RAW (HKLM\...\{6C2CD21E-9D47-4C21-876B-F78244EC57FB}) (Version: 1.5 - Blackmagic Design) Blackmagic RAW SDK (HKLM\...\{F87AECF3-F6F8-4E33-82BA-726865BD8187}) (Version: 1.3.0.0 - Blackmagic Design) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.) Control Center 5.0001.0.90 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 5.0001.0.90 - ) Control Center 5.0001.0.90 (HKLM-x32\...\{F5EFDD28-E07A-4B85-8385-557D9B8F38DD}) (Version: 5.0001.0.90 - Default Company Name) Hidden CopyTrans Control Center Remove Only (HKU\S-1-5-21-762045367-3458221261-1261059786-1001\...\CopyTrans Suite) (Version: 4.100 - WindSolutions) CPUID HWMonitor 1.35 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.35 - CPUID, Inc.) DaVinci Resolve (HKLM\...\{0380614B-ED5B-42AE-9BFB-04743B89D37D}) (Version: 16.1.0055 - Blackmagic Design) DaVinci Resolve Panels (HKLM\...\{74ADC138-4768-4C5D-8123-B17527E513B5}) (Version: 1.3.1.0 - Blackmagic Design) Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.10 - Blackmagic Design) Fairlight Studio Utility (HKLM\...\{4DA4E2EC-38A6-487A-9A74-D7687A2FF1A5}) (Version: 1.1.0.0 - Blackmagic Design) GIMP 2.10.6 (HKLM\...\GIMP-2_is1) (Version: 2.10.6 - The GIMP Team) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.8 - Insyde Corporation) Intel Extreme Tuning Utility (HKLM-x32\...\{1d91bf86-43a0-4b7a-8fdf-76c3bfb5a36f}) (Version: 6.4.1.23 - Intel Corporation) Intel Extreme Tuning Utility (HKLM-x32\...\{FA506D5A-CCF5-4D4D-A218-FFB31F36EACF}) (Version: 6.4.1.23 - Intel Corporation) Hidden Intel(R) Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation) iTunes (HKLM\...\{02BC119C-5817-4851-B854-1A6FA5FA0F1B}) (Version: 12.9.4.102 - Apple Inc.) Malwarebytes (wersja 3.8.3.2965) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Microsoft Office 365 ProPlus - pl-pl (HKLM\...\O365ProPlusRetail - pl-pl) (Version: 16.0.12026.20344 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-762045367-3458221261-1261059786-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-762045367-3458221261-1261059786-1001\...\Teams) (Version: 1.2.00.19260 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20344 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20344 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0415-1000-0000000FF1CE}) (Version: 16.0.12026.20344 - Microsoft Corporation) Hidden OpenOffice 4.1.5 (HKLM-x32\...\{7076105B-6FE8-464A-AC28-FFBB2686B68F}) (Version: 4.15.9789 - Apache Software Foundation) Pakiet sterowników systemu Windows - Silicon Laboratories Inc. (silabser) Ports (05/23/2018 6.7.6.2130) (HKLM\...\C9C3E5CCB43EEF685DD0E2BB4263DDC88C9B3834) (Version: 05/23/2018 6.7.6.2130 - Silicon Laboratories Inc.) Panel sterowania NVIDIA 436.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 436.30 - NVIDIA Corporation) Hidden PostgreSQL 9.5 (HKLM\...\PostgreSQL 9.5) (Version: 9.5 - PostgreSQL Global Development Group) RawTherapee (wersja 5.7) (HKLM\...\RawTherapee5.7_is1) (Version: 5.7 - rawtherapee.com) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21288 - Realtek Semiconduct Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8172 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.19260 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden uTorrent Web (HKU\S-1-5-21-762045367-3458221261-1261059786-1001\...\utweb) (Version: 1.0.5 - BitTorrent, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN) WinRAR 5.61 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH) World of Tanks (HKLM-x32\...\World of Tanks) (Version: - ) Packages: ========= Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-07-22] (Adobe Systems Incorporated) Dodatek Aparat multimediów dla aplikacji Zdjęcia -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-27] (Microsoft Corporation) Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.1.2925.0_x64__rh07ty8m5nkag [2019-09-28] (Rivet Networks LLC) [Startup Task] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-04] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-04] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-09] (Microsoft Studios) [MS Ad] MSN Pogoda -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-04] (Microsoft Corporation) [MS Ad] Poczta i Kalendarz -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-10-04] (Microsoft Corporation) [MS Ad] Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_1.0.21991.0_x64__8wekyb3d8bbwe [2019-10-27] (Microsoft Corporation) ==================== Niestandardowe rejestracje CLSID (filtrowane): ============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-762045367-3458221261-1261059786-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-C8EBD7443830} -> [Creative Cloud Files] => C:\Users\Dybka\Creative Cloud Files [2019-07-22 12:37] CustomCLSID: HKU\S-1-5-21-762045367-3458221261-1261059786-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Dybka\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19163.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-762045367-3458221261-1261059786-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Dybka\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19163.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-10-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-10-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-10-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-10-27] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (filtrowane) ==================== ==================== Skróty & WMI ======================== ==================== Załadowane moduły (filtrowane) ============= 2018-08-11 10:10 - 2016-08-09 06:13 - 000183296 _____ () [Brak podpisu cyfrowego] C:\Program Files\PostgreSQL\9.5\bin\LIBPQ.dll 2018-08-11 10:11 - 2016-07-27 09:08 - 002264576 _____ () [Brak podpisu cyfrowego] C:\Program Files\PostgreSQL\9.5\bin\libxml2.dll 2018-08-11 10:11 - 2015-08-26 09:40 - 001687930 _____ (Free Software Foundation) [Brak podpisu cyfrowego] C:\Program Files\PostgreSQL\9.5\bin\libiconv-2.dll 2018-08-11 10:11 - 2015-08-26 09:40 - 000685350 _____ (Free Software Foundation) [Brak podpisu cyfrowego] C:\Program Files\PostgreSQL\9.5\bin\libintl-8.dll 2019-10-30 14:57 - 2019-09-05 06:00 - 000076800 _____ (Igor Pavlov) [Brak podpisu cyfrowego] C:\Program Files\7-Zip\7-zip.dll 2018-08-11 10:11 - 2016-05-05 07:35 - 001655808 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Brak podpisu cyfrowego] C:\Program Files\PostgreSQL\9.5\bin\LIBEAY32.dll 2018-08-11 10:11 - 2016-05-05 07:35 - 000349696 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Brak podpisu cyfrowego] C:\Program Files\PostgreSQL\9.5\bin\SSLEAY32.dll 2019-04-07 12:18 - 2015-12-12 14:46 - 002037248 _____ (TODO: <公司名稱>) [Brak podpisu cyfrowego] C:\Program Files (x86)\Hotkey\powerlife.dll ==================== Alternate Data Streams (filtrowane) ======== ==================== Tryb awaryjny (filtrowane) ================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) ================= ==================== Internet Explorer - Witryny zaufane i z ograniczeniami ========== ==================== Hosts - zawartość: ========================= (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2019-10-30 21:16 - 2019-10-30 21:16 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Inne obszary =========================== (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-762045367-3458221261-1261059786-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dybka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-762045367-3458221261-1261059786-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Załączenie wejścia w fixlist spowoduje jego usunięcie.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeUpdateService => 2 MSCONFIG\Services: AGMService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: WpcMonSvc => 3 MSCONFIG\Services: WsAppService => 2 MSCONFIG\Services: WSearch => 2 MSCONFIG\Services: XblAuthManager => 3 MSCONFIG\Services: XblGameSave => 3 MSCONFIG\Services: XboxGipSvc => 3 MSCONFIG\Services: XboxNetApiSvc => 3 MSCONFIG\Services: xTendSoftAPService => 2 MSCONFIG\Services: xTendUtilityService => 2 HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "BrStsMon00" HKLM\...\StartupApproved\Run32: => "ControlCenter3" HKU\S-1-5-21-762045367-3458221261-1261059786-1001\...\StartupApproved\Run: => "CCXProcess" ==================== Reguły Zapory systemu Windows (filtrowane) ================ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{5742A142-6ECF-4B19-B343-80A91168ED28}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{89C2628B-8FE8-4495-940D-CC61DF4EF3BA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{990A5CD3-B16D-41E9-8BEC-A31EEEBF1016}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{2042F6E5-CEA9-43E8-90BF-ACF1C9487A7E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{DBE16210-5412-4308-A00C-93ADD147B619}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C2A5F2C6-CF68-4FAC-8E39-D410951F89B2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{56854037-7AA1-4FDD-A85B-48CF5B67A7F2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{ACF0C5F4-15CC-4D2F-B90A-1B85D0461ECD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1ACBF3A0-5D99-41B4-BE29-FB8AFFB9C8DE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F60B51DF-1AE7-4254-9E5D-44A98A230B28}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3EAA3622-B18F-4224-81D4-67DD6B34E55B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D2983ADC-A7E0-429E-86F8-BAC78E5BB0F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{69B7AF5A-5FBF-4A8D-A3AF-C2110BFDFA99}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{63927892-175B-40F9-9C55-06C751D35932}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{11CAC925-2D9C-44F6-8CAC-9218224FE537}] => (Allow) C:\Users\Dybka\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [Brak podpisu cyfrowego] FirewallRules: [{3A70206A-D1A7-4B70-BC88-732F1C064DE7}] => (Allow) C:\Users\Dybka\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [Brak podpisu cyfrowego] ==================== Punkty Przywracania systemu ========================= 31-10-2019 11:09:19 Zaplanowany punkt kontrolny ==================== Wadliwe urządzenia w Menedżerze urządzeń ============ ==================== Błędy w Dzienniku zdarzeń: ======================== Dziennik Aplikacja: ================== Error: (10/31/2019 05:49:44 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (1540,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/31/2019 04:49:54 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7392,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/31/2019 04:08:37 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (1240,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/31/2019 03:53:10 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (10784,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/31/2019 03:15:13 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (13388,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/31/2019 03:03:14 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (9328,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/31/2019 02:58:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: utweb.exe, wersja: 1.0.5.1933, sygnatura czasowa: 0x5daa5acf Nazwa modułu powodującego błąd: utweb.exe, wersja: 1.0.5.1933, sygnatura czasowa: 0x5daa5acf Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000fc05c Identyfikator procesu powodującego błąd: 0x32c0 Godzina uruchomienia aplikacji powodującej błąd: 0x01d58fd06ca0569f Ścieżka aplikacji powodującej błąd: C:\Users\Dybka\AppData\Roaming\uTorrent Web\utweb.exe Ścieżka modułu powodującego błąd: C:\Users\Dybka\AppData\Roaming\uTorrent Web\utweb.exe Identyfikator raportu: 3f69b67e-9ab9-48a0-be39-a4399b7516f8 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (10/31/2019 02:50:46 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7188,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Dziennik System: ============= Error: (10/31/2019 03:02:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Error: (10/31/2019 03:02:57 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Dybka\AppData\Local\Temp\ehdrv.sys Error: (10/31/2019 03:02:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Error: (10/31/2019 03:02:57 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Dybka\AppData\Local\Temp\ehdrv.sys Error: (10/31/2019 03:02:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Error: (10/31/2019 03:02:57 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Dybka\AppData\Local\Temp\ehdrv.sys Error: (10/31/2019 03:02:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Error: (10/31/2019 03:02:57 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Dybka\AppData\Local\Temp\ehdrv.sys Windows Defender: =================================== Date: 2019-10-25 20:19:32.588 Description: Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.C!cl&threatid=2147718736&enterprise=0 Nazwa: Trojan:Win32/Fuery.C!cl Identyfikator: 2147718736 Ważność: Poważny Kategoria: Koń trojański Ścieżka: containerfile:_C:\Users\Dybka\Downloads\adobe lightroom cc 2.0.1_8893611.iso; file:_C:\Users\Dybka\Downloads\adobe lightroom cc 2.0.1_8893611.iso->adobe lightroom cc 2.0.1-096644f.exe; webfile:_C:\Users\Dybka\Downloads\adobe lightroom cc 2.0.1_8893611.iso|http://aqirivekap.tk/?hhLbb=RpCLlt&BiivD=Hzr27eRJpFcgmOT21G0WOX425R2LtrZMaQ&7b1f2c57b24=1ebEda0a51e8157b6439fe3359389f632e50ai0D&eD=ps6WT7h1dydhqWJQTIXNrE|pid:17788,ProcessStart:132160558699578617 Pochodzenie wykrycia: Internet Typ wykrycia: FastPath Źródło wykrycia: Pobrania i załączniki Użytkownik: DESKTOP-52PDLHR\Dybka Nazwa procesu: Unknown Wersja analizy zabezpieczeń: AV: 1.305.576.0, AS: 1.305.576.0, NIS: 1.305.576.0 Wersja aparatu: AM: 1.1.16500.1, NIS: 1.1.16500.1 Date: 2019-10-25 20:19:18.013 Description: Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.C!cl&threatid=2147718736&enterprise=0 Nazwa: Trojan:Win32/Fuery.C!cl Identyfikator: 2147718736 Ważność: Poważny Kategoria: Koń trojański Ścieżka: containerfile:_C:\Users\Dybka\Downloads\adobe lightroom cc 2.0.1_4fcac4c.iso; file:_C:\Users\Dybka\Downloads\adobe lightroom cc 2.0.1_4fcac4c.iso->adobe lightroom cc 2.0.1-03da7e1.exe; webfile:_C:\Users\Dybka\Downloads\adobe lightroom cc 2.0.1_4fcac4c.iso|http://aqirivekap.tk/?LoGQ=uxencXQFuWuKN7Jon&DbZ3=vc5sRwQERvoCHm5Xs7QhfOcPe&7b1f2c57b24=ul0a8cb7888c4657e8b1b71d7444dafd624b&CES=745NFUk8mOaJlITqGW37SCBkdxsR|pid:17788,ProcessStart:132160558699578617 Pochodzenie wykrycia: Internet Typ wykrycia: FastPath Źródło wykrycia: Pobrania i załączniki Użytkownik: DESKTOP-52PDLHR\Dybka Nazwa procesu: Unknown Wersja analizy zabezpieczeń: AV: 1.305.576.0, AS: 1.305.576.0, NIS: 1.305.576.0 Wersja aparatu: AM: 1.1.16500.1, NIS: 1.1.16500.1 Date: 2019-10-21 14:09:41.594 Description: Skanowanie produktu Program antywirusowy Windows Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {67093089-8F18-4863-913F-8E70C3D44D2A} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2019-10-08 13:52:58.804 Description: Skanowanie produktu Program antywirusowy Windows Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {3DB0AC1E-033E-4D53-B52F-0861E7EF15B0} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2019-10-04 19:59:03.476 Description: Skanowanie produktu Program antywirusowy Windows Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {CDB699B8-9360-4EC9-97FC-725DFC77257A} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM CodeIntegrity: =================================== Date: 2019-10-31 17:52:53.375 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2019-10-31 17:52:26.186 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2019-10-31 17:39:28.046 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2019-10-31 17:05:28.154 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2019-10-31 17:04:17.424 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2019-10-31 17:03:52.338 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2019-10-31 16:44:53.948 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2019-10-31 16:42:31.473 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Statystyki pamięci =========================== BIOS: American Megatrends Inc. 1.06.04 12/21/2016 Płyta główna: Notebook P775DM3(-G) Procesor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz Procent pamięci w użyciu: 39% Całkowita pamięć fizyczna: 16299.99 MB Dostępna pamięć fizyczna: 9937.48 MB Całkowita pamięć wirtualna: 25515.99 MB Dostępna pamięć wirtualna: 17216.19 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:146.19 GB) (Free:14.74 GB) NTFS Drive d: (A004) (Fixed) (Total:931.48 GB) (Free:34.82 GB) exFAT Drive e: () (Fixed) (Total:341.79 GB) (Free:15.87 GB) NTFS \\?\Volume{d855a5d6-0000-0000-0000-100000000000}\ (Zastrzeżone przez system) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS \\?\Volume{d855a5d6-0000-0000-0000-90ae24000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS ==================== MBR & Tablica partycji ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 489 GB) (Disk ID: D855A5D6) Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=146.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=537 MB) - (Type=27) Partition 4: (Not Active) - (Size=341.8 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 641F2080) Partition 1: (Not Active) - (Size=4 MB) - (Type=00) Partition 2: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt =======================