Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 25-08-2023 Uruchomiony przez rafal (25-08-2023 21:22:22) Uruchomiony z C:\Users\rafal\Downloads Microsoft Windows 10 Pro Wersja 22H2 19045.3324 (X64) (2023-01-13 22:16:01) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= (Załączenie wejścia w fixlist spowoduje jego usunięcie.) Administrator (S-1-5-21-1705589361-728360065-3321163868-500 - Administrator - Disabled) defaultuser0 (S-1-5-21-1705589361-728360065-3321163868-1000 - Limited - Disabled) Gość (S-1-5-21-1705589361-728360065-3321163868-501 - Limited - Disabled) Konto domyślne (S-1-5-21-1705589361-728360065-3321163868-503 - Limited - Disabled) rafal (S-1-5-21-1705589361-728360065-3321163868-1001 - Administrator - Enabled) => C:\Users\rafal rafal_2pz6a8w (S-1-5-21-1705589361-728360065-3321163868-1002 - Administrator - Enabled) => C:\Users\rafal_2pz6a8w WDAGUtilityAccount (S-1-5-21-1705589361-728360065-3321163868-504 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Age of Wonders 4 MULTi9 - ElAmigos wersja 80167 (HKLM-x32\...\{83549E4C-2A37-47A4-BE5F-B4FF6D6EAF8B}_is1) (Version: 80167 - Paradox Interactive) ALLMediaServer (HKLM\...\{FE77909E-B782-4554-A92A-4D887CEF0ACC}_is1) (Version: 1.6 - ALLPlayer Ltd.) ALLPlayer Pilot (HKLM-x32\...\{146BDBDD-ACD9-4B04-A286-C27471841E8E}_is1) (Version: 2.6 - ALLPlayer Group, Ltd.) AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.07.13.2243 - Advanced Micro Devices, Inc.) AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.89 - Advanced Micro Devices, Inc.) Hidden AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.19.0.0 - Advanced Micro Devices, Inc.) Hidden AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.) Hidden AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 23.7.2 - Advanced Micro Devices, Inc.) AMD_Chipset_Drivers (HKLM-x32\...\{2b787d65-59ec-46d5-9e6b-8b4761e7903c}) (Version: 4.07.13.2243 - Advanced Micro Devices, Inc.) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Brackets (HKLM-x32\...\{DECDF311-E886-4879-A6BF-39B2C7F07862}) (Version: 2.2.1 - brackets.io) Hidden Brackets (HKLM-x32\...\Brackets 2.2.1) (Version: 2.2.1 - brackets.io) Branding64 (HKLM\...\{2A677A6A-43E8-4FE3-A273-07B0E27DADAE}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 6.15 - Piriform) CrystalDiskInfo 8.17.12 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.17.12 - Crystal Dew World) CrystalDiskMark 8.0.4c (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.4c - Crystal Dew World) Desperados III Digital Deluxe Edition MULTi10 - ElAmigos wersja 09.12.2020 (HKLM-x32\...\{5D8F778F-BF43-4310-8968-5C1C2B799E12}_is1) (Version: 09.12.2020 - THQ Nordic) Discord (HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\Discord) (Version: 1.0.9008 - Discord Inc.) Dying Light 2 Stay Human v1.10.3 - ALIEN (HKLM-x32\...\Dying Light 2 Stay Human_is1) (Version: - Techland) EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.8.0.5521 - Electronic Arts) Hidden EA app (HKLM-x32\...\{ed8a2f43-547f-432b-81a0-3bd1cf37bb83}) (Version: 13.8.0.5521 - Electronic Arts) Epic Games Launcher (HKLM-x32\...\{264464DC-63A7-40C9-92C8-A3EB54AFD72C}) (Version: 1.3.51.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.) FileZilla 3.65.0 (HKLM-x32\...\FileZilla Client) (Version: 3.65.0 - Tim Kosse) God of War (HKLM-x32\...\FLT_GodOfWar) (Version: - ) Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2802.0 - Rockstar Games) JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0.1 - AppWork GmbH) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden LIX Gaming Mouse (HKLM-x32\...\{4602F77F-B385-4755-8F4F-11188B9A7CB1}_is1) (Version: 1.1 - SPC GEAR) Malwarebytes version 4.6.1.280 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.1.280 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.54 - Microsoft Corporation) Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\OneDriveSetup.exe) (Version: 23.153.0724.0003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1705589361-728360065-3321163868-1002\...\OneDriveSetup.exe) (Version: 23.002.0102.0004 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 (HKLM-x32\...\{4f84f2dc-3f70-433a-8f50-8293e0089b0f}) (Version: 14.34.31938.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938 (HKLM-x32\...\{080D8397-60F4-44B3-BB95-FBB950CB0B4E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938 (HKLM-x32\...\{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}) (Version: 14.34.31938 - Microsoft Corporation) Hidden MKV Player 2.1.30 (HKLM-x32\...\MKV Player_is1) (Version: - ) MSI Afterburner 4.6.5 (HKLM-x32\...\Afterburner) (Version: 4.6.5 - MSI Co., LTD) Northgard MULTi7 - ElAmigos wersja 3.1.5.32544 (HKLM-x32\...\{A75E7CE5-C3FE-4B34-AA67-8962AD1C8769}_is1) (Version: 3.1.5.32544 - Shiro Games) Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden Radmin VPN 1.3.3 (HKLM-x32\...\{F5FF0890-E3FC-4732-86A1-D72E74AF7F29}) (Version: 1.3.4568.3 - Famatech) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9336.1 - Realtek Semiconductor Corp.) Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.) RivaTuner Statistics Server 7.3.4 (HKLM-x32\...\RTSS) (Version: 7.3.4 - Unwinder) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.67.1178 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.6.5 - Rockstar Games) RyzenMasterSDK (HKLM\...\{2C65D382-DD9D-42C1-8660-AAB5CEFD5A41}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden Shadow Tactics Blades of the Shogun MULTi10 - ElAmigos wersja 3.2.25 (HKLM-x32\...\{DB5428A7-F312-4F50-AABF-72C3D124982F}_is1) (Version: 3.2.25 - Daedalic Entertainment) Soldat 1.7.1.1 (HKLM-x32\...\Soldat_is1) (Version: 1.7.1.1 - Michal Marcinkowski) SPC Gear GK540 Magna Kailh RGB (HKLM-x32\...\{12F382E1-63D4-4B94-BD32-5F845E74FC79}) (Version: 1.00 - COOLING.PL Zdziech Spolka Jawna) Star Stable Online 2.17.0 (HKLM\...\8c663ade-0de5-52b6-812d-f5cd25f943ac) (Version: 2.17.0 - Star Stable Entertainment AB) Star Wars Jedi Fallen Order MULTi13 - ElAmigos wersja 1.0 (HKLM-x32\...\{CB815A4E-4C61-45E9-AFE5-B81840D81F2D}_is1) (Version: 1.0 - Electronic Arts) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Środowisko uruchomieniowe Microsoft Edge WebView2 (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.203 - Microsoft Corporation) The Last of Us Part I MULTi25 - ElAmigos wersja 1.0.1.0 (HKLM-x32\...\{22582C45-F1CA-466B-8479-C58F058E8FD0}_is1) (Version: 1.0.1.0 - PlayStation PC LLC) Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft) Wargaming.net Game Center (HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\Wargaming.net Game Center) (Version: 22.6.0.1216 - Wargaming.net) Wartales MULTi8 - ElAmigos wersja 1.0.25233 (HKLM-x32\...\{E0BAD752-9951-429D-BAAE-2D88A06699A4}_is1) (Version: 1.0.25233 - Shiro Games) WeMod (HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\WeMod) (Version: 8.7.0 - WeMod) WinRAR 6.11 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH) World of Tanks EU (HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net) World_of_Warplanes (HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\WOWP.WW.PRODUCTION) (Version: - Wargaming.net) Packages: ========= Dodatek Aparat multimediów dla aplikacji Zdjęcia -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-04-26] (Microsoft Corporation) Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.20.0_x64__w2gh52qy24etm [2023-07-27] (A-Volute) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.35.271.0_x64__dt26b99r8h8gj [2023-01-24] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8040.0_x64__8wekyb3d8bbwe [2023-08-12] (Microsoft Studios) [MS Ad] ==================== Niestandardowe rejestracje CLSID (filtrowane): ============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-1705589361-728360065-3321163868-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\rafal\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-24] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2023-07-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-24] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-14] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [Brak podpisu cyfrowego] ==================== Skróty & WMI ======================== ==================== Załadowane moduły (filtrowane) ============= 2023-03-14 17:57 - 2023-03-14 17:57 - 000058368 _____ () [Brak podpisu cyfrowego] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll 2023-03-14 17:57 - 2023-03-14 17:57 - 000074240 _____ () [Brak podpisu cyfrowego] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll 2023-03-14 17:57 - 2023-03-14 17:57 - 000368640 _____ () [Brak podpisu cyfrowego] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll ==================== Alternate Data Streams (filtrowane) ======== ==================== Tryb awaryjny (filtrowane) ================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) ================= ==================== Internet Explorer (filtrowane) ========== ==================== Hosts - zawartość: ========================= (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Inne obszary =========================== (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-1705589361-728360065-3321163868-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rafal\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\tapeciarnia.pl-tapeta-czarne-lamborghini-centenario-na-plazy-z-gry-forza-horizon-3.jpg HKU\S-1-5-21-1705589361-728360065-3321163868-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\rafal_2pz6a8w\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\tapeciarnia.pl-tapeta-czarne-lamborghini-centenario-na-plazy-z-gry-forza-horizon-3.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) HKU\S-1-5-21-1705589361-728360065-3321163868-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Załączenie wejścia w fixlist spowoduje jego usunięcie.) MSCONFIG\Services: EpicOnlineServices => 3 MSCONFIG\Services: Steam Client Service => 3 HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run32: => "Launch 0 FwCustom" HKLM\...\StartupApproved\Run32: => "LIX" HKLM\...\StartupApproved\Run32: => "RadminVPN" HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\StartupApproved\Run: => "AMDNoiseSuppression" HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\StartupApproved\Run: => "Wargaming.net Game Center" HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\StartupApproved\Run: => "ProductAuthenticationService" HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\StartupApproved\Run: => "EADM" HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\StartupApproved\Run: => "ALLUpdate" HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_BCB5D7C81BEE5269C1C5C0DC7F1227EB" HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\StartupApproved\Run: => "Napisy24.pl" HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\StartupApproved\Run: => "Napisy24Update" HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\StartupApproved\Run: => "RiotClient" ==================== Reguły Zapory systemu Windows (filtrowane) ================ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [TCP Query User{AD039742-4B93-41A6-84AF-3B1073A67D9E}D:\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{A195EDEC-B4EB-4FCC-8D99-7C9669A940E9}D:\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{7D92FCAF-EB94-43DD-8EE9-94F24031517F}] => (Allow) D:\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{E3966EF1-F113-40C9-9FAE-DE60EA08C260}] => (Allow) D:\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{A835A9F7-883E-45F4-BACF-111636FF3577}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{3DFD3CC7-B80B-4DED-8BFE-A1D00008B710}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{AD405EA8-4F01-4AB2-B0AF-38587BAF11C3}] => (Allow) F:\SteamLibrary\steamapps\common\Prison Life\Prison Life.exe () [Brak podpisu cyfrowego] FirewallRules: [{5E585B9B-E722-4392-992C-CC22726E8053}] => (Allow) F:\SteamLibrary\steamapps\common\Prison Life\Prison Life.exe () [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{EE4F1ECF-D332-4AA5-B377-3F9CF297D53C}D:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{DF80E2AD-9545-49BD-B0F5-B2A84947C031}D:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{E3F9BAEE-83B1-4636-9725-3244AC06C713}] => (Allow) F:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe () [Brak podpisu cyfrowego] FirewallRules: [{6BD722BB-BFB4-4C90-9CBB-223E0D4CC1BF}] => (Allow) F:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe () [Brak podpisu cyfrowego] FirewallRules: [{E29493CD-CB04-4323-8A63-6C9369CEE9DD}] => (Allow) F:\SteamLibrary\steamapps\common\Stumble Guys\Stumble Guys.exe () [Brak podpisu cyfrowego] FirewallRules: [{E2EDF4F1-CFE3-47E5-9B2E-14B959A4AF3F}] => (Allow) F:\SteamLibrary\steamapps\common\Stumble Guys\Stumble Guys.exe () [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{9C7F1B52-923A-4343-85FA-7C1CCF6BC6EC}D:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) D:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{DBAB9DC1-4AC7-4363-A83D-0C65157C5058}D:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) D:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [TCP Query User{DA82139F-487A-4934-A9AA-CE0B2A29ADA5}D:\grand theft auto v\gta5.exe] => (Allow) D:\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{A40D04FF-F9A6-40E1-AC49-8491BFA793A4}D:\grand theft auto v\gta5.exe] => (Allow) D:\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{E04EFEE5-E544-4D59-9476-DC19EBD32816}G:\torrent\farthest.frontier.v0.7.5f\farthest.frontier.v0.7.5f\farthest frontier.exe] => (Allow) G:\torrent\farthest.frontier.v0.7.5f\farthest.frontier.v0.7.5f\farthest frontier.exe () [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{F8D71908-71CA-4BAC-AB86-E5F48AAB632B}G:\torrent\farthest.frontier.v0.7.5f\farthest.frontier.v0.7.5f\farthest frontier.exe] => (Allow) G:\torrent\farthest.frontier.v0.7.5f\farthest.frontier.v0.7.5f\farthest frontier.exe () [Brak podpisu cyfrowego] FirewallRules: [{F7E8E493-3D61-46C0-9845-EF18ACB86D72}] => (Allow) D:\Steam\steamapps\common\Horizon Zero Dawn\HorizonZeroDawn.exe () [Brak podpisu cyfrowego] FirewallRules: [{56FB9EAF-2237-4A3F-8DD3-140E98839DB5}] => (Allow) D:\Steam\steamapps\common\Horizon Zero Dawn\HorizonZeroDawn.exe () [Brak podpisu cyfrowego] FirewallRules: [{CE6600CF-73F7-40F9-82A6-6C7901B864B8}] => (Allow) C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe (Famatech Corp. -> Famatech Corp.) FirewallRules: [{FA889110-8CF1-4393-8FC9-BE4A3613FEDA}] => (Allow) D:\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [Brak podpisu cyfrowego] FirewallRules: [{6E438DEC-B7C0-4CA2-B1DB-BE8A7CE6F9C6}] => (Allow) D:\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{F3EFA150-455B-4503-BAC2-96A8DD0D0491}D:\steam\steamapps\common\projectzomboid\jre64\bin\java.exe] => (Allow) D:\steam\steamapps\common\projectzomboid\jre64\bin\java.exe FirewallRules: [UDP Query User{33CC826D-64E9-470C-AF32-7879022C65FC}D:\steam\steamapps\common\projectzomboid\jre64\bin\java.exe] => (Allow) D:\steam\steamapps\common\projectzomboid\jre64\bin\java.exe FirewallRules: [{85CE74C2-277F-4735-9BDB-A6688F9A320B}] => (Block) D:\steam\steamapps\common\projectzomboid\jre64\bin\java.exe FirewallRules: [{F0E3C4BE-CD16-4FAF-8E16-16E297CB25A7}] => (Block) D:\steam\steamapps\common\projectzomboid\jre64\bin\java.exe FirewallRules: [TCP Query User{983C58B1-9503-4C48-905B-EFF3D5D20807}D:\fallguys\fallguys_client_game.exe] => (Allow) D:\fallguys\fallguys_client_game.exe () [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{5F43340D-5C97-4185-A45A-557830B7E9FC}D:\fallguys\fallguys_client_game.exe] => (Allow) D:\fallguys\fallguys_client_game.exe () [Brak podpisu cyfrowego] FirewallRules: [{A1A9896D-3258-4A1C-8343-046F4EB5D60C}] => (Allow) D:\Steam\steamapps\common\Hogwarts Legacy\HogwartsLegacy.exe (Warner Bros. Interactive) [Brak podpisu cyfrowego] FirewallRules: [{77D9B88F-390B-43A6-BEF7-F8EA5D39531D}] => (Allow) D:\Steam\steamapps\common\Hogwarts Legacy\HogwartsLegacy.exe (Warner Bros. Interactive) [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{4E50B7D3-0422-401B-B2CC-F990E885C4EE}D:\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Allow) D:\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe (Respawn Entertainment) [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{C59C1C22-D504-4276-89D0-C85F81E2F528}D:\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Allow) D:\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe (Respawn Entertainment) [Brak podpisu cyfrowego] FirewallRules: [{EB0B14AF-BEA4-4B3A-BD56-D1433F0AB82A}] => (Block) D:\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe (Respawn Entertainment) [Brak podpisu cyfrowego] FirewallRules: [{A8DE2AEB-3233-42A7-B6B5-310E176BE66D}] => (Block) D:\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe (Respawn Entertainment) [Brak podpisu cyfrowego] FirewallRules: [{089D29FB-C3B8-4CC3-B7D9-F65D8A5D4A61}] => (Allow) D:\Steam\steamapps\common\Sons Of The Forest\SonsOfTheForest.exe () [Brak podpisu cyfrowego] FirewallRules: [{9C10BD10-4986-49A1-A654-514C5D3E6DE7}] => (Allow) D:\Steam\steamapps\common\Sons Of The Forest\SonsOfTheForest.exe () [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{7E2BEB6B-253C-48BF-815C-992348140FB3}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{19AC6F11-CC98-4A2C-AE9E-18EF1CC0FB75}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{60D18D6B-6237-48AE-AAB4-4B30B0C74F6F}] => (Block) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{B41AF2F3-AE33-4249-82F9-26F1CDE570F2}] => (Block) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{775A9A9E-A343-45ED-96E1-806F49AF3890}] => (Allow) D:\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> ) FirewallRules: [{2523862C-F4AF-43C8-9245-DAE7B124FF97}] => (Allow) D:\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> ) FirewallRules: [TCP Query User{613DBB9F-60F4-442E-8B23-6E25A0F059D0}D:\dying light 2 stay human\ph\work\bin\x64\dyinglightgame_x64_rwdi.exe] => (Allow) D:\dying light 2 stay human\ph\work\bin\x64\dyinglightgame_x64_rwdi.exe (Techland S.A. -> Techland) FirewallRules: [UDP Query User{0E90C9F8-5346-4AC1-919A-69E3FCE2C3EC}D:\dying light 2 stay human\ph\work\bin\x64\dyinglightgame_x64_rwdi.exe] => (Allow) D:\dying light 2 stay human\ph\work\bin\x64\dyinglightgame_x64_rwdi.exe (Techland S.A. -> Techland) FirewallRules: [{D4389BE1-E482-4AF0-81B8-1F211C2B0C01}] => (Block) D:\dying light 2 stay human\ph\work\bin\x64\dyinglightgame_x64_rwdi.exe (Techland S.A. -> Techland) FirewallRules: [{8742E52C-3698-468B-936B-C6C4F6E17C23}] => (Block) D:\dying light 2 stay human\ph\work\bin\x64\dyinglightgame_x64_rwdi.exe (Techland S.A. -> Techland) FirewallRules: [{FFE09DF7-9BFE-40FB-B476-180436712D4B}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.) FirewallRules: [{4750DC11-77F0-4797-ADAB-DAA6E60F4F99}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.) FirewallRules: [TCP Query User{061F5330-5335-4887-A8FF-8117350E6B18}D:\pobrane pliki\zclient.exe] => (Allow) D:\pobrane pliki\zclient.exe (ZLOFENIX) [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{5033912B-EBD3-4395-8D32-AF89749E1B71}D:\pobrane pliki\zclient.exe] => (Allow) D:\pobrane pliki\zclient.exe (ZLOFENIX) [Brak podpisu cyfrowego] FirewallRules: [{CAB6D25B-729E-434A-8B29-9261119CC35C}] => (Block) D:\pobrane pliki\zclient.exe (ZLOFENIX) [Brak podpisu cyfrowego] FirewallRules: [{FB6AC555-1B8F-43E0-8E61-D9CDFF3B5E55}] => (Block) D:\pobrane pliki\zclient.exe (ZLOFENIX) [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{FB1F34C7-C4F1-4EBD-AFC0-257294BC6BF1}D:\soldat\soldat.exe] => (Allow) D:\soldat\soldat.exe (Michal Marcinkowski) [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{6FB822D8-8FCB-46DE-92E1-859365F4602E}D:\soldat\soldat.exe] => (Allow) D:\soldat\soldat.exe (Michal Marcinkowski) [Brak podpisu cyfrowego] FirewallRules: [{AE9249BB-5AB0-41A2-8F66-E9AD75B29BC8}] => (Block) D:\soldat\soldat.exe (Michal Marcinkowski) [Brak podpisu cyfrowego] FirewallRules: [{36A480F2-B93A-4A6C-935E-41A3C7BE7593}] => (Block) D:\soldat\soldat.exe (Michal Marcinkowski) [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{A8F639DF-D916-4F9F-B812-62E2FBF5304D}D:\pobrane pliki\songs of conquest\songsofconquest.exe] => (Allow) D:\pobrane pliki\songs of conquest\songsofconquest.exe () [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{7679F44A-3BBB-41F0-816A-E3E5814EA69D}D:\pobrane pliki\songs of conquest\songsofconquest.exe] => (Allow) D:\pobrane pliki\songs of conquest\songsofconquest.exe () [Brak podpisu cyfrowego] FirewallRules: [{58E898A5-B9E9-4319-BDCE-98CBD66CC0CB}] => (Block) D:\pobrane pliki\songs of conquest\songsofconquest.exe () [Brak podpisu cyfrowego] FirewallRules: [{9FAFF727-1561-4B30-8BB3-96F724E7A750}] => (Block) D:\pobrane pliki\songs of conquest\songsofconquest.exe () [Brak podpisu cyfrowego] FirewallRules: [{C605CBA7-8BFF-460A-B20C-46221A23177C}] => (Allow) D:\Steam\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [Brak podpisu cyfrowego] FirewallRules: [{A4A43870-F7A0-4E0B-9389-EE8AF1E9E38F}] => (Allow) D:\Steam\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{A0D078AC-920E-49F6-A7DA-B1D3A17C3477}D:\brackets\node.exe] => (Allow) D:\brackets\node.exe (Adobe Inc. -> Node.js) FirewallRules: [UDP Query User{00F9582B-7F19-4CD3-AE42-6278E2939D87}D:\brackets\node.exe] => (Allow) D:\brackets\node.exe (Adobe Inc. -> Node.js) FirewallRules: [{E0ECF251-AE45-41D5-9E36-D8AC97E739EE}] => (Block) D:\brackets\node.exe (Adobe Inc. -> Node.js) FirewallRules: [{E2E3CF58-C143-44AB-B64B-20B3F510A06B}] => (Block) D:\brackets\node.exe (Adobe Inc. -> Node.js) FirewallRules: [{B4D91868-0EC9-4C0D-8241-285246298500}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{A63CCBD4-DE40-4AA7-9BA1-190D87F4F60E}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{DECF6F40-D2E5-4B8E-A459-B4E4386EED57}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{E1F8CAC0-34B9-4060-8BC8-857E4F50B004}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{51316BDA-CB6A-41BF-8B9A-56C7887CFBE3}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{EB8A0F09-9D48-4FA0-BAF3-56AF67D573DD}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{E9CB32D1-83C0-4A34-830A-2F99671F443B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{2B5C4605-8AFB-48D8-B835-C6003C927101}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{2BF800E9-F94C-4E5B-8B40-C8CBABCF5E4C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{6C50CB83-8155-43D8-9383-E56EABDC94A7}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{98F0443F-1764-40DE-BE5F-66EC6C388C89}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [TCP Query User{FEF5D743-942F-4CE3-AD39-71472FFEAD70}D:\steam\steamapps\common\fifa 23\fifa23.exe] => (Allow) D:\steam\steamapps\common\fifa 23\fifa23.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [UDP Query User{ACFE5275-E568-4CF4-A695-5E5AA2E5EED1}D:\steam\steamapps\common\fifa 23\fifa23.exe] => (Allow) D:\steam\steamapps\common\fifa 23\fifa23.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{0C2CC583-C03F-4563-B053-CAFFC8FCA4A3}] => (Block) D:\steam\steamapps\common\fifa 23\fifa23.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{48658A78-51FA-4106-B16E-C5556BB2E685}] => (Block) D:\steam\steamapps\common\fifa 23\fifa23.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{D49CAEBF-5660-438E-B32F-DD86F19905D9}] => (Allow) D:\Steam\steamapps\common\Fishing Planet\FishingPlanet.exe () [Brak podpisu cyfrowego] FirewallRules: [{D7E8A2AB-AC3E-4575-B0BA-B85F8AB66E60}] => (Allow) D:\Steam\steamapps\common\Fishing Planet\FishingPlanet.exe () [Brak podpisu cyfrowego] FirewallRules: [{3AFC5C88-8277-4C12-B27C-968F65D74B5D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Punkty Przywracania systemu ========================= 25-08-2023 21:17:22 Restore Point Created by FRST ==================== Wadliwe urządzenia w Menedżerze urządzeń ============ ==================== Błędy w Dzienniku zdarzeń: ======================== Dziennik Aplikacja: ================== Error: (08/25/2023 09:18:53 PM) (Source: CertEnroll) (EventID: 86) (User: ZARZĄDZANIE NT) Description: Inicjowanie rejestracji certyfikatu SCEP dla elementu WORKGROUP\DESKTOP-VPV7EFQ$ za pośrednictwem elementu https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep nie powiodło się: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Fri, 25 Aug 2023 19:18:51 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 95928036-165f-4886-ab5f-755f8e8e979c Metoda: GET(422ms) Etap: GetCACaps Nieznaleziony (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (08/25/2023 09:17:21 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {fee1d761-198a-422c-9bab-88831755754e} Error: (08/25/2023 09:13:43 PM) (Source: CertEnroll) (EventID: 86) (User: ZARZĄDZANIE NT) Description: Inicjowanie rejestracji certyfikatu SCEP dla elementu WORKGROUP\DESKTOP-VPV7EFQ$ za pośrednictwem elementu https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep nie powiodło się: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Fri, 25 Aug 2023 19:13:41 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 51fdc86a-7830-4460-8270-c16de46eac87 Metoda: GET(484ms) Etap: GetCACaps Nieznaleziony (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (08/25/2023 11:01:28 AM) (Source: CertEnroll) (EventID: 86) (User: ZARZĄDZANIE NT) Description: Inicjowanie rejestracji certyfikatu SCEP dla elementu WORKGROUP\DESKTOP-VPV7EFQ$ za pośrednictwem elementu https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep nie powiodło się: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Fri, 25 Aug 2023 09:01:27 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 461c6cd6-f220-4505-9ff1-fb0de1e41b9e Metoda: GET(1735ms) Etap: GetCACaps Nieznaleziony (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (08/24/2023 11:58:33 PM) (Source: CertEnroll) (EventID: 86) (User: ZARZĄDZANIE NT) Description: Inicjowanie rejestracji certyfikatu SCEP dla elementu WORKGROUP\DESKTOP-VPV7EFQ$ za pośrednictwem elementu https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep nie powiodło się: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Thu, 24 Aug 2023 21:58:31 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 0a949e9f-c08c-445d-89d4-d500d11d63a9 Metoda: GET(500ms) Etap: GetCACaps Nieznaleziony (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (08/24/2023 11:51:41 PM) (Source: CertEnroll) (EventID: 86) (User: ZARZĄDZANIE NT) Description: Inicjowanie rejestracji certyfikatu SCEP dla elementu WORKGROUP\DESKTOP-VPV7EFQ$ za pośrednictwem elementu https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep nie powiodło się: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Thu, 24 Aug 2023 21:51:39 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: ee7ffe6d-ac59-4ddc-ac7e-fe6ab4512ef5 Metoda: GET(469ms) Etap: GetCACaps Nieznaleziony (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (08/24/2023 11:43:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: svcupdater.exe, wersja: 8.2.0.0, sygnatura czasowa: 0x63ee8924 Nazwa modułu powodującego błąd: svcupdater.exe, wersja: 8.2.0.0, sygnatura czasowa: 0x63ee8924 Kod wyjątku: 0xc0000409 Przesunięcie błędu: 0x00015e75 Identyfikator procesu powodującego błąd: 0x2d7c Godzina uruchomienia aplikacji powodującej błąd: 0x01d9d6ca5193f29a Ścieżka aplikacji powodującej błąd: C:\Users\rafal\AppData\Roaming\Win32Sync\svcupdater.exe Ścieżka modułu powodującego błąd: C:\Users\rafal\AppData\Roaming\Win32Sync\svcupdater.exe Identyfikator raportu: 511cfe2b-3c27-4c2b-967c-b8bf7352b095 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (08/24/2023 10:33:43 PM) (Source: CertEnroll) (EventID: 86) (User: ZARZĄDZANIE NT) Description: Inicjowanie rejestracji certyfikatu SCEP dla elementu WORKGROUP\DESKTOP-VPV7EFQ$ za pośrednictwem elementu https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep nie powiodło się: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Thu, 24 Aug 2023 20:33:40 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 6bed861e-0b6e-43c4-b316-5b354af96659 Metoda: GET(468ms) Etap: GetCACaps Nieznaleziony (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Dziennik System: ============= Error: (08/25/2023 09:17:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/25/2023 09:17:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Instalator Windows niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/25/2023 09:17:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Gaming Services niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (08/25/2023 09:17:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Gaming Services niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (08/25/2023 09:17:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Radmin VPN Control Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (08/25/2023 09:17:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Nahimic service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 3000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/25/2023 09:17:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Realtek Audio Universal Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/25/2023 09:17:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa GameInput Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 1000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Windows Defender: ================ Date: 2023-08-24 23:24:40 Description: Produkt Program antywirusowy Microsoft Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Gmer&threatid=2147815049&enterprise=0 Nazwa: HackTool:Win32/Gmer Identyfikator: 2147815049 Ważność: Wysoki Kategoria: Narzędzie Ścieżka: containerfile:_C:\Users\rafal\Downloads\gmer.zip; file:_C:\Users\rafal\Downloads\gmer.zip->gmer.exe; webfile:_C:\Users\rafal\Downloads\gmer.zip|http://www2.gmer.net/gmer.zip|pid:12388,ProcessStart:133373858798499302 Pochodzenie wykrycia: Internet Typ wykrycia: Konkretne Źródło wykrycia: Pobrania i załączniki Użytkownik: DESKTOP-VPV7EFQ\rafal Nazwa procesu: Unknown Wersja analizy zabezpieczeń: AV: 1.395.1239.0, AS: 1.395.1239.0, NIS: 1.395.1239.0 Wersja aparatu: AM: 1.1.23070.1005, NIS: 1.1.23070.1005 Date: 2023-08-19 22:47:38 Description: Skanowanie produktu Program antywirusowy Microsoft Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {F868A226-A051-4311-AFB5-DF6706E5D0BB} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2023-08-19 16:49:50 Description: Produkt Program antywirusowy Microsoft Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.B!ml&threatid=2147735503&enterprise=0 Nazwa: Trojan:Script/Wacatac.B!ml Identyfikator: 2147735503 Ważność: Poważny Kategoria: Koń trojański Ścieżka: file:_C:\Users\rafal\OneDrive\Desktop\[Game3rb.com] Worms.W.M.D.Steamworks.Fix.V3-REVOLT.rar; webfile:_C:\Users\rafal\OneDrive\Desktop\[Game3rb.com] Worms.W.M.D.Steamworks.Fix.V3-REVOLT.rar|https://www97.uptobox.com/dl/bCkG7DeAZwjnuJjDUQVItMrprAQMhWP4Z_K8CKvTnk_QxIni8CCNQJL0AgtmtWiBH5b3UEIn0aiocfVp1acPnVyQgKc2zDEynw4VenRez4CH7-qZ86z1FgxX22uV1rdu/BGame3rb.comDDESKTOP-VPV7EFQ\rafalDESKTOP-VPV7EFQ\rafalWorms.W.M.D.Steamworks.Fix.V3-REVOLT.rar|pid:12016,ProcessStart:133369301897222813 Pochodzenie wykrycia: Internet Typ wykrycia: FastPath Źródło wykrycia: Pobrania i załączniki Użytkownik: DESKTOP-VPV7EFQ\rafal Nazwa procesu: Unknown Wersja analizy zabezpieczeń: AV: 1.395.822.0, AS: 1.395.822.0, NIS: 1.395.822.0 Wersja aparatu: AM: 1.1.23070.1005, NIS: 1.1.23070.1005 Date: 2023-08-14 23:23:54 Description: Produkt Program antywirusowy Microsoft Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/SuspiciousProcStarter&threatid=247465&enterprise=0 Nazwa: PUA:Win32/SuspiciousProcStarter Identyfikator: 247465 Ważność: Niski Kategoria: Potencjalnie niechciane oprogramowanie Ścieżka: file:_C:\Users\Public\Desktop\The Settlers History Collection\The Settlers V - Nebula Realm.lnk; file:_C:\Users\Public\Desktop\The Settlers History Collection\The Settlers VI - The Eastern Realm.lnk; file:_D:\The Settlers History Collection\The Settlers VI\LumaPlay_xE1.exe; file:_D:\The Settlers History Collection\The Settlers V\LumaPlay_xE1.exe Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: FastPath Źródło wykrycia: System Użytkownik: ZARZĄDZANIE NT\SYSTEM Nazwa procesu: Unknown Wersja analizy zabezpieczeń: AV: 1.395.436.0, AS: 1.395.436.0, NIS: 1.395.436.0 Wersja aparatu: AM: 1.1.23070.1005, NIS: 1.1.23070.1005 Date: 2023-08-14 23:23:40 Description: Produkt Program antywirusowy Microsoft Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/SuspiciousProcStarter&threatid=247465&enterprise=0 Nazwa: PUA:Win32/SuspiciousProcStarter Identyfikator: 247465 Ważność: Niski Kategoria: Potencjalnie niechciane oprogramowanie Ścieżka: file:_C:\Users\Public\Desktop\The Settlers History Collection\The Settlers V - Nebula Realm.lnk; file:_C:\Users\Public\Desktop\The Settlers History Collection\The Settlers VI - The Eastern Realm.lnk; file:_D:\The Settlers History Collection\The Settlers VI\LumaPlay_xE1.exe; file:_D:\The Settlers History Collection\The Settlers V\LumaPlay_xE1.exe Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: FastPath Źródło wykrycia: System Użytkownik: ZARZĄDZANIE NT\SYSTEM Nazwa procesu: Unknown Wersja analizy zabezpieczeń: AV: 1.395.436.0, AS: 1.395.436.0, NIS: 1.395.436.0 Wersja aparatu: AM: 1.1.23070.1005, NIS: 1.1.23070.1005  CodeIntegrity: =============== Date: 2023-08-24 23:53:38 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2023-02-20 16:49:06 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements. Date: 2023-02-20 16:49:04 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements. Date: 2023-02-20 16:31:17 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\WinSxS\amd64_microsoft-windows-shell-customshellhost_31bf3856ad364e35_10.0.19041.2193_none_fd6af328542834e7\CustomShellHost.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2023-02-20 16:31:10 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\WinSxS\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.19041.2364_none_7f946603f54ee470\SppExtComObj.Exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2023-02-20 16:30:53 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.19041.746_none_61e0347e850155a8\UserOOBEBroker.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== BIOS: American Megatrends International, LLC. H.G0 07/26/2022 Płyta główna: Micro-Star International Co., Ltd B450 GAMING PLUS MAX (MS-7B86) Procesor: AMD Ryzen 5 3600 6-Core Processor Procent pamięci w użyciu: 13% Całkowita pamięć fizyczna: 32693.58 MB Dostępna pamięć fizyczna: 28284.43 MB Całkowita pamięć wirtualna: 34741.58 MB Dostępna pamięć wirtualna: 27188.99 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:100.92 GB) (Free:30 GB) (Model: WD Blue SN570 2TB) NTFS Drive d: () (Fixed) (Total:1761.45 GB) (Free:466.92 GB) (Model: WD Blue SN570 2TB) NTFS Drive e: () (Fixed) (Total:111.17 GB) (Free:18.33 GB) (Model: GOODRAM) NTFS Drive f: () (Fixed) (Total:931.39 GB) (Free:397.39 GB) (Model: ST1000DM003-1SB102) NTFS Drive g: () (Fixed) (Total:931.5 GB) (Free:176.6 GB) (Model: ST1000LM035-1RK172) NTFS Drive h: (Nowy) (Fixed) (Total:465.75 GB) (Free:33.51 GB) (Model: SAMSUNG HD502IJ) NTFS \\?\Volume{d3fc7441-9295-46f6-ac86-5430d7634cf3}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS \\?\Volume{977cc37d-e6b1-4beb-85aa-006268ff9f70}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS \\?\Volume{29f9a453-b1cb-42ea-a992-fd79534440cd}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 \\?\Volume{8a13293d-788d-40af-8cac-9ed0c8de9529}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Tablica partycji ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 2 (Size: 465.8 GB) (Disk ID: 00000001) Partition: GPT. ========================================================== Disk: 3 (Size: 931.5 GB) (Disk ID: D9FA2484) Partition: GPT. ========================================================== Disk: 4 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ==================== Koniec Addition.txt =======================