Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 06-11-2020 Uruchomiony przez Dorotka (10-11-2020 18:22:57) Uruchomiony z K:\ Windows 10 Pro Wersja 1909 18363.1139 (X64) (2020-02-26 22:16:39) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-119460995-992457817-3829289016-500 - Administrator - Disabled) Dorotka (S-1-5-21-119460995-992457817-3829289016-1001 - Administrator - Enabled) => C:\Users\Dorotka Gość (S-1-5-21-119460995-992457817-3829289016-501 - Limited - Disabled) Konto domyślne (S-1-5-21-119460995-992457817-3829289016-503 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-119460995-992457817-3829289016-504 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4} AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649} FW: AVG Antivirus (Enabled) {77FCDD80-5C3B-5549-57A4-B1A62BD5FB8F} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated) Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team) AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 20.9.3152 - AVG Technologies) AVG TuneUp (HKLM-x32\...\{949BE04F-D7E8-4C19-9F89-8B304AB4308A}_is1) (Version: 19.1.1209.0 - AVG Technologies) BestZip version 1.0 (HKLM-x32\...\BestZip_is1) (Version: 1.0 - SoftMax) <==== UWAGA Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking) CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform) Deluxe Ski Jump 4 (HKLM-x32\...\Deluxe Ski Jump 4_is1) (Version: 1.6.3 - Mediamond Tmi) Ecorder-DR (HKLM-x32\...\Ecorder-DR_is1) (Version: - Zh-soft Inc.) Epic Games Launcher (HKLM-x32\...\{BE411926-37D4-45D5-9ED5-4132BEB8E9C5}) (Version: 1.1.298.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Facebook (HKLM-x32\...\{d85544fc-e402-c7a2-a96a-48078edaf203}_is1) (Version: 2.0.701 - Facebook_Webapp) Gameloop (HKLM-x32\...\MobileGamePC) (Version: 1.0.0.1 - Tencent Technology Company) GMX - Enhanced by Google (HKLM-x32\...\{5336BBF6-03B6-6A76-B236-1AF662B6C976}) (Version: - ) Goodgame Empire (HKLM-x32\...\Goodgame Empire) (Version: - ) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden jWis Copy (HKLM-x32\...\jWis Copy_is1) (Version: - jWis Computing, Inc.) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.63 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.137.99 - ) Microsoft Office Professional 2016 - pl-pl (HKLM\...\ProfessionalRetail - pl-pl) (Version: 16.0.13328.20292 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-119460995-992457817-3829289016-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla) mypopupblocker (HKLM-x32\...\{8EEC6538-89F2-4219-9DC9-C58F2F398553}) (Version: 1.0.0.0 - KS @ PopupBlocker) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20292 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0415-1000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden Revo Uninstaller 2.1.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.1 - VS Revo Group, Ltd.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden WinRAR 5.50 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) World of Tanks (HKLM-x32\...\World of Tanks) (Version: - ) Zoom (HKU\S-1-5-21-119460995-992457817-3829289016-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.) Packages: ========= Asphalt 9: Legends -> C:\Program Files\WindowsApps\A278AB0D.Asphalt9_2.5.300.2_x86__h6adky7gbf63m [2020-10-24] (Gameloft SE) Battlelands Royale Subway hunter adventure -> C:\Program Files\WindowsApps\8533SmartGamesProMX.BattlelandsRoyaleSubwayhuntera_5.1.1.0_x86__5m91jtwxk93h0 [2018-12-03] (Smart Games Pro MX) [MS Ad] Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1890.2.0_x86__kgqvnymyfvs32 [2020-11-06] (king.com) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.180.400.0_x86__kgqvnymyfvs32 [2020-10-29] (king.com) Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.9.0.1_neutral__6e5tt8cgb93ep [2020-11-09] (Canon Inc.) Dodatek Aparat multimediów dla aplikacji Zdjęcia -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-20] (Microsoft Corporation) Dodatek Zdjęcia -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-11-26] (Microsoft Corporation) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.6.181.0_x64__rz1tebttyb220 [2020-11-07] (Dolby Laboratories) Forza Horizon 4 Demo -> C:\Program Files\WindowsApps\Microsoft.ForzaHorizon4Demo_1.192.906.2_x64__8wekyb3d8bbwe [2018-11-05] (Microsoft Studios) Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.38.3800.0_x86__ytsefhwckbdv6 [2020-11-03] (G5 Entertainment AB) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6 [2020-11-05] (HP Inc.) March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.2.1.2_x86__h6adky7gbf63m [2020-11-10] (Gameloft SE) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-08] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-08] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-24] (Microsoft Studios) [MS Ad] MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad] ==================== Niestandardowe rejestracje CLSID (filtrowane): ============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-11-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-16] (win.rar GmbH -> Alexander Roshal) [Brak podpisu cyfrowego] ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-16] (win.rar GmbH -> Alexander Roshal) [Brak podpisu cyfrowego] ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-17] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-11-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-17] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-16] (win.rar GmbH -> Alexander Roshal) [Brak podpisu cyfrowego] ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-16] (win.rar GmbH -> Alexander Roshal) [Brak podpisu cyfrowego] ==================== Codecs (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.) HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.) ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ShortcutWithArgument: C:\Users\Dorotka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1" ==================== Załadowane moduły (filtrowane) ============= 2019-10-04 14:13 - 2016-09-12 15:53 - 048936448 _____ () [Brak podpisu cyfrowego] C:\Program Files (x86)\AVG\AVG TuneUp\libcef.dll 2020-11-09 20:37 - 2017-08-16 19:42 - 000439000 _____ (win.rar GmbH -> Alexander Roshal) [Brak podpisu cyfrowego] C:\Program Files\WinRAR\rarext.dll ==================== Alternate Data Streams (filtrowane) ======== (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Users\Dorotka:.repos [616] AlternateDataStreams: C:\Users\Dorotka\Documents\skan 1.jpeg.agho:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\Dorotka\Documents\skan 1.jpeg.agho:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\Dorotka\Documents\skan 2.jpeg.agho:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\Dorotka\Documents\skan 2.jpeg.agho:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\Dorotka\Documents\skan3.jpeg.agho:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\Dorotka\Documents\skan3.jpeg.agho:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476] ==================== Tryb awaryjny (filtrowane) ================== ==================== Powiązania plików (filtrowane) ================= ==================== Internet Explorer (filtrowane) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w34 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?rvt=1&pid=bcu HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-119460995-992457817-3829289016-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?rvt=1&pid=bcu HKU\S-1-5-21-119460995-992457817-3829289016-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w34&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w34&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w34&q={searchTerms} SearchScopes: HKLM-x32 -> {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms} SearchScopes: HKU\S-1-5-21-119460995-992457817-3829289016-1001 -> DefaultScope {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms} SearchScopes: HKU\S-1-5-21-119460995-992457817-3829289016-1001 -> {B9501592-9937-4D64-B5B2-0D19C830AA4C} URL = hxxp://www.web-pl.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-119460995-992457817-3829289016-1001 -> {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms} BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-30] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-30] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-30] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-30] (Microsoft Corporation -> Microsoft Corporation) (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) IE trusted site: HKU\S-1-5-21-119460995-992457817-3829289016-1001\...\localhost -> localhost ==================== Hosts - zawartość: ========================= (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2015-07-10 12:04 - 2020-11-09 20:38 - 000001061 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 ultramediaburner.com 127.0.0.1 pro-zipper.com 127.0.0.1 productsdetails.online 127.0.0.1 post-back-url.com 127.0.0.1 rothsideadome.pw 127.0.0.1 room1.360dev.info 127.0.0.1 telechargini.com 127.0.0.1 install.geqxv.com ==================== Inne obszary =========================== (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-119460995-992457817-3829289016-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dorotka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Załączenie wejścia w fixlist spowoduje jego usunięcie.) HKU\S-1-5-21-119460995-992457817-3829289016-1001\...\StartupApproved\Run: => "EpicGamesLauncher" ==================== Reguły Zapory systemu Windows (filtrowane) ================ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{75030D4A-FCEA-45AA-BEC9-25C9C74FC553}] => (Allow) C:\Program Files\AndroidTbox\THypervBox.exe (Tencent Technology(Shenzhen) Company Limited -> Hyperv Corporation) FirewallRules: [{98DA61C7-019B-40B7-9383-C2C55E672F94}] => (Allow) c:\program files\txgameassistant\ui\TxGaDcc.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{DBC3A5B9-57A3-4B79-AB45-9E7DE5E5054B}] => (Allow) c:\program files\txgameassistant\ui\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{340C42F6-6E0B-4602-B403-1E4833BAF15D}] => (Allow) c:\program files\txgameassistant\ui\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{9E79627D-1042-4765-A8A9-A256B4FF3AA0}] => (Allow) c:\program files\txgameassistant\ui\adb.exe () [Brak podpisu cyfrowego] FirewallRules: [{B32DD206-52FC-4D5C-B2A3-39FB3ECD896F}] => (Allow) c:\program files\txgameassistant\ui\AndroidEmulator.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{C59E911E-539D-4DA9-8E4D-AA08F4CAC99D}] => (Allow) c:\program files\txgameassistant\appmarket\GF186\TUpdate.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{9F46F42B-45C3-4CBA-9A50-1EE16268EDFE}] => (Allow) c:\program files\txgameassistant\appmarket\GameDownload.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{20542CEC-5072-4A46-B7DC-54C50D345DE6}] => (Allow) c:\program files\txgameassistant\appmarket\QQExternal.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{3A36A2A3-0052-4855-ACB6-46D1B2858AA3}] => (Allow) c:\program files\txgameassistant\appmarket\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> 腾讯公司) FirewallRules: [{A723BA71-C711-4AF9-87E5-B07FE2EAB31D}] => (Allow) c:\program files\txgameassistant\appmarket\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{CC06D010-4BB0-432A-AC7A-3E309330904A}] => (Allow) c:\program files\txgameassistant\appmarket\AppMarket.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{442509EC-94E6-4BD5-BF61-504DFBBB52CB}] => (Allow) C:\Users\Dorotka\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [Brak podpisu cyfrowego] FirewallRules: [{4D7F55FD-D3B8-4C87-8FB8-20E8EDB248C7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{6A42C057-F847-4D72-A2B9-29ADABB8596C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{C7372B12-169A-41C4-ADCD-B84A9D4D9439}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{1BE9C9B8-0C2A-4BED-9D07-B9185141F601}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{C434932C-6909-4416-8CD9-19E439BAD128}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\StickFightTheGame\StickFight.exe () [Brak podpisu cyfrowego] FirewallRules: [{69026565-C6B1-4334-AE06-B2AB037AEC8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\StickFightTheGame\StickFight.exe () [Brak podpisu cyfrowego] FirewallRules: [{F6E20714-EFB2-4032-9688-2E4B684832D2}] => (Allow) C:\Users\Dorotka\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{C5F0C274-A345-423E-9B1F-2D8B869FD22B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FCA868E0-DBFA-4A40-987D-ABB8FD8D38E3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{543B526A-F7A2-47B2-B167-223B69567A2B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2B505A42-57FF-4941-9940-F59096D48E57}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7F04D72D-A6D1-476E-B305-62C4F7A2A594}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{098EB730-993C-4ED6-A2DA-33AB1AFD26FB}] => (Allow) C:\Users\Dorotka\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [{8B6EA497-9E50-4314-A6F5-AD8BACE19442}] => (Allow) C:\Users\Dorotka\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [{CC87BBF7-B167-40C8-85DB-3E4EE7396861}] => (Allow) 㩃啜敳獲䑜牯瑯慫䅜灰慄慴剜慯業杮卜敮捴扨污屬湓瑥档慢汬攮數 => Brak pliku ==================== Punkty Przywracania systemu ========================= 02-11-2020 08:46:24 Zaplanowany punkt kontrolny 04-11-2020 08:47:55 Zainstalowany program DirectX 09-11-2020 20:29:14 Installed PowerToys 09-11-2020 20:40:17 Instalator modułów systemu Windows ==================== Wadliwe urządzenia w Menedżerze urządzeń ============ Name: Port szeregowy PCI Description: Port szeregowy PCI Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Kontroler PCI Simple Communications Description: Kontroler PCI Simple Communications Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Błędy w Dzienniku zdarzeń: ======================== Dziennik Aplikacja: ================== Error: (11/10/2020 06:24:38 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7940,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/10/2020 06:14:26 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (4044,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/10/2020 05:55:29 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3324,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/10/2020 05:42:13 PM) (Source: SecurityCenter) (EventID: 18) (User: ) Description: Usługa Centrum zabezpieczeń Windows nie mogła załadować wystąpień programu FirewallProduct z magazynu danych. Error: (11/10/2020 05:20:53 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3744,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/10/2020 05:06:35 PM) (Source: SecurityCenter) (EventID: 18) (User: ) Description: Usługa Centrum zabezpieczeń Windows nie mogła załadować wystąpień programu FirewallProduct z magazynu danych. Error: (11/10/2020 05:04:04 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury CoCreateInstance. hr = 0x8007045b, Trwa proces zamykania systemu. . Error: (11/10/2020 05:04:04 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} i nazwą CEventSystem. [0x8007045b, Trwa proces zamykania systemu. ] Dziennik System: ============= Error: (11/10/2020 06:11:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HLIOESS) Description: Serwer Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (11/10/2020 05:46:05 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HLIOESS) Description: Serwer Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (11/10/2020 05:42:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HLIOESS) Description: Serwer Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (11/10/2020 05:40:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT) Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\WINDOWS\system32\athExt.dll Kod błędu: 126 Error: (11/10/2020 05:36:13 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HLIOESS) Description: Serwer Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (11/10/2020 05:11:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HLIOESS) Description: Serwer Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (11/10/2020 05:08:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HLIOESS) Description: Serwer Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (11/10/2020 05:06:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT) Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\WINDOWS\system32\athExt.dll Kod błędu: 126 CodeIntegrity: =================================== Date: 2020-11-10 18:17:38.583 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-11-10 18:17:37.657 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-11-10 18:17:33.628 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-11-10 18:17:33.624 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-11-10 18:09:25.619 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-11-10 18:09:25.131 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-11-10 18:08:12.557 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-11-10 18:08:04.602 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements. ==================== Statystyki pamięci =========================== BIOS: Intel Corp. IDG4511H.86A.0090.2008.0924.1800 09/24/2008 Płyta główna: Intel Corporation DG45ID Procesor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz Procent pamięci w użyciu: 56% Całkowita pamięć fizyczna: 6042.23 MB Dostępna pamięć fizyczna: 2642.91 MB Całkowita pamięć wirtualna: 7002.23 MB Dostępna pamięć wirtualna: 3947.02 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:389.28 GB) (Free:286.55 GB) NTFS Drive d: () (Fixed) (Total:205.54 GB) (Free:205.18 GB) NTFS Drive k: (ADATA) (Removable) (Total:14.84 GB) (Free:10.96 GB) FAT32 \\?\Volume{22a4cf70-0000-0000-0000-100000000000}\ (Zastrzeżone przez system) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS \\?\Volume{22a4cf70-0000-0000-0000-207161000000}\ () (Fixed) (Total:0.86 GB) (Free:0.42 GB) NTFS ==================== MBR & Tablica partycji ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 22A4CF70) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=389.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=878 MB) - (Type=27) Partition 4: (Not Active) - (Size=205.5 GB) - (Type=07 NTFS) ========================================================== Disk: 5 (Size: 14.9 GB) (Disk ID: 500A0DFF) No partition Table on disk 5. ==================== Koniec Addition.txt =======================