Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2022 01 Ran by gruca (12-01-2022 07:37:11) Running from C:\Users\gruca\AppData\Local\Temp\scoped_dir23328_206442671 Microsoft Windows 10 Pro Version 20H2 19042.1415 (X64) (2021-04-23 20:30:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-86094929-2313430768-12774340-500 - Administrator - Enabled) Dziecko (S-1-5-21-86094929-2313430768-12774340-1005 - Limited - Enabled) => C:\Users\Dziecko Gość (S-1-5-21-86094929-2313430768-12774340-501 - Limited - Disabled) gruca (S-1-5-21-86094929-2313430768-12774340-1001 - Administrator - Enabled) => C:\Users\gruca john (S-1-5-21-86094929-2313430768-12774340-1010 - Limited - Enabled) => C:\Users\john Konto domyślne (S-1-5-21-86094929-2313430768-12774340-503 - Limited - Disabled) liza (S-1-5-21-86094929-2313430768-12774340-1011 - Limited - Enabled) Mike (S-1-5-21-86094929-2313430768-12774340-1007 - Limited - Enabled) => C:\Users\Mike WDAGUtilityAccount (S-1-5-21-86094929-2313430768-12774340-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A} FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1} FW: Norton 360 (Disabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB} FW: Norton 360 (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3DMark (HKLM\...\{883D581A-6AAA-41E3-8D0D-B55B5E60B8EF}) (Version: 2.19.7225.0 - UL) Hidden 3DMark (HKLM-x32\...\{e44184f5-5eb2-462d-9d2b-0e53ff3fd65e}) (Version: 2.19.7225.0 - UL) AceThinker Video Editor Premium 1.0.6 (HKLM-x32\...\{066BEA93-1E5A-4FB9-89AE-632B1105C47C}_is1) (Version: 1.0.6 - AceThinker) Active Directory Authentication Library for SQL Server (HKLM\...\{6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF}) (Version: 15.0.1300.359 - Microsoft Corporation) Hidden Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated) AIMP (HKLM-x32\...\AIMP) (Version: v4.70.2248, 04.04.2021 - AIMP DevTeam) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.1 - Advanced Micro Devices, Inc.) Application Verifier x64 External Package (HKLM\...\{8A4CD158-E6B3-6D91-D7DE-10098BC980E2}) (Version: 10.1.19041.685 - Microsoft) Hidden Autodesk DWG TrueView 2022 - English (HKLM\...\{D7A6621A-1A6A-3DAC-BBD2-9EB566035195}) (Version: 24.1.51.0 - Autodesk, Inc.) AutoHotkey 1.1.33.02 (HKLM\...\AutoHotkey) (Version: 1.1.33.02 - Lexikos) AutoIt v3.3.14.5 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.5 - AutoIt Team) AviSynth (HKLM-x32\...\AviSynth) (Version: 2.6.0 MT - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BitComet 1.72 (HKLM-x32\...\BitComet_x64) (Version: 1.72 - CometNetwork) Blender (HKLM\...\{64FCD268-AF5F-403D-B51B-00BC2D47DD0B}) (Version: 2.91.0 - Blender Foundation) Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden Burning Crusade Classic (HKLM-x32\...\Burning Crusade Classic) (Version: - Blizzard Entertainment) By Click Downloader (HKLM-x32\...\{0531425B-BCAE-4EE8-ACA9-231D727E0CA0}) (Version: 2.3.1 - ByClick) Hidden By Click Downloader (HKLM-x32\...\By Click Downloader 2.3.1) (Version: 2.3.1 - ByClick) CAXA Common Component - Info12.9(x64) (HKLM-x32\...\{15B27141-FDD0-4939-AB3A-B9B8CE2DFBF2}) (Version: 12.9 - ±±ľ©ĘýÂë´ó·˝żĆĽĽąÉ·ÝÓĐĎŢą«Ëľ) CAXADraft Library for IronCAD Design Collaboration Suite 2018 (HKLM\...\{C7FFE03C-0EA3-4A7A-A461-CA61794449CD}) (Version: 20.0.0.15436 - IronCAD) CCleaner (HKLM\...\CCleaner) (Version: 5.87 - Piriform) CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 96.1.13589.113 - Piriform Software) CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden Chaos Recipe Enhancer (HKLM-x32\...\{31F27E07-E708-4AB9-9604-A578C0623BB5}) (Version: 1.0.7 - kosace) ChaosRecipeEnhancer (HKLM-x32\...\{1121086B-78F3-4259-A258-423F8B01656B}) (Version: 1.2.6.0 - kosace) Chrome Remote Desktop Host (HKLM-x32\...\{B9B27527-C019-411B-9813-3FC8724C88DA}) (Version: 96.0.4664.39 - Google LLC) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{5A260D5A-95D3-4956-8E0A-E182CC4144ED}) (Version: 4.8.04162 - Microsoft Corporation) Hidden Comarch ERP Optima SaaS (HKLM-x32\...\Comarch ERP Optima SaaS) (Version: 4.7.0.18524 - Comarch SA) CPUID CPU-Z 1.96 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.96 - CPUID, Inc.) CPUID HWMonitor 1.43 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.43 - CPUID, Inc.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.14.0.1546 - Disc Soft Ltd) DeepL (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\DeepL) (Version: 2.5.1 - DeepL GmbH) Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment) Diablo II Resurrected (HKLM-x32\...\Diablo II Resurrected) (Version: - Blizzard Entertainment) DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) Dxtory version 2.0.142 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.142 - ExKode Co. Ltd.) Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{F878746A-C5F7-420A-A672-4DFEF74ADC3A}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 3.21.00 - Seiko Epson Corporation) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation) Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.4.0 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation) EPSON WF-2630 Series Printer Uninstall (HKLM\...\EPSON WF-2630 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation) EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.) Everything 1.4.1.988 (x64) (HKLM\...\Everything) (Version: 1.4.1.988 - David Carpenter) Excel (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel) Exilence Next 1.1.5 (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\58032b8c-4c17-5b0e-b3bc-74d53946ba55) (Version: 1.1.5 - ) FileZilla Client 3.57.0 (HKLM-x32\...\FileZilla Client) (Version: 3.57.0 - Tim Kosse) Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.1.37576 - Foxit Software Inc.) Futuremark SystemInfo (HKLM-x32\...\{8177AD80-8B92-4921-8B93-1A61A49E8C46}) (Version: 5.40.908.0 - Futuremark) GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.71 - Google LLC) HWiNFO64 Version 7.16 (HKLM\...\HWiNFO64_is1) (Version: 7.16 - Martin Malik - REALiX) icecap_collection_neutral (HKLM-x32\...\{1036893D-9917-4E70-B96C-8D72A2B224BC}) (Version: 16.10.31306 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{289873DF-80D0-4D7D-8068-D25D342A26FA}) (Version: 16.10.31306 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{46726B01-FE1B-47B6-9235-C74DE2653605}) (Version: 16.10.31306 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{D2B4539C-173B-4B8D-A021-E22E9566BC24}) (Version: 16.10.31306 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{14F332AE-7D25-4789-8103-1DEA080599CC}) (Version: 16.10.31306 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{38CE202D-7880-4101-9739-83619300EC58}) (Version: 16.10.31306 - Microsoft Corporation) Hidden IIS 10.0 Express (HKLM\...\{A517D4FE-30EC-4210-8888-12F5530543F2}) (Version: 10.0.05512 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden IrfanView 4.56 (64-bit) (HKLM\...\IrfanView64) (Version: 4.56 - Irfan Skiljan) Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 - Oracle Corporation) JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kits Configuration Installer (HKLM-x32\...\{E75A9998-E979-760B-6AEB-49763F279EDD}) (Version: 10.1.19041.685 - Microsoft) Hidden K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - ) Macrium Reflect Free Edition (HKLM\...\{E10EA502-8814-4DA4-8989-A8B1B38600A5}) (Version: 7.3.5321 - Paramount Software (UK) Ltd.) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.3 - Paramount Software (UK) Ltd.) Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes) MediaHuman YouTube to MP3 Converter 3.9.9.61 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.9.61 - MediaHuman) Microsoft .NET Core Runtime - 3.1.3 (x64) (HKLM-x32\...\{5d0fb2c6-34c3-4f23-b911-fe19229d29f5}) (Version: 3.1.3.28628 - Microsoft Corporation) Microsoft .NET SDK 5.0.402 (x64) from Visual Studio (HKLM\...\{A6889A2D-DA5E-4DED-B563-DAF5BE5252AA}) (Version: 5.4.221.47606 - Microsoft Corporation) Microsoft ASP.NET Core 3.1.3 - Shared Framework (HKLM-x32\...\{64ba5633-f4cc-4d84-bd14-452ca3ce4fa0}) (Version: 3.1.3.20163 - Microsoft Corporation) Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation) Microsoft Azure Storage Emulator - v5.10 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.10) (Version: 5.10.19227.2113 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.55 - Microsoft Corporation) Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{8D98AC2C-FC5C-440D-A2D3-6C9655F957D8}) (Version: 17.2.0.1 - Microsoft Corporation) Microsoft Office Professional Plus 2019 - pl-pl (HKLM\...\ProPlus2019Retail - pl-pl) (Version: 16.0.14701.20262 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-86094929-2313430768-12774340-1007\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation) Microsoft Project - pl-pl (HKLM\...\ProjectPro2019Retail - pl-pl) (Version: 16.0.14701.20262 - Microsoft Corporation) Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation) Microsoft Support and Recovery Assistant (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\5a0b0fb31a61cf22) (Version: 17.0.6271.8 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30135 (HKLM-x32\...\{fa7f6d52-f85e-48ef-8f56-a37268aa5772}) (Version: 14.29.30135.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30135 (HKLM-x32\...\{b7a2b241-3f54-4d7d-94d1-8ce0146e03c7}) (Version: 14.29.30135.0 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.11.40.25675 - Microsoft Corporation) Microsoft Web Deploy 4.0 (HKLM\...\{2EC26D34-FB67-4C58-AC20-235697551222}) (Version: 10.0.3802 - Microsoft Corporation) MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox (x64 pl) (HKLM\...\Mozilla Firefox 95.0.2 (x64 pl)) (Version: 95.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 95.0.2 - Mozilla) Mozilla Thunderbird 78.5.0 (x64 pl) (HKLM\...\Mozilla Thunderbird 78.5.0 (x64 pl)) (Version: 78.5.0 - Mozilla) MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD) MSI Development Tools (HKLM-x32\...\{7AAC93B0-F3D7-6B24-6B37-9E74980C1C81}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Norton 360 (HKLM-x32\...\NGC) (Version: 22.21.11.46 - Symantec Corporation) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.4 - Notepad++ Team) NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation) NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation) NVIDIA GeForce NOW 2.0.26.116 (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW) (Version: 2.0.26.116 - NVIDIA Corporation) NVIDIA Graphics Driver 471.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.41 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation) NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14701.20262 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20248 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20262 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0415-0000-0000000FF1CE}) (Version: 16.0.14701.20248 - Microsoft Corporation) Hidden OpenFM (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\OpenFM) (Version: 52.1.0.1 - Grupa Wirtualna Polska) OpenOffice 4.1.9 (HKLM-x32\...\{41C26E07-0A23-4864-BBF5-813D26650FFC}) (Version: 4.19.9805 - Apache Software Foundation) Opera Stable 82.0.4227.43 (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Opera 82.0.4227.43) (Version: 82.0.4227.43 - Opera Software) Outlook (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook) Pakiet zbiorczy funkcji IntelliSense platformy Microsoft .NET Framework Cumulative Intellisense Pack dla programu Visual Studio (Polski) (HKLM-x32\...\{F34A8DC0-722A-4400-A6FF-B44437D89D0F}) (Version: 4.8.03761 - Microsoft Corporation) Hidden Path of Building Community (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Path of Building Community) (Version: 1.4.170.16 - Path of Building Community) Path of Exile (HKLM-x32\...\{8ea0099b-19fe-40fd-815b-b8e06a36e078}) (Version: 3.13.1.38812 - Grinding Gear Games) Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 3.13.1.38812 - Grinding Gear Games) Hidden PoE Live Search Manager 1.16.4 (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\3cddf57f-5643-536e-8feb-f6ec75567d96) (Version: 1.16.4 - C-Hive) PowerPoint (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint) PRO Speed Test 3.0.9.6 (HKLM-x32\...\{5a5d921c-2517-4007-9804-050d4cceb3f7}}_is1) (Version: - V-SPEED Sp. z o.o.) Project Diablo 2 (HKLM-x32\...\{822B3055-5F16-4934-A1FC-378AB0181A66}_is1) (Version: 1.0 - projectdiablo2.com) Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc) Python 3.9.0 (64-bit) (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\{a2a37ca0-8ebd-4d7e-b4b8-e6b1740c2ce0}) (Version: 3.9.150.0 - Python Software Foundation) Python 3.9.0 Add to Path (64-bit) (HKLM\...\{4F5E962C-96E9-45B9-8F14-9A91748981C6}) (Version: 3.9.150.0 - Python Software Foundation) Hidden Python 3.9.0 Core Interpreter (64-bit) (HKLM\...\{92F322B1-D69A-43D1-82B4-24ADEBE5C650}) (Version: 3.9.150.0 - Python Software Foundation) Hidden Python 3.9.0 Development Libraries (64-bit) (HKLM\...\{E73FE192-7766-49FA-B28A-32F700D98A15}) (Version: 3.9.150.0 - Python Software Foundation) Hidden Python 3.9.0 Documentation (64-bit) (HKLM\...\{35E94198-B9F1-4D1E-A869-636AD5E6BCA8}) (Version: 3.9.150.0 - Python Software Foundation) Hidden Python 3.9.0 Executables (64-bit) (HKLM\...\{A9F718BA-8B5F-4AE7-ADDA-EFFF431948DB}) (Version: 3.9.150.0 - Python Software Foundation) Hidden Python 3.9.0 pip Bootstrap (64-bit) (HKLM\...\{27FF09D8-6DE6-4F63-A3DD-8758D615D543}) (Version: 3.9.150.0 - Python Software Foundation) Hidden Python 3.9.0 Standard Library (64-bit) (HKLM\...\{42480EE5-670F-4AF3-A619-2E761A398340}) (Version: 3.9.150.0 - Python Software Foundation) Hidden Python 3.9.0 Tcl/Tk Support (64-bit) (HKLM\...\{4460A893-EFF6-4B33-BF21-BAA2159F57E6}) (Version: 3.9.150.0 - Python Software Foundation) Hidden Python 3.9.0 Test Suite (64-bit) (HKLM\...\{9141E990-BD45-4F42-BB32-B3012969355D}) (Version: 3.9.150.0 - Python Software Foundation) Hidden Python 3.9.0 Utility Scripts (64-bit) (HKLM\...\{35DC2DFB-0AEA-4DC2-AFA5-4EA2D2612B51}) (Version: 3.9.150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{E45E56A4-FCDD-4C4A-966A-4FB81C932219}) (Version: 3.9.7217.0 - Python Software Foundation) RivaTuner Statistics Server 7.3.1 (HKLM-x32\...\RTSS) (Version: 7.3.1 - Unwinder) SDK ARM Additions (HKLM-x32\...\{FCF9D89E-6F79-64FB-B08D-B0E69FF54DEE}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden SDK ARM Redistributables (HKLM-x32\...\{72DB07D6-E166-5A3F-B6E6-4664383781B8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Skype version 8.73 (HKLM-x32\...\Skype_is1) (Version: 8.73 - Skype Technologies S.A.) SolveigMM AVI Trimmer+ version 6.1.1811.14 (HKLM-x32\...\SolveigMM AVI Trimmer_is1) (Version: 6.1.1811.14 - Solveig Multimedia) SolveigMM Video Splitter Home Edition (HKLM-x32\...\SolveigMM Video Splitter Home Edition 6.1.1804.2) (Version: 6.1.1804.2 - Solveig Multimedia) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Sprawdzanie kondycji komputera z systemem Windows (HKLM\...\{497ED226-5E88-4EC5-9340-373B1C56906F}) (Version: 3.2.2110.14001 - Microsoft Corporation) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SysGauge Ultimate 8.1.12 (HKLM-x32\...\SysGauge Ultimate) (Version: 8.1.12 - Flexense Computing Systems Ltd.) TAP-Windows 9.23.3 (HKLM\...\TAP-Windows) (Version: 9.23.3 - OpenVPN Technologies, Inc.) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.18.5 - TeamViewer) TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: - TechPowerUp) Telegram Desktop version 3.4.3 (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.4.3 - Telegram FZ-LLC) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH) TypeScript SDK (HKLM-x32\...\{6D0FC687-BA41-4DFD-80B4-3469E567AA0F}) (Version: 4.3.5.0 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{4D69FB64-4443-F2DD-DE1C-F14FD98AAC59}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{6B56745A-F6A4-C51C-933A-AD96C00683EA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{A57CD0A6-4297-FD30-34A4-34758B6F5F69}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{CD06199B-41C1-AE6D-7567-984CC68792C3}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{BD75F257-50A4-E0CD-9942-C3550CA3E66A}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{A7E95C47-B5F4-110C-D27A-DECB03412B96}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Universal Media Server (HKLM-x32\...\Universal Media Server) (Version: 10.7.0 - Universal Media Server) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) vcpp_crt.redist.clickonce (HKLM-x32\...\{54109AAF-995B-4463-AE95-B9ED6B5631AA}) (Version: 14.29.30135 - Microsoft Corporation) Hidden vcpp_crt.redist.clickonce (HKLM-x32\...\{C3A852CB-785C-40A4-A147-8E5FEB209D7A}) (Version: 14.29.30135 - Microsoft Corporation) Hidden Visual Studio Community 2019 (HKLM-x32\...\174e0e64) (Version: 16.11.5 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN) VNC Server 6.7.4 (HKLM\...\{C6590B7E-D64F-47FB-B8BE-2DAE028AE5CE}) (Version: 6.7.4.43891 - RealVNC Ltd) VNC Viewer 6.20.529 (HKLM\...\{DCF5BBEA-3BDB-4E03-BF06-03836F320CA6}) (Version: 6.20.529.42646 - RealVNC Ltd) VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{6F7948F9-8EED-4FA5-A1D9-7DD512A2CA26}) (Version: 16.10.31206 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{CE912A42-1D6A-4F54-A263-F54E7D3F8E09}) (Version: 16.11.31613 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{3751D1CF-9A44-43D2-B4BB-80FA6E7925A8}) (Version: 16.10.31213 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{D30C4C86-AFC6-41F9-B833-7A33A28AA2B0}) (Version: 16.10.31213 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{102E83BD-B6A0-4C74-AD22-7D594A3435D3}) (Version: 16.11.31503 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{6CBDE7BE-E956-4E0E-81FB-2CB79190C924}) (Version: 16.11.31503 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{76133D32-1325-48F3-929A-27EC7A323FBA}) (Version: 16.10.31213 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{E42F1CFF-80C7-4865-B378-1EFCF312C1BF}) (Version: 16.10.31213 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{883D29E5-9A41-4C45-A192-C10B8078BF0C}) (Version: 16.10.31306 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{53D1C36A-E35A-45B3-801B-F49BDD425293}) (Version: 16.11.31503 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{0916C6E1-6A0A-4887-9E00-D96FD44AFACE}) (Version: 16.10.31303 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{50160702-82C1-4A10-88EE-FFD96B8FC259}) (Version: 16.10.31303 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{9A9E968E-1C75-4B85-BCBF-D1E26D6F7A6B}) (Version: 16.10.31205 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden Weaver WMS (HKLM\...\Weaver WMS_is1) (Version: 3.0.0.0 - Weaver Software) WhatsApp (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\WhatsApp) (Version: 2.2138.14 - WhatsApp) WinAppDeploy (HKLM-x32\...\{2ADF1977-BF31-E127-B651-AC28A8658317}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinDirStat 1.1.2 (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\WinDirStat) (Version: - ) Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.19041.685 (HKLM-x32\...\{4591faf1-a2db-4a3d-bfda-aa5a4ebb1587}) (Version: 10.1.19041.685 - Microsoft Corporation) WinRAR 5.91 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{BCF7CA0F-E53C-2A4F-B128-A751EC9A1016}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{B42BF427-AFDB-C00F-DB60-6F51395D74A1}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{3335615C-ABEB-960E-2226-4274CD28E046}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{216D5F47-257D-6284-5849-B51037875EFA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{443FF51E-16C3-F23B-18FC-0D1D66024B0B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{15E29AFF-CB19-A20B-9A81-B0765A63115F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FF2B49B7-0254-3D6A-4BE0-EF4C59DBCC2B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{0AF3B821-474B-1885-473A-6E3FB4F1CF71}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{8832F8ED-1035-9ABE-FD73-4E5ABAA84A5C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Word (HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft) Packages: ========= Dodatek Aparat multimediów dla aplikacji Zdjęcia -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-17] (Microsoft Corporation) Dodatek Zdjęcia -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-10] (Microsoft Studios) [MS Ad] Norton Security -> C:\Program Files\Norton Security\Engine\22.21.11.46 [2022-01-12] (0) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-07-23] (NVIDIA Corp.) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0 [2022-01-07] (Spotify AB) [Startup Task] Windbg Preview -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2111.9001.0_neutral__8wekyb3d8bbwe [2021-11-10] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-86094929-2313430768-12774340-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> F:\DWG TrueView 2022 - English\dwgviewr.exe (Autodesk, Inc. -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-86094929-2313430768-12774340-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> F:\DWG TrueView 2022 - English\en-US\dwgviewrficn.dll (Autodesk, Inc. -> Autodesk, Inc.) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.11.46\buShell.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.11.46\buShell.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.11.46\buShell.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2021-01-29] (Autodesk, Inc. -> Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.11.46\buShell.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.11.46\buShell.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.11.46\buShell.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2021-01-29] (Autodesk, Inc. -> Autodesk) ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2021-04-14] (IP Izmaylov Artem Andreevich -> AIMP DevTeam) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2021-03-15] (Notepad++ -> ) ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.11.46\buShell.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.11.46\NavShExt.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-11-12] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.11.46\NavShExt.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2020-11-17] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2020-11-17] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-11-12] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-15] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2021-04-14] (IP Izmaylov Artem Andreevich -> AIMP DevTeam) ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2013-12-19] (NVIDIA Corporation -> ) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\nvshext.dll [2021-07-13] (Nvidia Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.11.46\buShell.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-15] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.11.46\NavShExt.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\system32\ficvdec_x64.dll [652288 2013-05-28] () [File not signed] HKLM\...\Drivers32: [vidc.xtor] => C:\Windows\system32\DxtoryCodec.dll [2606144 2015-08-10] (ExKode Co.Ltd. -> ExKode Co. Ltd.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed] HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [File not signed] HKLM\...\Drivers32: [vidc.xtor] => C:\Windows\System32\DxtoryCodec.dll [2606144 2015-08-10] (ExKode Co.Ltd. -> ExKode Co. Ltd.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\gruca\Desktop\Śmieci z pulpitu\Chrome Remote Desktop.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=efmjfjelnicpmdcmfikempdhlmainjcb ShortcutWithArgument: C:\Users\gruca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm ShortcutWithArgument: C:\Users\gruca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb ShortcutWithArgument: C:\Users\gruca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf ShortcutWithArgument: C:\Users\gruca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi ShortcutWithArgument: C:\Users\gruca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Chrome Remote Desktop.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=efmjfjelnicpmdcmfikempdhlmainjcb ==================== Loaded Modules (Whitelisted) ============= 2022-01-12 07:15 - 2021-09-13 22:46 - 001078784 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libcairo-2.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000234496 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libexif-12.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000182272 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libexpat-1.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000034304 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libffi-7.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000336384 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libfontconfig-1.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000124416 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libfribidi-0.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 001078251 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libgcc_s_seh-1.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000047104 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libgif-7.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000260608 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libgsf-1-114.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000990720 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libharfbuzz.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000633344 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libjpeg-62.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000463872 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\liblcms2-2.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000738816 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\liborc-0.4-0.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000995840 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libpixman-1-0.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000311296 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libpng16-16.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 002917376 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\librsvg-2-2.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000560640 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libtiff-5.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 005140992 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libvips-42.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000381440 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libvips-cpp.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000688640 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libwebp-7.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000024576 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libwebpdemux-2.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000047616 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libwebpmux-3.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 001572352 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libxml2-2.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000107008 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libz1.dll 2022-01-12 07:14 - 2021-09-13 22:46 - 000512512 _____ () [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\sharp.node 2019-10-26 12:04 - 2019-10-26 12:04 - 000232960 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2019-10-26 12:03 - 2019-10-26 12:03 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2019-10-26 12:04 - 2019-10-26 12:04 - 000650240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2019-10-26 12:03 - 2019-10-26 12:03 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2019-10-26 12:03 - 2019-10-26 12:03 - 000369664 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2021-03-09 22:05 - 2021-03-09 22:05 - 000057344 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll 2021-03-09 22:05 - 2021-03-09 22:05 - 000074240 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll 2021-03-09 22:05 - 2021-03-09 22:05 - 000368640 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll 2020-11-15 19:58 - 2020-11-15 19:58 - 000881664 _____ () [File not signed] C:\Users\gruca\AppData\Local\Programs\Python\Python39\lib\site-packages\_brotli.cp39-win_amd64.pyd 2022-01-12 07:15 - 2021-09-13 22:46 - 002700288 _____ () [File not signed] C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\ffmpeg.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000442368 _____ () [File not signed] C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\libegl.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 008143872 _____ () [File not signed] C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\libglesv2.dll 2022-01-12 07:14 - 2022-01-12 07:14 - 000012288 _____ () [File not signed] C:\Users\gruca\AppData\Local\Temp\nsa244D.tmp\System.dll 2022-01-12 07:15 - 2022-01-12 07:15 - 000008704 _____ () [File not signed] C:\Users\gruca\AppData\Local\Temp\nsnE9FF.tmp\newadvsplash.dll 2022-01-12 07:15 - 2022-01-12 07:15 - 000029696 _____ () [File not signed] C:\Users\gruca\AppData\Local\Temp\nsnE9FF.tmp\registry.dll 2022-01-12 07:15 - 2022-01-12 07:15 - 000012288 _____ () [File not signed] C:\Users\gruca\AppData\Local\Temp\nsnE9FF.tmp\System.dll 2021-10-15 07:00 - 2021-10-15 07:00 - 000728064 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Microsoft.V7efef32d#\a139713c66271b99d5b11534779f4e49\Microsoft.Virtualization.Client.RdpClientInterop.ni.dll 2021-12-16 00:54 - 2021-12-16 00:54 - 001520128 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Microsoft.V8d0bc16f#\976f82f168a0f5e33f14c0f6ef1cfbee\Microsoft.Virtualization.Client.RdpClientAxHost.ni.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000965632 _____ (Free Software Foundation) [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libiconv-2.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000129024 _____ (Free Software Foundation) [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libintl-8.dll 2017-09-28 17:41 - 2017-09-28 17:41 - 000266240 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL 2021-03-29 13:13 - 2021-03-29 13:13 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll 2021-03-29 13:13 - 2021-03-29 13:13 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll 2022-01-12 07:15 - 2022-01-12 07:15 - 000102400 _____ (Muldersoft.com Free Software Division) [File not signed] C:\Users\gruca\AppData\Local\Temp\nsa244D.tmp\StdUtils.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000309248 _____ (Red Hat Software) [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libpango-1.0-0.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000066560 _____ (Red Hat Software) [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libpangocairo-1.0-0.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000085504 _____ (Red Hat Software) [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libpangoft2-1.0-0.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000090112 _____ (Red Hat Software) [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libpangowin32-1.0-0.dll 2015-12-17 10:11 - 2015-12-17 10:11 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll 2009-10-21 16:39 - 2009-10-21 16:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000098304 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000212992 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUADRFIL.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCFG.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000446464 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCSR.DLL 2021-07-26 09:12 - 2021-04-09 02:21 - 000393216 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXLDB.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000651264 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXTIF.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUIMGCDC.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000278528 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSTMMSG.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000356352 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000258048 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUVERDLG.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000073728 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll 2021-07-26 09:12 - 2021-04-08 19:21 - 000086016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll 2021-07-26 09:12 - 2021-04-08 19:21 - 000090112 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll 2021-07-26 09:12 - 2021-04-08 19:21 - 000241664 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll 2021-07-26 09:12 - 2021-04-08 19:21 - 000110592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll 2021-07-26 09:12 - 2021-04-08 19:21 - 000022016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll 2021-07-26 09:12 - 2021-04-08 19:21 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll 2016-09-14 13:31 - 2016-09-14 13:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000786432 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\ENCM.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000278528 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\ENNW.dll 2021-07-26 09:12 - 2021-04-09 02:21 - 000299008 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\ENUTIL.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000723968 _____ (The FreeType Project) [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libfreetype-6.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 001659904 _____ (The GLib developer community) [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libgio-2.0-0.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 001576960 _____ (The GLib developer community) [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libglib-2.0-0.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000024064 _____ (The GLib developer community) [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libgmodule-2.0-0.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000355328 _____ (The GLib developer community) [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libgobject-2.0-0.dll 2022-01-12 07:15 - 2021-09-13 22:46 - 000203776 _____ (The GTK developer community) [File not signed] \\?\C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\resources\app.asar.unpacked\node_modules\sharp\build\Release\libgdk_pixbuf-2.0-0.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-86094929-2313430768-12774340-1001\Software\Classes\.scr: DWGTrueViewScriptFile => C:\WINDOWS\system32\notepad.exe "%1" ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.21.11.46\coIEPlg.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll [2021-02-05] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-02-05] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.21.11.46\coIEPlg.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.11.46\coIEPlg.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.21.11.46\coIEPlg.dll [2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts 2020-11-28 19:57 - 2022-01-12 07:15 - 000001004 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.19.48.1 DESKTOP-VI3R4BF.mshome.net # 2027 1 1 11 6 15 38 291 172.19.118.228 WINDOWS-85Q4BLL.mshome.net # 2021 12 1 27 12 41 8 980 172.19.125.4 WINDOWS-FVPJDF2.mshome.net # 2021 12 1 27 12 41 9 50 50 172.19.51.33 WINDOWS-S86H1TS.mshome.net # 2021 12 5 24 5 16 25 470 470 60 172.19.53.159 WINDOWS-K2D26EG.mshome.net # 2021 12 5 24 5 14 16 780 4 994 1 11 814 37 956 ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\webdriver; HKU\S-1-5-21-86094929-2313430768-12774340-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-86094929-2313430768-12774340-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-86094929-2313430768-12774340-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-86094929-2313430768-12774340-1010\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is disabled. Network Binding: ============= Mostek sieciowy: VMware Bridge Protocol -> vmware_bridge (disabled) VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) vEthernet (Default Switch): VMware Bridge Protocol -> vmware_bridge (enabled) Połączenie sieciowe Bluetooth: VMware Bridge Protocol -> vmware_bridge (enabled) Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled) vEthernet (lan): VMware Bridge Protocol -> vmware_bridge (enabled) Ethernet 4: VMware Bridge Protocol -> vmware_bridge (enabled) vEthernet (wan): VMware Bridge Protocol -> vmware_bridge (enabled) Wi-Fi: VMware Bridge Protocol -> vmware_bridge (disabled) VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "Reflect UI" HKLM\...\StartupApproved\Run: => "XMouseButtonControl" HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\StartupApproved\Run: => "Pushbullet" HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\StartupApproved\Run: => "MP3Studio YouTube Downloader" HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\StartupApproved\Run: => "NordVPN" HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\StartupApproved\Run: => "Skype for Desktop" HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\StartupApproved\Run: => "Battle.net" HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\StartupApproved\Run: => "DeepL" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{F283E9F5-23BB-4FE8-AA89-4824A25A93F6}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) FirewallRules: [UDP Query User{54819FE7-85FA-4D37-9B83-AF4B0DB38AE1}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) FirewallRules: [TCP Query User{FB48A2DE-89AF-4BF1-AAA4-E6BB5E847B02}C:\program files (x86)\universal media server\jre8\bin\javaw.exe] => (Allow) C:\program files (x86)\universal media server\jre8\bin\javaw.exe FirewallRules: [UDP Query User{065740FB-B632-498C-8A27-828EE076D059}C:\program files (x86)\universal media server\jre8\bin\javaw.exe] => (Allow) C:\program files (x86)\universal media server\jre8\bin\javaw.exe FirewallRules: [TCP Query User{BCC19036-B9B3-4ED3-B5C3-0D737457FA30}C:\users\gruca\appdata\roaming\.dllbackups\data\modules\dll-host\downloads\phoenix-gpu\phoenixminer.exe] => (Block) C:\users\gruca\appdata\roaming\.dllbackups\data\modules\dll-host\downloads\phoenix-gpu\phoenixminer.exe => No File FirewallRules: [UDP Query User{3921EB57-E497-4568-95CC-C8315DD75B2A}C:\users\gruca\appdata\roaming\.dllbackups\data\modules\dll-host\downloads\phoenix-gpu\phoenixminer.exe] => (Block) C:\users\gruca\appdata\roaming\.dllbackups\data\modules\dll-host\downloads\phoenix-gpu\phoenixminer.exe => No File FirewallRules: [{169D926F-54A1-4F41-A873-F521FEF59476}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{10222797-FB66-40D8-9FEA-DF0C8D88987C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CECF1A34-9C2D-4A86-A0DF-A651019F2AD2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{411BD89D-DBF8-46B7-84D9-571800979B58}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{24671038-BA90-46A4-B942-F0D2A41A0C4A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FDB1BEA7-7125-471A-BA1D-2BAD5AFD1B58}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{339243BB-FE04-442F-B59B-AD0264151264}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{240065E5-3B4B-423B-B48C-A192A2726E9E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{30298F7A-3FD2-4480-82F9-99A4251D5E6E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{E6AE1C91-7609-4979-B12D-B52A335106C6}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software) FirewallRules: [{7F25707C-039F-4806-A0DA-0CD466F3DAFF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{EFFFF053-4608-44C7-BCC5-A4F417A5DAED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{50CEAF32-6D55-4211-8B92-E6F04EEA53B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{047101B0-A712-4800-9BDA-BD88581BF92D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{0D5BC2AD-2697-45F2-AD09-46D07C6B022D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{C4B1DA4A-E6AF-409D-B34D-9D433BA55E43}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{3FF75E8F-7A08-4C97-9D15-ECD52BF5E607}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{4C0F2C53-7ED5-46D6-86EB-87DE2ECE2935}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9021CFD4-440F-460F-B774-DC8B53CBF690}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{B083BE74-8992-4E9D-9676-43D221661DAE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{A81D64A2-A474-4C52-A202-E911BB36CCED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ======================== Application errors: ================== Error: (01/12/2022 07:13:55 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: HostedRendezvous: Rendezvous lookup failed: Hosted Bootstrap error: Network failure: Error connecting: getaddrinfo: Nieznany host. (11001) Error: (01/12/2022 07:13:50 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: HostedRendezvous: Rendezvous lookup failed: Hosted Bootstrap error: Network failure: Error connecting: getaddrinfo: Nieznany host. (11001) Error: (01/12/2022 07:10:01 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: HostedRendezvous: Rendezvous lookup failed: Hosted Bootstrap error: Network failure: Error connecting: getaddrinfo: Nieznany host. (11001) Error: (01/12/2022 07:09:56 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: HostedRendezvous: Rendezvous lookup failed: Hosted Bootstrap error: Network failure: Error connecting: getaddrinfo: Nieznany host. (11001) Error: (01/11/2022 11:39:45 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, Trwa proces zamykania systemu. . Error: (01/11/2022 11:39:45 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, Trwa proces zamykania systemu. ] Error: (01/11/2022 11:39:45 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, Trwa proces zamykania systemu. . Error: (01/11/2022 11:39:45 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, Trwa proces zamykania systemu. ] System errors: ============= Error: (01/12/2022 07:13:49 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: ZARZĄDZANIE NT) Description: I:\Device\HarddiskVolume133 Error: (01/12/2022 07:13:47 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 07:09:53 on ‎12.‎01.‎2022 was unexpected. Error: (01/12/2022 07:09:46 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: ZARZĄDZANIE NT) Description: I:\Device\HarddiskVolume133 Error: (01/11/2022 11:39:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Uruchom usługę ponownie. Error: (01/11/2022 02:07:02 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: ZARZĄDZANIE NT) Description: I:\Device\HarddiskVolume133 Error: (01/11/2022 01:41:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Uruchom usługę ponownie. Error: (01/11/2022 06:20:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The SysMain service terminated with the following error: The parameter is incorrect. Error: (01/11/2022 06:19:49 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: ZARZĄDZANIE NT) Description: I:\Device\HarddiskVolume143 Windows Defender: ================ Date: 2021-08-12 07:27:58 Description: Program antywirusowy Microsoft Defender scan has been stopped before completion. Scan Type: Narzędzia chroniące przed złośliwym oprogramowaniem Scan Parameters: Szybkie skanowanie Date: 2021-08-11 07:32:38 Description: Program antywirusowy Microsoft Defender scan has been stopped before completion. Scan Type: Narzędzia chroniące przed złośliwym oprogramowaniem Scan Parameters: Szybkie skanowanie Date: 2021-08-10 12:57:33 Description: Program antywirusowy Microsoft Defender has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Phonzy.C!ml&threatid=2147772968&enterprise=0 Name: Trojan:Script/Phonzy.C!ml Severity: Poważny Category: Koń trojański Path: file:_C:\Users\gruca\AppData\Local\Temp\1wPxWGgEyVwkbg6mo06S4W7v046\dllservices.exe; process:_pid:14980,ProcessStart:132730665873042195; process:_pid:15244,ProcessStart:132730665846957102; process:_pid:3132,ProcessStart:132730665864677480; process:_pid:9376,ProcessStart:132730665914868598 Detection Origin: Komputer lokalny Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.345.255.0, AS: 1.345.255.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.18400.4, NIS: 0.0.0.0 Date: 2021-08-10 12:57:05 Description: Program antywirusowy Microsoft Defender has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Phonzy.C!ml&threatid=2147772968&enterprise=0 Name: Trojan:Script/Phonzy.C!ml Severity: Poważny Category: Koń trojański Path: file:_C:\Users\gruca\AppData\Local\Temp\1wPxWGgEyVwkbg6mo06S4W7v046\dllservices.exe; process:_pid:14980,ProcessStart:132730665873042195; process:_pid:15244,ProcessStart:132730665846957102; process:_pid:3132,ProcessStart:132730665864677480; process:_pid:9376,ProcessStart:132730665914868598 Detection Origin: Komputer lokalny Detection Type: FastPath Detection Source: System Process Name: C:\Users\gruca\AppData\Local\Temp\1wPxWGgEyVwkbg6mo06S4W7v046\dllservices.exe Security intelligence Version: AV: 1.345.255.0, AS: 1.345.255.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.18400.4, NIS: 0.0.0.0 Date: 2021-08-10 12:56:26 Description: Program antywirusowy Microsoft Defender has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Phonzy.C!ml&threatid=2147772968&enterprise=0 Name: Trojan:Script/Phonzy.C!ml Severity: Poważny Category: Koń trojański Path: file:_C:\Users\gruca\AppData\Local\Temp\1wPxWGgEyVwkbg6mo06S4W7v046\dllservices.exe Detection Origin: Komputer lokalny Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.345.255.0, AS: 1.345.255.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.18400.4, NIS: 0.0.0.0 Event[0]: Date: 2021-08-22 10:56:41 Description: Program antywirusowy Microsoft Defender has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.345.563.0 Update Source: Serwer usługi Microsoft Update Security intelligence Type: Oprogramowanie antywirusowe Update Type: Pełne Current Engine Version: Previous Engine Version: 1.1.18400.4 Error code: 0x8007045b Error description: Trwa proces zamykania systemu. Date: 2021-08-10 12:57:18 Description: Program antywirusowy Microsoft Defender has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Phonzy.C!ml&threatid=2147772968&enterprise=0 Name: Trojan:Script/Phonzy.C!ml Severity: Poważny Category: Koń trojański Path: file:_C:\Users\gruca\AppData\Local\Temp\1wPxWGgEyVwkbg6mo06S4W7v046\dllservices.exe; process:_pid:14980,ProcessStart:132730665873042195; process:_pid:15244,ProcessStart:132730665846957102; process:_pid:3132,ProcessStart:132730665864677480; process:_pid:9376,ProcessStart:132730665914868598 Detection Origin: Komputer lokalny Detection Type: FastPath Detection Source: System Process Name: C:\Users\gruca\AppData\Local\Temp\1wPxWGgEyVwkbg6mo06S4W7v046\dllservices.exe Action: Kwarantanna Action Status: No additional actions required Error Code: 0x80070005 Error description: Odmowa dostępu. Security intelligence Version: AV: 1.345.255.0, AS: 1.345.255.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.18400.4, NIS: 0.0.0.0 Date: 2021-08-10 06:49:04 Description: Program antywirusowy Microsoft Defender has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Phonzy.C!ml&threatid=2147772968&enterprise=0 Name: Trojan:Script/Phonzy.C!ml Severity: Poważny Category: Koń trojański Path: file:_C:\Users\gruca\AppData\Local\Temp\1wPxWGgEyVwkbg6mo06S4W7v046\dllservices.exe; process:_pid:17964,ProcessStart:132730443713587855; process:_pid:19108,ProcessStart:132730443716568052; process:_pid:2156,ProcessStart:132730443707510200; process:_pid:9896,ProcessStart:132730443751220926 Detection Origin: Komputer lokalny Detection Type: FastPath Detection Source: System Process Name: C:\Users\gruca\AppData\Local\Temp\1wPxWGgEyVwkbg6mo06S4W7v046\dllservices.exe Action: Kwarantanna Action Status: No additional actions required Error Code: 0x80070005 Error description: Odmowa dostępu. Security intelligence Version: AV: 1.345.255.0, AS: 1.345.255.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.18400.4, NIS: 0.0.0.0 Date: 2021-08-08 08:06:10 Description: Program antywirusowy Microsoft Defender has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.345.111.0 Update Source: Serwer usługi Microsoft Update Security intelligence Type: Oprogramowanie antywirusowe Update Type: Pełne Current Engine Version: Previous Engine Version: 1.1.18400.4 Error code: 0x80070102 Error description: Upłynął limit czasu operacji oczekiwania. Date: 2021-08-08 08:06:10 Description: Program antywirusowy Microsoft Defender has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.345.111.0 Update Source: Serwer usługi Microsoft Update Security intelligence Type: Oprogramowanie antywirusowe Update Type: Pełne Current Engine Version: Previous Engine Version: 1.1.18400.4 Error code: 0x80070102 Error description: Upłynął limit czasu operacji oczekiwania. CodeIntegrity: =============== Date: 2022-01-12 07:23:55 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Program Files\Norton Security\Engine\22.21.11.46\symamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 5.11 06/05/2020 Motherboard: INTEL X99 Processor: Intel(R) Xeon(R) CPU E5-2696 v3 @ 2.30GHz Percentage of memory in use: 76% Total physical RAM: 32607.45 MB Available physical RAM: 7671.28 MB Total Virtual: 41311.45 MB Available Virtual: 9429.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:222.47 GB) (Free:79.85 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Fixed) (Total:222.47 GB) (Free:56.06 GB) NTFS Drive f: () (Fixed) (Total:172.25 GB) (Free:22.92 GB) NTFS Drive g: () (Fixed) (Total:246.82 GB) (Free:164.5 GB) NTFS Drive h: (VM) (Fixed) (Total:195.31 GB) (Free:42.91 GB) NTFS Drive i: (My Passport) (Fixed) (Total:931.48 GB) (Free:150.41 GB) NTFS \\?\Volume{21b9547e-0000-0000-0000-90162b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS \\?\Volume{70d2b5f4-0000-0000-0000-509e37000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS \\?\Volume{70d2b5f4-0000-0000-0000-90bf37000000}\ () (Fixed) (Total:0.58 GB) (Free:0.08 GB) NTFS \\?\Volume{d3991e48-0000-0000-0000-509e37000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS \\?\Volume{d3991e48-0000-0000-0000-80bf37000000}\ () (Fixed) (Total:47.46 GB) (Free:46.91 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 21B9547E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=172.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=246.8 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 70D2B5F4) Partition 1: (Active) - (Size=222.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=531 MB) - (Type=27) Partition 3: (Not Active) - (Size=589 MB) - (Type=27) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D3991E48) Partition 1: (Active) - (Size=222.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=531 MB) - (Type=27) Partition 3: (Not Active) - (Size=47.5 GB) - (Type=27) Partition 4: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS) ========================================================== Disk: 4 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 9386958B) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================