Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 03-05-2020 Uruchomiony przez Mateusz (04-05-2020 15:48:26) Uruchomiony z C:\Users\Mateusz\Downloads Windows 10 Pro Wersja 1909 18363.778 (X64) (2020-03-19 11:23:39) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-330719071-74167495-820415541-500 - Administrator - Disabled) Gość (S-1-5-21-330719071-74167495-820415541-501 - Limited - Disabled) Konto domyślne (S-1-5-21-330719071-74167495-820415541-503 - Limited - Disabled) Mateusz (S-1-5-21-330719071-74167495-820415541-1001 - Administrator - Enabled) => C:\Users\Mateusz WDAGUtilityAccount (S-1-5-21-330719071-74167495-820415541-504 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Norton 360 (Disabled - Out of date) {A2708B76-6835-6565-CB96-694212954A75} AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\uTorrent) (Version: 3.5.5.45628 - BitTorrent Inc.) Aktualizacje NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden Brackets (HKLM-x32\...\{43086E55-5B37-4DA8-852F-EEC6C75ECFE9}) (Version: 1.14.17770 - brackets.io) Discord (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\Discord) (Version: 0.0.306 - Discord Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Facebook Gameroom 1.22.7235.32722 (HKLM-x32\...\{2867E3AE-18BA-4BCF-8268-F797A401ED86}) (Version: 1.22.7235.32722 - Facebook) FACEIT (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\FACEITApp) (Version: 1.24.0 - FACEIT Ltd.) FACEIT AC version 2.0 (HKLM\...\{1419E44C-0EF4-4822-9194-9F1A4D43973D}_is1) (Version: 2.0 - FACEIT LTD) foobar2000 v1.5.2 (HKLM-x32\...\foobar2000) (Version: 1.5.2 - Peter Pawlowski) GCFScape 1.8.6 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 3.10.3 - ) Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes) MediaInfo 20.03 (HKLM\...\MediaInfo) (Version: 20.03 - MediaArea.net) MEmu (HKLM-x32\...\MEmu) (Version: 7.1.6.0 - Microvirt Software Technology Co. Ltd.) Microsoft Office 365 ProPlus - pl-pl (HKLM\...\O365ProPlusRetail - pl-pl) (Version: 16.0.12730.20236 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\Teams) (Version: 1.3.00.362 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.20.27508 (HKLM-x32\...\{7b178cda-9740-4701-a92a-f168d213b343}) (Version: 14.20.27508.1 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.20.27508 (HKLM-x32\...\{8c3f057e-d6a6-4338-ac6a-f1c795a6577b}) (Version: 14.20.27508.1 - Microsoft Corporation) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.20.3.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.3.63 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation) NVIDIA Sterownik graficzny 442.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.74 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.4 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12730.20206 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12730.20206 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0415-1000-0000000FF1CE}) (Version: 16.0.12730.20206 - Microsoft Corporation) Hidden Opera GX Stable 67.0.3575.130 (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\Opera GX 67.0.3575.130) (Version: 67.0.3575.130 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 10.5.69.40136 - Electronic Arts, Inc.) Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.362 - Microsoft Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.3.2 - TeamSpeak Systems GmbH) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.5.3 - TeamViewer) VALORANT (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc) VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software) VEGAS Pro 17.0 (HKLM\...\{E649B5F0-B27C-11E9-B856-A5146957F833}) (Version: 17.0.284 - VEGAS) VMware Workstation (HKLM\...\{067A1C2B-0B50-4B40-A29A-01FD37620D9D}) (Version: 15.5.2 - VMware, Inc.) Wargaming.net Game Center (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\Wargaming.net Game Center) (Version: 20.1.1.9717 - Wargaming.net) WinRAR 5.80 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH) World_of_Warships_EU (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\WOWS.EU.PRODUCTION) (Version: - Wargaming.net) Zoom (HKU\S-1-5-21-330719071-74167495-820415541-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.) Packages: ========= Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.5.9.0_x86__kgqvnymyfvs32 [2020-03-19] (king.com) Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.33.4.0_x86__kgqvnymyfvs32 [2020-03-19] (king.com) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-19] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-19] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2020-03-19] (Microsoft Studios) [MS Ad] MSN Pogoda -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20503.0_x64__8wekyb3d8bbwe [2020-03-19] (Microsoft Corporation) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2020-03-20] (NVIDIA Corp.) Poczta i Kalendarz -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe [2020-03-19] (Microsoft Corporation) [MS Ad] Rozszerzenie wideo MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-03-31] (Microsoft Corporation) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0 [2020-03-19] (Spotify AB) [Startup Task] ==================== Niestandardowe rejestracje CLSID (filtrowane): ============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19317.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-330719071-74167495-820415541-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19317.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => D:\VmWare\vmdkShellExt.dll [2020-03-07] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => D:\VmWare\x64\vmdkShellExt64.dll [2020-03-07] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f5de485bfda7bb25\nvshext.dll [2020-03-16] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-25] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (filtrowane) ==================== ==================== Skróty & WMI ======================== ==================== Załadowane moduły (filtrowane) ============= 2020-03-19 13:56 - 2020-03-16 15:05 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\LIBEAY32.dll 2020-03-19 13:56 - 2020-03-16 15:06 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\ssleay32.dll 2020-03-19 13:56 - 2020-03-19 13:56 - 001611264 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\platforms\qwindows.dll 2020-05-01 13:50 - 2020-03-19 13:56 - 005487104 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\Qt5Core.dll 2020-05-01 13:50 - 2020-03-19 13:56 - 005841920 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\Qt5Gui.dll 2020-05-01 13:50 - 2020-03-19 13:56 - 001179136 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\Qt5Network.dll 2020-05-01 13:50 - 2020-03-19 13:56 - 000146432 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\Qt5WebSockets.dll 2020-05-01 13:50 - 2020-03-19 13:56 - 005089792 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\Qt5Widgets.dll 2020-05-01 13:50 - 2020-03-19 13:56 - 000184832 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\Origin\Qt5Xml.dll ==================== Alternate Data Streams (filtrowane) ======== (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [490] ==================== Tryb awaryjny (filtrowane) ================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) ================= ==================== Internet Explorer - Witryny zaufane i z ograniczeniami ========== ==================== Hosts - zawartość: ========================= (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2020-03-19 13:11 - 2020-05-04 13:29 - 000001334 _____ C:\WINDOWS\system32\drivers\etc\hosts 0.0.0.0 analytics.ff.avast.com 0.0.0.0 analytics.ns1.ff.avast.com 0.0.0.0 v7event.stats.avcdn.net 0.0.0.0 v7.stats.avcdn.net 0.0.0.0 flow.lavasoft.com 0.0.0.0 telemetry.malwarebytes.com 0.0.0.0 ws.mcafee.com 0.0.0.0 analytics.ccs.mcafee.com 0.0.0.0 analyticsdcs.ccs.mcafee.com 0.0.0.0 carcharodon.trendmicro.com ==================== Inne obszary =========================== (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-330719071-74167495-820415541-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Zapora systemu Windows [funkcja włączona] Network Binding: ============= Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled) VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Załączenie wejścia w fixlist spowoduje jego usunięcie.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKLM\...\StartupApproved\Run32: => "vmware-tray.exe" HKLM\...\StartupApproved\Run32: => "ClamWin" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_AD39DCBBF0C8E335115CF32EE510DE61" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "FACEIT" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "Gaijin.Net Updater" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "Wargaming.net Game Center" HKU\S-1-5-21-330719071-74167495-820415541-1001\...\StartupApproved\Run: => "EADM" ==================== Reguły Zapory systemu Windows (filtrowane) ================ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{37F2F1E1-025D-4A03-99D1-975EDE96C925}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{046AFA82-D8FC-44D2-BCC1-41974753DBEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{1B5B6034-6595-477B-B6E5-2F876BE5DF76}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{190B7B63-3338-4D5E-B746-725C88C44E4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{47975AF5-D20A-4FA8-AEB2-AE2CEB9918C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{2151F569-C59E-4C15-9502-23457F83C859}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{15B9F471-2F47-4AD4-8F5A-A53C36E343DB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{112F7F61-E9EA-40AA-807C-1329319BCB12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{EB41357E-36A3-46B2-9052-FD4DD57820D2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{7ADBE066-8F62-499E-ABDC-739255AA71C2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{9CBFABA7-9A0F-4FEC-8B0E-56D17BF67D09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{A9E1860B-3E00-46D4-A160-7843EC499075}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [TCP Query User{ED679E2E-3DB2-42DD-9567-4864E609E12B}D:\gry\fifa 19\fifa19.exe] => (Allow) D:\gry\fifa 19\fifa19.exe Brak pliku FirewallRules: [UDP Query User{8A202395-BE57-486C-AFE4-FB1B9D7D7F39}D:\gry\fifa 19\fifa19.exe] => (Allow) D:\gry\fifa 19\fifa19.exe Brak pliku FirewallRules: [TCP Query User{47B5DCE3-7EDB-43F7-B99A-1D65CF399243}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Inc. -> Node.js) FirewallRules: [UDP Query User{5E90F728-37B1-4FE9-A11E-46A69D8530CC}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Inc. -> Node.js) FirewallRules: [{9A543A30-C862-4D34-A24C-C7A70AEB123D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{36D1CA71-7550-4E61-A533-40E2F9790A81}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{DB09854D-58B9-4B06-A4CD-C497C0642068}] => (Allow) C:\Users\Mateusz\AppData\Roaming\uTorrent\uTorrent.exe Brak pliku FirewallRules: [{0570ABB3-77AA-403B-9025-EC71432704F7}] => (Allow) C:\Users\Mateusz\AppData\Roaming\uTorrent\uTorrent.exe Brak pliku FirewallRules: [{D4BFEA78-D66C-4576-88E8-BF1BE3D06E1B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CA01CC65-B667-4BF5-8641-8B675E992927}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{36E74B42-0B12-4BE8-BC54-6301C04C0BAE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{23C9E2F5-B3BA-4888-9564-B519F13B1CD7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{352D4249-A6B7-4EC9-96DC-563D0C0734DB}D:\teamviewer\teamviewer.exe] => (Allow) D:\teamviewer\teamviewer.exe Brak pliku FirewallRules: [UDP Query User{8AEB56C0-33E4-4912-B7C7-7FEC07793F3D}D:\teamviewer\teamviewer.exe] => (Allow) D:\teamviewer\teamviewer.exe Brak pliku FirewallRules: [{91C1322F-CDDE-4918-8C01-DB42F74C050B}] => (Allow) D:\VmWare\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{32DDBFB7-5C80-40EA-93FD-208D183299D5}] => (Allow) D:\VmWare\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{099E9927-EB9E-452C-A6D4-DE82F2888B99}] => (Allow) D:\VmWare\vmware-hostd.exe (VMware, Inc. -> ) FirewallRules: [{CB18BAF6-648F-40B7-82CE-3C1C9A07F53C}] => (Allow) D:\VmWare\vmware-hostd.exe (VMware, Inc. -> ) FirewallRules: [{7CCEA5C3-D2B8-4CAF-B71E-0536B3FFDDBF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{4C378349-FAA1-485D-BD36-37C613413591}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{FA94D7E1-12B7-4AB3-B03D-1EF14994F299}D:\warthunder\launcher.exe] => (Allow) D:\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment) FirewallRules: [UDP Query User{E1688922-7E39-4633-A918-FD7526B60D4C}D:\warthunder\launcher.exe] => (Allow) D:\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment) FirewallRules: [TCP Query User{61A377E5-EE90-4D2B-9BA8-50430EB89195}D:\warthunder\win64\aces.exe] => (Allow) D:\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment) FirewallRules: [UDP Query User{50CE6222-DE55-453C-8DF3-C0791DEDF753}D:\warthunder\win64\aces.exe] => (Allow) D:\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment) FirewallRules: [TCP Query User{274AAC95-50BD-4624-B599-B71EEB35A8A7}C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.105\opera.exe] => (Allow) C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.105\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [UDP Query User{FC89AC53-37AC-4BD8-81B7-758B086EF45B}C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.105\opera.exe] => (Allow) C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.105\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [TCP Query User{A576EF73-AD48-4E4E-97B2-E9D70B423D12}D:\wargaming\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\wargaming\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{DA2F2EB4-57B4-4060-A3BC-E2AD4B086DF2}D:\wargaming\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\wargaming\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{216F1798-E19F-442A-8FE5-897770FC9012}] => (Allow) C:\Users\Mateusz\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{453761E1-FCD6-4F75-B991-F1DB0F56C53F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{38D9456E-4317-4E88-8E03-1C46F4148EC5}C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.130\opera.exe] => (Allow) C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.130\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [UDP Query User{9CF78CAE-F922-4244-AD0F-2907BE77C455}C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.130\opera.exe] => (Allow) C:\users\mateusz\appdata\local\programs\opera gx\67.0.3575.130\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{8EE161F6-4D50-430C-8E7C-ABFB8B830EB9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{88C85A00-F9D3-4781-A7F1-EDAAE1AEC0B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B6EC5BC9-9C5B-4E29-9C6C-8E396E3E8088}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{42C5B93E-0F4F-409A-82F5-17151E9CC68A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{9089A97D-2D88-49E4-A447-30977FC9C516}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{8E419571-2538-4628-82D8-6BE1910CBD33}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{B3BF4A44-6411-47CC-8410-5E7BEEC20F9A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{6D3AA9FF-0B67-4C5D-A650-02D788839652}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{7027DC74-C4A2-449A-B2C5-4D65B840EE5E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Punkty Przywracania systemu ========================= UWAGA: Przywracanie systemu jest wyłączone (Total:110.64 GB) (Free:28.29 GB) (26%) ==================== Wadliwe urządzenia w Menedżerze urządzeń ============ ==================== Błędy w Dzienniku zdarzeń: ======================== Dziennik Aplikacja: ================== Error: (05/04/2020 03:46:07 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (5328,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/04/2020 03:19:47 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (6924,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/04/2020 02:20:12 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (1120,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/04/2020 02:06:32 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (8280,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/04/2020 01:52:38 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (9476,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/04/2020 01:39:16 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (4852,R,98) TILEREPOSITORYS-1-5-18: Wystąpił błąd -1023 (0xfffffc01) podczas otwierania pliku dziennika C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/04/2020 01:30:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (05/04/2020 01:30:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Dziennik System: ============= Error: (05/04/2020 01:28:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa VMware Workstation Server niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (05/04/2020 12:45:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Spybot Security Center Integration Service z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (05/04/2020 12:45:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Spybot Security Center Integration Service z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (05/04/2020 11:32:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Error: (05/04/2020 11:32:43 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Mateusz\AppData\Local\Temp\ehdrv.sys Error: (05/04/2020 11:32:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Error: (05/04/2020 11:32:43 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Mateusz\AppData\Local\Temp\ehdrv.sys Error: (05/04/2020 11:32:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Windows Defender: =================================== Date: 2020-05-04 10:57:36.483 Description: Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0 Nazwa: Virus:Win32/Neshta.A Identyfikator: 2147575939 Ważność: Poważny Kategoria: Wirus Ścieżka: file:_D:\obs-studio\obs-plugins\64bit\obs-browser-page.exe Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: DESKTOP-JLSG7MF\Mateusz Nazwa procesu: C:\Users\Mateusz\AppData\Local\Temp\34EF5B60-710B4F12-798D8C06-90EF0EE4\6Hmq1jYSKdQ58.exe Wersja analizy zabezpieczeń: AV: 1.313.2838.0, AS: 1.313.2838.0, NIS: 1.313.2838.0 Wersja aparatu: AM: 1.1.16900.4, NIS: 1.1.16900.4 Date: 2020-05-04 10:57:22.095 Description: Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0 Nazwa: Virus:Win32/Neshta.A Identyfikator: 2147575939 Ważność: Poważny Kategoria: Wirus Ścieżka: file:_D:\obs-studio\data\obs-plugins\win-ivcam\seg_service.exe Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: DESKTOP-JLSG7MF\Mateusz Nazwa procesu: C:\Users\Mateusz\AppData\Local\Temp\34EF5B60-710B4F12-798D8C06-90EF0EE4\6Hmq1jYSKdQ58.exe Wersja analizy zabezpieczeń: AV: 1.313.2838.0, AS: 1.313.2838.0, NIS: 1.313.2838.0 Wersja aparatu: AM: 1.1.16900.4, NIS: 1.1.16900.4 Date: 2020-05-04 10:57:18.274 Description: Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0 Nazwa: Virus:Win32/Neshta.A Identyfikator: 2147575939 Ważność: Poważny Kategoria: Wirus Ścieżka: file:_D:\obs-studio\data\obs-plugins\win-capture\inject-helper64.exe Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: DESKTOP-JLSG7MF\Mateusz Nazwa procesu: C:\Users\Mateusz\AppData\Local\Temp\34EF5B60-710B4F12-798D8C06-90EF0EE4\6Hmq1jYSKdQ58.exe Wersja analizy zabezpieczeń: AV: 1.313.2838.0, AS: 1.313.2838.0, NIS: 1.313.2838.0 Wersja aparatu: AM: 1.1.16900.4, NIS: 1.1.16900.4 Date: 2020-05-04 10:57:18.147 Description: Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0 Nazwa: Virus:Win32/Neshta.A Identyfikator: 2147575939 Ważność: Poważny Kategoria: Wirus Ścieżka: file:_D:\obs-studio\data\obs-plugins\win-capture\inject-helper32.exe Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: DESKTOP-JLSG7MF\Mateusz Nazwa procesu: C:\Users\Mateusz\AppData\Local\Temp\34EF5B60-710B4F12-798D8C06-90EF0EE4\6Hmq1jYSKdQ58.exe Wersja analizy zabezpieczeń: AV: 1.313.2838.0, AS: 1.313.2838.0, NIS: 1.313.2838.0 Wersja aparatu: AM: 1.1.16900.4, NIS: 1.1.16900.4 Date: 2020-05-04 10:57:10.817 Description: Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0 Nazwa: Virus:Win32/Neshta.A Identyfikator: 2147575939 Ważność: Poważny Kategoria: Wirus Ścieżka: file:_D:\obs-studio\data\obs-plugins\obs-ffmpeg\ffmpeg-mux64.exe Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: DESKTOP-JLSG7MF\Mateusz Nazwa procesu: C:\Users\Mateusz\AppData\Local\Temp\34EF5B60-710B4F12-798D8C06-90EF0EE4\6Hmq1jYSKdQ58.exe Wersja analizy zabezpieczeń: AV: 1.313.2838.0, AS: 1.313.2838.0, NIS: 1.313.2838.0 Wersja aparatu: AM: 1.1.16900.4, NIS: 1.1.16900.4 CodeIntegrity: =================================== Date: 2020-05-04 12:45:28.932 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-04 12:45:19.388 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-02 22:15:17.468 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-05-02 22:15:17.342 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-05-02 22:15:17.150 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-05-02 22:15:12.036 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-05-02 22:12:33.513 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-02 22:12:33.487 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements. ==================== Statystyki pamięci =========================== BIOS: American Megatrends Inc. F4 11/09/2017 Płyta główna: Gigabyte Technology Co., Ltd. Z370M D3H-CF Procesor: Intel(R) Core(TM) i3-8100 CPU @ 3.60GHz Procent pamięci w użyciu: 63% Całkowita pamięć fizyczna: 8143.61 MB Dostępna pamięć fizyczna: 2941.72 MB Całkowita pamięć wirtualna: 13007.61 MB Dostępna pamięć wirtualna: 6001.77 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:110.64 GB) (Free:28.22 GB) NTFS Drive d: (Dysk lokalny) (Fixed) (Total:465.76 GB) (Free:125.92 GB) NTFS \\?\Volume{721befa5-8f09-4173-b701-e006c103182d}\ (Odzyskiwanie) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS \\?\Volume{fb9fe135-930b-42fc-9e60-61d90c620e36}\ () (Fixed) (Total:0.54 GB) (Free:0.08 GB) NTFS \\?\Volume{ca687e66-f91a-4276-9fc0-472465373a3b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Tablica partycji ==================== ========================================================== Disk: 0 (Size: 111.8 GB) (Disk ID: 2B9A19AE) Partition: GPT. ========================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: 97BE5B6A) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt =======================