Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 16.05.2018 01 Uruchomiony przez niszcz.l (02-06-2018 01:12:01) Uruchomiony z C:\Users\niszcz.l\Downloads Windows 10 Pro Wersja 1709 16299.431 (X64) (2018-01-30 02:01:42) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Gość (S-1-5-21-255058665-3609128136-1959173477-501 - Limited - Disabled) Konto domyślne (S-1-5-21-255058665-3609128136-1959173477-503 - Limited - Disabled) localadmin (S-1-5-21-255058665-3609128136-1959173477-500 - Administrator - Enabled) => C:\Users\Administrator WDAGUtilityAccount (S-1-5-21-255058665-3609128136-1959173477-504 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {1E5CB925-ABFC-68A9-91DC-4258BDE6C44A} AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {A53D58C1-8DC6-6727-AB6C-792AC6618EF7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Trend Micro Personal Firewall (Enabled) {26673800-E193-69F1-BA83-EB6D43358331} FW: Trend Micro Vulnerability Protection 2.0 (Disabled) {5C6327B2-870D-213A-D27B-ED9F8154869C} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden 7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov) Active Directory Authentication Library for SQL Server (HKLM\...\{F2E12419-477D-44F1-8B51-18FD9CA1FCB3}) (Version: 14.0.500.272 - Microsoft Corporation) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated) Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated) Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated) Advanced IP Scanner 2.5 (HKLM-x32\...\{6ABB4DB7-5E8F-4F7A-AAF2-C7B4337B7161}) (Version: 2.5.3233 - Famatech) AGFA IMPAX Client 6.6.1.5003 (HKLM-x32\...\{0CBAB973-17B9-44BA-993B-BBFAF3D88C55}) (Version: 6.6.1.5003 - Agfa) Ashampoo Burning Studio FREE (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG) Autodesk DWG TrueView 2019 - English (HKLM\...\DWG TrueView 2019 - English) (Version: 23.0.46.0 - Autodesk) Championship Manager 01-02 (HKLM-x32\...\Championship Manager 01-02) (Version: - ) Creative Live! Cam Chat HD (VF0700) (1.00.06.00) (HKLM\...\Creative VF0700) (Version: - Creative Technology Ltd.) DBeaver Community 4.3.3.1 (only current user) (HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\DBeaver) (Version: 4.3.3.1 - Rider Soft LTD) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.2207.101.108 - ALPS ELECTRIC CO., LTD.) Dell WLAN Radio Switch Driver (HKLM\...\Dell WLAN Radio Switch Driver) (Version: 1.0.0.8 - Dell Inc) Device Tool (HKLM-x32\...\{B6F33085-D86F-44E6-BA4C-170439977471}) (Version: 4.5.5.1 - Planmeca) DicomBrowser (HKLM-x32\...\{9B238A17-0B30-48C6-A34C-61948687BC2C}) (Version: 1.5.2 - Neuroinformatics Research Group) Didapikit (HKLM-x32\...\{47171276-3CB3-462F-8754-4AB324B49703}) (Version: 5.7.0.2 - Planmeca) DWG TrueView 2019 - English (HKLM\...\{28B89EEF-2028-0409-0100-CF3F3A09B77D}) (Version: 23.0.46.0 - Autodesk) Hidden FortiClient (HKLM\...\{D31863C4-DE3E-4430-92F6-9BC6B296E9BF}) (Version: 5.6.0.1075 - Fortinet Inc) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.62 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Goverlan Reach Console 9 (HKLM\...\{3735E702-573C-4758-A2C5-FFB93776936D}) (Version: 9.01.19 - Goverlan, Inc.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation) Internet Manager (HKLM-x32\...\DT_Group KEY40 Internet Manager_is1) (Version: 02.00.12 - Alcatel) IRIS 3.2.3 (HKLM-x32\...\IRIS_is1) (Version: 3.2.3 - medi.com Sp. z o.o.) Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation) Local Administrator Password Solution (HKLM\...\{EA8CB806-C109-4700-96B4-F1F268E5036C}) (Version: 6.2.0.0 - Microsoft Corporation) MAXIMA (HKLM-x32\...\{AF488F41-CD40-4F01-A233-4D949B13AEA4}) (Version: 4.00.20 - medsoft) Medsoft (HKLM-x32\...\{E787AC49-4DCD-4049-A60D-4709E740AE0B}) (Version: 4.0.4 - Medsoft) Hidden Medsoft (HKLM-x32\...\Medsoft 4.0.4) (Version: 4.0.4 - Medsoft) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation) Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{E0079BB5-8B43-44ED-A60E-9C83B790452E}) (Version: 14.0.500.272 - Microsoft Corporation) Microsoft Office 2016 dla Użytkowników Domowych i Małych Firm - pl-pl (HKLM\...\HomeBusinessRetail - pl-pl) (Version: 16.0.9330.2087 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2017 T-SQL Language Service CTP2.1 (HKLM\...\{04E703B1-6105-4E9A-8646-4C1B2B963C1E}) (Version: 14.0.17119.0 - Microsoft Corporation) Microsoft SQL Server vNext Policies CTP2.0 (HKLM-x32\...\{15336D0F-F892-4782-BDCF-D360D2DB4C1C}) (Version: 14.0.500.272 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{DD517B18-E51F-4194-BE5A-5B89382001DD}) (Version: 14.0.3691.3 - Microsoft Corporation) Microsoft SQL Server Management Studio - 17.1 (HKLM-x32\...\{b636c6f4-2183-4b76-b5a0-c8d6422df9f4}) (Version: 14.0.17119.0 - Microsoft Corporation) Microsoft SQL Server vNext CTP2.0 (HKLM-x32\...\Microsoft SQL Server SQLvNextCTP2.0) (Version: - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP2.0 (HKLM\...\{70144BEA-6000-41ED-8DD0-BCC8FF2258D4}) (Version: 14.0.500.272 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{FD9D64F4-CAF5-3D23-845A-B843C78CC1A5}) (Version: 10.0.60830 - Microsoft Corporation) Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation) Morgan JPEG2000 Plug-in V1 (HKLM-x32\...\MMJP2KAX) (Version: - ) Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla) MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MySQL Server 5.5 (HKLM\...\{277D0D5F-7086-4D20-BE4C-5202DC887112}) (Version: 5.5.15 - Oracle Corporation) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.4.2 - Notepad++ Team) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0415-0000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden PuTTY release 0.69 (64-bit) (HKLM\...\{5FE84905-DAF1-4319-82B2-D60BCA095BCE}) (Version: 0.69.0.0 - Simon Tatham) Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6111 - Realtek Semiconductor Corp.) Remote Desktop Connection Manager (HKLM-x32\...\{0240359E-6A4C-4884-9E94-B397A02D893C}) (Version: 2.7.14060 - Microsoft Corporation) Romexis (HKLM-x32\...\{B77EAE13-6B8D-477C-93F1-9C9A9ABA4355}) (Version: 4.6.2.4 - Planmeca) Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden Skype dla firm Basic 2016 - pl-pl (HKLM\...\SkypeforBusinessEntryRetail - pl-pl) (Version: 16.0.9330.2087 - Microsoft Corporation) SQL Server 2017 CTP2.1 Integration Services Scale Out Management Portal (HKLM\...\{6041B0C3-CCD5-44DB-B7B5-BE345C145814}) (Version: 14.0.600.259 - Microsoft Corporation) Hidden SQL Server 2017 CTP2.1 Integration Services Scale Out Management Portal (HKLM\...\{E8ADAA92-92B0-4E45-8E1C-8B2B77748538}) (Version: 14.0.600.259 - Microsoft Corporation) Hidden SQL Server Management Studio (HKLM\...\{CC4F832C-7AEC-4BE5-8867-B5CBE2C766A7}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden SQL Server Management Studio (HKLM\...\{CD29C330-B9F9-4422-B277-925D943D6C81}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden SQL Server Management Studio for Analysis Services (HKLM\...\{C643F687-EFA3-4A07-ACB0-070629597E20}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden SQL Server Management Studio for Reporting Services (HKLM\...\{133819D0-8361-49D0-B5BE-84A12C02168B}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 Batch Parser (HKLM\...\{9F0AC388-DF97-47F0-847D-3A7F4D30D2F5}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 Client Tools Extensions (HKLM\...\{3D9B20CD-311B-45A9-B922-2CB57F9D484A}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 Client Tools Extensions (HKLM\...\{7F2D875F-B3E1-4AC4-A110-A104E2266C9D}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 Common Files (HKLM-x32\...\{09C844D7-348F-4CC8-9389-0D8855D17DAE}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 Common Files (HKLM-x32\...\{B5F6E8D7-EEB3-465B-B8E1-6D7D6DEEACB9}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 Connection Info (HKLM\...\{0A6831A7-ACA7-492D-A4E4-14E934378D9E}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 Connection Info (HKLM\...\{4AC839FD-ED10-4B42-B090-9F9C23EB0F04}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 DMF (HKLM\...\{CA4646C1-FDFF-4A39-A5C3-A20330EB6475}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 DMF (HKLM\...\{F1E7459D-D086-45BD-8A7B-395667330BB6}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 Management Studio Extensions (HKLM-x32\...\{83712371-F0B7-431E-8A01-AD9AA2CAED7F}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 Management Studio Extensions (HKLM-x32\...\{F45F0B6D-91B1-48E8-A49E-9EB23EA9534F}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 Shared Management Objects (HKLM\...\{4CDDD06C-85A1-407B-9397-ECAF5C104842}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 Shared Management Objects (HKLM\...\{4F5E4529-ADE5-4178-A880-ABD6ED04CF22}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 Shared Management Objects Extensions (HKLM\...\{6EBE49B2-EBEF-48A3-BC79-AC4D3DF5AF0E}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 Shared Management Objects Extensions (HKLM\...\{9EDB9595-6FE8-49AB-B93D-605EF3725484}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 SQL Diagnostics (HKLM\...\{A2551258-D304-449F-B238-BC8F4F24E7D2}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 XEvent (HKLM\...\{4CF4DB38-0692-4A5B-BCE8-1667C51E8416}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SQL Server vNext CTP2.0 XEvent (HKLM\...\{97F44FDE-28D2-4434-A901-6696F5F96283}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden SSMS Post Install Tasks (HKLM\...\{6891D9C9-BB61-46AA-8B11-0EA511841DD0}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) syngo - Fonts (HKLM\...\{DCB60D18-65B7-4483-B77C-50224F08718F}) (Version: 1.0.3 - Siemens AG Healthcare Sector) syngo.via - Bootstrapper 3.0 (HKLM-x32\...\{29C9248C-2446-8138-0D9E-23C0141ED4D9}) (Version: 03.00.0000.0000 - Siemens AG Healthcare Sector) syngo.via - syngo.via Client 3.0 (HKLM-x32\...\{7AB0A2DC-CEE7-B9A9-0489-3DCBBF7229FE}) (Version: 03.00.0000.0022 - Siemens AG Healthcare Sector) TeamViewer (Siemens AG - Repack) (HKLM-x32\...\{B7509956-0EA1-419E-9D54-EA1B2D475A6F}) (Version: 4.0.1508.2601 - Siemens Healthcare GmbH) TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.1548 - TeamViewer) TeamViewer TeamConnector (Siemens AG - Repack) (HKLM-x32\...\{FA4A0387-CFD3-4996-9F6E-038A72D64064}) (Version: 4.0.1508.2601 - Siemens Healthcare GmbH) Trend Micro OfficeScan Agent (HKLM-x32\...\{9E6FC684-EB43-4E85-B092-1D0D34C1BA4A}) (Version: 12.0.4430 - Trend Micro Inc.) Hidden Trend Micro OfficeScan Agent (HKLM-x32\...\OfficeScanNT) (Version: 12.0.4430 - Trend Micro Inc.) UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.1.2 - uvnc bvba) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation) VirtualDVD 7.5.0.0 (HKLM-x32\...\VirtualDVD_is1) (Version: - ohsoft) Vivaldi (HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\Vivaldi) (Version: 1.15.1147.42 - Vivaldi) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.14766 - VMware, Inc.) VMware vSphere Client 5.0 (HKLM-x32\...\{04805AB6-F757-496A-8D56-37A0FC5FF6F3}) (Version: 5.0.0.16964 - VMware, Inc.) VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.4216 - VMware, Inc.) VMware vSphere Client 6.0 (HKLM-x32\...\{593390AC-CACE-4278-AA77-350012BF10B1}) (Version: 6.0.0.7430 - VMware, Inc.) Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.) Vulnerability Protection Agent (HKLM\...\{333E740D-AAD6-42D5-98C0-7ADCE65AA1F4}) (Version: 9.6.7690 - Trend Micro) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-1327386031-389992598-2987197556-30797_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2019 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1327386031-389992598-2987197556-30797_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2019 - English\dwgviewr.exe (Autodesk, Inc.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2018-01-30] (Autodesk, Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2018-01-30] (Autodesk) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-06-18] () ContextMenuHandlers1: [FortiClient] -> {7AE5C558-994B-40B7-8730-2DAC2B96781B} => C:\Program Files (x86)\Fortinet\FortiClient\FortiCliSh64.Dll [2017-06-15] (Fortinet Inc.) ContextMenuHandlers1: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll [2016-10-05] (Trend Micro Inc.) ContextMenuHandlers2: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll [2016-10-05] (Trend Micro Inc.) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) ContextMenuHandlers4: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll [2016-10-05] (Trend Micro Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki125177.inf_amd64_d9d520fc51d8a7f4\igfxDTCM.dll [2017-11-07] (Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) ContextMenuHandlers6: [FortiClient] -> {1935F098-AF3C-4AFC-ADA2-12C74B452DF1} => C:\Program Files (x86)\Fortinet\FortiClient\FortiCliSh64.Dll [2017-06-15] (Fortinet Inc.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {0B846C9F-D22B-464A-ADCB-FBDA372B26A9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-31] (Microsoft Corporation) Task: {2D3CF56A-B2E1-4272-BB16-FCF17ECBE042} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {361848ED-EEE3-4436-809D-8773275936B8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation) Task: {4720342D-9876-4D5A-8738-FBC6A32B186C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-09] (Adobe Systems Incorporated) Task: {6E7E3976-346E-4B44-BF81-A30D701CFAB8} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} Task: {91207697-1697-402C-B335-3C36ACE193C9} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-05-31] (Microsoft Corporation) Task: {9DBA4151-5307-42F8-BF44-036519A1B808} - System32\Tasks\S-1-5-21-1327386031-389992598-2987197556-30797\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation) Task: {A3A0B89C-5251-41DC-B681-C1299EAD2291} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-21] (Google Inc.) Task: {C3B28B9B-1C9E-4736-886C-C2E9FBF52B2C} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} Task: {CCED4CEC-8061-4307-AD88-88A1AC063E1A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-21] (Google Inc.) Task: {E78518F6-FEE1-4C53-BCC6-DE78863623A5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-31] (Microsoft Corporation) Task: {E9EA4EA3-9D6F-49AC-BE51-0D1027F65FF6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation) Task: {EEEA1487-D5FB-4913-A092-395F11F9F8D5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [2018-05-09] (Adobe Systems Incorporated) Task: {F2FDB2C9-8A45-40C4-8112-A490D4984516} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-09] (Adobe Systems Incorporated) Task: {F4D3D9C5-958E-42D4-AC86-352E0C37D41D} - System32\Tasks\Scan Lansweeper => C:\Program Files\lansweeper\lspush.exe [2018-04-18] (Lansweeper bvba) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\Users\Public\Desktop\Romexis.lnk -> C:\Program Files\Planmeca\Romexis\client\Romexis.bat () ==================== Załadowane moduły (filtrowane) ============== 2017-09-29 15:41 - 2017-09-29 15:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2018-03-15 23:31 - 2018-03-15 23:31 - 000014192 _____ () C:\Program Files (x86)\Medsoft\Aktualizacja\AktualizatorService.exe 2017-06-21 15:21 - 2017-03-03 11:09 - 000528968 _____ () C:\WINDOWS\system32\DellRctlService.exe 2017-08-08 07:45 - 2016-06-17 17:08 - 000078120 _____ () C:\Program Files\T-Mobile\InternetManager_A\IK40\BackgroundService\ServiceManager.exe 2017-08-11 11:03 - 2017-04-12 14:55 - 000100736 _____ () C:\Program Files\Goverlan Inc\GoverlanAgent\GovRMHook64.dll 2011-07-13 22:19 - 2011-07-13 22:19 - 009645568 _____ () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe 2016-09-23 18:24 - 2016-09-23 18:24 - 000816640 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\sqlite3.dll 2015-03-31 19:08 - 2015-03-31 19:08 - 000058320 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_date_time-vc110-mt-1_57.dll 2015-03-31 19:08 - 2015-03-31 19:08 - 000026408 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_system-vc110-mt-1_57.dll 2016-07-06 21:13 - 2016-07-06 21:13 - 000186664 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll 2017-12-12 09:18 - 2017-12-12 09:19 - 000948736 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.18.0_x64__8wekyb3d8bbwe\e_sqlite3.dll 2018-03-22 06:54 - 2018-03-22 06:55 - 002426040 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.18.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll 2018-03-22 06:54 - 2018-03-22 06:55 - 000381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.18.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll 2017-11-30 12:11 - 2017-11-30 12:11 - 000843672 _____ () C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.17112.0_x64__8wekyb3d8bbwe\Microsoft.Services.Store.Engagement.dll 2018-03-22 06:54 - 2018-03-22 06:55 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.18.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2017-09-29 15:41 - 2017-09-29 15:41 - 004069888 _____ () C:\Windows\System32\Windows.UI.Input.Inking.Analysis.dll 2018-03-14 14:00 - 2018-02-22 02:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2018-03-14 14:00 - 2018-02-22 02:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-05-24 17:54 - 2018-05-24 17:54 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2018-05-24 17:54 - 2018-05-24 17:54 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2018-05-24 17:54 - 2018-05-24 17:54 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2018-05-24 17:54 - 2018-05-24 17:54 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll 2017-08-08 07:45 - 2016-07-01 13:46 - 000172840 _____ () C:\Program Files\T-Mobile\InternetManager_A\IK40\BackgroundService\ModemListener.exe 2018-05-29 22:51 - 2018-05-25 22:13 - 002663768 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.62\swiftshader\libglesv2.dll 2018-05-29 22:51 - 2018-05-25 22:13 - 000128856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.62\swiftshader\libegl.dll 2015-03-31 19:09 - 2015-03-31 19:09 - 000686608 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\sqlite3.dll 2015-03-31 19:09 - 2015-03-31 19:09 - 001314920 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\libprotobuf.dll 2015-03-31 19:08 - 2015-03-31 19:08 - 000110320 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_thread-vc110-mt-1_57.dll 2015-03-31 19:08 - 2015-03-31 19:08 - 000036160 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_chrono-vc110-mt-1_57.dll 2017-08-04 15:01 - 2014-07-17 09:23 - 000081920 _____ () C:\Program Files (x86)\Common Files\CybermedLicenseManager\OD3DIMS\zlib.dll 2017-06-15 12:46 - 2017-06-15 12:46 - 000557376 _____ () C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoverlanAgent => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) HKU\S-1-5-21-1327386031-389992598-2987197556-30797\Software\Classes\.scr: DWGTrueViewScriptFile => C:\WINDOWS\system32\notepad.exe "%1" ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) IE trusted site: HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\4119/Transfer.screen? -> 4119/Transfer.screen? IE trusted site: HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\4343 -> 4343 IE trusted site: HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\alab -> hxxps://alab IE trusted site: HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\biedronka -> biedronka IE trusted site: HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\leon -> hxxps://leon IE trusted site: HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\mario -> hxxp://mario IE trusted site: HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\medlink -> hxxp://medlink IE trusted site: HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\menos -> hxxps://menos IE trusted site: HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\saito -> hxxp://saito IE trusted site: HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\sharepoint.com -> hxxps://enelmed1-files.sharepoint.com IE trusted site: HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\sopot -> hxxps://sopot IE trusted site: HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\wario -> hxxp://wario IE trusted site: HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\webapps -> hxxp://webapps ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2017-08-04 13:59 - 2017-08-09 11:14 - 000000846 _____ C:\WINDOWS\system32\Drivers\etc\hosts 10.10.10.226 impaxdb2 ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-1327386031-389992598-2987197556-30797\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg DNS Servers: 192.168.8.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\Services: DSASvc => 3 MSCONFIG\Services: ds_agent => 2 MSCONFIG\Services: ntrtscan => 2 MSCONFIG\Services: OCS Inventory Service => 2 MSCONFIG\Services: TMBMServer => 3 MSCONFIG\Services: tmccsf => 3 MSCONFIG\Services: tmlisten => 2 MSCONFIG\Services: TmPfw => 3 MSCONFIG\Services: uvnc_service => 2 HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "VP Visibility" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\StartupApproved\StartupFolder: => "Internet.lnk" HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\StartupApproved\StartupFolder: => "yammer.bat" HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\StartupApproved\Run: => "Lync" HKU\S-1-5-21-1327386031-389992598-2987197556-30797\...\StartupApproved\Run: => "VirtualDVD" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{21BB2E7E-72A1-41B3-BCD0-F593514CE2F4}] => (Allow) C:\Program Files (x86)\Siemens\syngo.via\cRSPTeamViewer\TeamViewer\TeamViewer.exe FirewallRules: [{249D7894-474D-4CB7-956B-B363BAFEAA59}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{5BDF9A01-D529-4B6A-8D70-F4BCE36C640F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{25E8FDCF-8781-45FB-AAB7-3CE7AF09EFD5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D1A2A239-BCF0-4DC2-B9CC-F52C38EA29F3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E1D0EE5C-003A-4DA9-BA43-E814432F0AC9}] => (Allow) LPort=22000 FirewallRules: [{C4C1BCD3-D004-4F9F-84CD-E6948FA9C4CF}] => (Allow) LPort=22000 FirewallRules: [{AD111FA2-4C44-42AF-B2D6-1BF95D1A24B8}] => (Allow) C:\Program Files\Trend Micro\Vulnerability Protection Agent\dsa.exe FirewallRules: [{6A1B7999-06CC-4738-B2BC-7DAB4F89E950}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe FirewallRules: [{53F88877-5BC8-4913-B79E-CBE5CF213260}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe FirewallRules: [{8772A6D2-BFF7-4B15-BE0A-D6A0CF5E16DB}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe FirewallRules: [{1EBB1EC0-6F19-40F8-9164-373BD3AE052A}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe FirewallRules: [{6EC7CE1E-752B-4769-8C00-FC0C6ED8DFC5}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe FirewallRules: [{4A2A2015-1994-4682-BBD7-D68AAFFFD21B}] => (Allow) LPort=3306 FirewallRules: [{B131AD9B-D16F-46F0-9CCE-3FB294E5A49F}] => (Allow) C:\Program Files (x86)\Siemens\syngo.via\bin\UltraVNC1076_RTC\winvnc.exe FirewallRules: [{E12B0F81-ED39-4114-8308-006C4DE2730F}] => (Allow) LPort=5903 FirewallRules: [{7E723516-B04F-4623-AF4E-9BE0FCCA23F5}] => (Allow) C:\Program Files (x86)\Siemens\syngo.via\bin\syngo.Common.Container.exe FirewallRules: [{65E5F79B-6B6C-48A5-8518-1D3A35A9021C}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe FirewallRules: [{3E383B9C-A521-4CCF-BC25-EC23423EA3C6}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe FirewallRules: [{8298BA5E-54CD-4B36-8DA5-42CCB62A46BF}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe FirewallRules: [{C2579BA4-8433-4C25-80BE-D4236A1E9C42}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe FirewallRules: [{6C47F51A-077B-457B-9011-6DEAA5AB1A06}] => (Allow) LPort=5800 FirewallRules: [{5FB71990-3B70-4B41-A7EC-CEA5750B880B}] => (Allow) LPort=5900 FirewallRules: [{7B456D47-6013-4DA1-909E-1814649AE181}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{76D2DBE0-A7C6-4B81-9157-8CF2BDC792B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe FirewallRules: [{F4AF20CC-8285-45F9-8C77-D1CAA4B627CB}] => (Allow) C:\Program Files (x86)\Medicom Software\IRIS\Iris.exe FirewallRules: [{F305386E-F534-49C9-A6F5-2545B8C1E7A0}] => (Allow) C:\Program Files (x86)\Medicom Software\IRIS\Iris.exe FirewallRules: [{BC027713-E91C-415C-B49F-0AEF202BA321}] => (Allow) C:\Program Files (x86)\Medicom Software\IRIS\MedicomUDB.exe FirewallRules: [{C39C368E-7DDB-43FD-BBE0-029DD27B02AD}] => (Allow) C:\Program Files (x86)\Medicom Software\IRIS\MedicomUDB.exe FirewallRules: [{E50C2A5E-FC8F-451D-B4E6-79E66846A453}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{F572915E-6173-4287-94AA-77A76BA75016}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{8E2B1F05-AB32-40C9-83F7-D4EA39C644BF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7F4AC89F-DE93-431D-BB3F-ABE65499C51D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{65F01A51-EBB2-473E-813F-3C23D32CFC5D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{D66870C3-CF7B-40A7-A624-FE05D1DACD2A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{0DAC08B0-00A2-4C41-A5E8-F1CDDB3A4BD6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{65252EF2-2DDD-402F-ACFB-E19994F11F7F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{AA32A53C-80D0-4921-893A-5B10FB6D4284}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{5B3D123F-9FA5-41AB-A4E6-0080D3CD0D8E}] => (Allow) LPort=19384 ==================== Punkty Przywracania systemu ========================= 22-05-2018 16:31:51 Windows Update 01-06-2018 13:29:41 Zaplanowany punkt kontrolny ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Fortinet SSL VPN Virtual Ethernet Adapter Description: Fortinet SSL VPN Virtual Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Fortinet Inc. Service: ftsvnic Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (06/01/2018 11:08:27 PM) (Source: Goverlan Services) (EventID: 6549) (User: ) Description: [Goverlan Reach Server] (GCS Operator Side) Failed to send an Audit Event Registration to the Goverlan Reach Server: goverlan.enel.lokalna. Nieprawidłowy adres IP. Error: (06/01/2018 11:04:43 PM) (Source: Goverlan Services) (EventID: 6549) (User: ) Description: [Goverlan Reach Server] (GCS Operator Side) Failed to send an Audit Event Registration to the Goverlan Reach Server: goverlan.enel.lokalna. Nieprawidłowy adres IP. Error: (06/01/2018 04:59:31 PM) (Source: Goverlan Services) (EventID: 6549) (User: ) Description: [Goverlan Reach Server] (GCS Operator Side) Failed to send an Audit Event Registration to the Goverlan Reach Server: goverlan.enel.lokalna. Nieprawidłowy adres IP. Error: (06/01/2018 04:59:28 PM) (Source: Goverlan Services) (EventID: 6549) (User: ) Description: [Goverlan Reach Server] (GCS Operator Side) Failed to send an Audit Event Registration to the Goverlan Reach Server: goverlan.enel.lokalna. Nieprawidłowy adres IP. Error: (06/01/2018 09:53:40 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: Nie powiodło się wykonanie procedury otwierania dla usługi „WmiApRpl” w bibliotece DLL „C:\WINDOWS\system32\wbem\wmiaprpl.dll”. Dane wydajności dla tej usługi nie będą dostępne. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu. Error: (06/01/2018 09:53:40 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Nie można otworzyć obiektu wydajności usługi Server. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod stanu. Error: (06/01/2018 09:53:40 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: Nie powiodło się wykonanie procedury otwierania dla usługi „MSDTC” w bibliotece DLL „C:\WINDOWS\system32\msdtcuiu.DLL”. Dane wydajności dla tej usługi nie będą dostępne. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu. Error: (06/01/2018 09:53:40 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: Nie powiodło się wykonanie procedury otwierania dla usługi „Lsa” w bibliotece DLL „C:\Windows\System32\Secur32.dll”. Dane wydajności dla tej usługi nie będą dostępne. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu. Dziennik System: ============= Error: (06/02/2018 01:08:47 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (06/02/2018 12:54:24 AM) (Source: DCOM) (EventID: 10016) (User: ENEL) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ENEL\niszcz.l o identyfikatorze zabezpieczeń SID (S-1-5-21-1327386031-389992598-2987197556-30797) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (06/02/2018 12:53:50 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: Nastąpił ponowny rozruch komputera po operacji wykrywania błędów. Wyniki tej operacji były następujące: 0x0000001a (0x0000000000000411, 0xffff82bffc20b7f8, 0x00000001b86a2880, 0xffff8280002f5710). Zrzut zapisano w: C:\WINDOWS\MEMORY.DMP. Identyfikator raportu: 27a5d347-c721-4c74-a448-cee58fbf4d3b. Error: (06/02/2018 12:53:46 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} i identyfikatorem aplikacji APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (06/02/2018 12:53:46 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} i identyfikatorem aplikacji APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (06/02/2018 12:53:46 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} i identyfikatorem aplikacji APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (06/02/2018 12:53:46 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} i identyfikatorem aplikacji APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (06/02/2018 12:53:46 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ENEL) Description: Przetwarzanie zasad grupy nie powiodło się z powodu braku łączności sieciowej z kontrolerem domeny. To może być stan przejściowy. Po połączeniu komputera z kontrolerem domeny i pomyślnym przetworzeniu zasad grupy powinien zostać wygenerowany komunikat o powodzeniu. Jeśli komunikat o powodzeniu nie zostanie wyświetlony w ciągu kilku godzin, skontaktuj się z administratorem. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz Procent pamięci w użyciu: 52% Całkowita pamięć fizyczna: 8075.02 MB Dostępna pamięć fizyczna: 3813.84 MB Całkowita pamięć wirtualna: 10763.02 MB Dostępna pamięć wirtualna: 6140.42 MB ==================== Dyski ================================ Drive c: (Dysk lokalny) (Fixed) (Total:229.95 GB) (Free:126.22 GB) NTFS \\?\Volume{fbeb8f99-e1c3-49d9-96c4-fbb42c248372}\ (BOOT) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32 \\?\Volume{3531af40-214b-4c1a-a93b-fc85bb8c9902}\ (Recovery) (Fixed) (Total:2.32 GB) (Free:1.92 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 4F7C09E8) Partition: GPT. ==================== Koniec Addition.txt ============================