Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 10.10.2018 Uruchomiony przez Krimson (20-10-2018 09:03:04) Uruchomiony z C:\Users\Krimson\Downloads Windows 10 Home Wersja 1803 17134.345 (X64) (2018-07-15 06:44:06) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-3448856263-453567600-2254816024-500 - Administrator - Disabled) Gość (S-1-5-21-3448856263-453567600-2254816024-501 - Limited - Disabled) Konto domyślne (S-1-5-21-3448856263-453567600-2254816024-503 - Limited - Disabled) Krimson (S-1-5-21-3448856263-453567600-2254816024-1001 - Administrator - Enabled) => C:\Users\Krimson WDAGUtilityAccount (S-1-5-21-3448856263-453567600-2254816024-504 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 10.0.0.1167 - 360 Security Center) Ace Stream Media 3.1.16 (HKU\S-1-5-21-3448856263-453567600-2254816024-1001\...\AceStream) (Version: 3.1.16 - Ace Stream Media) <==== UWAGA Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated) Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated) Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.242 - Amazon) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.) ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS) AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.91 - ICEpower a/s) Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.) Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.) e-Deklaracje Desktop (HKLM-x32\...\{DF37F034-1762-10B8-4727-A1F5CB72E7AB}) (Version: 10.0.1 - Ministerstwo Finansow) Hidden e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 10.0.1 - Ministerstwo Finansow) EGR-ShellExtension (HKLM-x32\...\EGR-ShellExtension) (Version: 1.2.1.100 - EasternGraphics) Endless Space 2 Untold Tales (HKLM-x32\...\Endless Space 2 Untold Tales_is1) (Version: - ) Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.) Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Gaming Assistant (HKLM-x32\...\{C27B0A7C-BD18-46EF-984A-CCD2799F4CD4}) (Version: 1.0.2 - ASUS) Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation) Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare) Malwarebytes (wersja 3.6.1.2711) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3448856263-453567600-2254816024-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 62.0.3 (x64 pl) (HKLM\...\Mozilla Firefox 62.0.3 (x64 pl)) (Version: 62.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.3.6848 - Mozilla) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Pakiet sterowników systemu Windows - ASUS (ATP) Mouse (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS) Pakiet sterowników systemu Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.) Panel sterowania NVIDIA 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 378.66 - NVIDIA Corporation) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.12.11 - NVIDIA Corporation) Hidden SopCast 4.0.0 (HKLM-x32\...\SopCast) (Version: 4.0.0 - www.sopcast.com) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Update for Skype for Business 2016 (KB4092445) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1D3EBE92-8BB5-4F75-B272-4AE736882A7D}) (Version: - Microsoft) Update for Skype for Business 2016 (KB4092445) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1D3EBE92-8BB5-4F75-B272-4AE736882A7D}) (Version: - Microsoft) Update for Skype for Business 2016 (KB4092445) 64-Bit Edition (HKLM\...\{90160000-012B-0415-1000-0000000FF1CE}_Office16.PROPLUS_{1D3EBE92-8BB5-4F75-B272-4AE736882A7D}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{8CFAB044-7D2E-4655-B86D-99932E988980}) (Version: 2.45.0.0 - Microsoft Corporation) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1-2) (Version: 1.0.11.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1-3) (Version: 1.0.11.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1-4) (Version: 1.0.11.1 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.2.524 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS) WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4947 - Kingsoft Corp.) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-3448856263-453567600-2254816024-1001_Classes\CLSID\{DEDBE4C9-9E87-40C5-B437-9AAB7EB9C667}\InprocServer32 -> C:\Program Files (x86)\EasternGraphics\EGR-ShellExtension\Win64\egr_se.dll (EasternGraphics) ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ContextMenuHandlers1: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-07-25] () ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal) ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2018-04-12] (Microsoft Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers3: [STKContextMenu] -> {90DD7445-E924-4c6e-92AC-01F8C3A7E0C7} => C:\Program Files (x86)\Amazon\SendToKindle\stkContextMenu_242.dll [2015-12-31] (Amazon.com, Inc.) ContextMenuHandlers4: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-07-25] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-02-10] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers6: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-07-25] () ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {09DA8D30-C93F-4D3F-BAD9-2643CE0B9BFB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe [2016-06-25] (Adobe Systems Incorporated) Task: {210D83F8-A4AF-457E-86CF-DDF99F9B50F7} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] () Task: {24071980-9A54-482A-9045-E5FB4755A86A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Krimson\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {3C82E41B-3014-48B8-B45D-1777039F4BB1} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-07-30] (Realtek Semiconductor) Task: {4322CDB5-16FD-4292-BAF6-9B657B2237CE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek) Task: {46BE671B-0FF1-457D-92C8-9396979720D2} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe Task: {47F1A4CB-661D-4BB0-A8B2-AF27D16F8B6D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-06-09] (ASUS) Task: {61657D05-CD4D-48CB-817E-BB4BE272B96A} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.) Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] () Task: {900B15FF-B454-4CDD-BA36-2B3C19094971} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation) Task: {96FFA33A-0B07-4354-9E22-D4B7FF4EF3E7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2018-10-09] (Microsoft Corporation) Task: {975A1E26-6895-4C37-B622-F696873D5D01} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe [2015-07-20] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {A93DF782-BB42-44F5-A6CB-955A172B38A9} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-30] (Realtek Semiconductor) Task: {B4513C08-9A08-4963-ACD2-04610B7E9FCD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {C87FA6A3-6325-491D-9C40-BAF55A4DF1FF} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.) Task: {CE273754-CE67-4495-A5AF-3B783BE5DDA9} - System32\Tasks\adobe flash player updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-18] (Adobe Systems Incorporated) Task: {D1D00C77-B050-491A-B0A8-5BA12586085E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] () Task: {D49F4AE0-DDD0-4091-A359-672FA9617967} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe [2015-07-20] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {DC9882C3-6A8D-4AE7-BAD5-6D461BDC9290} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {DCFCB410-3D68-4EFA-B1DB-190DBD55C43F} - System32\Tasks\adobe acrobat update task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated) Task: {F55AF2A6-9136-4C67-9CD7-CA1C10E42EAD} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] () Task: {F84C0D13-B3C9-4C0E-BFE1-531BBD250C33} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate] Task: {FC01E369-8FD0-4456-9A98-83DD8F84E7B1} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.) Task: {FD1E1050-3D07-4993-99B6-B71BCB61B5AD} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.) Task: {FEA08683-85A7-48D1-8484-ADCF7A123144} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] () (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\Users\Krimson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\firеfох.ехе — skrót.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <==== Cyrillic ==================== Załadowane moduły (filtrowane) ============== 2018-10-04 21:25 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2017-05-17 06:18 - 2017-02-10 00:57 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2018-10-09 20:58 - 2018-09-20 05:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-10-10 06:02 - 2018-10-10 06:02 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll 2018-10-06 08:43 - 2018-10-06 08:43 - 000066048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll 2018-10-06 08:43 - 2018-10-06 08:43 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll 2015-05-29 17:10 - 2015-05-29 17:10 - 000505200 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe 2015-06-09 21:25 - 2015-06-09 21:25 - 000035376 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2015-06-09 21:25 - 2015-06-09 21:25 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2015-09-02 11:31 - 2015-07-24 06:22 - 000011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-12-30 17:32 - 2018-07-25 13:40 - 000567904 _____ () C:\Program Files (x86)\360\Total Security\safemon\wdui2.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2015-07-10 13:04 - 2015-07-10 13:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-3448856263-453567600-2254816024-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == Załączenie wejścia w fixlist spowoduje jego usunięcie. HKLM\...\StartupApproved\Run32: => "WebStorage" HKU\S-1-5-21-3448856263-453567600-2254816024-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3448856263-453567600-2254816024-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3448856263-453567600-2254816024-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3448856263-453567600-2254816024-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{5E80AA49-BBB7-4F4B-A7A3-2D4B592A22CC}] => (Allow) C:\Windows\KMS-R@1n.exe FirewallRules: [{6A8B5C98-31FE-4A30-A788-950A6D15AF78}] => (Allow) C:\Windows\KMS-R@1n.exe FirewallRules: [{2A377F6B-0A54-41B6-A261-FE5F29B9AB5B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{CC833D5F-FA65-4E80-B57B-EFA45453568D}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{9EB3E98C-4729-42AD-9F96-3BC1DAF945C0}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{60725C1E-C191-47C5-AC48-2347AD062367}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{68590097-1B08-4A94-85E4-519CA638B712}] => (Allow) C:\Users\Krimson\AppData\Roaming\ACEStream\engine\ace_engine.exe FirewallRules: [{A6FFC639-547F-4DD1-B651-5CBC26E6EE09}] => (Allow) C:\Users\Krimson\AppData\Roaming\ACEStream\engine\ace_engine.exe FirewallRules: [{1EC58886-A676-402E-8835-8AE19F3CE09A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{ADB06A83-B1B3-41F6-8169-E8676CC21F7A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [UDP Query User{B763B732-58D8-4D05-8BFF-A7B8104A8970}D:\gry\far cry 4\bin\farcry4.exe] => (Allow) D:\gry\far cry 4\bin\farcry4.exe FirewallRules: [TCP Query User{7328D73D-044A-4140-9E54-E6CB56047D37}D:\gry\far cry 4\bin\farcry4.exe] => (Allow) D:\gry\far cry 4\bin\farcry4.exe FirewallRules: [UDP Query User{66CB06DD-BF5C-4A1B-9D69-CE1D7402EF91}D:\gry\alien isolation\ai.exe] => (Allow) D:\gry\alien isolation\ai.exe FirewallRules: [TCP Query User{6DF2F75B-EAAF-4216-BCA3-7EC38CDBAB5A}D:\gry\alien isolation\ai.exe] => (Allow) D:\gry\alien isolation\ai.exe FirewallRules: [UDP Query User{2C9A2B9A-69B2-45A7-9BDA-6C126C76FA31}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [TCP Query User{4B59F68A-B7C0-4E9C-B9F4-47226C6CA780}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [{CD267631-7070-4C19-B2BD-96EB73EF52DC}] => (Allow) D:\Gry\Life Is Strange\steam_api64.exe FirewallRules: [{D16D9E01-9740-462A-A5E8-18F3E975C9AB}] => (Allow) D:\Gry\Life Is Strange\steam_api64.exe FirewallRules: [UDP Query User{4FF03373-1EA2-42A1-A25C-D60528A4DF20}D:\gry\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\gry\dishonored\binaries\win32\dishonored.exe FirewallRules: [TCP Query User{2F3FDBC3-384F-4212-9526-DD5AABA98894}D:\gry\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\gry\dishonored\binaries\win32\dishonored.exe FirewallRules: [{DEBEB747-7DD5-4778-A2BD-39FAFF79B195}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{7E9733CE-3956-4863-A0F7-588D8D91E0A4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{62F5DC99-3322-42D8-9CBE-A90316ABB725}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E18BA356-7276-454A-AB5C-B5F162974A4C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{207B62C9-B0C4-4E1E-B5AB-2433ED0B64B1}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{5089A1ED-553E-43BE-AECA-1A50B26B7372}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [UDP Query User{02FC3ADD-1700-4659-AFAF-300A9D86D2DD}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe FirewallRules: [TCP Query User{EFD3469A-D7B0-41BC-84A5-502EDBE28D61}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe FirewallRules: [{90F3BF7F-80DD-4614-9A2A-C94BE97C7F3B}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe FirewallRules: [{E928291E-ADDD-4ADE-84D7-5566FA5CD711}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe FirewallRules: [{E5FC0639-F689-4671-952D-42443C61E782}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0C220DB8-DBA9-4825-8634-C105BFBFD851}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{059BE7B1-F90C-4746-B01D-8F0DB395E858}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{1E94C964-DBCC-496A-98D1-B8DDE5EE592D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{17E02B6E-6010-41A8-8BCA-F54F7103676D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{C847888F-929D-47C3-ADED-A78FE60C4C43}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{FEC80E2F-EBFD-47CE-AF83-C13B4442B396}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{70BD69A4-03F4-4016-A6F8-EC4DF46B4CE2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{5EA515C2-EE63-4432-9120-92AE40930671}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [TCP Query User{C53AF783-9043-454A-B7D4-B09529033AA7}D:\gry\xcom enemy unknown complete edition\binaries\win32\xcomgame.exe] => (Allow) D:\gry\xcom enemy unknown complete edition\binaries\win32\xcomgame.exe FirewallRules: [UDP Query User{144C689D-B909-462A-AF69-27E06257ADFE}D:\gry\xcom enemy unknown complete edition\binaries\win32\xcomgame.exe] => (Allow) D:\gry\xcom enemy unknown complete edition\binaries\win32\xcomgame.exe FirewallRules: [TCP Query User{24EB2840-7430-45EC-9D4A-B47154EFD1F3}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [UDP Query User{38CDAC23-03FC-4577-9DCB-338EFA29C16C}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [{18F76425-2C17-4717-85E2-0DF78FD31246}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe FirewallRules: [{45C15D3C-1614-4ADA-912A-0244D2F8EAB4}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe FirewallRules: [TCP Query User{5DD97AF7-64B0-4A07-8502-2250552A951B}C:\users\krimson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\krimson\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{156DCD59-F034-4F79-AC21-B38EF2001F2D}C:\users\krimson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\krimson\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{7746DE43-40BC-4140-B405-D54CF5BE56D8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{F320E099-156C-4DFF-BCD2-78BD56569287}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{C1C5858D-14ED-45D0-9166-7AC5177EBDD5}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe FirewallRules: [{7F6EB090-AA36-4C63-9DA6-35F602AE30BE}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe FirewallRules: [{01EB053A-FA84-45F5-9C7D-41F84700CD0E}] => (Allow) C:\Program Files (x86)\Lightworks\lightworks.exe FirewallRules: [{C2DC06AB-125A-4258-B475-BCE7E1CFD003}] => (Allow) C:\Program Files (x86)\Lightworks\lightworks.exe FirewallRules: [{BD6F5B0B-B754-447F-8A19-CB50A4F709D7}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe FirewallRules: [{2562A4A2-A1B1-4466-B540-3E18C692230B}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe FirewallRules: [{64759D88-4750-46B3-B2B3-4863394066AF}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe FirewallRules: [{F8BF24F8-9B27-4900-867C-1B2AC4362049}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe ==================== Punkty Przywracania systemu ========================= 30-09-2018 10:19:39 Zaplanowany punkt kontrolny 07-10-2018 10:24:47 Zaplanowany punkt kontrolny 10-10-2018 18:13:35 Windows Update ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (10/20/2018 09:02:59 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (10/20/2018 08:58:06 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR DPTF Build Version: 8.1.10602.174 DPTF Build Date: Jul 23 2015 11:24:10 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] Error: (10/19/2018 11:09:58 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR FUNC: rsrc_app_start_app_in_active_user_session FILE: rsrc_app.c LINE: 328 TIME: 840254467 ms Unable to start capture program. Error = 2 Error: (10/19/2018 11:03:41 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR DPTF Build Version: 8.1.10602.174 DPTF Build Date: Jul 23 2015 11:24:10 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] Error: (10/19/2018 06:26:20 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (10/19/2018 06:22:20 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR DPTF Build Version: 8.1.10602.174 DPTF Build Date: Jul 23 2015 11:24:10 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] Error: (10/18/2018 07:16:17 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR DPTF Build Version: 8.1.10602.174 DPTF Build Date: Jul 23 2015 11:24:10 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] Error: (10/18/2018 04:39:00 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR DPTF Build Version: 8.1.10602.174 DPTF Build Date: Jul 23 2015 11:24:10 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] Dziennik System: ============= Error: (10/20/2018 09:01:49 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (10/20/2018 08:58:12 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (10/19/2018 11:15:15 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Uruchom do aplikacji serwera COM z identyfikatorem klasy CLSID Windows.SecurityCenter.WscBrokerManager i identyfikatorem aplikacji APPID Niedostępny użytkownikowi ZARZĄDZANIE NT\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (10/19/2018 11:12:31 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (10/19/2018 10:26:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-FKQ76DI) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} i identyfikatorem aplikacji APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} użytkownikowi DESKTOP-FKQ76DI\Krimson o identyfikatorze zabezpieczeń SID (S-1-5-21-3448856263-453567600-2254816024-1001) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (10/19/2018 09:56:24 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-FKQ76DI) Description: Nie można uruchomić serwera DCOM: Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy!App.AppX9s1cz53zc86xn39kwrb02jyft9ecn62r.mca jako Niedostępny/Niedostępny. Błąd: 5 Błąd wystąpił podczas uruchamiania polecenia: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca Error: (10/19/2018 06:26:16 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (10/19/2018 06:26:15 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-FKQ76DI) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} i identyfikatorem aplikacji APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} użytkownikowi DESKTOP-FKQ76DI\Krimson o identyfikatorze zabezpieczeń SID (S-1-5-21-3448856263-453567600-2254816024-1001) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Windows Defender: =================================== Date: 2018-07-15 08:48:01.445 Description: Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Nazwa: HackTool:Win32/AutoKMS Identyfikator: 2147685180 Ważność: Średni Kategoria: Narzędzie Ścieżka: file:_D:\Pobrane\Microsoft Office 2016 ProPlus VL x86x64 Multi-17 Feb 2017 {Gen2}\Extras\KMS & 7z\KMSpico 10.2.0 Final Portable\Auto.cmd Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: System Użytkownik: ZARZĄDZANIE NT\SYSTEM Nazwa procesu: Unknown Wersja podpisu: AV: 1.237.1041.0, AS: 1.237.1041.0, NIS: 1.237.1041.0 Wersja aparatu: AM: 1.1.13504.0, NIS: 1.1.13504.0 CodeIntegrity: =================================== Date: 2018-10-18 16:41:33.724 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-18 16:41:33.724 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-17 17:57:20.240 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-17 17:57:20.238 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-16 16:43:29.529 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-16 16:43:29.529 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-15 19:01:31.909 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-15 19:01:31.403 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz Procent pamięci w użyciu: 68% Całkowita pamięć fizyczna: 3998.39 MB Dostępna pamięć fizyczna: 1274.38 MB Całkowita pamięć wirtualna: 5918.39 MB Dostępna pamięć wirtualna: 3009.12 MB ==================== Dyski ================================ Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:290.3 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:195.53 GB) NTFS \\?\Volume{6ef350da-8434-49a1-a881-47e500e11a5e}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS \\?\Volume{f45b8f0a-fd29-473a-8f96-7b9c4b4bf230}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 740DEB3E) Partition: GPT. ==================== Koniec Addition.txt ============================