Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Paweł (2016-03-18 08:05:58) Running from C:\Users\Paweł\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2016-02-13 02:00:38) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1971605308-2172589426-802125545-500 - Administrator - Disabled) Guest (S-1-5-21-1971605308-2172589426-802125545-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1971605308-2172589426-802125545-1002 - Limited - Enabled) Paweł (S-1-5-21-1971605308-2172589426-802125545-1000 - Administrator - Enabled) => C:\Users\Paweł ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1971605308-2172589426-802125545-1000\...\uTorrent) (Version: 3.4.6.41845 - BitTorrent Inc.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Aktualizacje NVIDIA 2.10.2.40 (Version: 2.10.2.40 - NVIDIA Corporation) Hidden AnyBurn (HKLM-x32\...\AnyBurn) (Version: 3.1 - Power Software Ltd) DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 6.2.0.0496 - Disc Soft Ltd) Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto) Instagram Downloader version 2.5 (HKLM-x32\...\{C35B4985-52EC-48C4-8D6B-75BB4B8E82FD}_is1) (Version: 2.5 - Major Share (MajorShare.com)) Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) Malwarebytes Anti-Malware wersja 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 44.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 pl)) (Version: 44.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) NetTime (HKLM-x32\...\NetTime_is1) (Version: - Mark Griffiths) NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) NVIDIA Sterownik 3D Vision 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA Sterownik graficzny 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation) NVIDIA Sterownik kontrolera 3D Vision 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) OpenOffice 4.1.2 (HKLM-x32\...\{E0ED9630-38E3-418F-A615-A9B2B5758BE5}) (Version: 4.12.9782 - Apache Software Foundation) Panel sterowania NVIDIA 364.51 (Version: 364.51 - NVIDIA Corporation) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden SpyHunter (HKLM-x32\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC) SubEdit-Player (HKLM-x32\...\SubEdit-Player_is1) (Version: 4060 - Artur Sikora) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH) VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN) War Thunder Launcher 1.0.1.613 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2BB2A9C9-42DE-4832-936C-8A40C76F4735} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {C3FCF024-57FF-48CD-B139-4B9DAF93FB1E} - \PawełAwakenersCardV2 -> No File <==== ATTENTION Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION Task: {F6ED3E9A-3B3B-4DAD-B57B-8F520DF9577F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-13] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-03-13 16:27 - 2016-03-08 07:27 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-03-13 01:22 - 2012-05-12 10:27 - 00473088 _____ () C:\Program Files (x86)\NetTime\NetTimeService.exe 2016-03-13 01:22 - 2012-05-12 18:28 - 00772096 _____ () C:\Program Files (x86)\NetTime\NetTime.exe 2016-02-25 18:16 - 2016-02-25 18:16 - 00356864 ____N () C:\Users\Paweł\AppData\Local\AwakenersCard\AlongTiters.dll 2016-02-13 03:46 - 2016-02-17 08:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2010-05-19 01:54 - 2010-05-19 01:54 - 00395776 _____ () C:\Program Files (x86)\Enigma Software Group\SpyHunter\ExecutionGuard.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2016-03-18 07:08 - 00001110 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1971605308-2172589426-802125545-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 62.179.1.63 - 62.179.1.62 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: idsvc => 3 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\startupreg: uTorrent => "C:\Users\Paweł\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{403B8F99-7FE4-41F9-8A46-3E4D92A4F69F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D865EB2F-A758-44E4-A212-DF8746E9D4A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1140F948-9F7C-4545-8868-8393BBED8DBA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{F4431371-AA38-4D5A-969A-413671EA07BC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{08F248FF-AFBE-44DE-9A40-15C4CBA1A3DC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{079D7494-4EBB-4307-A8F6-956E6E7DEBD5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{D0A57411-6270-469B-B0C6-52922DC4BA55}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{632790D7-556A-4577-B9B9-CB60FD801815}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{CD6B582D-0585-4DF4-BC6A-414F96786368}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{F926F44E-07B0-4F79-89C9-CBFD37EF1D57}] => (Allow) C:\Users\Paweł\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4A01D050-90D4-42EC-AC75-FF0249DC74BA}] => (Allow) C:\Users\Paweł\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5A7446CF-9CF9-4F24-81F3-B58B31F8DD1E}] => (Allow) C:\Users\Paweł\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{76FD4BDF-B00F-4727-A158-EB26DD767159}] => (Allow) C:\Users\Paweł\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7E9E2B78-3895-432F-AAAF-3AD45D52AA74}] => (Allow) C:\Users\Paweł\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{79CEE94B-3428-4738-BB09-03CF5F1BBE20}] => (Allow) C:\Users\Paweł\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{562A9C10-B263-48C5-9796-1613FA70E033}] => (Allow) G:\GRY\WarThunder\WarThunder\launcher.exe FirewallRules: [{93EAB43D-D0B9-48CC-8620-5ECF14C3D955}] => (Allow) G:\GRY\WarThunder\WarThunder\launcher.exe FirewallRules: [{EDCFA473-8017-4F31-82C8-9B06122414C9}] => (Allow) G:\GRY\WarThunder\WarThunder\bpreport.exe FirewallRules: [{D818275B-09DC-4EC4-BA85-FE6BB89810E9}] => (Allow) G:\GRY\WarThunder\WarThunder\bpreport.exe FirewallRules: [{53F91FAB-490A-445C-941B-6D369DF6DE50}] => (Allow) LPort=80 FirewallRules: [{B1FE5B5D-FCD4-4B3A-A781-FADC9CB83252}] => (Allow) LPort=443 FirewallRules: [{9714A4E2-43CB-4EEB-B883-86FCCDF593FA}] => (Allow) LPort=20010 FirewallRules: [{7E350438-5917-4A99-8125-72089D187D20}] => (Allow) LPort=3478 FirewallRules: [{5444B123-BC90-4E41-AD67-CCD9600F5A6F}] => (Allow) LPort=7850 FirewallRules: [{2D50D069-A00A-4ACD-AA19-9484D29A7684}] => (Allow) LPort=7852 FirewallRules: [{7B4B8B0E-616C-4ABA-8526-5C2577BC25DA}] => (Allow) LPort=7853 FirewallRules: [{B74F86CC-5265-48F6-A211-54D20EB62492}] => (Allow) LPort=27022 FirewallRules: [{E116F4CB-6FB6-4096-8132-6F3B74EFD584}] => (Allow) LPort=6881 FirewallRules: [{FEFBADCD-F7E4-4728-8F85-69E5ED86B0F3}] => (Allow) LPort=33333 FirewallRules: [{451C0712-0ACD-424A-9D8B-AFCE1E569479}] => (Allow) LPort=20443 FirewallRules: [{89CAF7AF-B58A-4DB0-9E88-6E9A1E8F31D1}] => (Allow) LPort=8090 FirewallRules: [{5FC57B1D-49FE-4593-ADB2-55922ABAD3BA}] => (Allow) D:\Programy\NapiProjekt\NapiProjekt\napisy.exe FirewallRules: [{BA3A0200-8206-41D2-A569-B03EA2991857}] => (Allow) D:\Programy\NapiProjekt\NapiProjekt\napisy.exe FirewallRules: [TCP Query User{52BBAC47-6A76-4698-AB9B-B3341A0F1C42}G:\gry\warthunder\warthunder\win64\aces.exe] => (Allow) G:\gry\warthunder\warthunder\win64\aces.exe FirewallRules: [UDP Query User{61C09C36-6D55-4811-9D5F-AEC31DED3750}G:\gry\warthunder\warthunder\win64\aces.exe] => (Allow) G:\gry\warthunder\warthunder\win64\aces.exe FirewallRules: [{AC4A4402-B362-48DB-A435-8C9B40F2F4FB}] => (Allow) C:\Users\Paweł\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{7C2B1DAE-1079-421E-8CED-6BB0DCFA1000}] => (Allow) C:\Torrentex\Torrentex.exe FirewallRules: [{BB79346C-E9C0-406A-AA3C-C6AD9EA3DB0D}] => (Allow) C:\Torrentex\Torrentex.exe FirewallRules: [Torrentex-In-TCP] => (Allow) C:\Torrentex\Torrentex.exe FirewallRules: [Torrentex-In-UDP] => (Allow) C:\Torrentex\Torrentex.exe FirewallRules: [TCP Query User{B007F133-0C44-4A91-9B76-3A1A40B1104C}G:\gry\warthunder\warthunder\launcher.exe] => (Allow) G:\gry\warthunder\warthunder\launcher.exe FirewallRules: [UDP Query User{D852E845-F46D-47E2-8519-BA3508EDF10B}G:\gry\warthunder\warthunder\launcher.exe] => (Allow) G:\gry\warthunder\warthunder\launcher.exe FirewallRules: [{D055CBCA-B935-42B8-9B9E-4E8BFC4F9B34}] => (Allow) G:\GRY\Private\Heroes & Generals\live\hng.exe FirewallRules: [{92CCE086-268C-45A1-B618-9654378F94F8}] => (Allow) G:\GRY\Private\Heroes & Generals\live\hng.exe ==================== Restore Points ========================= 13-03-2016 16:28:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 13-03-2016 16:28:37 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 13-03-2016 19:15:06 Windows Update 17-03-2016 20:32:48 Zainstalowany program DirectX ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/18/2016 07:03:20 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/18/2016 07:01:57 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error: (03/17/2016 10:04:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2016 10:03:32 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error: (03/17/2016 08:01:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2016 07:59:43 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error: (03/17/2016 04:21:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2016 04:20:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: DiscSoftBusService.exe, wersja: 6.2.0.496, sygnatura czasowa: 0x55f7d430 Nazwa modułu powodującego błąd: DiscSoftBusService.exe, wersja: 6.2.0.496, sygnatura czasowa: 0x55f7d430 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000000000000d30a Identyfikator procesu powodującego błąd: 0xbbc Godzina uruchomienia aplikacji powodującej błąd: 0xDiscSoftBusService.exe0 Ścieżka aplikacji powodującej błąd: DiscSoftBusService.exe1 Ścieżka modułu powodującego błąd: DiscSoftBusService.exe2 Identyfikator raportu: DiscSoftBusService.exe3 Error: (03/17/2016 04:20:09 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error: (03/17/2016 11:12:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (03/18/2016 07:43:10 AM) (Source: DCOM) (EventID: 10016) (User: THE_RAIN) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}THE_RAINPawełS-1-5-21-1971605308-2172589426-802125545-1000LocalHost (użycie LRPC) Error: (03/18/2016 07:43:10 AM) (Source: DCOM) (EventID: 10016) (User: THE_RAIN) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}THE_RAINPawełS-1-5-21-1971605308-2172589426-802125545-1000LocalHost (użycie LRPC) Error: (03/18/2016 07:43:10 AM) (Source: DCOM) (EventID: 10016) (User: THE_RAIN) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}THE_RAINPawełS-1-5-21-1971605308-2172589426-802125545-1000LocalHost (użycie LRPC) Error: (03/18/2016 07:43:10 AM) (Source: DCOM) (EventID: 10016) (User: THE_RAIN) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}THE_RAINPawełS-1-5-21-1971605308-2172589426-802125545-1000LocalHost (użycie LRPC) Error: (03/18/2016 07:42:11 AM) (Source: DCOM) (EventID: 10016) (User: THE_RAIN) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}THE_RAINPawełS-1-5-21-1971605308-2172589426-802125545-1000LocalHost (użycie LRPC) Error: (03/18/2016 07:42:11 AM) (Source: DCOM) (EventID: 10016) (User: THE_RAIN) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}THE_RAINPawełS-1-5-21-1971605308-2172589426-802125545-1000LocalHost (użycie LRPC) Error: (03/18/2016 07:17:41 AM) (Source: DCOM) (EventID: 10016) (User: THE_RAIN) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}THE_RAINPawełS-1-5-21-1971605308-2172589426-802125545-1000LocalHost (użycie LRPC) Error: (03/18/2016 07:17:41 AM) (Source: DCOM) (EventID: 10016) (User: THE_RAIN) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}THE_RAINPawełS-1-5-21-1971605308-2172589426-802125545-1000LocalHost (użycie LRPC) Error: (03/18/2016 07:17:41 AM) (Source: DCOM) (EventID: 10016) (User: THE_RAIN) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}THE_RAINPawełS-1-5-21-1971605308-2172589426-802125545-1000LocalHost (użycie LRPC) Error: (03/18/2016 07:17:41 AM) (Source: DCOM) (EventID: 10016) (User: THE_RAIN) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}THE_RAINPawełS-1-5-21-1971605308-2172589426-802125545-1000LocalHost (użycie LRPC) CodeIntegrity: =================================== Date: 2016-02-20 19:03:46.883 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-02-20 19:03:46.852 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-02-20 19:03:11.377 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-02-20 19:03:11.346 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-02-20 04:06:57.244 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-02-20 04:06:57.213 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 61% Total physical RAM: 4095.05 MB Available physical RAM: 1579.32 MB Total Virtual: 8188.3 MB Available Virtual: 5288.9 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:64.45 GB) (Free:32.07 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Gry Filmy Zdjęcia) (Fixed) (Total:465.76 GB) (Free:205.54 GB) NTFS Drive e: (PATRYCJA) (Fixed) (Total:126.95 GB) (Free:63.2 GB) NTFS Drive f: (Bartoszyna) (Fixed) (Total:126.95 GB) (Free:21.15 GB) NTFS Drive g: (Paweł) (Fixed) (Total:147.4 GB) (Free:108.92 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 297D380E) Partition 1: (Active) - (Size=64.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=127 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=127 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=147.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: EF4E1D6A) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================