Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 22-11-2020 01 Uruchomiony przez Sebastian (24-11-2020 15:28:34) Uruchomiony z C:\Users\Sebastian\Desktop Windows 10 Pro Wersja 1909 18363.1198 (X64) (2020-03-21 09:52:08) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2449653070-2849976650-2104294124-500 - Administrator - Disabled) Gość (S-1-5-21-2449653070-2849976650-2104294124-501 - Limited - Disabled) Konto domyślne (S-1-5-21-2449653070-2849976650-2104294124-503 - Limited - Disabled) Sebastian (S-1-5-21-2449653070-2849976650-2104294124-1001 - Administrator - Enabled) => C:\Users\Sebastian WDAGUtilityAccount (S-1-5-21-2449653070-2849976650-2104294124-504 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: SecureAPlus Antivirus (Enabled - Up to date) {BAE8F8A8-0B73-5FD4-D5A8-816771E66CF7} AV: SecureAPlus Antivirus (Enabled - Up to date) {460AB815-48CF-E8C6-3410-70E4BE02F1A8} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-2449653070-2849976650-2104294124-1001\...\uTorrent) (Version: 3.5.5.45790 - BitTorrent Inc.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) eDrawings (HKLM\...\{235D2624-0702-4F6D-9B9A-D11DB68EDA43}) (Version: 28.20.0046 - Dassault Systemes SolidWorks Corp) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation) KeePass Password Safe 2.46 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.46 - Dominik Reichl) LibreCAD (HKLM-x32\...\LibreCAD) (Version: 2.1.3 - LibreCAD Team) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.41 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.137.99 - ) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 83.0 (x64 pl) (HKLM\...\Mozilla Firefox 83.0 (x64 pl)) (Version: 83.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.6.0 - Mozilla) Mozilla Thunderbird 78.5.0 (x86 pl) (HKLM-x32\...\Mozilla Thunderbird 78.5.0 (x86 pl)) (Version: 78.5.0 - Mozilla) Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden NVIDIA nView 148.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 148.47 - NVIDIA Corporation) NVIDIA Sterownik graficzny 385.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.73 - NVIDIA Corporation) NVIDIA WMI 2.30.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.30.0 - NVIDIA Corporation) Panel sterowania NVIDIA 385.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 385.73 - NVIDIA Corporation) Hidden SecureAPlus v6.4.0 (HKLM\...\SecureAPlus) (Version: 6.4.0 - SecureAge Technology) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated) SystemTrader 0.9.2 (HKLM\...\{C4526973-B34F-4DE7-9D8C-8450632821B4}_is1) (Version: 0.9.2 - LEMPART) Update for Skype for Business 2016 (KB4484213) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{697E3A3C-324C-4BE3-BDF5-EF2DFA57AA9A}) (Version: - Microsoft) Update for Skype for Business 2016 (KB4484213) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{697E3A3C-324C-4BE3-BDF5-EF2DFA57AA9A}) (Version: - Microsoft) Update for Skype for Business 2016 (KB4484213) 64-Bit Edition (HKLM\...\{90160000-012B-0415-1000-0000000FF1CE}_Office16.PROPLUS_{697E3A3C-324C-4BE3-BDF5-EF2DFA57AA9A}) (Version: - Microsoft) VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN) Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden WhatsApp (HKU\S-1-5-21-2449653070-2849976650-2104294124-1001\...\WhatsApp) (Version: 2.2047.11 - WhatsApp) Zoom (HKU\S-1-5-21-2449653070-2849976650-2104294124-1001\...\ZoomUMX) (Version: 5.4.2 (58740.1105) - Zoom Video Communications, Inc.) Packages: ========= Dodatek Aparat multimediów dla aplikacji Zdjęcia -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-21] (Microsoft Corporation) Twój telefon -> C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20101.99.0_x64__8wekyb3d8bbwe [2020-11-18] (Microsoft Corporation) ==================== Niestandardowe rejestracje CLSID (filtrowane): ============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-2449653070-2849976650-2104294124-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => Brak pliku ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers1: [SAScanShlExt] -> {94243EC1-AEE5-4d44-A6CF-6407ED967FED} => C:\Program Files\SecureAge\AntiVirus\SAScanCtx.dll [2018-09-26] (SecureAge Technology Pte Ltd -> SecureAge Technology) ContextMenuHandlers1: [SATrustCtxMenuExt] -> {E748C929-2F5A-475d-AB81-0632B725425C} => C:\Program Files\SecureAge\Whitelist\SATrustCtx.dll [2019-08-20] (SecureAge Technology Pte Ltd -> SecureAge Technology Pte. Ltd.) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2017-10-20] (NVIDIA Corporation -> ) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-09-25] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Brak podpisu cyfrowego] ContextMenuHandlers6: [SAScanShlExt] -> {94243EC1-AEE5-4d44-A6CF-6407ED967FED} => C:\Program Files\SecureAge\AntiVirus\SAScanCtx.dll [2018-09-26] (SecureAge Technology Pte Ltd -> SecureAge Technology) ContextMenuHandlers6: [SATrustCtxMenuExt] -> {E748C929-2F5A-475d-AB81-0632B725425C} => C:\Program Files\SecureAge\Whitelist\SATrustCtx.dll [2019-08-20] (SecureAge Technology Pte Ltd -> SecureAge Technology Pte. Ltd.) ==================== Codecs (filtrowane) ==================== ==================== Skróty & WMI ======================== ==================== Załadowane moduły (filtrowane) ============= 2014-08-14 08:42 - 2014-08-14 08:42 - 000068096 _____ () [Brak podpisu cyfrowego] C:\Windows\SYSTEM32\Everything64.dll 2020-03-22 11:44 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [Brak podpisu cyfrowego] C:\Program Files\7-Zip\7-zip.dll 2015-07-07 18:38 - 2015-07-07 18:38 - 000030208 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files\SecureAge\UI\plugins\imageformats\qico.dll 2015-07-07 18:42 - 2015-07-07 18:42 - 000023552 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files\SecureAge\UI\plugins\imageformats\qsvg.dll 2015-07-07 18:38 - 2015-07-07 18:38 - 001221120 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files\SecureAge\UI\plugins\platforms\qwindows.dll 2015-08-14 04:20 - 2015-08-14 04:20 - 005454848 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files\SecureAge\Whitelist\Qt5Core.dll 2015-07-07 18:35 - 2015-07-07 18:35 - 005824000 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files\SecureAge\Whitelist\Qt5Gui.dll 2015-07-07 18:42 - 2015-07-07 18:42 - 000313856 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files\SecureAge\Whitelist\Qt5Svg.dll 2015-07-07 18:37 - 2015-07-07 18:37 - 005476864 _____ (The Qt Company Ltd) [Brak podpisu cyfrowego] C:\Program Files\SecureAge\Whitelist\Qt5Widgets.dll ==================== Alternate Data Streams (filtrowane) ======== ==================== Tryb awaryjny (filtrowane) ================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saappsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\saappsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sascansvc => ""="Service" ==================== Powiązania plików (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) HKLM\...\.scr: => <==== UWAGA ==================== Internet Explorer (filtrowane) ========== BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-08-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-08-13] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-08-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-08-13] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts - zawartość: ========================= (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Inne obszary =========================== (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-2449653070-2849976650-2104294124-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.43.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Załączenie wejścia w fixlist spowoduje jego usunięcie.) HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad" ==================== Reguły Zapory systemu Windows (filtrowane) ================ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{2A4E1BBB-E7EC-4A03-8541-E202E9E8AC25}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{C33F59B9-C1E6-4C91-A231-CC5895C8C5EF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{409AEDA2-1A89-4239-A394-1116D6097CEE}] => (Block) C:\Windows\system32\Attrib.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{98B5B013-1D18-4DE7-9D78-0FD51B03A381}] => (Block) C:\Windows\SysWOW64\Attrib.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{7E6CE840-CF69-4607-B235-E64B90AE0D6C}] => (Block) C:\Windows\system32\AtBroker.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{9FF161BC-369E-45FE-9F54-9C881D5FB8CE}] => (Block) C:\Windows\SysWOW64\AtBroker.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8F0B90AF-9D33-451B-AAB2-C3107A0A1708}] => (Block) C:\Windows\system32\Certutil.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CEB20137-B61D-495E-98B5-E030A1E3620F}] => (Block) C:\Windows\SysWOW64\Certutil.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{50F58109-A0B5-46B7-ABD5-6EC8947FB86E}] => (Block) C:\Windows\system32\Cmstp.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{0499D84E-A1C4-4BE1-9570-9FAF3CA0D53E}] => (Block) C:\Windows\SysWOW64\Cmstp.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{65CCADC3-2347-48DD-A0E0-0AB2C2A59092}] => (Block) C:\Windows\system32\Esentutl.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{71B1C6DF-65B9-41AD-AECA-980F14979201}] => (Block) C:\Windows\SysWOW64\Esentutl.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{9D193CB8-8D79-4D4D-A9C8-25669D3F0294}] => (Block) C:\Windows\system32\Extrac32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{AFC76BA2-F7B0-44DF-B867-ECF9EF90FCD5}] => (Block) C:\Windows\SysWOW64\Extrac32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{296FE262-95A2-47EB-B3E9-B920D75DC080}] => (Block) C:\Windows\system32\Makecab.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{3B47FE74-8E20-4259-8EC6-55697F3390D6}] => (Block) C:\Windows\SysWOW64\Makecab.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E4EFFFEE-8157-4BA9-A593-052E5C90975F}] => (Block) C:\Windows\system32\Pcalua.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{BD26F0A5-6456-4F35-96EC-2EC7B1F8768A}] => (Block) C:\Windows\system32\ScriptRunner.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{C98BD9C5-2642-45F3-B3DE-020C9E117FD0}] => (Block) C:\Windows\system32\wbem\Scrcons.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{5C368396-45D3-4F6B-BA06-06E84CD9A97E}] => (Block) C:\Windows\system32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{02CCFA3A-C5F1-44B6-AECA-4D8E3B369AAF}] => (Block) C:\Windows\system32\Control.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{89442A7B-E29A-4E52-87F9-BDE0DD95995A}] => (Block) C:\Windows\SysWOW64\Control.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{A22E91AD-32C7-4241-89AC-139CE2C10F37}] => (Block) C:\Windows\system32\Cscript.exe FirewallRules: [{B4960FF3-C6E2-407D-AB0A-A226E7633584}] => (Block) C:\Windows\SysWOW64\Cscript.exe FirewallRules: [{4E5E2991-C968-4482-B53A-4A1DBA01E856}] => (Block) C:\Windows\system32\Csrss.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{909DD38D-3C19-487F-A114-E43D2D0E1768}] => (Block) C:\Windows\system32\Ctfmon.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{54E36A5F-89FD-4D5C-B951-02032B60F5BA}] => (Block) C:\Windows\SysWOW64\Ctfmon.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{5A38A239-4994-4753-802B-DC18F44737CD}] => (Block) C:\Windows\system32\Dwm.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8E52A5DB-4BA0-4FBB-AA8C-0304CBE0438B}] => (Block) C:\Windows\system32\Eventvwr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{248994BD-AACC-4A74-AF7E-BBBFF7082ECB}] => (Block) C:\Windows\SysWOW64\Eventvwr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{4CF75EBC-CDB8-403E-80C1-29B3BABBEAFA}] => (Block) C:\Windows\Explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{7D8DB57A-3CDF-46B9-9D0E-F02D7FCA311C}] => (Block) C:\Windows\HH.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{51006989-FEAF-4873-A3B7-B791FE45FC97}] => (Block) C:\Windows\system32\MMC.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{674D2968-6376-4DB1-91D6-F15E14F8A24C}] => (Block) C:\Windows\SysWOW64\MMC.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{656FD0D9-A816-4DF2-BD6F-AEAF88D4DA7D}] => (Block) C:\Windows\system32\Odbcconf.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{182600AE-0B7D-42B0-8F3D-99B67E00D0B3}] => (Block) C:\Windows\SysWOW64\Odbcconf.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{706A627F-67B3-4561-9905-4A4542130DCE}] => (Block) powershell.exe => Brak pliku FirewallRules: [{21BAB1DA-0374-4072-ADCA-1626ED9FCC34}] => (Block) powershell.exe => Brak pliku FirewallRules: [{A780FD47-679E-4D57-BDF2-75A0D522B51A}] => (Block) C:\Windows\system32\Services.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{7A0B43BF-3C05-44F6-8DA7-924E30FE2026}] => (Block) C:\Windows\system32\Winlogon.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{04A27DD3-62D8-46AD-A9ED-609C700D4E2A}] => (Block) C:\Windows\system32\Wininit.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{4CE6E603-4C81-4C5B-A8F3-BA4BED9D1DEE}] => (Block) C:\Windows\system32\wbem\Wmic.exe FirewallRules: [{44E655CE-2836-458B-B62B-23B6AE6A8EAD}] => (Block) C:\Windows\SysWOW64\wbem\Wmic.exe FirewallRules: [{0A91686D-93AD-4735-A8E7-F17D5AF6F6DB}] => (Block) C:\Program Files\Windows NT\Accessories\Wordpad.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E1DB5D5B-31E7-4368-AEA3-5CD6AFC9805E}] => (Block) C:\Windows\system32\Wscript.exe FirewallRules: [{183F4013-90BD-4427-B759-67FB8916B05F}] => (Block) C:\Windows\SysWOW64\Wscript.exe FirewallRules: [{986185DE-C3E0-4BCB-AA7E-32EAEC97E34B}] => (Allow) C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{B0570B83-F4D9-4F55-B37D-EB80CF5656A7}] => (Allow) C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{05797014-CF8F-4594-905D-FE2F37A8DCA4}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{4E395017-8195-4D6A-A148-0041753907DF}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{D466A993-D90B-4759-92B5-190375706288}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{F71084E3-7F64-4A51-AC1F-69C3E213666F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{D2CD0F49-9329-4F57-9DF2-A2C2995F479B}] => (Allow) C:\Users\Sebastian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{B190C1E5-5699-4B79-BCF9-6EDAF8D71F9A}] => (Allow) C:\Users\Sebastian\AppData\Roaming\Zoom\bin\airhost.exe => Brak pliku FirewallRules: [{07A2D2EF-0CE7-4235-98C4-15811EE32D5A}] => (Allow) C:\Users\Sebastian\AppData\Roaming\Zoom\bin\airhost.exe => Brak pliku ==================== Punkty Przywracania systemu ========================= 14-11-2020 06:47:41 Windows Update 22-11-2020 08:53:22 Windows Update 23-11-2020 16:37:13 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 ==================== Wadliwe urządzenia w Menedżerze urządzeń ============ ==================== Błędy w Dzienniku zdarzeń: ======================== Dziennik Aplikacja: ================== Error: (11/24/2020 03:28:16 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Centrum zabezpieczeń nie może zweryfikować obiektu wywołującego z powodu błędu %1. Error: (11/24/2020 03:27:15 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Centrum zabezpieczeń nie może zweryfikować obiektu wywołującego z powodu błędu %1. Error: (11/24/2020 03:26:15 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Centrum zabezpieczeń nie może zweryfikować obiektu wywołującego z powodu błędu %1. Error: (11/24/2020 03:25:14 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Centrum zabezpieczeń nie może zweryfikować obiektu wywołującego z powodu błędu %1. Error: (11/24/2020 03:24:14 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Centrum zabezpieczeń nie może zweryfikować obiektu wywołującego z powodu błędu %1. Error: (11/24/2020 03:23:13 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Centrum zabezpieczeń nie może zweryfikować obiektu wywołującego z powodu błędu %1. Error: (11/24/2020 03:22:13 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Centrum zabezpieczeń nie może zweryfikować obiektu wywołującego z powodu błędu %1. Error: (11/24/2020 03:21:12 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Centrum zabezpieczeń nie może zweryfikować obiektu wywołującego z powodu błędu %1. Dziennik System: ============= Error: (11/19/2020 02:28:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa NcaSvc zależy od usługi iphlpsvc, której nie można uruchomić z powodu następującego błędu: Uruchomienie usługi zależności lub grupy nie powiodło się. Error: (11/19/2020 02:28:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa iphlpsvc zależy od usługi WinHttpAutoProxySvc, której nie można uruchomić z powodu następującego błędu: Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia. Error: (11/19/2020 02:28:43 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 10:22:23 na ‎19.‎11.‎2020 było nieoczekiwane. Error: (11/14/2020 08:37:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Asystent łączności sieciowej zależy od usługi Pomoc IP, której nie można uruchomić z powodu następującego błędu: Uruchomienie usługi zależności lub grupy nie powiodło się. Error: (11/14/2020 08:37:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Pomoc IP zależy od usługi Usługa autowykrywania serwera proxy w sieci Web WinHTTP, której nie można uruchomić z powodu następującego błędu: Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia. Error: (11/14/2020 08:36:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa iphlpsvc zależy od usługi WinHttpAutoProxySvc, której nie można uruchomić z powodu następującego błędu: Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia. Error: (11/10/2020 08:01:42 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TPTJDEP) Description: Serwer {F9717507-6651-4EDB-BFF7-AE615179BCCF} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (11/10/2020 08:01:42 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TPTJDEP) Description: Serwer {F9717507-6651-4EDB-BFF7-AE615179BCCF} nie zarejestrował się w modelu DCOM w wymaganym czasie. Windows Defender: =================================== Date: 2020-03-21 18:18:47.674 Description: Produkt Program antywirusowy Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0 Nazwa: HackTool:Win32/Keygen Identyfikator: 2147593794 Ważność: Wysoki Kategoria: Narzędzie Ścieżka: file:_E:\Moje dokumenty\Ściągnięte\HDTuy54nePro4.60-elamigos\HD Tune Pro 4.60 patch.exe Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: DESKTOP-TPTJDEP\Sebastian Nazwa procesu: C:\Windows\explorer.exe Wersja analizy zabezpieczeń: AV: 1.311.1680.0, AS: 1.311.1680.0, NIS: 1.311.1680.0 Wersja aparatu: AM: 1.1.16800.2, NIS: 1.1.16800.2 CodeIntegrity: =================================== Date: 2020-11-24 14:20:50.610 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SecureAge\Whitelist\SecureAPlus.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-11-24 14:20:50.416 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SecureAge\Whitelist\SecureAPlus.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-11-24 14:20:45.186 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SecureAge\Whitelist\SecureAPlus.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-11-24 14:20:45.018 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SecureAge\Whitelist\SecureAPlus.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-11-24 14:20:39.779 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SecureAge\Whitelist\SecureAPlus.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-11-24 14:20:39.533 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SecureAge\Whitelist\SecureAPlus.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-11-24 06:40:03.213 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SecureAge\Whitelist\SecureAPlus.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-11-24 06:40:02.864 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SecureAge\Whitelist\SecureAPlus.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== BIOS: Hewlett-Packard L70 Ver. 01.46 08/29/2019 Płyta główna: Hewlett-Packard 1909 Procesor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz Procent pamięci w użyciu: 24% Całkowita pamięć fizyczna: 16185.11 MB Dostępna pamięć fizyczna: 12183.12 MB Całkowita pamięć wirtualna: 18617.11 MB Dostępna pamięć wirtualna: 14579.88 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:220.44 GB) (Free:150.16 GB) NTFS Drive e: () (Fixed) (Total:698.63 GB) (Free:656.46 GB) NTFS \\?\Volume{c89df7d5-0000-0000-0000-100000000000}\ (SYSTEM) (Fixed) (Total:3.13 GB) (Free:2.66 GB) NTFS ==================== MBR & Tablica partycji ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 650546CE) Partition 1: (Not Active) - (Size=698.6 GB) - (Type=0F Extended) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: C89DF7D5) Partition 1: (Active) - (Size=3.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=220.4 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt =======================