Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ==================== Security Center ========================
- (If an entry is included in the fixlist, it will be removed.)
- AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- ==================== Installed Programs ======================
- (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
- Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
- Battery Calibration (HKLM-x32\...\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.) Hidden
- Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.)
- BitTorrent (HKU\S-1-5-21-779947541-1455405682-160267812-1001\...\BitTorrent) (Version: 7.10.3.44359 - BitTorrent Inc.)
- Brother MFL-Pro Suite DCP-J105 (HKLM-x32\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
- CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
- D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
- DIAL Communication Framework (HKLM-x32\...\{562D0D31-FBAF-4505-8B27-4EC92EEA91D6}) (Version: 1.3.1.215 - DIAL GmbH)
- DIAL Data Dispatcher (HKLM-x32\...\DIAL Data Dispatcher1.0) (Version: 1.0 - DIAL GmbH)
- DIALux 4.13 (HKLM-x32\...\DIALux) (Version: 4.13.0.2 - DIAL GmbH)
- Discord (HKU\S-1-5-21-779947541-1455405682-160267812-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
- DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 390.65 - NVIDIA Corporation) Hidden
- Dragon Center (HKLM-x32\...\{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1705.3101 - Micro-Star International Co., Ltd.) Hidden
- Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1705.3101 - Micro-Star International Co., Ltd.)
- Firebird 1.5.2.4731 (HKLM-x32\...\FBDBServer_1_5_is1) (Version: - Firebird Project)
- GIMP 2.10.0 (HKLM\...\GIMP-2_is1) (Version: 2.10.0 - The GIMP Team)
- Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
- Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
- Help Desk (HKLM-x32\...\{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1707.2501 - Micro-Star International Co., Ltd.) Hidden
- Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1707.2501 - Micro-Star International Co., Ltd.)
- Intel(R) Chipset Device Software (HKLM-x32\...\{5f5c7829-a6ba-4fc6-9f47-d068f51ed99b}) (Version: 10.1.1.35 - Intel(R) Corporation) Hidden
- Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
- Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
- Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
- Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{234AC5AF-C674-452D-BF73-FE9ABF2D5DBB}) (Version: 19.11.1639.0649 - Intel Corporation)
- Intel® PROSet/Wireless Software (HKLM-x32\...\{25779f5d-6b0a-4e11-89e8-441b93c6ce2b}) (Version: 19.10.0 - Intel Corporation)
- IntelliJ IDEA Community Edition 2018.1.2 (HKLM-x32\...\IntelliJ IDEA Community Edition 2018.1.2) (Version: 181.4668.68 - JetBrains s.r.o.)
- Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.3.438464.135 - Comodo)
- Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
- Java SE Development Kit 8 Update 171 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180171}) (Version: 8.0.1710.11 - Oracle Corporation)
- KB9X Radio Switch Driver (HKLM\...\EC950B206B0E7722C96A318DF396BABFBB057BC0) (Version: 1.1.2.0 - ENE TECHNOLOGY INC.)
- Killer Performance Suite (HKLM\...\{0B988985-38C9-4DD4-9835-5AC17EEC26F7}) (Version: 1.0.762 - Nazwa firmy)
- Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
- Microsoft Office 365 ProPlus - pl-pl (HKLM\...\O365ProPlusRetail - pl-pl) (Version: 16.0.9226.2114 - Microsoft Corporation)
- Microsoft OneDrive (HKU\S-1-5-21-779947541-1455405682-160267812-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
- Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
- Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
- Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
- Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
- Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
- Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
- Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
- Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
- Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
- Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
- Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
- Mozilla Firefox 58.0.2 (x64 pl) (HKLM\...\Mozilla Firefox 58.0.2 (x64 pl)) (Version: 58.0.2 - Mozilla)
- Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
- MSI Remind Manager (HKLM-x32\...\{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1608.1001 - Micro-Star International Co., Ltd.) Hidden
- MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1608.1001 - Micro-Star International Co., Ltd.)
- NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - )
- Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
- NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
- NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
- Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
- Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
- Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0415-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
- Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
- Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7960 - Realtek Semiconductor Corp.)
- RemotePC Printer 2.0 (HKLM-x32\...\{E4E751F6-EF3D-496D-9946-BF282B5DA133}_is1) (Version: - IDrive Inc.)
- RemotePC version 7.5.1 (HKLM-x32\...\{C2E32316-A1EE-4DA3-8B8A-A1EFC3A40EE8}}_is1) (Version: 7.5.1 - IDrive Software)
- SAM Broadcaster (remove only) (HKLM-x32\...\SAM3) (Version: - )
- SCM (HKLM\...\{C532FCEC-75CD-477D-94E1-61B50BC679F0}) (Version: 13.016.10073 - Application)
- Spotify (HKU\S-1-5-21-779947541-1455405682-160267812-1001\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
- Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.193 - Synaptics Incorporated)
- TeamSpeak 3 Client (HKU\S-1-5-21-779947541-1455405682-160267812-1001\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH)
- TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
- The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version: - GOG.com)
- Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
- UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
- VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
- Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
- Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
- Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
- Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
- Windows Movie Maker 2017 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A3667A92C7}}_is1) (Version: - windows-movie-maker.org)
- WinRAR 5.50 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
- Worms World Party Remastered (HKLM-x32\...\1433238834_is1) (Version: 2.1.0.2 - GOG.com)
- ==================== Custom CLSID (Whitelisted): ==========================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Programowanie\Notepad++\NppShell_06.dll -> No File
- ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
- ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxDTCM.dll [2017-06-22] (Intel Corporation)
- ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-01-04] (NVIDIA Corporation)
- ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-09-13] (Alexander Roshal)
- ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-09-13] (Alexander Roshal)
- ==================== Scheduled Tasks (Whitelisted) =============
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- Task: {03B92105-DD91-42B9-A146-721863A2D797} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
- Task: {09B933F7-57E6-40EE-9162-5C5F0D8E4877} - System32\Tasks\{618E36A5-E960-4E54-9F2B-A0B1AF18A8E6} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.41.0.101/pl/abandoninstall?page=tsMain
- Task: {0E3AEC62-9D5B-494A-BEB4-B6C17183F2F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-23] (Microsoft Corporation)
- Task: {106DCF5D-7CF2-4E7A-B84B-93E47930AD48} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
- Task: {1606A1F7-F3DB-41D1-A815-85F3D68E37FD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
- Task: {178775FD-22CE-4B15-BDFD-A124F2580C08} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-12] (Piriform Ltd)
- Task: {17A339B4-851D-48E1-AC86-13A6D45155CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
- Task: {203F9E7B-798C-48A0-9E44-75F7A1F5603F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-04-30] (Microsoft Corporation)
- Task: {24025BF9-F303-43F2-8DAD-C0A4DDEB0D67} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
- Task: {2750B097-3F77-473F-80D7-2B83EC6EDA05} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
- Task: {29A00CE5-BAF4-4A13-B0F6-F707E6AD4851} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2017-07-25] (Micro-Star International Co., Ltd.)
- Task: {3171FA46-1CD2-4367-8BCC-9B5029AD28B0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-04-30] (Microsoft Corporation)
- Task: {3A6CF02E-42B2-488D-8988-ABD261BFFB16} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
- Task: {502A8EBB-0EE1-4BF5-BDE1-BA109E2676F9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-30] (Microsoft Corporation)
- Task: {56C81E1D-08B6-4402-8F2D-E779C8B2515F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-16] (NVIDIA Corporation)
- Task: {5CCA9866-062A-4C6C-898F-04737FFBCF93} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
- Task: {6A29D559-F7F8-4EF7-85F8-DC65136DBE34} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
- Task: {6CF643B5-F9E8-4C16-A98D-109B89F51A5E} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Zuza\Downloads\AdwCleaner.exe [2018-05-04] (Malwarebytes)
- Task: {6F6C01CF-765E-4B27-AC95-7B0870B5BA70} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [2017-05-31] (Micro-Star International Co., Ltd.)
- Task: {745676FC-681C-43E5-B7FA-C6761DDE23AA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-04-30] (Microsoft Corporation)
- Task: {7FA933D2-CF7A-4EE5-B57C-4EBC0A750A85} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
- Task: {81D1B868-FF5F-483F-9014-424623E871FA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
- Task: {8972F43C-7CAA-4C47-99F6-D0D42A7EE057} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-16] (NVIDIA Corporation)
- Task: {8FFDEE29-CCC6-4DED-91B1-68A7731D8EA0} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-16] (NVIDIA Corporation)
- Task: {98293A97-8E9B-4089-BFBC-C7CC9B8DAE43} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-23] (Microsoft Corporation)
- Task: {9A13B35B-F168-4609-A41B-8DCBF7DDC958} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
- Task: {AA2BD940-C3B7-412B-9436-3B986E4F58D4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-30] (Microsoft Corporation)
- Task: {B3498EC7-BD62-489A-81BB-A460B9692B14} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon [Argument = Center\DragonCenter_Updater.exe DragonCenter]
- Task: {BE0648AD-C34F-43EA-AA17-22E8923338AF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-16] (NVIDIA Corporation)
- Task: {BF617298-11E7-4B00-A28E-AD30EDE7D53A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
- Task: {D7656D46-E3B8-4D2B-91AA-5C9376F6F1B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-10] (Google Inc.)
- Task: {E619AB84-5BC3-4C04-B1E5-61EBA971448A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
- Task: {EBE8C81A-6428-4878-AE9B-F17C0C85621D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-10] (Google Inc.)
- Task: {F6647E6E-A648-4183-BB6B-605D82DFFF8E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
- (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
- Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
- ==================== Shortcuts & WMI ========================
- (The entries could be listed to be restored or removed.)
- ==================== Loaded Modules (Whitelisted) ==============
- 2017-09-29 15:41 - 2017-09-29 15:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
- 2018-01-10 20:39 - 2018-01-04 03:44 - 000544056 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
- 2018-03-06 10:41 - 2005-04-22 06:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
- 2018-04-06 23:20 - 2018-03-30 16:44 - 000776344 _____ () C:\Program Files (x86)\RemotePC\RemotePCService.exe
- 2018-01-10 20:26 - 2017-11-16 03:41 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
- 2018-03-13 21:47 - 2018-02-22 02:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
- 2018-03-13 21:47 - 2018-02-22 02:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
- 2018-04-24 08:05 - 2018-04-24 08:06 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
- 2018-04-24 08:05 - 2018-04-24 08:06 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
- 2018-04-24 08:05 - 2018-04-24 08:06 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
- 2018-04-24 08:05 - 2018-04-24 08:06 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
- 2018-04-24 08:05 - 2018-04-24 08:05 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
- 2016-10-07 12:33 - 2016-10-07 12:33 - 000301848 _____ () C:\Program Files (x86)\SCM\SCM.exe
- 2018-04-06 23:20 - 2017-08-23 17:01 - 000374984 _____ () C:\Program Files (x86)\RemotePC\RemotePC Printer\RPCPrintServer.exe
- 2018-04-28 08:57 - 2018-04-26 05:14 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libglesv2.dll
- 2018-04-28 08:57 - 2018-04-26 05:14 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libegl.dll
- 2018-05-09 06:56 - 2018-05-09 06:56 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.8.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
- 2018-05-08 08:50 - 2018-05-08 08:50 - 001873120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
- 2018-02-09 21:38 - 2018-02-09 21:38 - 025843200 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.1000_x64__8wekyb3d8bbwe\Music.UI.exe
- 2018-02-09 21:38 - 2018-02-09 21:38 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.1000_x64__8wekyb3d8bbwe\SharedUI.dll
- 2018-02-09 21:38 - 2018-02-09 21:38 - 006748672 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.1000_x64__8wekyb3d8bbwe\EntCommon.dll
- 2018-01-26 14:52 - 2018-01-26 14:53 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.1000_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
- 2018-01-10 20:35 - 2018-01-10 20:36 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
- 2018-02-09 21:38 - 2018-02-09 21:38 - 005527040 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.1000_x64__8wekyb3d8bbwe\Music.Visuals.dll
- 2018-05-04 09:23 - 2018-05-04 09:24 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
- 2018-05-04 09:23 - 2018-05-04 09:24 - 066466304 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
- 2018-01-26 14:55 - 2018-01-26 14:57 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
- 2018-05-04 09:23 - 2018-05-04 09:24 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
- 2018-05-04 09:23 - 2018-05-04 09:23 - 004173312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
- 2018-05-04 09:23 - 2018-05-04 09:23 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
- 2018-05-04 09:23 - 2018-05-04 09:24 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
- 2018-04-05 13:15 - 2018-04-05 13:16 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
- 2018-05-04 09:23 - 2018-05-04 09:24 - 015563776 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
- 2018-05-04 09:23 - 2018-05-04 09:23 - 004018176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\MediaEngine.dll
- 2018-05-04 09:23 - 2018-05-04 09:23 - 003281920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
- 2018-05-04 09:23 - 2018-05-04 09:24 - 001386496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
- 2018-01-31 10:59 - 2018-01-31 10:59 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
- 2018-05-04 09:23 - 2018-05-04 09:23 - 000094208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
- 2018-05-04 09:23 - 2018-05-04 09:24 - 000878080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
- 2018-04-05 13:15 - 2018-04-05 13:16 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
- 2018-05-04 09:23 - 2018-05-04 09:24 - 000165888 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\SKU.dll
- 2018-05-09 06:56 - 2018-05-09 06:56 - 000062464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.8.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
- 2018-03-06 10:40 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
- 2016-08-30 01:19 - 2016-08-30 01:19 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
- ==================== Alternate Data Streams (Whitelisted) =========
- (If an entry is included in the fixlist, only the ADS will be removed.)
- ==================== Safe Mode (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
- ==================== Association (Whitelisted) ===============
- (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
- ==================== Internet Explorer trusted/restricted ===============
- (If an entry is included in the fixlist, it will be removed from the registry.)
- IE trusted site: HKU\S-1-5-21-779947541-1455405682-160267812-1001\...\sharepoint.com -> hxxps://politechnikawroclawska-files.sharepoint.com
- ==================== Hosts content: ===============================
- (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
- 2015-10-30 09:24 - 2015-10-30 09:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
- ==================== Other Areas ============================
- (Currently there is no automatic fix for this section.)
- HKU\S-1-5-21-779947541-1455405682-160267812-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Zuza\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
- DNS Servers: 192.168.0.1
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
- Windows Firewall is enabled.
- ==================== MSCONFIG/TASK MANAGER disabled items ==
- HKLM\...\StartupApproved\Run32: => "vdcss"
- HKLM\...\StartupApproved\Run32: => "BrHelp"
- HKU\S-1-5-21-779947541-1455405682-160267812-1001\...\StartupApproved\Run: => "BitTorrent"
- HKU\S-1-5-21-779947541-1455405682-160267812-1001\...\StartupApproved\Run: => "OneDrive"
- HKU\S-1-5-21-779947541-1455405682-160267812-1001\...\StartupApproved\Run: => "Skype for Desktop"
- HKU\S-1-5-21-779947541-1455405682-160267812-1001\...\StartupApproved\Run: => "Spotify"
- HKU\S-1-5-21-779947541-1455405682-160267812-1001\...\StartupApproved\Run: => "Spotify Web Helper"
- HKU\S-1-5-21-779947541-1455405682-160267812-1001\...\StartupApproved\Run: => "Discord"
- ==================== FirewallRules (Whitelisted) ===============
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- FirewallRules: [{22BB97C4-B5B0-47FF-A3C6-63BD7DCF0A46}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
- FirewallRules: [{BECC8C21-723F-4BD6-8217-95F536DA9609}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
- FirewallRules: [UDP Query User{FF3EE7AB-7FC1-494A-BC88-9179D5C1B7A1}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe
- FirewallRules: [TCP Query User{B1F3C398-A5F6-42DD-BC6F-C3CF9305B7D3}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe
- FirewallRules: [{95BAF58D-0A7A-4DBD-A020-D2487C1E6A14}] => (Allow) C:\Users\Zuza\AppData\Roaming\BitTorrent\BitTorrent.exe
- FirewallRules: [{E4A8051F-B218-4C16-8A05-E56C53195B0D}] => (Allow) C:\Users\Zuza\AppData\Roaming\BitTorrent\BitTorrent.exe
- FirewallRules: [{26753AA7-75C3-4105-A9A3-D28CDE3DAA37}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
- FirewallRules: [UDP Query User{ABE62BA5-F5C7-4DBB-ACBA-6FCD3000F52E}D:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe] => (Block) D:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe
- FirewallRules: [TCP Query User{7404FC40-FD80-4046-939A-CB6986AC0983}D:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe] => (Block) D:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe
- FirewallRules: [{AFB0FF2C-D42C-4C3F-99D3-E9467D7C8305}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
- FirewallRules: [{454A5EED-293B-4D34-B96A-5CE4A7D09DE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
- FirewallRules: [{B2390812-E24C-437C-946E-437B19FA0279}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
- FirewallRules: [{FEF7CDDE-D0F5-430C-9358-B5D43480B261}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
- FirewallRules: [UDP Query User{06F10C7F-DE23-4928-B462-645DA4AEA0D5}C:\users\zuza\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zuza\appdata\roaming\spotify\spotify.exe
- FirewallRules: [TCP Query User{382F8E6C-CED2-436F-927E-2B11B6C9E5F7}C:\users\zuza\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zuza\appdata\roaming\spotify\spotify.exe
- FirewallRules: [{FCB6C84B-64AF-49E6-AB93-64129E825555}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
- FirewallRules: [{0F610B84-0690-4E49-9DF5-1C8AE028CA98}] => (Allow) C:\Windows\KMS-R@1n.exe
- FirewallRules: [{34149614-5FCD-41D6-9AED-AFA48F4AD314}] => (Allow) C:\Windows\KMS-R@1n.exe
- FirewallRules: [TCP Query User{D9C8A19B-E023-4326-9802-44AA861BAC8B}C:\users\zuza\downloads\fightcade\fightcade\fightcade.exe] => (Allow) C:\users\zuza\downloads\fightcade\fightcade\fightcade.exe
- FirewallRules: [UDP Query User{B3062C9E-EB1A-4536-9D18-3C6A6ABF3CB2}C:\users\zuza\downloads\fightcade\fightcade\fightcade.exe] => (Allow) C:\users\zuza\downloads\fightcade\fightcade\fightcade.exe
- FirewallRules: [TCP Query User{52277F3A-5813-493B-9C19-AB190054D6DA}C:\users\zuza\downloads\fightcade\fightcade\ggpofba.exe] => (Allow) C:\users\zuza\downloads\fightcade\fightcade\ggpofba.exe
- FirewallRules: [UDP Query User{88B6937C-3202-4093-BF52-81D25E2AB286}C:\users\zuza\downloads\fightcade\fightcade\ggpofba.exe] => (Allow) C:\users\zuza\downloads\fightcade\fightcade\ggpofba.exe
- FirewallRules: [TCP Query User{7DE7E213-0C28-4FB2-AF97-12265409CAC7}C:\users\zuza\downloads\fightcade\fightcade\ggpofba-ng.exe] => (Allow) C:\users\zuza\downloads\fightcade\fightcade\ggpofba-ng.exe
- FirewallRules: [UDP Query User{E664EBDD-1D03-4A49-A7C8-234781E18AC3}C:\users\zuza\downloads\fightcade\fightcade\ggpofba-ng.exe] => (Allow) C:\users\zuza\downloads\fightcade\fightcade\ggpofba-ng.exe
- FirewallRules: [{DCB68EA7-1B80-42BF-B2DD-4789BEC97B44}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
- FirewallRules: [{54ACCCCA-3BBE-49B5-B478-C1FA491E7CDE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
- FirewallRules: [{A125DB48-A6BE-4FEB-97D6-DF614A547054}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
- FirewallRules: [{BF35BBD8-2374-48CA-9795-318C590627EB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
- FirewallRules: [{F29EA168-9259-40A3-91CC-F38D7D198BE8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
- FirewallRules: [{AC6739DD-7C6B-441E-BB21-61885771B144}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
- FirewallRules: [{23F753E8-4FA2-4D9A-AFF2-5A6447EB8209}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\outlook.exe
- FirewallRules: [{9DC489FA-A4DC-4FA3-8160-AE8AD1AF9C48}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\Lync.exe
- FirewallRules: [{440C6E0D-4CA3-440A-917B-1EDF50AFBB7E}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\Lync.exe
- FirewallRules: [{5AC0E44A-348F-4195-81AE-2D90C573D2F6}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\UcMapi.exe
- FirewallRules: [{FACB3D78-3E80-408A-9486-4B85C980804F}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\UcMapi.exe
- FirewallRules: [{745072F9-469C-4B4A-B3CF-1445DC122441}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
- FirewallRules: [{BF7BA8E2-879E-4A01-82C8-7DD687AC2B57}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
- FirewallRules: [{EEF74D4C-B1D2-4095-A3D7-FDA221389903}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
- FirewallRules: [{662B6301-6AD5-4923-BED3-51F03FF22693}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
- FirewallRules: [{8D29B9E6-BF94-4E77-A626-61B1DE7ADB9A}] => (Allow) LPort=2869
- FirewallRules: [{5B82A0F4-E9AF-4B5C-A100-FEE36806F425}] => (Allow) LPort=1900
- FirewallRules: [{9B89655C-74D0-4E6F-918A-7EAA68CEBCE8}] => (Allow) LPort=54925
- FirewallRules: [{226B447F-8336-4A8F-9E08-C947CA971B88}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCService.exe
- FirewallRules: [{B3A61568-CAA1-48AA-8D26-3245B8BAC188}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCService.exe
- FirewallRules: [{E02FBCE0-6A97-4355-AED6-7FAD0B23E174}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCDesktop.exe
- FirewallRules: [{E2851A1F-E29C-4A56-91B2-6F6314FA64BA}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCDesktop.exe
- FirewallRules: [{1E60B1D3-4B52-421F-B954-07DE10DA957D}] => (Allow) C:\Program Files (x86)\RemotePC\RPCCoreViewer.exe
- FirewallRules: [{400E61DE-A197-40E6-8FE7-22DD4A6F7DEC}] => (Allow) C:\Program Files (x86)\RemotePC\RPCCoreViewer.exe
- FirewallRules: [{5223A72B-21E0-4BBD-86E6-CC8B58A22039}] => (Allow) C:\Program Files (x86)\RemotePC\RPCSuite.exe
- FirewallRules: [{5D84DAFC-34BF-49AA-B6AD-3F02D7BDE400}] => (Allow) C:\Program Files (x86)\RemotePC\RPCSuite.exe
- FirewallRules: [TCP Query User{9C22759B-8CAB-4B70-904F-815BDC739F32}D:\typing of the dead overkill\hotd_ng.exe] => (Allow) D:\typing of the dead overkill\hotd_ng.exe
- FirewallRules: [UDP Query User{4DB51E45-727B-47EC-BF79-4E65D5ADA90A}D:\typing of the dead overkill\hotd_ng.exe] => (Allow) D:\typing of the dead overkill\hotd_ng.exe
- FirewallRules: [{B60BD042-11A9-4D33-B289-AD947C98CA72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- FirewallRules: [{A425A67B-CDFB-4D8A-A608-D44F588CA796}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
- FirewallRules: [{A9A6E217-F051-4719-99BC-A094835CF8A1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
- ==================== Restore Points =========================
- ATTENTION: System Restore is disabled
- ==================== Faulty Device Manager Devices =============
- ==================== Event log errors: =========================
- Application errors:
- ==================
- Error: (05/10/2018 04:28:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
- Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-05-10T15:19:13Z. Kod błędu: 0x80070005.
- Error: (05/10/2018 04:27:43 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
- Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-05-10T15:19:43Z. Kod błędu: 0x80070005.
- Error: (05/10/2018 04:27:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
- Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-05-10T15:19:13Z. Kod błędu: 0x80070005.
- Error: (05/10/2018 04:26:43 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
- Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-05-10T15:19:43Z. Kod błędu: 0x80070005.
- Error: (05/10/2018 04:26:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
- Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-05-10T15:19:13Z. Kod błędu: 0x80070005.
- Error: (05/10/2018 04:25:43 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
- Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-05-10T15:19:43Z. Kod błędu: 0x80070005.
- Error: (05/10/2018 04:25:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
- Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-05-10T15:19:13Z. Kod błędu: 0x80070005.
- Error: (05/10/2018 04:24:43 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
- Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2018-05-10T15:19:43Z. Kod błędu: 0x80070005.
- System errors:
- =============
- Error: (05/10/2018 03:40:17 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-UBCT9KH)
- Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
- {D63B10C5-BB46-4990-A94F-E40B9D520160}
- i identyfikatorem aplikacji APPID
- {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
- użytkownikowi DESKTOP-UBCT9KH\Zuza o identyfikatorze zabezpieczeń SID (S-1-5-21-779947541-1455405682-160267812-1001) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
- Error: (05/10/2018 03:39:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
- Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
- {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
- i identyfikatorem aplikacji APPID
- {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
- użytkownikowi NT AUTHORITY\LOCAL SERVICE o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
- Error: (05/10/2018 03:39:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
- Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
- {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
- i identyfikatorem aplikacji APPID
- {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
- użytkownikowi NT AUTHORITY\LOCAL SERVICE o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
- Error: (05/10/2018 03:39:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
- Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
- {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
- i identyfikatorem aplikacji APPID
- {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
- użytkownikowi NT AUTHORITY\LOCAL SERVICE o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
- Error: (05/10/2018 03:39:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
- Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
- {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
- i identyfikatorem aplikacji APPID
- {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
- użytkownikowi NT AUTHORITY\LOCAL SERVICE o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
- Error: (05/10/2018 03:39:29 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
- Description: Usługa Harmonogram zadań nie może załadować zadań podczas uruchamiania usługi. Dane dodatkowe: Wartość błędu: 2147942405.
- Error: (05/10/2018 03:39:29 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
- Description: Usługa Harmonogram zadań nie może załadować zadań podczas uruchamiania usługi. Dane dodatkowe: Wartość błędu: 2147942405.
- Error: (05/10/2018 03:39:29 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
- Description: Usługa Harmonogram zadań nie może uruchomić zadań wyzwalanych podczas uruchamiania komputera. Dodatkowe dane: Wartość błędu: 2147942405.
- Windows Defender:
- ===================================
- Date: 2018-05-10 16:39:55.083
- Description:
- Funkcja Kontrolowany dostęp do folderu zablokowała aplikacji C:\Windows\System32\notepad.exe możliwość zmodyfikowania folderu %desktopdirectory%\frst\.
- Godzina wykrycia: 2018-05-10T14:39:55.082Z
- Użytkownik: DESKTOP-UBCT9KH\Zuza
- Ścieżka: %desktopdirectory%\frst\
- Nazwa procesu: C:\Windows\System32\notepad.exe
- Wersja podpisu: 1.267.1142.0
- Wersja aparatu: 1.1.14800.3
- Wersja produktu: 4.14.17639.18041
- Date: 2018-05-10 16:39:21.925
- Description:
- Funkcja Kontrolowany dostęp do folderu zablokowała aplikacji C:\Windows\System32\notepad.exe możliwość zmodyfikowania folderu %desktopdirectory%\frst\.
- Godzina wykrycia: 2018-05-10T14:39:21.925Z
- Użytkownik: DESKTOP-UBCT9KH\Zuza
- Ścieżka: %desktopdirectory%\frst\
- Nazwa procesu: C:\Windows\System32\notepad.exe
- Wersja podpisu: 1.267.1142.0
- Wersja aparatu: 1.1.14800.3
- Wersja produktu: 4.14.17639.18041
- Date: 2018-05-10 16:38:22.958
- Description:
- Funkcja Kontrolowany dostęp do folderu zablokowała aplikacji C:\Windows\System32\notepad.exe możliwość zmodyfikowania folderu %desktopdirectory%\frst\.
- Godzina wykrycia: 2018-05-10T14:38:22.956Z
- Użytkownik: DESKTOP-UBCT9KH\Zuza
- Ścieżka: %desktopdirectory%\frst\
- Nazwa procesu: C:\Windows\System32\notepad.exe
- Wersja podpisu: 1.267.1142.0
- Wersja aparatu: 1.1.14800.3
- Wersja produktu: 4.14.17639.18041
- Date: 2018-05-10 16:38:22.956
- Description:
- Funkcja Kontrolowany dostęp do folderu zablokowała aplikacji C:\Windows\System32\notepad.exe możliwość zmodyfikowania folderu %desktopdirectory%\frst\.
- Godzina wykrycia: 2018-05-10T14:38:22.956Z
- Użytkownik: DESKTOP-UBCT9KH\Zuza
- Ścieżka: %desktopdirectory%\frst\
- Nazwa procesu: C:\Windows\System32\notepad.exe
- Wersja podpisu: 1.267.1142.0
- Wersja aparatu: 1.1.14800.3
- Wersja produktu: 4.14.17639.18041
- Date: 2018-05-10 16:37:38.844
- Description:
- Funkcja Kontrolowany dostęp do folderu zablokowała aplikacji C:\Users\Zuza\Desktop\frst\FRST64.exe możliwość zmodyfikowania folderu %desktopdirectory%\frst\.
- Godzina wykrycia: 2018-05-10T14:37:38.844Z
- Użytkownik: DESKTOP-UBCT9KH\Zuza
- Ścieżka: %desktopdirectory%\frst\
- Nazwa procesu: C:\Users\Zuza\Desktop\frst\FRST64.exe
- Wersja podpisu: 1.267.1142.0
- Wersja aparatu: 1.1.14800.3
- Wersja produktu: 4.14.17639.18041
- Date: 2018-04-14 12:39:16.956
- Description:
- Produkt Program antywirusowy Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
- Nowa wersja podpisu:
- Poprzednia wersja podpisu: 1.261.1633.0
- Źródło aktualizacji: Centrum firmy Microsoft ds. ochrony przed złośliwym oprogramowaniem
- Typ podpisu: Oprogramowanie antywirusowe
- Typ aktualizacji: Pełne
- Użytkownik: NT AUTHORITY\NETWORK SERVICE
- Bieżąca wersja aparatu:
- Poprzednia wersja aparatu: 1.1.14500.5
- Kod błędu: 0x80072ee7
- Opis błędu: The server name or address could not be resolved
- Date: 2018-04-14 12:39:16.956
- Description:
- Produkt Program antywirusowy Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
- Nowa wersja podpisu:
- Poprzednia wersja podpisu: 118.2.0.0
- Źródło aktualizacji: Centrum firmy Microsoft ds. ochrony przed złośliwym oprogramowaniem
- Typ podpisu: System inspekcji sieci
- Typ aktualizacji: Pełne
- Użytkownik: NT AUTHORITY\NETWORK SERVICE
- Bieżąca wersja aparatu:
- Poprzednia wersja aparatu: 2.1.14202.0
- Kod błędu: 0x80072ee7
- Opis błędu: The server name or address could not be resolved
- Date: 2018-04-14 12:39:16.950
- Description:
- Produkt Program antywirusowy Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
- Nowa wersja podpisu:
- Poprzednia wersja podpisu: 1.261.1633.0
- Źródło aktualizacji: Centrum firmy Microsoft ds. ochrony przed złośliwym oprogramowaniem
- Typ podpisu: Oprogramowanie antywirusowe
- Typ aktualizacji: Pełne
- Użytkownik: NT AUTHORITY\NETWORK SERVICE
- Bieżąca wersja aparatu:
- Poprzednia wersja aparatu: 1.1.14500.5
- Kod błędu: 0x80072ee7
- Opis błędu: The server name or address could not be resolved
- Date: 2018-04-14 12:39:16.950
- Description:
- Produkt Program antywirusowy Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
- Nowa wersja podpisu:
- Poprzednia wersja podpisu: 1.261.1633.0
- Źródło aktualizacji: Centrum firmy Microsoft ds. ochrony przed złośliwym oprogramowaniem
- Typ podpisu: Oprogramowanie antyszpiegowskie
- Typ aktualizacji: Pełne
- Użytkownik: NT AUTHORITY\NETWORK SERVICE
- Bieżąca wersja aparatu:
- Poprzednia wersja aparatu: 1.1.14500.5
- Kod błędu: 0x80072ee7
- Opis błędu: The server name or address could not be resolved
- Date: 2018-04-14 12:39:16.950
- Description:
- Produkt Program antywirusowy Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
- Nowa wersja podpisu:
- Poprzednia wersja podpisu: 1.261.1633.0
- Źródło aktualizacji: Centrum firmy Microsoft ds. ochrony przed złośliwym oprogramowaniem
- Typ podpisu: Oprogramowanie antywirusowe
- Typ aktualizacji: Pełne
- Użytkownik: NT AUTHORITY\NETWORK SERVICE
- Bieżąca wersja aparatu:
- Poprzednia wersja aparatu: 1.1.14500.5
- Kod błędu: 0x80072ee7
- Opis błędu: The server name or address could not be resolved
- CodeIntegrity:
- ===================================
- Date: 2018-04-14 12:37:14.922
- Description:
- Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
- Date: 2018-04-14 12:37:14.766
- Description:
- Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
- Date: 2018-04-14 12:32:17.893
- Description:
- Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.
- Date: 2018-04-14 12:32:17.890
- Description:
- Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
- Date: 2018-04-14 12:25:44.316
- Description:
- Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.
- Date: 2018-04-14 12:25:44.313
- Description:
- Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
- Date: 2018-04-14 12:18:37.338
- Description:
- Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cssguard64.dll that did not meet the Microsoft signing level requirements.
- Date: 2018-04-14 12:18:37.326
- Description:
- Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
- ==================== Memory info ===========================
- Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
- Percentage of memory in use: 45%
- Total physical RAM: 8112.71 MB
- Available physical RAM: 4442.56 MB
- Total Virtual: 12208.71 MB
- Available Virtual: 8045.93 MB
- ==================== Drives ================================
- Drive c: () (Fixed) (Total:117.84 GB) (Free:50.41 GB) NTFS
- Drive d: (ZUZEK) (Fixed) (Total:921.52 GB) (Free:812.53 GB) NTFS
- Drive f: (DriverCD) (Fixed) (Total:10 GB) (Free:4.35 GB) NTFS
- \\?\Volume{ef801374-1cff-44b4-b25c-a9ac41beabdf}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.43 GB) NTFS
- \\?\Volume{c54864a2-9754-4d61-a8ff-22afee66259e}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
- \\?\Volume{7c01ce60-e5ce-42dc-a209-a22a8953fcaf}\ () (Fixed) (Total:0.84 GB) (Free:0.34 GB) NTFS
- ==================== MBR & Partition Table ==================
- ========================================================
- Disk: 0 (Size: 119.2 GB) (Disk ID: C53B4C78)
- Partition: GPT.
- ========================================================
- Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E96B3BF3)
- Partition 1: (Active) - (Size=921.5 GB) - (Type=07 NTFS)
- Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
- ==================== End of Addition.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement