Jump to content
Kernelly

Windows 10 Malware that controls websites and Windows Defender

Recommended Posts

Apparently as I mentioned in the title, I somehow received a virus that:

- Slows down my PC a bit

 - Doesn't allow me to visit sites like Microsoft, Avast and for example McAffee, (and most other antivirus softwares, well all actually)

- Doesn't allow me to edit my Windows Defender settings by showing me a sign "That my IT administrator" has to allow me to do that first (but this is my personal/private PC that I just bought from a popular electronics store and it worked just fine before

- There appeared another account on my computer called "Administrator" but I didn't make it and I was the only user and administrator of this PC

- When I download any file I get a warning in red background (from Windows 10 it just is red) that this file may be a virus while its just a normal program like any other from a secure site

 

I did a lot to repair this and I ran scans on most antiviruses available because I changed my DNS adress from my own to 1.1.1.1 and 1.0.0.1 an then installed the antiviruses because after changing my DNS the sites worked. I found some corrupted files and dangerous files and one trojan which i removed from my pc with the help of your antivirus. I checked all available options I found in the internet how to fix this and get control over my PC again and it seems like I fixed the sites (but it may be temporary, doesnt matter). So please if I might ask u to help me delete this other Administator user account and please help me with that "IT Windows Defender" problem". Have you experienced something like this before? RegardsImage result for your it administrator has limited access

Thats how the IT warning looks, I don't even know if anything changed but I never had any administrator besides me or anything like that and I'd like to fix it.

Share this post


Link to post
Share on other sites

Thank you for any kind of help and excuse me if I won't answer for a while, I'm at work and I don't have access to my personal PC here, but I can still reply

Share this post


Link to post
Share on other sites
Hello Kernelly and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites

Well this is what I found but the threats found on Malwarebytes are nothing special, 6 threats but minor from what I know

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 03/09/2019
Scan Time: 18:28
Log File: ebd43bf6-ce67-11e9-a8c5-309c2384c8d5.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.12309
Licence: Trial

-System Information-
OS: Windows 10 (Build 17134.950)
CPU: x64
File System: NTFS
User: DESKTOP-R0VNN2K\Kernelly

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 296264
Threats Detected: 6
Threats Quarantined: 6
Time Elapsed: 7 min, 17 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 6
Adware.HiRu, C:\USERS\KERNELLY\DESKTOP\ULTRAISO.V9.7.0.3476.EXE, Quarantined, [3047], [549551],1.0.12309
Adware.HiRu, C:\USERS\KERNELLY\DOWNLOADS\ULTRAISO.V9.7.0.3476.ZIP, Quarantined, [3047], [549551],1.0.12309
Generic.Malware/Suspicious, C:\USERS\KERNELLY\DESKTOP\ULTRAISO.V9.7.0.3476.EXE, Quarantined, [0], [392686],1.0.12309
Generic.Malware/Suspicious, C:\USERS\KERNELLY\DOWNLOADS\ULTRAISO.V9.7.0.3476.ZIP, Quarantined, [0], [392686],1.0.12309
MachineLearning/Anomalous.96%, C:\USERS\KERNELLY\DESKTOP\KERN3LLY\UNLOCKED FILES\FL STUDIO 20\FL.EXE, Quarantined, [0], [392687],1.0.12309
MachineLearning/Anomalous.96%, C:\USERS\KERNELLY\DESKTOP\KERN3LLY\UNLOCKED FILES\FL STUDIO 20\FL (SCALED).EXE, Quarantined, [0], [392687],1.0.12309

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-09-02.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-03-2019
# Duration: 00:00:02
# OS:       Windows 10 Pro
# Cleaned:  14
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\Application Data\Lavasoft\Web Companion

***** [ Files ] *****

Deleted       C:\Users\Kernelly\Downloads\SpyHunter-Installer.exe

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\WIFIService
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3235 octets] - [03/09/2019 17:16:07]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 31-08-2019
Uruchomiony przez Kernelly (03-09-2019 18:23:25)
Uruchomiony z C:\Users\Kernelly\Downloads
Windows 10 Pro Wersja 1803 17134.950 (X64) (2018-09-14 04:18:50)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Administrator (S-1-5-21-3895501756-2755293692-628328326-500 - Administrator - Enabled) => C:\Users\Administrator
Gość (S-1-5-21-3895501756-2755293692-628328326-501 - Limited - Disabled)
Kernelly (S-1-5-21-3895501756-2755293692-628328326-1001 - Administrator - Enabled) => C:\Users\Kernelly
Konto domyślne (S-1-5-21-3895501756-2755293692-628328326-503 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3895501756-2755293692-628328326-504 - Limited - Disabled)

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

µTorrent (HKU\S-1-5-21-3895501756-2755293692-628328326-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.)
A Way Out (HKLM-x32\...\{E8D752CF-2FCC-470D-B0C5-4BFC6F42ACCE}) (Version: 1.0.62.0 - Electronic Arts, Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.504 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.0.6 - Electronic Arts, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.3.1 (HKLM-x32\...\Audacity_is1) (Version: 2.3.1 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.60.9722 - Electronic Arts)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 24.0.1.143 - Bitdefender)
Blade & Soul Launcher Bundle (HKLM-x32\...\{fcb7b621-345c-46f2-a010-76a58c939d54}) (Version: 1.0.2.0 - NC Interactive, LLC) Hidden
Blitz (HKU\S-1-5-21-3895501756-2755293692-628328326-1001\...\Blitz) (Version: 1.2.11 - Blitz Inc.)
Cheat Engine 6.8.3 (HKLM-x32\...\Cheat Engine 6.8.3_is1) (Version:  - Cheat Engine)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-3895501756-2755293692-628328326-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 425.31 - NVIDIA Corporation) Hidden
FireAlpaca 2.1.16 (64bit) (HKLM\...\FireAlpaca64_is1) (Version: 2.1.16 - firealpaca.com)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
GraphicsGale version 2.08.12 (HKLM-x32\...\GraphicsGale_is1) (Version:  - HUMANBALANCE Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1067 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Software Guard Extensions Platform Software (HKLM-x32\...\ARP_for_prd_SGX_1.9.100.41172) (Version: 1.9.100.41172 - Intel Corporation)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
League Displays (HKLM-x32\...\LolScreenSaver) (Version: W1.0.1039-beta - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.11929.20254 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3895501756-2755293692-628328326-1001\...\OneDriveSetup.exe) (Version: 19.163.0818.0004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27024 (HKLM-x32\...\{5fb2083a-f3cc-4b78-93ff-bd9788b5de01}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang)
Mozilla Firefox 66.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.3 (x64 en-US)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
MSI APP Manager (HKLM-x32\...\{00F47104-12BA-4E58-A7E6-F456C1BA338E}}_is1) (Version: 1.0.0.27 - MSI)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 3.0.0.73 - MSI)
MSI DPC Latency Tuner (HKLM-x32\...\{1AAC56F3-3F60-47DB-BE6B-088F36ADFDC5}_is1) (Version: 1.0.0.33 - MSI)
MSI DragonEye (HKLM\...\{7116875E-F251-4C33-AB3F-37DE05B15595}_is1) (Version: 0.0.2.6 - MSI)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.15 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.76 - MSI)
MSI Kombustor 3.5.0 (HKLM\...\{9598DA62-2AE8-426D-9C86-BEA96AC6721E}_is1) (Version:  - MSI Co., LTD)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.39 - MSI)
MSI MysticLight (HKLM-x32\...\{93874B70-6C5E-446A-AF4D-E5AC776A0386}}_is1) (Version: 2.0.0.40 - MSI)
MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.15 - MSI)
NC Launcher 2 (HKLM-x32\...\NCLauncherW_plaync) (Version:  - NCSOFT)
NetLimiter 4 (HKLM\...\{9177CEA6-C98C-41C1-A70A-C064A3D11A50}) (Version: 4.0.41.0 - Locktime Software) Hidden
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.41.0) (Version: 4.0.41.0 - Locktime Software)
NordVPN (HKLM-x32\...\{5A4DEE6B-B4FE-4888-9D3F-BF104523FE56}) (Version: 6.21.8 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.21.8) (Version: 6.21.8 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 425.31 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.0.105 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.105 - NVIDIA Corporation)
NVIDIA Graphics Driver 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 425.31 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 22.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden
Oprogramowanie mikroukładu Intel® (HKLM-x32\...\{eb0d4a41-3065-42b0-a868-c60d42d3ea98}) (Version: 10.1.17695.8086 - Intel(R) Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.40.26928 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{fe2d2ac1-ec22-4247-b201-985edfe3eb77}) (Version: latest - ppy Pty Ltd)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
PBE (HKLM-x32\...\PBE 1.0) (Version: 1.0 - Riot Games, Inc)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.21.1 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8470 - Realtek Semiconductor Corp.)
South Park: The Fractured... (HKLM-x32\...\South Park: The Fractured..._is1) (Version:  - )
Spotify (HKU\S-1-5-21-3895501756-2755293692-628328326-1001\...\Spotify) (Version: 1.1.14.475.g566c8beb - Spotify AB)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.6.1.119 - EnigmaSoft Limited)
Sqirlz Morph (HKLM-x32\...\Sqirlz Morph) (Version: 2.1 - xiberpix)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SURVEY_PROGRAM (HKU\S-1-5-21-3895501756-2755293692-628328326-1001\...\SURVEY_PROGRAM) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.2.3 - TeamSpeak Systems GmbH)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UltraISO (HKLM-x32\...\UltraISO) (Version:  - EZB Systems, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
VEGAS Pro 16.0 (HKLM\...\{64713630-D239-11E8-9113-00155D6302F2}) (Version: 16.0.307 - VEGAS)
Voicemod (HKLM\...\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 1.2.5.3 - Voicemod S.L.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.60 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Classic (HKLM-x32\...\World of Warcraft Classic) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-08-17] (Adobe Systems Incorporated)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-08-29] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.12.28.0_x64__8wekyb3d8bbwe [2019-08-13] (Microsoft Studios)
MSN Pogoda -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Photo Editor | Polarr -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.6.0.0_x64__jb41c8remg0x2 [2019-08-27] (Polarr)
PicsArt - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PicsArt-PhotoStudio_8.7.0.0_x86__crhqpqs3x1ygc [2019-08-22] (PicsArt Inc.) [MS Ad]
Poczta i Kalendarz -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.136.0_x64__dt26b99r8h8gj [2019-08-27] (Realtek Semiconductor Corp)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

CustomCLSID: HKU\S-1-5-21-3895501756-2755293692-628328326-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4B9F427F9CFD} -> [Creative Cloud Files] => C:\Users\Kernelly\Creative Cloud Files [2018-12-17 20:31]
CustomCLSID: HKU\S-1-5-21-3895501756-2755293692-628328326-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-07-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-07-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2016-11-19] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.) [Brak podpisu cyfrowego]
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2016-11-19] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.) [Brak podpisu cyfrowego]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2016-11-19] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.) [Brak podpisu cyfrowego]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-07-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-07-16] (win.rar GmbH -> Alexander Roshal)

==================== Skróty & WMI ========================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)


==================== Załadowane moduły (filtrowane) ==============

2019-01-23 17:13 - 2005-07-18 14:43 - 000160256 _____ () [Brak podpisu cyfrowego] C:\Program Files (x86)\MSI\APP Manager\unrar.dll
2018-08-15 18:14 - 2005-07-18 13:43 - 000160256 _____ () [Brak podpisu cyfrowego] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2018-08-15 18:27 - 2016-04-20 14:12 - 000772608 _____ () [Brak podpisu cyfrowego] C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\Lib\USB_DLL.dll
2018-08-15 18:09 - 2017-08-02 14:48 - 000237568 _____ () [Brak podpisu cyfrowego] C:\Program Files (x86)\MSI\MysticLight\LEDControl.dll
2019-01-21 13:55 - 2019-01-21 13:55 - 000251392 _____ () [Brak podpisu cyfrowego] C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
2018-08-15 18:08 - 2015-06-23 16:41 - 000082432 _____ (Fintek) [Brak podpisu cyfrowego] C:\Program Files (x86)\MSI\Gaming APP\Lib\FintekUSBDll.dll
2019-08-30 06:23 - 2019-09-01 12:11 - 062488048 _____ (Google LLC -> Google LLC) [Brak podpisu cyfrowego] C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\chrome.dll
2018-08-15 18:09 - 2016-10-03 13:43 - 000399872 _____ (TODO: <公司名稱>) [Brak podpisu cyfrowego] C:\Program Files (x86)\MSI\MysticLight\Lib\SDKDLL.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)

AlternateDataStreams: C:\Users\Kernelly\Dane aplikacji:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Kernelly\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]

==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)


==================== Powiązania plików (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3895501756-2755293692-628328326-1001\...\localhost -> localhost

==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2017-09-29 15:46 - 2019-09-03 17:17 - 000000880 _____ C:\WINDOWS\system32\drivers\etc\hosts

0.0.0.0                   telemetry.malwarebytes.com

==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-3895501756-2755293692-628328326-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kernelly\Desktop\Kern3lly\Kernelly - Pictures\d9tnvbh-9e96fd0b-c135-4b2c-92e7-295b3b419ae9.gif
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

Załączenie wejścia w fixlist spowoduje jego usunięcie.

HKU\S-1-5-21-3895501756-2755293692-628328326-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-3895501756-2755293692-628328326-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-3895501756-2755293692-628328326-1001\...\StartupApproved\Run: => "com.blitz.app"

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [TCP Query User{CA614558-9602-40C5-BB5F-D88C211B1DF0}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe Brak pliku
FirewallRules: [UDP Query User{602847F0-80FD-4F87-A557-5291E8171FF8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe Brak pliku
FirewallRules: [TCP Query User{AEF4E96B-E00C-43E0-93E4-58A6F9218D85}C:\users\kernelly\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\kernelly\appdata\local\warthunder\launcher.exe Brak pliku
FirewallRules: [UDP Query User{5B106E8A-27C2-4894-975B-FA2B130827F4}C:\users\kernelly\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\kernelly\appdata\local\warthunder\launcher.exe Brak pliku
FirewallRules: [TCP Query User{3F3F6787-11AD-4C98-AD03-7CCF431AAAF2}C:\users\kernelly\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\kernelly\appdata\local\warthunder\win64\aces.exe Brak pliku
FirewallRules: [UDP Query User{BD8E1333-9980-45DB-A58B-C584742F3F06}C:\users\kernelly\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\kernelly\appdata\local\warthunder\win64\aces.exe Brak pliku
FirewallRules: [{15219CE2-DE84-49A8-B4B9-3E7C1B41C190}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5B0728FC-3955-446E-9B67-F146F94BE03B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7210AF33-7907-471A-B8AE-C6930BF43F71}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D9C9433E-29D0-4AEF-99E5-D414BA73A4A3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E1C8AAEF-A75B-404C-8678-A685040CC518}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe () [Brak podpisu cyfrowego]
FirewallRules: [{FD31D249-2A53-400B-ABA4-DDFA30A62A31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe () [Brak podpisu cyfrowego]
FirewallRules: [TCP Query User{5DE64615-68E4-4DFB-B185-D0EF21FEB10B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe Brak pliku
FirewallRules: [UDP Query User{A101ACD2-9099-4C5D-AAE8-4883141E6C4B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe Brak pliku
FirewallRules: [TCP Query User{576FD938-EBAF-48A9-8BA8-F8EB7B704113}C:\users\kernelly\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kernelly\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{442C6BD4-F806-4922-BFC0-01F510864B5C}C:\users\kernelly\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kernelly\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{D23E4E34-0746-4573-9E92-CEB33CBEE8D8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe Brak pliku
FirewallRules: [UDP Query User{4ED090B6-F65C-46A5-8879-6669A5C2A51F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe Brak pliku
FirewallRules: [{ABA30F12-A11B-4438-9096-23887CF68176}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation )
FirewallRules: [{E87F5B50-3336-4702-B2DA-CD5223AE289B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation )
FirewallRules: [{1CABE833-6F18-4E0F-8E8E-82D67201401A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B4744110-3B3E-472B-A464-DEF56954A0D8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{7278F8DB-1DD9-4062-80D3-35B38521A17B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe Brak pliku
FirewallRules: [UDP Query User{B687023F-041C-42C9-8645-D5DB449E74AC}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe Brak pliku
FirewallRules: [{836BDBF7-95ED-4618-8170-39F0643DCFBC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F59F431E-AE27-411C-A6A5-A745FFE79EC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{05EC8847-C410-4B08-9A3C-5D3BE03DD2D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [Brak podpisu cyfrowego]
FirewallRules: [{F2F3574B-4095-4A79-9EA7-D066655BC647}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [Brak podpisu cyfrowego]
FirewallRules: [{761BEF7B-D7B2-498A-A528-FDFA8E03E186}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Primal Carnage Extinction\Binaries\Win64\PrimalCarnageGame.exe (Epic Games, Inc.) [Brak podpisu cyfrowego]
FirewallRules: [{BA59E9B2-4A39-427A-A0B0-93DC5F71BD2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Primal Carnage Extinction\Binaries\Win64\PrimalCarnageGame.exe (Epic Games, Inc.) [Brak podpisu cyfrowego]
FirewallRules: [{7F88E238-2D56-438C-BA91-FF26CBAD71B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Chicken Horse\UltimateChickenHorse.exe () [Brak podpisu cyfrowego]
FirewallRules: [{8656214A-3379-4D44-8930-43A4A20ED5DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Chicken Horse\UltimateChickenHorse.exe () [Brak podpisu cyfrowego]
FirewallRules: [{B9964070-CAEE-47DA-9857-18E3E2793E75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [{90EB3E5D-AB58-459B-A599-D1C7155FC369}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [{AA0F53A7-4A6C-478C-A327-2222476D340C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{CD9AB9D1-DB30-4467-A966-5C1B3BB32EE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{1DFE8ED4-677D-4EB5-868C-36E791D30E60}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe (Epic Games, Inc.) [Brak podpisu cyfrowego]
FirewallRules: [UDP Query User{DB9F99BB-089E-4AD0-A84B-2928F56F3147}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe (Epic Games, Inc.) [Brak podpisu cyfrowego]
FirewallRules: [TCP Query User{5F365BC8-EAAD-4B9B-833A-4FCAD3AF9D65}C:\users\kernelly\appdata\local\blitz\app-0.9.27\blitz.exe] => (Allow) C:\users\kernelly\appdata\local\blitz\app-0.9.27\blitz.exe Brak pliku
FirewallRules: [UDP Query User{99E5B8EC-6102-4098-B321-6522521AFA26}C:\users\kernelly\appdata\local\blitz\app-0.9.27\blitz.exe] => (Allow) C:\users\kernelly\appdata\local\blitz\app-0.9.27\blitz.exe Brak pliku
FirewallRules: [TCP Query User{78D177B2-D5E7-4137-9ACA-B980CDA86B93}C:\users\kernelly\appdata\local\blitz\app-0.9.28\blitz.exe] => (Block) C:\users\kernelly\appdata\local\blitz\app-0.9.28\blitz.exe Brak pliku
FirewallRules: [UDP Query User{4ED8847C-6297-49FE-B946-C6ADC8C597CE}C:\users\kernelly\appdata\local\blitz\app-0.9.28\blitz.exe] => (Block) C:\users\kernelly\appdata\local\blitz\app-0.9.28\blitz.exe Brak pliku
FirewallRules: [TCP Query User{F51CFBB2-65BE-4358-8E80-860051FCC2ED}C:\users\kernelly\appdata\local\blitz\app-0.9.28\blitz.exe] => (Block) C:\users\kernelly\appdata\local\blitz\app-0.9.28\blitz.exe Brak pliku
FirewallRules: [UDP Query User{D11A01C2-D20C-4E9A-B010-1924FBF02140}C:\users\kernelly\appdata\local\blitz\app-0.9.28\blitz.exe] => (Block) C:\users\kernelly\appdata\local\blitz\app-0.9.28\blitz.exe Brak pliku
FirewallRules: [{FB46F44D-F67F-4D39-8750-4AE45097D721}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [Brak podpisu cyfrowego]
FirewallRules: [{BBFDBC05-EC8D-4E6D-881E-C72D2FB4025F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [Brak podpisu cyfrowego]
FirewallRules: [TCP Query User{C3A4A059-9E97-4162-A038-657CCEABD341}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe Brak pliku
FirewallRules: [UDP Query User{0F9F864D-088D-4549-B943-C1413D098CF4}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe Brak pliku
FirewallRules: [TCP Query User{F77AA056-2AFF-4D61-94EE-88F963D4C450}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.199\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.199\deploy\leagueclient.exe Brak pliku
FirewallRules: [UDP Query User{14B3E284-1FF4-4990-A234-6FE60CEEC1F9}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.199\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.199\deploy\leagueclient.exe Brak pliku
FirewallRules: [TCP Query User{31441301-D456-4B12-A14F-25660C96502A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe Brak pliku
FirewallRules: [UDP Query User{7FD6F0C4-1699-436B-B2E9-2D6797ADE478}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe Brak pliku
FirewallRules: [{F2B022BE-7018-44E4-AFF6-E30A1A936089}] => (Allow) C:\Riot Games\PBE\LeagueClient.exe (Riot Games, Inc. -> )
FirewallRules: [{B0165A75-8C1B-4329-BAC3-65C9126C5502}] => (Allow) C:\Riot Games\PBE\LeagueClient.exe (Riot Games, Inc. -> )
FirewallRules: [TCP Query User{10363C84-E519-4A85-A69D-25C12458F473}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{3FFC28FA-65CD-4C3E-84B2-1AA3CC6C8CE0}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{4321C216-4C35-44F3-9E52-41CF41C08F52}C:\program files\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_191\bin\javaw.exe
FirewallRules: [UDP Query User{C5253CFA-7DC6-43C2-94F7-F8BBE3FDAFF1}C:\program files\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_191\bin\javaw.exe
FirewallRules: [{BD67A4F2-64BD-4BAA-9F08-5D237F4A7700}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{253B461A-F00F-43DC-9F70-2962F2BA7C94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{074D5065-B5CD-495B-81F0-EEA0A28BFF00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\McOsu\McEngine.exe Brak pliku
FirewallRules: [{7B6A93E2-5515-44FC-A444-DC230674E291}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\McOsu\McEngine.exe Brak pliku
FirewallRules: [{1BFD757A-DB62-49AE-B443-BDE85C0E4BB6}] => (Allow) C:\Program Files (x86)\Origin Games\AWayOut\Haze1\Binaries\Win64\AWayOut.exe Brak pliku
FirewallRules: [{C321DDCD-96E3-4A87-8415-51F7FAA35550}] => (Allow) C:\Program Files (x86)\Origin Games\AWayOut\Haze1\Binaries\Win64\AWayOut.exe Brak pliku
FirewallRules: [{CF66E86D-8A99-4D5D-AE67-A6BAE4B96EE1}] => (Allow) C:\Program Files (x86)\Origin Games\AWayOut\Haze1\Binaries\Win64\AWayOut_friend.exe Brak pliku
FirewallRules: [{BC20CBAC-06C9-4236-82D5-9AA6CE936CFF}] => (Allow) C:\Program Files (x86)\Origin Games\AWayOut\Haze1\Binaries\Win64\AWayOut_friend.exe Brak pliku
FirewallRules: [TCP Query User{45004E14-35E4-44D9-B593-B8961C3D4378}C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{B613ECB8-1C19-4416-AE91-50D38FAB6736}C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{077954E5-5956-46F1-BBFC-9AB268AA412A}C:\users\kernelly\appdata\local\blitz\app-1.2.2\blitz.exe] => (Block) C:\users\kernelly\appdata\local\blitz\app-1.2.2\blitz.exe Brak pliku
FirewallRules: [UDP Query User{3381EC29-11E4-4FB9-A90F-039C7B57189C}C:\users\kernelly\appdata\local\blitz\app-1.2.2\blitz.exe] => (Block) C:\users\kernelly\appdata\local\blitz\app-1.2.2\blitz.exe Brak pliku
FirewallRules: [{CD1A8603-B9DE-4001-894A-AFD7DDD8B02B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{912CEBB1-9840-48C8-B1FA-1B9B81D68F91}C:\program files (x86)\world of warcraft\_ptr_\utils\wowvoiceproxyt.exe] => (Allow) C:\program files (x86)\world of warcraft\_ptr_\utils\wowvoiceproxyt.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{C8C9C92B-FE65-4291-B941-2F128CC10434}C:\program files (x86)\world of warcraft\_ptr_\utils\wowvoiceproxyt.exe] => (Allow) C:\program files (x86)\world of warcraft\_ptr_\utils\wowvoiceproxyt.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{0008AFAA-3908-4754-A333-AF05A198AC78}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{DCDFEEC1-C26B-435F-917D-5F0D2E24C628}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{92D039E3-2CDF-4B0B-92E0-4357827E90B3}C:\users\kernelly\desktop\node.exe] => (Allow) C:\users\kernelly\desktop\node.exe Brak pliku
FirewallRules: [UDP Query User{4A8AF97D-C842-46E7-9F86-3DAD076A1384}C:\users\kernelly\desktop\node.exe] => (Allow) C:\users\kernelly\desktop\node.exe Brak pliku
FirewallRules: [TCP Query User{54354C7D-7651-48C8-B2EA-7FD368F52DDE}C:\program files (x86)\heroes of the storm\versions\base75792\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base75792\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{4A760014-E97B-4C13-9355-F6C752C22546}C:\program files (x86)\heroes of the storm\versions\base75792\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base75792\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{9469DD19-001E-4C27-A980-D679A880695E}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{954B2212-6741-4848-81D0-559E70A88264}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [TCP Query User{F178B628-E5E5-4345-98D6-054D6DAD3B98}C:\program files (x86)\heroes of the storm\versions\base76003\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base76003\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{C3DCF02F-8813-4C17-A7D7-428023AACBFB}C:\program files (x86)\heroes of the storm\versions\base76003\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base76003\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{FE503AD6-9063-42BD-9193-4F91AACDE4E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{BB362B1D-A00C-4BDD-AACA-F10BC1B058EA}C:\users\kernelly\appdata\local\blitz\app-1.2.10\blitz.exe] => (Allow) C:\users\kernelly\appdata\local\blitz\app-1.2.10\blitz.exe (Swift Media Entertainment, Inc. -> Blitz Inc.)
FirewallRules: [UDP Query User{76EBA76B-46D7-4C5A-8E7B-9DE79DBD3805}C:\users\kernelly\appdata\local\blitz\app-1.2.10\blitz.exe] => (Allow) C:\users\kernelly\appdata\local\blitz\app-1.2.10\blitz.exe (Swift Media Entertainment, Inc. -> Blitz Inc.)
FirewallRules: [TCP Query User{6400F6DC-89BB-4CDD-B8B6-75CF65FAE379}C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{FAF2F096-4902-48B9-9EC7-5E9C51EB49AA}C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{05A9EF0A-C386-44EE-9E33-837E0C6A3D37}] => (Allow) C:\Users\Kernelly\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E76B6541-B268-4D27-A244-91C8C3BEEE97}] => (Allow) C:\Users\Kernelly\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8D6CEB20-0521-4A31-BFF2-F8E0BFF77233}] => (Allow) C:\Users\Kernelly\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0AD007F1-7104-4704-A1E1-BA4BCBA98468}] => (Allow) C:\Users\Kernelly\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{998DB6A3-E40B-4FD4-8E1D-F0FF18197633}] => (Allow) C:\Users\Kernelly\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{FF4BFDEA-5741-42A0-B1FF-8891626B4644}] => (Allow) C:\Users\Kernelly\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0742B80C-009A-43AA-8FDA-2DF77AFA0083}] => (Allow) C:\WINDOWS\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{E2AF57B0-EF16-4EF5-A7B4-031D95E92D34}C:\users\kernelly\appdata\local\blitz\app-1.2.11\blitz.exe] => (Block) C:\users\kernelly\appdata\local\blitz\app-1.2.11\blitz.exe (Swift Media Entertainment, Inc. -> Blitz Inc.)
FirewallRules: [UDP Query User{72530BE4-49A6-4220-B436-C26089332595}C:\users\kernelly\appdata\local\blitz\app-1.2.11\blitz.exe] => (Block) C:\users\kernelly\appdata\local\blitz\app-1.2.11\blitz.exe (Swift Media Entertainment, Inc. -> Blitz Inc.)
FirewallRules: [{3BA375BA-5096-44CA-92D7-131FE1792BB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5E355A6E-AC55-45C2-A655-2CB922242F09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{98B7B82B-FA2A-4025-96BE-65F35D7EF77E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5AD23483-00AE-4C1F-A239-57B7A0BDF62D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B3F57614-2609-4FE0-9C4F-45172858840A}] => (Allow) LPort=26820
FirewallRules: [{EE5149D5-6B12-40B2-8031-4246F46D901E}] => (Allow) LPort=26822

==================== Punkty Przywracania systemu =========================

23-08-2019 18:27:00 Female Voices for MorphVOX
30-08-2019 16:20:35 Windows Update
03-09-2019 06:25:34 Windows Update

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

Name: TAP-NordVPN Windows Adapter V9
Description: TAP-NordVPN Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-NordVPN Windows Provider V9
Service: tapnordvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (09/03/2019 05:17:37 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (09/03/2019 05:17:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/03/2019 05:17:22 PM) (Source: MBAMIService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/03/2019 05:17:22 PM) (Source: MBAMIService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/03/2019 04:55:43 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-R0VNN2K)
Description: httphttp-2147467263

Error: (09/03/2019 04:52:57 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-R0VNN2K)
Description: httphttp-2147467263

Error: (09/03/2019 04:51:43 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-R0VNN2K)
Description: httphttp-2147467263

Error: (09/03/2019 06:25:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
Nie można odnaleźć określonego pliku.
.


Dziennik System:
=============
Error: (09/03/2019 05:43:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-R0VNN2K)
Description: The właściwe dla aplikacji permission settings do not grant Lokalny Aktywacja permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-R0VNN2K\Kernelly SID (S-1-5-21-3895501756-2755293692-628328326-1001) from address LocalHost (użycie LRPC) running in the application container Niedostępny SID (Niedostępny). This security permission can be modified using the Component Services administrative tool.

Error: (09/03/2019 05:33:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Product Agent Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/03/2019 05:20:02 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-R0VNN2K)
Description: The właściwe dla aplikacji permission settings do not grant Lokalny Aktywacja permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-R0VNN2K\Kernelly SID (S-1-5-21-3895501756-2755293692-628328326-1001) from address LocalHost (użycie LRPC) running in the application container Niedostępny SID (Niedostępny). This security permission can be modified using the Component Services administrative tool.

Error: (09/03/2019 05:19:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Usługa Google Update (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.

Error: (09/03/2019 05:19:29 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-R0VNN2K)
Description: The właściwe dla aplikacji permission settings do not grant Lokalny Aktywacja permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-R0VNN2K\Kernelly SID (S-1-5-21-3895501756-2755293692-628328326-1001) from address LocalHost (użycie LRPC) running in the application container Niedostępny SID (Niedostępny). This security permission can be modified using the Component Services administrative tool.

Error: (09/03/2019 05:17:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (09/03/2019 05:17:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (09/03/2019 05:17:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The !SASCORE service failed to start due to the following error: 
The system cannot find the file specified.


Windows Defender:
===================================
Date: 2019-09-01 18:38:17.859
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {FCD980DA-72F7-4FBD-809A-4F9F8AEBACC9}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-09-01 16:37:53.447
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0
Name: HackTool:Win32/Keygen
ID: 2147593794
Severity: Wysoki
Category: Narzędzie
Path: containerfile:_C:\Users\Kernelly\Downloads\AppNee.com._bytes.Anti-_.Premium.v3.7.1.FI.UP.7z; file:_C:\Users\Kernelly\Downloads\AppNee.com._bytes.Anti-_.Premium.v3.7.1.FI.UP.7z->Universal Keygen & Patch/MalwareBytes_Anti-Malware_Keygen_v1.7_URET.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.301.243.0, AS: 1.301.243.0, NIS: 1.301.243.0
Engine Version: AM: 1.1.16300.1, NIS: 1.1.16300.1

Date: 2019-09-01 15:35:51.882
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DefenderTamperingRestore&threatid=2147741622&enterprise=0
Name: VirTool:Win32/DefenderTamperingRestore
ID: 2147741622
Severity: Poważny
Category: Narzędzie
Path: regkeyvalue:_hklm\software\microsoft\windows defender\real-time protection\\DisableBehaviorMonitoring
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.301.243.0, AS: 1.301.243.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.16300.1, NIS: 0.0.0.0

Date: 2019-09-01 15:35:46.182
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DefenderTamperingRestore&threatid=2147741622&enterprise=0
Name: VirTool:Win32/DefenderTamperingRestore
ID: 2147741622
Severity: Poważny
Category: Narzędzie
Path: regkeyvalue:_hklm\software\microsoft\windows defender\real-time protection\\DisableBehaviorMonitoring
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.301.243.0, AS: 1.301.243.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.16300.1, NIS: 0.0.0.0

Date: 2019-08-25 17:12:31.947
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {61E3FB2C-3870-452A-AC21-692892BBDC01}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-09-01 20:35:31.856
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: Program nie znalazł na tym urządzeniu złośliwego oprogramowania ani innego potencjalnie niechcianego oprogramowania. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2019-09-01 17:47:32.317
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.301.260.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16300.1
Error code: 0x80240438
Error description: Podczas sprawdzania aktualizacji wystąpił nieoczekiwany problem. Aby uzyskać informacje na temat instalowania aktualizacji i rozwiązywania problemów z nimi, zobacz Pomoc i obsługę techniczną. 

Date: 2019-09-01 17:35:32.671
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.301.260.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16300.1
Error code: 0x80240438
Error description: Podczas sprawdzania aktualizacji wystąpił nieoczekiwany problem. Aby uzyskać informacje na temat instalowania aktualizacji i rozwiązywania problemów z nimi, zobacz Pomoc i obsługę techniczną. 

Date: 2019-09-01 16:39:38.827
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.301.243.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16300.1
Error code: 0x80240438
Error description: Podczas sprawdzania aktualizacji wystąpił nieoczekiwany problem. Aby uzyskać informacje na temat instalowania aktualizacji i rozwiązywania problemów z nimi, zobacz Pomoc i obsługę techniczną. 

Date: 2019-09-01 15:39:51.667
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.301.243.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16300.1
Error code: 0x80240438
Error description: Podczas sprawdzania aktualizacji wystąpił nieoczekiwany problem. Aby uzyskać informacje na temat instalowania aktualizacji i rozwiązywania problemów z nimi, zobacz Pomoc i obsługę techniczną. 

CodeIntegrity:
===================================

Date: 2019-09-01 12:29:33.269
Description: 
Windows blocked file \Device\HarddiskVolume6\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-09-01 12:29:33.266
Description: 
Windows blocked file \Device\HarddiskVolume6\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-09-01 12:29:33.264
Description: 
Windows blocked file \Device\HarddiskVolume6\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-09-01 12:29:33.262
Description: 
Windows blocked file \Device\HarddiskVolume6\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-09-01 12:29:33.260
Description: 
Windows blocked file \Device\HarddiskVolume6\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-09-01 12:29:33.258
Description: 
Windows blocked file \Device\HarddiskVolume6\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-09-01 12:29:31.152
Description: 
Windows blocked file \Device\HarddiskVolume6\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-09-01 12:29:30.795
Description: 
Windows blocked file \Device\HarddiskVolume6\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Statystyki pamięci =========================== 

BIOS: American Megatrends Inc. 2.40 03/08/2018
Motherboard: Micro-Star International Co., Ltd. Z370-A PRO (MS-7B48)
Procesor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
Procent pamięci w użyciu: 21%
Całkowita pamięć fizyczna: 32728.38 MB
Dostępna pamięć fizyczna: 25707.96 MB
Całkowita pamięć wirtualna: 37592.38 MB
Dostępna pamięć wirtualna: 28972.38 MB

==================== Dyski ================================

Drive c: () (Fixed) (Total:930.91 GB) (Free:237.3 GB) NTFS
Drive d: () (Fixed) (Total:931.5 GB) (Free:913.76 GB) NTFS

\\?\Volume{ccb998b2-e3d6-4836-81e6-6b93426ee404}\ (Odzyskiwanie) (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{91013b47-3b03-423b-9a8e-0b2c5e8b9ef9}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Koniec  Addition.txt ============================

 

Well there u go

Share this post


Link to post
Share on other sites

If the Administrator account is not built-in and was made by the virus or something please instruct me how to delete it

Share this post


Link to post
Share on other sites

I need to see the primary log from FRST, frst.txt Logs are saved here :- C:\FRST\Logs

Share this post


Link to post
Share on other sites

Yep thats the one I wanted. Continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

user posted image

fixlist.txt

Share this post


Link to post
Share on other sites

I have to wait till I get home anyway so, Ill just ask now  as I can't do what you told me yet anyway. Is it going to delete some of my softwares? Or just try to fix them, can I lose some photos stored on my PC by doing the last action you told me to.

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.