Frst.txt jest niekompletny, przeskanuj jeszcze raz i zamiesc caly plik. Zamiesc screen calego okna z: CrystalDiskInfo: http://portableapps.com/apps/utilities/crystaldiskinfo_portable Nie wiem o co Ci chodzi z iloscia ramu, w logu wszystko wyglada poprawnie: Total physical RAM: 2994.6 MB Available physical RAM: 567.51 MB Już.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Lenovo (13-08-2018 09:01:16)
Running from D:\
Windows 10 Home Version 1703 15063.1206 (X64) (2018-04-05 04:52:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3252381865-432738924-2588522308-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3252381865-432738924-2588522308-503 - Limited - Disabled)
Guest (S-1-5-21-3252381865-432738924-2588522308-501 - Limited - Disabled)
Lenovo (S-1-5-21-3252381865-432738924-2588522308-1002 - Administrator - Enabled) = & gt; C:\Users\Lenovo
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with " Hidden " flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ALLPlayer (wersja 8.1) (HKLM\...\{68972948-F221-4267-9EB6-2EB5D913C4CF}_is1) (Version: 8.1 - ALLPlayer Ltd.)
ALLPlayer Remote Control (HKLM-x32\...\{146BDBDD-ACD9-4B04-A286-C27471841E8E}_is1) (Version: 2.1 - ALLPlayer Group, Ltd.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Asystent aktualizacji do systemu Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Catalyst Control Center Next Localization BR (HKLM\...\{EFD22D1A-6AC9-997E-CD1C-766D083ECC8C}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{B2B93459-0992-34E9-2ED4-C73C58444A2D}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{0F328F2A-8041-6914-FCF9-09717DD2DEA4}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{E1905A51-0A9A-460A-78DA-63C2B512F8DF}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{7693605B-8D26-A11A-4E8A-A93DA48A6F07}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{ED48AEAD-1B7B-894A-BC92-1B3F3B6D67E2}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{3BF2CA15-362E-DD16-562B-8441C5631C68}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{C741AC2E-D45D-692C-E719-F47969B8C162}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{7009BD31-9DBE-1350-06D2-C8619F15A24C}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{1414A18F-1F48-3BDC-492B-A49BBE69E018}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{CF9E400B-366C-815B-DBE7-BF5B6A4E5C21}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{4D7216C2-571F-ADB9-1BF7-DB2A3A7AA477}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{04572C55-0636-8C3A-B323-881398A8D29E}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{6BE5B90E-9D91-0EFC-65EF-27F9A8E35777}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{00B0FF88-9B44-6745-9F35-4F44FFFC456C}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{A258B798-A430-9B23-68D4-6D99A5BC5A2A}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{6A8D5AAA-21E4-0DF3-F755-D2839F35A26C}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{7A9A2D44-AB69-16A3-20E8-EF4F356E699F}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{F86B7A78-34E5-3186-F57E-A14205BEC3C5}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{877CC96B-918D-53AA-9906-930B1FEE5267}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{022EB26A-75DF-1F86-0867-704CF28D0D2E}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
CrystalDiskInfo 7.6.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.6.1 - Crystal Dew World)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.7417 - CyberLink Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
IObit Malware Fighter 6 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 6.1 - IObit)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Lenovo Utility (HKLM\...\{12ABAC82-7D83-4CB8-9DD2-434DC9AF2942}_is1) (Version: 3.0.0.17 - Lenovo)
Microsoft OneDrive (HKU\S-1-5-21-3252381865-432738924-2588522308-1002\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.20 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{A951B9A0-13C0-4A4B-8E04-3CCF05701086}) (Version: 2.47.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Wargaming.net Game Center (HKU\S-1-5-21-3252381865-432738924-2588522308-1002\...\Wargaming.net Game Center) (Version: 18.4.0.334 - Wargaming.net)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
World_of_Warships_Eu (HKU\S-1-5-21-3252381865-432738924-2588522308-1002\...\WOWS.EU.PRODUCTION) (Version: - Wargaming.net)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ IMFSafeBox] - & gt; {0BB81440-5F42-4480-A5F7-770A6F439FC8} = & gt; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-06-22] (IObit)
ContextMenuHandlers1: [7-Zip] - & gt; {23170F69-40C1-278A-1000-000100020000} = & gt; - & gt; No File
ContextMenuHandlers1: [IObit Malware Fighter] - & gt; {0BB81440-5F42-4480-A5F7-770A6F439FC8} = & gt; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-06-22] (IObit)
ContextMenuHandlers4: [7-Zip] - & gt; {23170F69-40C1-278A-1000-000100020000} = & gt; - & gt; No File
ContextMenuHandlers4: [IObit Malware Fighter] - & gt; {0BB81440-5F42-4480-A5F7-770A6F439FC8} = & gt; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-06-22] (IObit)
ContextMenuHandlers5: [ACE] - & gt; {5E2121EE-0300-11D4-8D3B-444553540000} = & gt; C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-03-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] - & gt; {23170F69-40C1-278A-1000-000100020000} = & gt; - & gt; No File
ContextMenuHandlers6: [IObit Malware Fighter] - & gt; {0BB81440-5F42-4480-A5F7-770A6F439FC8} = & gt; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-06-22] (IObit)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0CBEAA11-BB56-4112-998B-1AA7F0FD8E73} - System32\Tasks\PDVDServ14 Task = & gt; C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [2017-02-17] (CyberLink Corp.)
Task: {10508801-2B24-4D75-858A-66FAA134960E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance = & gt; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {1678C375-E8DE-4FDB-8645-D95E7C206572} - System32\Tasks\Microsoft\Windows\rempl\shell = & gt; C:\Program Files\rempl\sedlauncher.exe [2018-08-03] (Microsoft Corporation)
Task: {1974AB1E-B215-4758-A131-53A458962EBE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup = & gt; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {43D9A8DA-2061-431B-B230-0D6D356BF4DD} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor = & gt; C:\Windows\system32\ImController.InfInstaller.exe [2018-05-16] (Lenovo Group Limited)
Task: {4CB5BC96-4BAA-48D2-87CF-30EB02F09593} - System32\Tasks\GoogleUpdateTaskMachineUA = & gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-28] (Google Inc.)
Task: {66C62D35-5AD6-43BE-81F7-5E47838BF8ED} - System32\Tasks\CCleaner Update = & gt; C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {6EC58444-6D22-474F-9798-352198F1C7DA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3a35ea87-5713-4f03-babc-555c984873f1 = & gt; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {A0761150-A8F5-45E1-8CB0-20ADB4AC7CDF} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask = & gt; %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {B8027A34-A7B0-4CB1-8C01-4CE5E2368596} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5e81f5cc-72b3-4ba0-9712-be63d065180e = & gt; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {BA2EC0C0-2621-4B29-865B-B12FB6EA79ED} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance = & gt; " %windir%\system32\sc.exe " START ImControllerService
Task: {CFACC30B-F01F-4FA0-9EEC-F6E89E592FD8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification = & gt; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {D2AB8A8C-80F9-467A-B930-E37AF38D90ED} - System32\Tasks\CCleanerSkipUAC = & gt; C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {D2DF1671-ED27-47F2-8756-41C79E55A4E0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\29e6ec67-2c13-459c-907c-f325298677ab = & gt; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {D83ACFEF-F3ED-4A51-B2E5-49A6B5D31BF4} - System32\Tasks\StartCN = & gt; C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-03-21] (Advanced Micro Devices, Inc.)
Task: {E1DDFFCB-5EE9-4F6C-A7DF-557EB2F74AB8} - System32\Tasks\GoogleUpdateTaskMachineCore = & gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-28] (Google Inc.)
Task: {EA460A46-A084-4C0B-861F-EA943C189D80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan = & gt; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {EB5E5310-A5AA-4F34-9A4A-99ADA7A62C33} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7d0dc00e-d0dc-423d-9528-c46a45d1d7d3 = & gt; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job = & gt; C:\Windows\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-07-11 09:34 - 2018-06-28 07:06 - 001730560 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-14 03:19 - 2016-09-14 03:19 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 03:19 - 2016-09-14 03:19 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 03:19 - 2016-09-14 03:19 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 03:19 - 2016-09-14 03:19 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 03:18 - 2016-09-14 03:18 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 03:18 - 2016-09-14 03:18 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 03:19 - 2016-09-14 03:19 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-06-28 17:23 - 2018-06-28 17:25 - 025120768 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18052.11111.0_x64__8wekyb3d8bbwe\Music.UI.exe
2018-06-28 17:23 - 2018-06-28 17:25 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18052.11111.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-06-28 17:23 - 2018-06-28 17:25 - 006735872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18052.11111.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-06-27 19:43 - 2018-06-27 19:45 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18052.11111.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-06-27 20:06 - 2018-06-27 20:07 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18052.11111.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-08-10 09:31 - 2018-08-08 02:55 - 004076888 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-10 09:31 - 2018-08-08 02:55 - 000096088 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The " AlternateShell " will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice = & gt; " " = " Service "
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 23:03 - 2017-03-18 23:01 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3252381865-432738924-2588522308-1002\Control Panel\Desktop\\Wallpaper - & gt; C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System = & gt; (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer = & gt; (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: gupdate = & gt; 2
MSCONFIG\Services: gupdatem = & gt; 3
MSCONFIG\Services: Steam Client Service = & gt; 3
HKLM\...\StartupApproved\Run: = & gt; " Eraser "
HKLM\...\StartupApproved\Run32: = & gt; " SunJavaUpdateSched "
HKLM\...\StartupApproved\Run32: = & gt; " IObit Malware Fighter "
HKU\S-1-5-21-3252381865-432738924-2588522308-1002\...\StartupApproved\Run: = & gt; " CCleaner Monitoring "
HKU\S-1-5-21-3252381865-432738924-2588522308-1002\...\StartupApproved\Run: = & gt; " OneDrive "
HKU\S-1-5-21-3252381865-432738924-2588522308-1002\...\StartupApproved\Run: = & gt; " Steam "
HKU\S-1-5-21-3252381865-432738924-2588522308-1002\...\StartupApproved\Run: = & gt; " ALLUpdate "
HKU\S-1-5-21-3252381865-432738924-2588522308-1002\...\StartupApproved\Run: = & gt; " Napisy24Update "
HKU\S-1-5-21-3252381865-432738924-2588522308-1002\...\StartupApproved\Run: = & gt; " Wargaming.net Game Center "
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3D5BE4FE-BB86-493F-AB38-DC620C7CA8F4}] = & gt; (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{BD93A2E7-CAF2-4614-8879-516A8FC3096D}] = & gt; (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{FD492BF7-BA63-477F-86EE-2F5662A602D9}] = & gt; (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{83F5C73A-7DE7-4AF7-97A3-D7D6F4B500DE}] = & gt; (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D2ECA216-8113-4A29-94C9-8914F4F8A1F3}] = & gt; (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A502B08-C352-474B-A900-09E548072B70}] = & gt; (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{384C16EE-1FF5-47C3-896E-19A7D7D1020E}] = & gt; (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AC0E9BF7-C22F-45C9-BDE4-805E2C0ADCFD}] = & gt; (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DD8CC097-3FED-4CA6-8F4B-47B732E51C66}] = & gt; (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Tanks Blitz\wotblitz.exe
FirewallRules: [{9AAEFBC0-36B9-4E28-AFDC-F2F290B1E05E}] = & gt; (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Tanks Blitz\wotblitz.exe
FirewallRules: [TCP Query User{9BBF2981-73B8-4C40-BEF3-BE8CCEE2350C}D:\beamng.drive.v0.11.0.3\bin32\beamng.drive.x86.exe] = & gt; (Allow) D:\beamng.drive.v0.11.0.3\bin32\beamng.drive.x86.exe
FirewallRules: [UDP Query User{83B69A80-43F7-458B-95EA-A221D7D6E336}D:\beamng.drive.v0.11.0.3\bin32\beamng.drive.x86.exe] = & gt; (Allow) D:\beamng.drive.v0.11.0.3\bin32\beamng.drive.x86.exe
FirewallRules: [TCP Query User{6BB2AE86-B915-4E4D-95CE-53827EAC6977}C:\programdata\wargaming.net\gamecenter\wgc.exe] = & gt; (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe
FirewallRules: [UDP Query User{D099A75A-CCD5-4C17-8165-36B8D42E5BE8}C:\programdata\wargaming.net\gamecenter\wgc.exe] = & gt; (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe
FirewallRules: [TCP Query User{9C723D94-D237-4B29-85C4-3C5E8AEFF474}C:\windows\system32\sihost.exe] = & gt; (Allow) C:\windows\system32\sihost.exe
FirewallRules: [UDP Query User{976E71C0-1686-4FA4-BE8F-59F8B5AFCA4D}C:\windows\system32\sihost.exe] = & gt; (Allow) C:\windows\system32\sihost.exe
FirewallRules: [TCP Query User{05D0044B-6432-4A19-8CE2-DF6DF984D004}C:\windows\explorer.exe] = & gt; (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{2BE0F1C5-FAF5-4E5F-A3E7-C3674A83B0DA}C:\windows\explorer.exe] = & gt; (Allow) C:\windows\explorer.exe
FirewallRules: [TCP Query User{FE8586FB-58C5-4CC8-9495-AF52E2A95B17}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] = & gt; (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe
FirewallRules: [UDP Query User{5FE7F5ED-8498-45B2-BB8E-C76D8D2A7804}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] = & gt; (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe
FirewallRules: [TCP Query User{FFB17A54-4458-4AF1-8CBF-0F83A5F34AE9}D:\beamng.drive.v0.11.0.3\bin32\beamng.drive.x86.exe] = & gt; (Allow) D:\beamng.drive.v0.11.0.3\bin32\beamng.drive.x86.exe
FirewallRules: [UDP Query User{6993DC86-2F08-4C34-B750-6C99A2E35C6A}D:\beamng.drive.v0.11.0.3\bin32\beamng.drive.x86.exe] = & gt; (Allow) D:\beamng.drive.v0.11.0.3\bin32\beamng.drive.x86.exe
FirewallRules: [TCP Query User{F47CD794-F468-487E-8C91-604124DE830C}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] = & gt; (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe
FirewallRules: [UDP Query User{BCF6E76E-5DF6-403B-9C35-8CC30B973D27}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] = & gt; (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe
FirewallRules: [{EA0E7ADF-16FD-4198-AC50-E33D72F75F0F}] = & gt; (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/13/2018 08:55:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-MMMDTB7M)
Description: Aktywacja aplikacji E046963F.LenovoCompanion_k1h2ywk1493x8!App nie powiodła się. Błąd: -2147009284. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa.
Error: (08/13/2018 08:55:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-MMMDTB7M)
Description: Aktywacja aplikacji E046963F.LenovoCompanion_k1h2ywk1493x8!App nie powiodła się. Błąd: -2147009284. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa.
Error: (08/12/2018 08:25:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-MMMDTB7M)
Description: Aktywacja aplikacji E046963F.LenovoCompanion_k1h2ywk1493x8!App nie powiodła się. Błąd: -2147009284. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa.
Error: (08/12/2018 05:14:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-MMMDTB7M)
Description: Aktywacja aplikacji E046963F.LenovoCompanion_k1h2ywk1493x8!App nie powiodła się. Błąd: -2147009284. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa.
Error: (08/12/2018 03:58:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-MMMDTB7M)
Description: Aktywacja aplikacji E046963F.LenovoCompanion_k1h2ywk1493x8!App nie powiodła się. Błąd: -2147009284. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa.
Error: (08/12/2018 03:58:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-MMMDTB7M)
Description: Aktywacja aplikacji E046963F.LenovoCompanion_k1h2ywk1493x8!App nie powiodła się. Błąd: -2147009284. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa.
Error: (08/12/2018 02:12:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-MMMDTB7M)
Description: Aktywacja aplikacji E046963F.LenovoCompanion_k1h2ywk1493x8!App nie powiodła się. Błąd: -2147009284. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa.
Error: (08/12/2018 11:31:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-MMMDTB7M)
Description: Aktywacja aplikacji E046963F.LenovoCompanion_k1h2ywk1493x8!App nie powiodła się. Błąd: -2147009284. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa.
System errors:
=============
Error: (08/13/2018 08:54:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
i identyfikatorem aplikacji APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
Error: (08/12/2018 08:25:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
i identyfikatorem aplikacji APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
Error: (08/12/2018 08:25:47 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: System wykrył konflikt adresów między adresem IP 192.168.0.3 a komputerem o sieciowym
adresie sprzętowym B8-94-36-83-C0-E0. W rezultacie mogą być zakłócone operacje sieciowe na
tym komputerze.
Error: (08/12/2018 05:14:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
i identyfikatorem aplikacji APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
Error: (08/12/2018 03:58:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
i identyfikatorem aplikacji APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
Error: (08/12/2018 02:12:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
i identyfikatorem aplikacji APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
Error: (08/12/2018 11:31:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
i identyfikatorem aplikacji APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
Error: (08/12/2018 09:57:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
i identyfikatorem aplikacji APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
Windows Defender:
===================================
Date: 2018-08-08 19:54:09.527
Description:
Skanowanie produktu Program antywirusowy Windows Defender zostalo zatrzymane przed ukonczeniem.
Identyfikator skanowania: {9B6E4C51-24DB-4A4C-AAE9-DE5360AFA862}
Typ skanowania: Narzedzia chroniace przed zlosliwym oprogramowaniem
Parametry skanowania: Szybkie skanowanie
Uzytkownik: NT AUTHORITY\SYSTEM
Date: 2018-08-06 16:40:07.218
Description:
Skanowanie produktu Program antywirusowy Windows Defender zostalo zatrzymane przed ukonczeniem.
Identyfikator skanowania: {CE611CC8-A11C-4446-9154-A88F347758A8}
Typ skanowania: Narzedzia chroniace przed zlosliwym oprogramowaniem
Parametry skanowania: Szybkie skanowanie
Uzytkownik: NT AUTHORITY\SYSTEM
Date: 2018-08-04 14:19:08.800
Description:
Skanowanie produktu Program antywirusowy Windows Defender zostalo zatrzymane przed ukonczeniem.
Identyfikator skanowania: {9F009989-E601-44EE-93D0-055D8DC9EA60}
Typ skanowania: Narzedzia chroniace przed zlosliwym oprogramowaniem
Parametry skanowania: Szybkie skanowanie
Uzytkownik: NT AUTHORITY\SYSTEM
Date: 2018-08-03 16:03:43.333
Description:
Skanowanie produktu Program antywirusowy Windows Defender zostalo zatrzymane przed ukonczeniem.
Identyfikator skanowania: {798B0872-9C73-417D-AA0A-D9834D845FFB}
Typ skanowania: Narzedzia chroniace przed zlosliwym oprogramowaniem
Parametry skanowania: Szybkie skanowanie
Uzytkownik: NT AUTHORITY\SYSTEM
Date: 2018-07-29 12:27:46.068
Description:
Skanowanie produktu Program antywirusowy Windows Defender zostalo zatrzymane przed ukonczeniem.
Identyfikator skanowania: {7036E2D9-3230-4433-9BF4-42068BE2A21C}
Typ skanowania: Narzedzia chroniace przed zlosliwym oprogramowaniem
Parametry skanowania: Szybkie skanowanie
Uzytkownik: NT AUTHORITY\SYSTEM
Date: 2018-08-10 19:38:25.743
Description:
Produkt Program antywirusowy Windows Defender napotkal blad podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 1.273.1167.0
Zródlo aktualizacji: Serwer uslugi Microsoft Update
Typ podpisu: Oprogramowanie antywirusowe
Typ aktualizacji: Pelne
Uzytkownik: NT AUTHORITY\SYSTEM
Biezaca wersja aparatu:
Poprzednia wersja aparatu: 1.1.15100.1
Kod bledu: 0x80240016
Opis bledu: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-08-03 11:09:10.822
Description:
Produkt Program antywirusowy Windows Defender napotkal blad podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 1.273.597.0
Zródlo aktualizacji: Centrum firmy Microsoft ds. ochrony przed zlosliwym oprogramowaniem
Typ podpisu: Oprogramowanie antywirusowe
Typ aktualizacji: Pelne
Uzytkownik: NT AUTHORITY\NETWORK SERVICE
Biezaca wersja aparatu:
Poprzednia wersja aparatu: 1.1.15100.1
Kod bledu: 0x80072ee7
Opis bledu: The server name or address could not be resolved
Date: 2018-08-03 11:09:10.818
Description:
Produkt Program antywirusowy Windows Defender napotkal blad podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 1.273.597.0
Zródlo aktualizacji: Centrum firmy Microsoft ds. ochrony przed zlosliwym oprogramowaniem
Typ podpisu: Oprogramowanie antyszpiegowskie
Typ aktualizacji: Pelne
Uzytkownik: NT AUTHORITY\NETWORK SERVICE
Biezaca wersja aparatu:
Poprzednia wersja aparatu: 1.1.15100.1
Kod bledu: 0x80072ee7
Opis bledu: The server name or address could not be resolved
Date: 2018-08-03 11:09:10.817
Description:
Produkt Program antywirusowy Windows Defender napotkal blad podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 1.273.597.0
Zródlo aktualizacji: Centrum firmy Microsoft ds. ochrony przed zlosliwym oprogramowaniem
Typ podpisu: Oprogramowanie antywirusowe
Typ aktualizacji: Pelne
Uzytkownik: NT AUTHORITY\NETWORK SERVICE
Biezaca wersja aparatu:
Poprzednia wersja aparatu: 1.1.15100.1
Kod bledu: 0x80072ee7
Opis bledu: The server name or address could not be resolved
Date: 2018-08-03 11:09:10.798
Description:
Produkt Program antywirusowy Windows Defender napotkal blad podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 1.273.597.0
Zródlo aktualizacji: Centrum firmy Microsoft ds. ochrony przed zlosliwym oprogramowaniem
Typ podpisu: Oprogramowanie antywirusowe
Typ aktualizacji: Pelne
Uzytkownik: NT AUTHORITY\NETWORK SERVICE
Biezaca wersja aparatu:
Poprzednia wersja aparatu: 1.1.15100.1
Kod bledu: 0x80072ee7
Opis bledu: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2018-08-03 15:55:43.034
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-07-31 16:42:47.052
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-07-31 16:42:47.044
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-07-27 18:13:25.741
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-07-22 09:14:34.382
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-07-11 15:39:33.072
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-06-28 10:35:07.637
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-06-27 19:33:57.382
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 65%
Total physical RAM: 2994.6 MB
Available physical RAM: 1019.4 MB
Total Virtual: 6194.6 MB
Available Virtual: 3191.5 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:420.9 GB) (Free:348.33 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:14.77 GB) NTFS
Drive f: (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{628ebb1e-c7b3-4399-900d-9b572e39cb6b}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.59 GB) NTFS
\\?\Volume{6d2f3bae-5e5c-40c5-9579-006b8c796fd3}\ (LENOVO_PART) (Fixed) (Total:17.64 GB) (Free:7.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 26D1BC61)
Partition: GPT.
==================== End of Addition.txt ============================