Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 06-06-2020 Uruchomiony przez Pati (administrator) PATI-KOMPUTER (SAMSUNG ELECTRONICS CO., LTD. R540/R580/R780/SA41/E452/E852) (11-06-2020 16:11:19) Uruchomiony z C:\Users\Pati\Downloads Załadowane profile: Pati & NeroMediaHomeUser.4 Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) ( () [Brak podpisu cyfrowego]) [Plik w użyciu ] C:\Users\Pati\AppData\Local\btclient\btclient\1.4.2.8\btclient.exe ( () [Brak podpisu cyfrowego]) [Plik w użyciu ] C:\Users\Pati\AppData\Local\btclient\btclient\1.4.2.8\btsetup.exe <5> () [Brak podpisu cyfrowego] C:\Program Files (x86)\Tor\tor.exe () [Brak podpisu cyfrowego] C:\Users\Pati\AppData\Local\babylon\babylon\2.2.0.0\Babylon Toolbarupdt.exe () [Brak podpisu cyfrowego] C:\Windows\Samsung\PanelMgr\caller64.exe () [Brak podpisu cyfrowego] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () [Brak podpisu cyfrowego] C:\Windows\SysWOW64\Rezip.exe (Advanced Micro Devices Inc.) [Brak podpisu cyfrowego] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) [Brak podpisu cyfrowego] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Bluestack Systems, Inc. -> BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Bluestack Systems, Inc. -> BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Bluestack Systems, Inc. -> BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\aliyun\AliyunWrapExe.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRW.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\blueconnect\DataCardMonitor.exe (McAfee, Inc. -> ) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.1137\SSScheduler.exe (Microsoft Corporation -> © 2015 Microsoft Corporation) C:\Users\Pati\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Windows -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.81.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rstrui.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbengine.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <3> (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Samsung Electronics CO., LTD. -> SEC) [Brak podpisu cyfrowego] C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SAMSUNG Electronics) [Brak podpisu cyfrowego] C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SweetIM Technologies Ltd -> SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM\...\Run: [TNOD UP] => "C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe" /i HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [178496 2018-04-19] (ESET, spol. s r.o. -> ESET) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-06] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink -> CyberLink Corp.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5174568 2010-03-08] (Nero AG -> Nero AG) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask.com -> Ask) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] () [Brak podpisu cyfrowego] HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\blueconnect\DataCardMonitor.exe [249856 2012-09-11] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd -> SweetIM Technologies Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [839384 2014-09-16] (Bluestack Systems, Inc. -> BlueStack Systems, Inc.) HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5174568 2010-03-08] (Nero AG -> Nero AG) HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [1432064 2010-03-24] () [Brak podpisu cyfrowego] HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [Eaogok] => C:\Users\Pati\AppData\Roaming\Eaogok.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [Windows Login access] => C:\Users\Pati\AppData\Roaming\web2net.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-06-20] (Electronic Arts, Inc. -> Electronic Arts) HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [btclient] => C:\Users\Pati\AppData\Local\btclient\btclient\1.4.2.8\btclient.exe [675328 2015-09-29] ( () [Brak podpisu cyfrowego]) [Plik w użyciu ] HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [BingSvc] => C:\Users\Pati\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (Microsoft Corporation -> © 2015 Microsoft Corporation) HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [Babylon Toolbar] => C:\Users\Pati\AppData\Local\\babylon\\babylon\\2.2.0.0\babylon.exe [314880 2016-05-08] (TODO: ) [Brak podpisu cyfrowego] HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [BackgroundContainerV3] => C:\Users\Pati\AppData\Local\Cctbplt\BackgroundContainer\BackgroundContainer.dll [300352 2016-04-22] (ClientConnect LTD -> ClientConnect Ltd.) HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\chomikbox.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [cifrado] => wscript.exe //B "C:\Users\Pati\AppData\Local\Temp\cifrado.vbs" <==== UWAGA HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\MountPoints2: G - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\MountPoints2: {2d45c892-fbf6-11e1-b581-000b6b651b3d} - G:\AutoRun.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\MountPoints2: {2d45c897-fbf6-11e1-b581-000b6b651b3d} - G:\AutoRun.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\MountPoints2: {3cf513e8-bdfc-11e1-89f2-000b6b651b3d} - G:\AutoRun.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\MountPoints2: {9ef5003e-bdff-11e1-93b0-000b6b651b3d} - G:\AutoRun.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\MountPoints2: {a220eb41-fbee-11e1-a878-000b6b651b3d} - G:\AutoRun.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\MountPoints2: {a220eb48-fbee-11e1-a878-000b6b651b3d} - G:\AutoRun.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\MountPoints2: {ce7ff863-d323-11e0-9411-000b6b651b3d} - G:\LGAutoRun.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\MountPoints2: {e49ac23b-6453-11e4-aa9c-000b6b651b3d} - G:\Startme.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\MountPoints2: {eb36b07c-a328-11e0-bffa-000b6b651b3d} - F:\AutoRun.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\MountPoints2: {eb36b082-a328-11e0-bffa-000b6b651b3d} - F:\AutoRun.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\MountPoints2: {f8a3958b-a2fe-11e9-a874-000b6b651b3d} - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\MountPoints2: {fcfd0a29-5aad-11e7-a334-000b6b651b3d} - G:\HiSuiteDownLoader.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Windows x64\Print Processors\SSP7MPC: C:\Windows\System32\spool\prtprocs\x64\ssp7mpc.dll [33792 2009-08-10] (Windows (R) Server 2003 DDK provider) [Brak podpisu cyfrowego] HKLM\...\Print\Monitors\CUSTPDF Writer Monitor x86: C:\Windows\system32\custmon64i.dll [87552 2011-10-04] () [Brak podpisu cyfrowego] HKLM\...\Print\Monitors\SSP7M Langmon: C:\Windows\system32\ssp7ml6.dll [27648 2009-08-10] () [Brak podpisu cyfrowego] HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\Installer\chrmstp.exe [2020-06-10] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2010-04-29] (Broadcom Corporation -> Broadcom Corporation.) HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.) AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => Brak pliku Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-06-21] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2019-07-22] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.1137\SSScheduler.exe (McAfee, Inc. -> McAfee, Inc.) Startup: C:\Users\Pati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\calculating.exe [2020-01-19] () [Brak podpisu cyfrowego] Startup: C:\Users\Pati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cifrado.vbs [2020-01-19] () [Brak podpisu cyfrowego] ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {19610CA3-48D1-467D-8EA5-E3ABDAED180D} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe Task: {1AD177E9-A356-4DCE-BBA7-B70C6411AD5A} - \AdobeFlashPlayerUpdate 2 -> Brak pliku <==== UWAGA Task: {1CEF1903-A239-4716-932C-73A4C616DBCB} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2201192 2010-01-19] (Samsung Electronics CO., LTD. -> SEC) [Brak podpisu cyfrowego] Task: {1E4DDEBF-2A7A-4502-A0AA-94DF3E4FA586} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {2A2E234A-F85B-403C-9A68-BBE8D89D9E9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {3F7C5832-C78C-4974-A8E9-CA012EFAACAD} - System32\Tasks\StPrsSW => C:\Users\Pati\AppData\Roaming\StPrsSW\stprss.exe [14336 2015-01-13] () [Brak podpisu cyfrowego] Task: {47015032-DC23-42E1-A3AC-A705341F0C3C} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {47BF0302-D0CA-43A5-912C-A44D9098D396} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [847360 2010-06-08] (Samsung Electronics Co., Ltd.) [Brak podpisu cyfrowego] Task: {4FEA1C6F-1563-411B-ABDC-7E0834E6D84E} - System32\Tasks\{5083AD46-2029-4429-9FAF-23124CF0C906} => C:\Windows\system32\pcalua.exe -a C:\Users\Pati\Downloads\Nero-7.9.6.0_plk_trial(DobrePliki.pl).exe -d C:\Users\Pati\Downloads Task: {5290EE75-1B49-4125-8214-307B7AAB632E} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [137864 2013-04-25] (Ask.com -> ) <==== UWAGA Task: {72EC5EC3-9095-47E2-A3AC-0B3E5D910410} - System32\Tasks\Babylon Toolbar Updater => C:\Users\Pati\AppData\Local\\babylon\\babylon\\2.2.0.0\Babylon Toolbarupdt.exe [878592 2016-06-03] () [Brak podpisu cyfrowego] Task: {8DB39D44-643E-4DDA-9EF5-3A3E667C95F7} - \AdobeFlashPlayerUpdate -> Brak pliku <==== UWAGA Task: {922B3852-C13C-4D3B-82BE-EF4195FA08C4} - System32\Tasks\btclient => C:\Users\Pati\AppData\Local\babylontoolbar\babylontoolbar\1.3.25.0\btclient.exe [647936 2015-07-28] (Keep-My-Search LTD -> Pay By Ads LTD) <==== UWAGA Task: {9C8B74DD-D5EA-4E23-B508-4CA17C1AE546} - System32\Tasks\EPUpdater => C:\Users\Pati\AppData\Roaming\BabSolution\Shared\BabMaint.exe [4608 2013-06-06] () [Brak podpisu cyfrowego] <==== UWAGA Task: {A5C04E6D-8CF2-4499-B04B-0FE9371DB2E1} - System32\Tasks\DealPly => C:\Users\Pati\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [93752 2013-03-10] (DealPly Technologies Ltd -> ) <==== UWAGA Task: {A9E28B6C-D887-4827-A66E-ECB2B07E9DA1} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [1749504 2010-05-06] (SAMSUNG Electronics) [Brak podpisu cyfrowego] Task: {AF0E23BF-3153-4B17-A989-0E3B59342943} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe [78000 2012-05-09] (DealPly Technologies Ltd -> DealPly) <==== UWAGA Task: {B2B556AA-2AF0-4AB3-8BB5-A81C2EE5DD0A} - System32\Tasks\BitGuard => C:\Windows\system32\sc.exe start BitGuard <==== UWAGA Task: {B62C3473-2818-4DF5-8D8A-85689FED7F58} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [6644736 2010-06-01] (Samsung Electronics. Co. Ltd.) [Brak podpisu cyfrowego] Task: {C8E97ADE-91EF-4873-966F-DDC47DFF897E} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [356352 2010-03-29] (SAMSUNG Electronics co., LTD.) [Brak podpisu cyfrowego] Task: {D690AF97-5FA1-4109-9362-55FB7698CBC4} - System32\Tasks\NodEnabler => c:\nodNodEnabler.exe <==== UWAGA Task: {ECC89F17-841D-49A3-962D-4CB28F075E82} - System32\Tasks\EasySpeedUpManager => Command(1): "%programfiles(x86)%\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe" -> /s Task: {ECC89F17-841D-49A3-962D-4CB28F075E82} - System32\Tasks\EasySpeedUpManager => Command(2): C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [719360 [719360 2010-02-10]] (Samsung Electronics Co., Ltd.) [Brak podpisu cyfrowego] Task: {EE55AF3F-406D-455D-8C4B-6F759476121B} - \CPU Grid Computing -> Brak pliku <==== UWAGA Task: {F2EF52AD-A24E-468F-B9A3-EC1E21E013D5} - System32\Tasks\btclient Updater => wscript.exe //B "C:\Users\Pati\AppData\Local\btclient\btclient\1.4.2.8\..\updt.js" <==== UWAGA (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{722D5179-773D-432E-9A69-4F282E4CAAC3}: [DhcpNameServer] 192.168.100.1 Internet Explorer: ================== HKU\S-1-5-21-425697130-2423384976-1920107721-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=G3A0B15BED265&conlogo=CT3210127 HKU\S-1-5-21-425697130-2423384976-1920107721-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com HKU\S-1-5-21-425697130-2423384976-1920107721-1000\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481033 HKU\S-1-5-21-425697130-2423384976-1920107721-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://isearch.babylon.com/?affID=119816&tt=180413_new&babsrc=HP_ss_Btisdt4&mntrId=8828000B6B651B3D URLSearchHook: HKLM-x32 - Ashampoo PO Toolbar - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Users\Pati\AppData\LocalLow\Ashampoo_PO\prxtbAsh2.dll (ClientConnect LTD -> ClientConnect Ltd.) URLSearchHook: HKU\S-1-5-21-425697130-2423384976-1920107721-1000 - Ashampoo PO Toolbar - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Users\Pati\AppData\LocalLow\Ashampoo_PO\prxtbAsh2.dll (ClientConnect LTD -> ClientConnect Ltd.) SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&st=17&q={searchTerms}&barid={4B631CD1-C6E2-4F2B-B930-9C6309C7B9F2} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&st=17&q={searchTerms}&barid={4B631CD1-C6E2-4F2B-B930-9C6309C7B9F2} SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-425697130-2423384976-1920107721-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://isearch.babylon.com/?q={searchTerms}&affID=119816&tt=180413_new&babsrc=SP_ss_Btisdt3&mntrId=8828000B6B651B3D SearchScopes: HKU\S-1-5-21-425697130-2423384976-1920107721-1000 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKU\S-1-5-21-425697130-2423384976-1920107721-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=G3A0B15BED265&form=CONBDF&conlogo=CT3210127&q={searchTerms} SearchScopes: HKU\S-1-5-21-425697130-2423384976-1920107721-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://isearch.babylon.com/?q={searchTerms}&affID=119816&tt=180413_new&babsrc=SP_ss_Btisdt3&mntrId=8828000B6B651B3D SearchScopes: HKU\S-1-5-21-425697130-2423384976-1920107721-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-425697130-2423384976-1920107721-1000 -> {759BAE1A-1D16-4449-85D5-FD4C58ED355A} URL = hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-425697130-2423384976-1920107721-1000 -> {86FF91C4-F766-4FDE-B551-EEFACCDEAB57} URL = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 SearchScopes: HKU\S-1-5-21-425697130-2423384976-1920107721-1000 -> {B8A2AA0D-3DF9-4994-9B38-63F03E674D8C} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033 SearchScopes: HKU\S-1-5-21-425697130-2423384976-1920107721-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&st=17&q={searchTerms}&barid={4B631CD1-C6E2-4F2B-B930-9C6309C7B9F2} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2009-01-29] (McAfee, Inc. -> ) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll [2012-08-23] (Babylon BHO) [Brak podpisu cyfrowego] BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll => Brak pliku BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-28] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: DealPly -> {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} -> C:\Program Files (x86)\DealPly\DealPlyIE.dll [2012-05-09] (DealPly Technologies Ltd -> DealPly Technologies Ltd) BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies SA -> Skype Technologies S.A.) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2009-01-29] (McAfee, Inc. -> ) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll [2013-03-13] (Montera Technologeis LTD -> Delta-search.com) BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-04-25] (Ask.com -> Ask) BHO-x32: Ashampoo PO Toolbar -> {d43723ae-1ae1-4a25-a6a4-bf0929273cab} -> C:\Users\Pati\AppData\LocalLow\Ashampoo_PO\prxtbAsh2.dll [2014-09-23] (ClientConnect LTD -> ClientConnect Ltd.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-28] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04] (SweetIM Technologies Ltd -> SweetIM Technologies Ltd.) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2009-01-29] (McAfee, Inc. -> ) Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2009-04-23] (DAEMON Tools Code Signing Services -> ) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2009-01-29] (McAfee, Inc. -> ) Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13] (Microsoft Corporation -> Microsoft Corporation) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-04-25] (Ask.com -> Ask) Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23] (DAEMON Tools Code Signing Services -> ) Toolbar: HKLM-x32 - Ashampoo PO Toolbar - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Users\Pati\AppData\LocalLow\Ashampoo_PO\prxtbAsh2.dll [2014-09-23] (ClientConnect LTD -> ClientConnect Ltd.) Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04] (SweetIM Technologies Ltd -> SweetIM Technologies Ltd.) Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll [2012-08-23] (Babylon Ltd.) [Brak podpisu cyfrowego] Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll [2013-03-13] (Montera Technologeis LTD -> Delta-search.com) Toolbar: HKU\S-1-5-21-425697130-2423384976-1920107721-1000 -> Brak nazwy - {D4027C7F-154A-4066-A1AD-4243D8127440} - Brak pliku Toolbar: HKU\S-1-5-21-425697130-2423384976-1920107721-1000 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2009-04-23] (DAEMON Tools Code Signing Services -> ) Toolbar: HKU\S-1-5-21-425697130-2423384976-1920107721-1000 -> Brak nazwy - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - Brak pliku Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2009-01-29] (McAfee, Inc. -> ) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2009-01-29] (McAfee, Inc. -> ) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies SA -> Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default [2020-06-11] FF user.js: detected! => C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\user.js [2013-04-18] FF Homepage: Mozilla\Firefox\Profiles\c0py85rr.default -> hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=pl-pl|hxxp://isearch.babylon.com/?affID=119816&tt=180413_new&babsrc=HP_ss_Btisdt3&mntrId=8828000B6B651B3D FF NewTab: Mozilla\Firefox\Profiles\c0py85rr.default -> hxxp://www.golsearch.com/?affID=119816&tt=180413_new&babsrc=NT_ss_Btisdt6&mntrId=8828000B6B651B3D FF Extension: (Babylon) - C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\Extensions\ffxtlbr@babylon.com [2013-04-18] [Przestarzałe] [Brak podpisu cyfrowego] FF Extension: (Delta Toolbar) - C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\Extensions\ffxtlbr@delta.com [2013-04-18] [Przestarzałe] [Brak podpisu cyfrowego] FF Extension: (McAfee Security Scan Plus) - C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2016-07-13] [Przestarzałe] FF Extension: (DealPly) - C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012-09-13] [Przestarzałe] [Brak podpisu cyfrowego] FF Extension: (SweetPacks Toolbar for Firefox) - C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-05-07] [Przestarzałe] [Brak podpisu cyfrowego] FF SearchPlugin: C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\searchplugins\askcomsearch.xml [2013-04-14] FF SearchPlugin: C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\searchplugins\babylon.xml [2013-04-30] FF SearchPlugin: C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\searchplugins\BabylonMngr.xml [2012-09-14] FF SearchPlugin: C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\searchplugins\bingp.xml [2015-10-14] FF SearchPlugin: C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\searchplugins\browsemngr.xml [2013-04-18] FF SearchPlugin: C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\searchplugins\BrowserProtect.xml [2013-04-30] FF SearchPlugin: C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\searchplugins\delta.xml [2013-04-18] FF SearchPlugin: C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\searchplugins\sweetim.xml [2012-09-13] FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-06-30] [Przestarzałe] [Brak podpisu cyfrowego] FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox FF Extension: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010-11-25] [Przestarzałe] [Brak podpisu cyfrowego] FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-11-25] [Przestarzałe] [Brak podpisu cyfrowego] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll [2013-02-25] (Adobe Systems Incorporated -> ) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll [2013-02-25] (Adobe Systems Incorporated -> ) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-28] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-08-28] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin HKU\S-1-5-21-425697130-2423384976-1920107721-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pati\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-11] (Unity Technologies ApS -> Unity Technologies ApS) Chrome: ======= CHR Profile: C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default [2020-06-11] CHR Notifications: Default -> hxxps://inpost.pl; hxxps://player.pl; hxxps://www.bzwbk.pl CHR Extension: (Prezentacje) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18] CHR Extension: (Dokumenty) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18] CHR Extension: (Dysk Google) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17] CHR Extension: (YouTube) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-13] CHR Extension: (Dokumenty Google offline) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-11] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03] CHR Extension: (Gmail) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-28] CHR Extension: (Chrome Media Router) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-11] CHR HKU\S-1-5-21-425697130-2423384976-1920107721-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] CHR HKU\S-1-5-21-425697130-2423384976-1920107721-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2012-05-09] CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Pati\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-08-08] CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Pati\AppData\Roaming\BabSolution\CR\Delta.crx [2013-04-18] CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2012-05-09] CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-09-13] CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-09-13] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2010-07-07] (Microsoft Windows Hardware Compatibility Publisher -> AMD) S2 AOLserver-projop; C:\project-open\bin\nsd.exe [5632 2009-10-31] () [Brak podpisu cyfrowego] S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-16] (Bluestack Systems, Inc. -> BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-16] (Bluestack Systems, Inc. -> BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-16] (Bluestack Systems, Inc. -> BlueStack Systems, Inc.) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET, spol. s r.o. -> ESET) R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET, spol. s r.o. -> ESET) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-02-26] () [Brak podpisu cyfrowego] R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [203280 2009-01-23] (McAfee, Inc. -> ) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.1137\McCHSvc.exe [406416 2019-07-18] (McAfee, Inc. -> McAfee, Inc.) R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2010-03-08] (Nero AG -> Nero AG) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-20] (Electronic Arts, Inc. -> Electronic Arts) R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [Brak podpisu cyfrowego] R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-24] () [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) S2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [X] S2 pgsql-8.2; "C:\Program Files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -w -N "pgsql-8.2" -D "C:\Program Files (x86)\PostgreSQL\8.2\data\" ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [7195648 2010-07-07] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [265728 2010-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [116736 2010-01-29] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies, Inc.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-16] (Bluestack Systems, Inc. -> BlueStack Systems) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137928 2018-04-12] (ESET, spol. s r.o. -> ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [110432 2018-04-12] (ESET, spol. s r.o. -> ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [196112 2018-04-12] (ESET, spol. s r.o. -> ESET) R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50136 2018-04-12] (ESET, spol. s r.o. -> ESET) R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82816 2018-04-12] (ESET, spol. s r.o. -> ESET) R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [64656 2018-04-12] (ESET, spol. s r.o. -> ESET) R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [108320 2018-04-12] (ESET, spol. s r.o. -> ESET) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [136192 2010-04-01] (Microsoft Windows Hardware Compatibility Publisher -> ELAN Microelectronics Corp.) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [133632 2008-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-03-08] (Realtek Semiconductor Corp -> Windows (R) 2003 DDK 3790 provider) R1 SABI; C:\Windows\system32\Drivers\SABI.sys [13824 2010-03-31] (Microsoft Windows Hardware Compatibility Publisher -> SAMSUNG ELECTRONICS) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-02-26] ( () [Brak podpisu cyfrowego]) [Plik w użyciu ] S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-29] (Samsung Electronics CO., LTD. -> Samsung Electronics) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] (Microsoft Windows Hardware Compatibility Publisher -> ) U3 atkvyyzy; C:\Windows\System32\Drivers\atkvyyzy.sys [0 0000-00-00] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder) S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) =================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2020-06-11 16:11 - 2020-06-11 16:59 - 000047582 _____ C:\Users\Pati\Downloads\FRST.txt 2020-06-11 16:08 - 2020-06-11 16:45 - 000000000 ____D C:\FRST 2020-06-11 16:08 - 2020-06-11 16:08 - 002289152 _____ (Farbar) C:\Users\Pati\Downloads\FRST64.exe 2020-06-11 15:32 - 2020-06-11 15:32 - 000000000 ____D C:\ProgramData\SystemAcCrux 2020-06-11 15:31 - 2020-06-11 15:31 - 036609896 _____ (EaseUS ) C:\Users\Pati\Downloads\DRW13.5_Trial.exe 2020-06-11 15:31 - 2020-06-11 15:31 - 000001029 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard.lnk 2020-06-11 15:31 - 2020-06-11 15:31 - 000001029 _____ C:\ProgramData\Desktop\EaseUS Data Recovery Wizard.lnk 2020-06-11 15:31 - 2020-06-11 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 2020-06-11 15:31 - 2020-06-11 15:31 - 000000000 ____D C:\Program Files\EaseUS 2020-06-11 15:30 - 2020-06-11 15:31 - 001558848 _____ C:\Users\Pati\Downloads\DRW_Trial_RSS_new_Installer_20200611.8065.exe ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2020-06-11 16:19 - 2009-07-14 06:45 - 000014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-06-11 16:19 - 2009-07-14 06:45 - 000014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-06-11 16:17 - 2020-03-29 20:15 - 000000000 ____D C:\Windows\system32\MRT 2020-06-11 16:08 - 2020-03-29 20:15 - 121542864 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2020-06-11 15:51 - 2018-05-12 13:39 - 000000000 ____D C:\Users\Pati\AppData\Local\CrashDumps 2020-06-11 15:25 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-06-10 19:57 - 2020-01-18 21:44 - 000000000 ____D C:\Users\Pati\Desktop\pulpit 2020-06-10 19:29 - 2011-07-07 15:26 - 000002190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-06-10 19:29 - 2011-07-07 15:26 - 000002149 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-06-10 19:29 - 2011-07-07 15:26 - 000002149 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-06-10 19:26 - 2011-06-25 16:20 - 000003982 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{4EC4E476-C5DB-4EA3-929F-9E2A508BD543} ==================== Pliki w katalogu głównym wybranych folderów ======== 2011-09-01 15:08 - 2012-07-29 15:37 - 000001892 _____ () C:\Program Files (x86)\INSTALL.LOG 2011-09-01 15:07 - 1998-04-30 14:56 - 000129024 _____ () C:\Program Files (x86)\UNWISE.EXE 2011-09-24 09:32 - 2011-09-24 09:32 - 000100864 _____ (jafephkcoomlafR) C:\Users\Pati\AppData\Roaming\3E95.tmp 2013-04-21 19:18 - 2013-02-09 23:55 - 000114176 _____ () C:\Users\Pati\AppData\Roaming\BabMaint.exe 2011-09-24 21:07 - 2011-09-24 21:07 - 000091648 _____ (adjmauxIkeofhf) C:\Users\Pati\AppData\Roaming\BF1.tmp 2011-10-16 13:07 - 2011-10-16 13:07 - 000000000 ____H () C:\Users\Pati\AppData\Roaming\Hej8FIL77Eh7 2013-12-19 19:08 - 2017-12-14 19:08 - 000000323 _____ () C:\Users\Pati\AppData\Roaming\WB.CFG 2011-10-16 13:04 - 2011-10-16 13:04 - 000000000 _____ () C:\Users\Pati\AppData\Local\{017713EC-4DD1-4D54-872B-87F57AFA4E41} 2011-11-18 20:33 - 2011-11-18 20:33 - 000000000 _____ () C:\Users\Pati\AppData\Local\{2742A24C-7A85-4AB3-86BC-EE516A3C78C5} 2011-08-28 12:54 - 2011-08-28 12:55 - 000000000 _____ () C:\Users\Pati\AppData\Local\{3342FD3E-FE97-4504-9833-4010476E5273} 2014-09-05 22:58 - 2014-09-05 22:58 - 000000000 _____ () C:\Users\Pati\AppData\Local\{5AB1BC3C-D9E5-42FC-A733-ED23C23F28A3} 2011-11-18 21:00 - 2011-11-18 21:01 - 000000000 _____ () C:\Users\Pati\AppData\Local\{60D35849-EF15-4BCF-9A3A-ACF99CF6FAAD} 2011-07-30 14:08 - 2011-07-30 14:08 - 000000000 _____ () C:\Users\Pati\AppData\Local\{68F1F850-B947-4198-AF38-E3D5906F99AA} 2011-08-12 16:57 - 2011-08-12 16:57 - 000000000 _____ () C:\Users\Pati\AppData\Local\{85954DC2-B0ED-4722-99C9-2037E6E97ECA} 2011-08-04 22:29 - 2011-08-04 22:29 - 000000000 _____ () C:\Users\Pati\AppData\Local\{874CA239-9283-4922-9F5A-B1606BBF671C} 2011-07-31 13:57 - 2011-07-31 13:57 - 000000000 _____ () C:\Users\Pati\AppData\Local\{A051F34D-FAAB-45DB-B62C-735DE09A45CB} 2011-07-31 13:54 - 2011-07-31 13:54 - 000000000 _____ () C:\Users\Pati\AppData\Local\{B7C7E8FF-7E05-496F-AA74-272E24077CDD} ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) LastRegBack: 2020-01-15 15:12 ==================== Koniec FRST.txt ========================