Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 26-11-2021 Uruchomiony przez Kondi (administrator) KONDI-KOMPUTER (Gigabyte Technology Co., Ltd. M61PME-S2) (12-06-2022 17:53:56) Uruchomiony z D:\Pobranee\frst Załadowane profile: Kondi Platforma: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Język: Polski (Polska) Domyślna przeglądarka: Chrome Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Epic Games Inc. -> Epic Games, Inc.) D:\Program Files\Gry.!\fort\Epic Games\Launcher\Engine\Binaries\Win32\EpicWebHelper.exe (Epic Games Inc. -> Epic Games, Inc.) D:\Program Files\Gry.!\fort\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Google LLC -> Google LLC) [Brak podpisu cyfrowego] C:\Program Files\Google\Chrome\Application\chrome.exe <14> (Google LLC -> Google LLC) [Brak podpisu cyfrowego] C:\Program Files\Google\Update\1.3.36.132\GoogleCrashHandler.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Windows Hardware Compatibility Publisher -> Vimicro) C:\Windows\VM303_STI.EXE (Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Power Technology -> ) [Brak podpisu cyfrowego] C:\Program Files\DFX\DFX.exe (Power Technology -> ) C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [FxSound Enhancer] => C:\Program Files\DFX\dfx.exe [1665528 2020-06-12] (Power Technology -> ) [Brak podpisu cyfrowego] HKLM\...\Run: [BigDog303] => C:\Windows\VM303_STI.EXE [61440 2006-01-24] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro) HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\...\Run: [Discord] => C:\Users\Kondi\AppData\Local\Discord\Update.exe [1512040 2021-03-18] (Discord Inc. -> GitHub) HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\...\Run: [Opera Browser Assistant] => D:\opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software) HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\...\Run: [EpicGamesLauncher] => D:\Program Files\Gry.!\fort\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe [25922512 2022-06-10] (Epic Games Inc. -> Epic Games, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\102.0.5005.63\Installer\chrmstp.exe [2008-01-01] (Google LLC -> Google LLC) [Brak podpisu cyfrowego] ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {3EAA4E18-746A-48EF-B8BE-62E139AEEDFA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-08] (Adobe Inc. -> Adobe) Task: {514A25CB-3116-4E40-8580-5106426406B4} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1255634179-2396725886-1912766959-1000 => C:\Users\Kondi\AppData\Local\MEGAsync\MEGAupdater.exe [1303800 2021-03-21] (Mega Limited -> Mega Limited) Task: {70F16B55-A1C1-4025-8317-63ACFDDFCF72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-07-24] (Google Inc -> Google Inc.) Task: {B0AD5C38-EA2D-4131-A919-4B6CBBB2B9D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-07-24] (Google Inc -> Google Inc.) Task: {C2654B35-DEFE-45DF-8E6F-3213A12633BC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd) Task: {F546FF7F-AA9D-4DA3-A69E-2DD57A52EA72} - System32\Tasks\Opera scheduled Autoupdate 1629116721 => D:\opera\launcher.exe [1868032 2022-04-01] (Opera Software AS -> Opera Software) [Brak podpisu cyfrowego] Task: {F73A4D8C-94AF-431C-A81F-37897FCAC4C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 185.170.226.34 185.170.226.2 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{09C15CB7-8E91-4370-B7D8-F26BDE94D745}: [NameServer] 9.9.9.9 Tcpip\..\Interfaces\{09C15CB7-8E91-4370-B7D8-F26BDE94D745}: [DhcpNameServer] 185.170.226.34 185.170.226.2 Tcpip\..\Interfaces\{6F14EFA7-FDC9-4E0B-85E4-80ACC2CA4BE5}: [DhcpNameServer] 192.168.42.129 FireFox: ======== FF DefaultProfile: acv68lii.default FF ProfilePath: C:\Users\Kondi\AppData\Roaming\Mozilla\Firefox\Profiles\5nf8p7n2.default-release [2021-12-13] FF Extension: (Video DownloadHelper) - C:\Users\Kondi\AppData\Roaming\Mozilla\Firefox\Profiles\5nf8p7n2.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-09-12] FF ProfilePath: C:\Users\Kondi\AppData\Roaming\Mozilla\Firefox\Profiles\acv68lii.default [2021-12-13] FF Extension: (Greasemonkey) - C:\Users\Kondi\AppData\Roaming\Mozilla\Firefox\Profiles\acv68lii.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-03-18] Chrome: ======= CHR Profile: C:\Users\Kondi\AppData\Local\Google\Chrome\User Data\Default [2022-06-12] CHR DownloadDir: D:\Pobranee CHR Notifications: Default -> hxxps://do.centrum24.pl; hxxps://forum.dobreprogramy.pl; hxxps://www.instagram.com CHR Extension: (uBlock Origin) - C:\Users\Kondi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-04-08] CHR Extension: (Wild Panda) - C:\Users\Kondi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmjbhndnpdbpfimkfhapcoidmbbakcod [2022-01-08] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Kondi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Profile: C:\Users\Kondi\AppData\Local\Google\Chrome\User Data\System Profile [2020-09-13] Opera: ======= OPR Profile: C:\Users\Kondi\AppData\Roaming\Opera Software\Opera Stable [2008-01-01] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Rich Hints Agent) - C:\Users\Kondi\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-03-24] OPR Extension: (Amazon Assistant Promotion) - C:\Users\Kondi\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-16] StartMenuInternet: (HKU\S-1-5-21-1255634179-2396725886-1912766959-1000) OperaStable - "D:\opera\Launcher.exe" ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe) R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [217088 2013-04-30] (Microsoft Windows Hardware Compatibility Publisher -> AMD) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-04-29] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] S3 EasyAntiCheat; C:\Program Files\EasyAntiCheat\EasyAntiCheat.exe [802432 2020-08-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 EpicOnlineServices; C:\Program Files\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2022-03-03] (Epic Games Inc. -> Epic Games, Inc.) S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2020-05-30] (Mixbyte Inc -> Freemake) S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\102.0.5005.63\elevation_service.exe [1409936 2022-05-18] (Google LLC -> Google LLC) [Brak podpisu cyfrowego] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S3 npggsvc; C:\Windows\system32\GameMon.des [9424040 2020-07-16] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) S3 SbieSvc; D:\Programy\SandBoxie\SbieSvc.exe [154760 2017-06-05] (Invincea, Inc. -> Sandboxie Holdings, LLC) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Windows -> Microsoft Corporation) ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 amdiox86; C:\Windows\System32\DRIVERS\amdiox86.sys [37944 2010-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices) R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10070016 2013-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [290304 2013-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus.sys [34208 2021-01-21] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [33712 2021-01-21] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [38832 2021-01-21] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices) S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [86656 2012-05-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices) S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10070016 2013-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2015-08-31] (Power Technology -> Windows (R) Win 7 DDK provider) R3 DFX12; C:\Windows\System32\drivers\dfx12.sys [26104 2015-11-12] (Power Technology -> Windows (R) Win 7 DDK provider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2017-09-27] (DT Soft Ltd -> DT Soft Ltd) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [23688 2020-10-12] (CHENGDU YIWO Tech Development Co., Ltd. -> ) R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [17672 2020-10-12] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider) R0 EUDCPEPM; C:\Windows\System32\drivers\EUDCPEPM.sys [66184 2020-10-12] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) R1 EUEDKEPM; C:\Windows\system32\drivers\EUEDKEPM.sys [21640 2020-10-12] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [13832 2020-10-12] (CHENGDU YIWO Tech Development Co., Ltd. -> ) R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [101792 2018-01-24] (Muzychenko Evgenii Viktorovich -> Eugene V. Muzychenko) S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2016-03-26] (Sony Mobile Communications AB -> Sony Mobile Communications) R1 HWiNFO_152; C:\Windows\system32\drivers\HWiNFO32_152.SYS [54120 2020-12-18] (Martin Malik - REALiX -> REALiX(tm)) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [241760 2008-01-01] (Malwarebytes Corporation -> Malwarebytes) S3 SbieDrv; D:\Programy\SandBoxie\SbieDrv.sys [179336 2017-06-05] (Invincea, Inc. -> Sandboxie Holdings, LLC) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2009-07-14] (Microsoft Windows -> Microsoft Corporation) R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable_win7.sys [34024 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [128704 2016-08-16] (NGO -> MBB) S3 ZSMC303; C:\Windows\System32\Drivers\usbVM303.sys [391300 2006-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2022-06-03 14:38 - 2022-06-06 14:23 - 000000000 ____D C:\Users\Kondi\Desktop\Nowy folder (2) 2022-05-18 15:44 - 2022-05-18 15:58 - 000000000 ____D C:\Users\Kondi\AppData\Roaming\.minecraftzyczu 2022-05-16 19:02 - 2022-05-16 19:02 - 000000000 ____D C:\Users\Kondi\AppData\Roaming\.minecraft ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2022-06-12 17:58 - 2021-11-01 10:59 - 000000000 ____D C:\FRST 2022-06-12 17:52 - 2017-07-24 16:07 - 000000000 ____D C:\Program Files\Google 2022-06-12 07:56 - 2018-04-20 20:35 - 000000000 ____D C:\Windows\system32\Macromed 2022-06-12 07:50 - 2009-07-14 06:34 - 000020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2022-06-12 07:50 - 2009-07-14 06:34 - 000020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2022-06-12 07:49 - 2017-07-24 16:06 - 001659722 _____ C:\Windows\system32\PerfStringBackup.INI 2022-06-12 07:49 - 2009-07-14 10:07 - 000736354 _____ C:\Windows\system32\perfh015.dat 2022-06-12 07:49 - 2009-07-14 10:07 - 000154644 _____ C:\Windows\system32\perfc015.dat 2022-06-12 07:49 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf 2022-06-11 12:10 - 2018-07-15 23:16 - 000000000 ____D C:\Users\Kondi\AppData\Roaming\Valium 2022-06-11 12:04 - 2021-08-13 16:07 - 000000393 _____ C:\Users\Kondi\Desktop\rachunki.txt 2022-06-10 12:03 - 2021-07-26 22:18 - 000052224 ____H C:\Users\Kondi\Desktop\photothumb.db 2022-06-09 14:40 - 2021-05-23 12:26 - 000000000 ____D C:\Users\Kondi\AppData\Local\Discord 2022-06-04 18:53 - 2022-02-27 12:36 - 000000000 ____D C:\Users\Kondi\Desktop\ss 2022-05-17 15:29 - 2021-01-04 11:22 - 000000193 _____ C:\Windows\WORDPAD.INI ==================== Pliki w katalogu głównym wybranych folderów ======== 2022-01-02 14:10 - 2022-01-02 14:10 - 000000097 _____ () C:\Users\Kondi\AppData\Roaming\LauncherSettings_live.cfg 2022-01-02 13:49 - 2022-01-02 14:01 - 000016601 _____ () C:\Users\Kondi\AppData\Roaming\TheHunterSettings_live.bin 2022-01-02 13:49 - 2022-01-02 14:04 - 000000048 _____ () C:\Users\Kondi\AppData\Roaming\TheHunterSettings_steam_live.cfg 2020-09-28 19:03 - 2020-09-28 19:03 - 000000006 _____ () C:\Users\Kondi\AppData\Local\4040BDD0000f056.dat 2020-09-28 16:35 - 2020-09-28 16:35 - 000000036 _____ () C:\Users\Kondi\AppData\Local\4051BDD0000f042.dat ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) LastRegBack: 2022-06-12 08:39 ==================== Koniec FRST.txt ========================