Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 25-02-2023 Uruchomiony przez Magda (administrator) MAGDA-KOMPUTER (Dell Inc. Inspiron 3521) (25-02-2023 16:35:49) Uruchomiony z C:\Users\Magda\Desktop\LOGIfrst Załadowane profile: Magda Platform: Microsoft Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Domyślna przeglądarka: Opera Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE ->) (Dell Inc.) [Brak podpisu cyfrowego] C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (C:\ProgramData\DatacardService\HWDeviceService64.exe ->) (HUAWEI Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (cmd.exe ->) (Acresso Software Inc. -> Acresso Software Inc.) C:\Cracked License Manager 10\lmgrd.exe (explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (explorer.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (explorer.exe ->) (Dell Inc.) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (explorer.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (HUAWEI Technologies Co., Ltd. -> ) C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Opera Norway AS -> Opera Software) C:\Program Files (x86)\Opera\assistant\browser_assistant.exe <2> (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (services.exe ->) (Dell Inc.) [Brak podpisu cyfrowego] C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (services.exe ->) (Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe (services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe (services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe (services.exe ->) (HUAWEI Technologies Co., Ltd. -> ) C:\ProgramData\DatacardService\HWDeviceService64.exe (services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (services.exe ->) (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (services.exe ->) (Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (svchost.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (svchost.exe ->) (Microsoft Corporation) [Brak podpisu cyfrowego] C:\Windows\System32\dwm.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [8925184 2015-11-16] (Dell Inc.) [Brak podpisu cyfrowego] [Plik w użyciu] HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3163248 2022-01-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files (x86)\Opera\assistant\browser_assistant.exe [3916232 2022-12-20] (Opera Norway AS -> Opera Software) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Ograniczenia <==== UWAGA HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Ograniczenia <==== UWAGA HKU\S-1-5-21-2955849912-3311645180-3193570865-1000\...\Run: [Dropbox Update] => C:\Users\Magda\AppData\Local\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.) HKU\S-1-5-21-2955849912-3311645180-3193570865-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [735336 2019-02-23] (AVB Disc Soft, SIA -> Disc Soft Ltd) HKU\S-1-5-21-2955849912-3311645180-3193570865-1000\...\MountPoints2: F - F:\Autorun.exe HKU\S-1-5-21-2955849912-3311645180-3193570865-1000\...\MountPoints2: {5e5cf5e2-2e4e-11e6-bbd6-f82fa8dd0b82} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2955849912-3311645180-3193570865-1000\...\MountPoints2: {72930539-3663-11e8-bc31-f82fa8dd0b82} - F:\AutoRun.exe HKU\S-1-5-21-2955849912-3311645180-3193570865-1000\...\MountPoints2: {757d9253-a09f-11e5-9d1e-f82fa8dd0b82} - F:\Launcher.exe HKU\S-1-5-21-2955849912-3311645180-3193570865-1000\...\MountPoints2: {757d9265-a09f-11e5-9d1e-f82fa8dd0b82} - G:\Autorun.exe HKU\S-1-5-21-2955849912-3311645180-3193570865-1000\...\MountPoints2: {84414e81-2310-11e6-a3ab-f82fa8dd0b82} - F:\AutoRun.exe HKU\S-1-5-21-2955849912-3311645180-3193570865-1000\...\MountPoints2: {8616ecd8-abc0-11e5-89fd-f82fa8dd0b82} - G:\AutoRun.exe HKU\S-1-5-21-2955849912-3311645180-3193570865-1000\...\MountPoints2: {8616ece9-abc0-11e5-89fd-f82fa8dd0b82} - F:\AutoRun.exe HKU\S-1-5-21-2955849912-3311645180-3193570865-1000\...\MountPoints2: {8bec3159-275c-11e7-b6b8-f82fa8dd0b82} - H:\SETUP.EXE HKU\S-1-5-21-2955849912-3311645180-3193570865-1000\...\MountPoints2: {8bec3160-275c-11e7-b6b8-f82fa8dd0b82} - I:\SETUP.EXE HKU\S-1-5-21-2955849912-3311645180-3193570865-1000\...\MountPoints2: {c89fac38-b604-11e5-9042-f82fa8dd0b82} - F:\AutoRun.exe HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\Bullzip PDF Print Monitor: C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll [218112 2017-03-10] (Bullzip) [Brak podpisu cyfrowego] HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-02-10] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2022-12-24] (Adobe Inc. -> Adobe Systems, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll (Broadcom Corporation -> Broadcom Corporation.) HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll [2014-11-17] (Broadcom Corporation -> Broadcom Corporation.) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-11-16] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.) Startup: C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArcGIS License Manager 10 CRACKED.lnk [2015-04-10] ShortcutTarget: ArcGIS License Manager 10 CRACKED.lnk -> C:\Cracked License Manager 10\start_lic_mgr_invisible.vbs () [Brak podpisu cyfrowego] BootExecute: autocheck autochk * sdnclean64.exe ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {02F8AB2B-9EDF-4B4D-ADFB-12523161AAFB} - System32\Tasks\{DDABE324-5521-40A3-BCC9-AA0B696F9994} => C:\Windows\system32\pcalua.exe -a C:\Users\Magda\Downloads\DW1703_DW1705_W7_A00_Setup-GMW8T_ZPE.exe -d C:\Users\Magda\Downloads Task: {24106650-C6DA-4911-B7CE-5B2BA61B98C7} - System32\Tasks\Opera scheduled assistant Autoupdate 1547148313 => C:\Program Files (x86)\Opera\launcher.exe [1977800 2023-02-15] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files (x86)\Opera\assistant" $(Arg0) Task: {25295E8A-BDEC-4213-A403-AC20CCB7F042} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2955849912-3311645180-3193570865-1000UA => C:\Users\Magda\AppData\Local\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.) Task: {36F5FF45-9C03-4CE1-AF14-5D26ED277098} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (Brak pliku) Task: {3A57E1A6-2577-431D-B86F-E46820604257} - System32\Tasks\{918A296D-8463-4474-B158-04693D0C83ED} => D:\EA GAMES\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2EP9.exe (Brak pliku) Task: {3F254581-6E9C-4B4F-AFE0-EA328C9863D7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 ] (Microsoft Corporation -> Microsoft Corporation) Task: {4348182D-54AC-4BB3-9DC7-1056705351E5} - System32\Tasks\Opera scheduled Autoupdate 1401745247 => C:\Program Files (x86)\Opera\launcher.exe [1977800 2023-02-15] (Opera Norway AS -> Opera Software) Task: {501E0C9F-A284-405C-8AB3-FF5853D484CA} - System32\Tasks\e-pity2018_styczen Task: {5482F6F9-9BBF-477F-AA79-8CFD301A8821} - System32\Tasks\BatteryCareAuto => C:\Program Files (x86)\BatteryCare\BatteryCare.exe (Brak pliku) Task: {56F9FFC5-67E2-4825-A4B1-37717C49C909} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2955849912-3311645180-3193570865-1000Core => C:\Users\Magda\AppData\Local\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.) Task: {5A65BEB1-9291-4AD8-ADE5-A98377885843} - System32\Tasks\{F1B92175-7F7D-455F-98F6-C6177B9A5924} => C:\Windows\system32\pcalua.exe -a C:\Users\Magda\Desktop\network\Setup_MUP.exe -d C:\Users\Magda\Desktop\network Task: {5C8912D7-7B91-47AF-961D-004333DF52E6} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate Task: {5C8912D7-7B91-47AF-961D-004333DF52E6} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate -noappraiser Task: {71651DB7-A71C-49DD-8383-2B8DC16C1E39} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation) Task: {7635CC91-833F-4BED-866E-A6217867650B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) Task: {9D7FBF90-8131-43FA-BE74-F0FE48747AE8} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4666896 2022-09-12] (Piriform Software Ltd -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "709b86d5-c6a2-4985-8647-f4f69dc29e0b" --version "6.04.10044" --silent Task: {A8BACFEA-58A6-40CD-83E9-434CA2550F04} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [11180280 2022-07-27] (Lespeed Technology Co., Ltd -> WiseCleaner.com) Task: {A8C390D9-1528-4290-BFC5-CE181426C26D} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(3): %windir%\system32\rundll32.exe -> appraiser.dll,DailyGatedCheck Task: {A8C390D9-1528-4290-BFC5-CE181426C26D} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(4): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy Task: {B7230A59-6145-4C4D-AA87-07162AF36ADC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) Task: {BF961CA4-3732-4F72-8285-967CD28A122C} - System32\Tasks\CCleanerSkipUAC - Magda => C:\Program Files\CCleaner\CCleaner.exe [32204304 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd) Task: {C9E585CA-6CB2-411A-9207-EF064BDADC79} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-09-12] (Piriform Software Ltd -> Piriform) Task: {D2F6A673-AC6F-45B0-8B10-D4248A92A79D} - System32\Tasks\{08ABF220-928A-4209-914D-540CD77346C5} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\JENNES~1\REPEAT~1\UNWISE.EXE -c C:\PROGRA~2\JENNES~1\REPEAT~1\INSTALL.LOG Task: {DDCB8890-EA75-47CE-B1CC-63413A48A2C6} - System32\Tasks\{7F48DBE2-753B-4D5B-8D99-5425B1EAB026} => C:\Users\Magda\Desktop\PDFCreator-2_1_2-setup.exe (Brak pliku) Task: {EB92AA25-675D-42FE-84FE-3B22E2F9215A} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation) Task: {F3512B92-99FF-4906-8080-E44FCB755680} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1560056 2023-02-01] (Adobe Inc. -> Adobe Inc.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2955849912-3311645180-3193570865-1000Core.job => C:\Users\Magda\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2955849912-3311645180-3193570865-1000UA.job => C:\Users\Magda\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{21611003-D5DE-4F33-B74E-347297FEFE96}: [DhcpNameServer] 192.168.100.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll [2013-07-15] (Ganymede Sp. z o.o. -> ) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-29] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-29] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2023-02-14] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Default [2023-01-16] CHR Notifications: Default -> hxxp://antistorm.eu; hxxp://www.onet.pl; hxxps://mail.google.com; hxxps://pilot.wp.pl; hxxps://pl.pinterest.com; hxxps://player.pl CHR StartupUrls: Default -> "hxxp://www.gazeta.pl/0,0.html?p=190" CHR Extension: (Safe Torrent Scanner) - C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-07-31] CHR Extension: (uBlock Origin) - C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-01-12] CHR Extension: (Fir-tree) - C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpemgbdaekmlhodlloofbmpkmmpdghd [2016-12-07] CHR Extension: (Dokumenty Google offline) - C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-02] CHR Extension: (Sprawdzanie poczty Google) - C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-02-09] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-01] CHR Profile: C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-01-29] CHR HomePage: Guest Profile -> hxxp://www.gazeta.pl/0,0.html?p=190 CHR StartupUrls: Guest Profile -> "hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190" CHR HKU\S-1-5-21-2955849912-3311645180-3193570865-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] Opera: ======= OPR Profile: C:\Users\Magda\AppData\Roaming\Opera Software\Opera Stable [2023-02-25] OPR Notifications: Opera Stable -> hxxps://drive.google.com; hxxps://ktomalek.pl; hxxps://ottwow.com; hxxps://panel.opinie.pl; hxxps://pikio.pushalert.co; hxxps://pilot.wp.pl; hxxps://poczta.onet.pl; hxxps://www-wedding-pl.pushpushgo.com; hxxps://www.ebilet.pl; hxxps://www.eurofirany.com.pl; hxxps://www.iparts.pl; hxxps://www.ipla.tv; hxxps://www.polsatnews.pl OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (KeePassHelper Password Manager) - C:\Users\Magda\AppData\Roaming\Opera Software\Opera Stable\Extensions\calafnphoinbmicbijemddahngbpdlke [2020-08-20] OPR Extension: (Rich Hints Agent) - C:\Users\Magda\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-10-28] OPR Extension: (Opera Wallet) - C:\Users\Magda\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-02-15] OPR Extension: (Gismeteo) - C:\Users\Magda\AppData\Roaming\Opera Software\Opera Stable\Extensions\gomohoalpkcdboocdnbeajbbjmifijbg [2019-04-10] OPR Extension: (Amazon Assistant Promotion) - C:\Users\Magda\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-15] OPR Extension: (uBlock Origin) - C:\Users\Magda\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2023-02-25] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-02-01] (Adobe Inc. -> Adobe Inc.) R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [98208 2009-11-17] (Andrea Electronics -> Andrea Electronics Corporation) R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2018-10-10] (Digital Wave Ltd -> Digital Wave Ltd.) R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-02-23] (AVB Disc Soft, SIA -> Disc Soft Ltd) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] (HUAWEI Technologies Co., Ltd. -> ) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8842536 2022-10-23] (Malwarebytes Inc. -> Malwarebytes) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2015-12-26] (HUAWEI Technologies Co., Ltd. -> ) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2017-04-23] (Even Balance, Inc. -> ) R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2017-04-23] (Even Balance, Inc. -> ) R2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation -> Microsoft Corporation) R2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6178304 2015-11-16] (Dell Inc.) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Techporch Incorporated -> Dell Inc.) S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Techporch Incorporated -> Dell Computer Corporation) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-02-23] (AVB Disc Soft, SIA -> Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-02-23] (AVB Disc Soft, SIA -> Disc Soft Ltd) S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2015-12-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [13952 2015-12-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [98304 2015-12-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [87040 2015-12-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [28672 2015-12-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [218624 2015-12-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-09-26] (Martin Malik - REALiX -> REALiX(tm)) S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd64.sys [9000256 2012-08-23] (Intel Corporation) [Brak podpisu cyfrowego] S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) R3 MpKsl66083cbd; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{723BB07E-37F2-4B6B-AB78-307C88BACC57}\MpKslDrv.sys [50432 2023-02-25] (Microsoft Windows -> Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia) S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia) S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [26112 2012-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Nokia) R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2000-01-01] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2017-10-08] (Macrovision Europe Ltd) [Brak podpisu cyfrowego] S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia) S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2023-02-25 16:33 - 2023-02-25 16:35 - 000000000 ____D C:\Users\Magda\Desktop\LOGIfrst 2023-02-25 14:50 - 2023-02-25 14:50 - 000000000 ____D C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2023-02-25 14:15 - 2023-02-25 14:15 - 000000000 ____D C:\Users\Magda\Desktop\ggps_roboty-nmt 2023-02-25 14:12 - 2023-02-25 14:12 - 000222363 _____ C:\Users\Magda\Desktop\5508598645_22_0.pdf 2023-02-19 19:25 - 2023-02-19 19:25 - 000559117 _____ C:\Users\Magda\Desktop\Z-15A_392803772.PDF.pdf 2023-02-19 17:46 - 2023-02-19 18:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2023-02-19 17:35 - 2023-02-19 17:36 - 000000000 ____D C:\Users\Magda\Desktop\500plusROK2023 2023-02-10 18:51 - 2023-02-25 14:18 - 000003366 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting 2023-02-05 18:37 - 2023-02-05 18:40 - 000000000 ____D C:\Users\Magda\Desktop\parczew repery ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2023-02-25 16:36 - 2015-01-29 09:41 - 000000000 ____D C:\FRST 2023-02-25 16:04 - 2014-05-29 17:48 - 000000000 ____D C:\Program Files (x86)\Google 2023-02-25 15:44 - 2015-06-13 07:42 - 000001162 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2955849912-3311645180-3193570865-1000UA.job 2023-02-25 14:54 - 2009-07-14 05:45 - 000032000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2023-02-25 14:54 - 2009-07-14 05:45 - 000032000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2023-02-25 14:51 - 2014-06-12 19:06 - 000000000 ____D C:\Users\Magda\AppData\Roaming\Dropbox 2023-02-25 14:44 - 2015-06-13 07:42 - 000001110 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2955849912-3311645180-3193570865-1000Core.job 2023-02-25 14:39 - 2015-06-13 07:42 - 000004132 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-2955849912-3311645180-3193570865-1000UA 2023-02-25 14:39 - 2015-06-13 07:42 - 000003736 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-2955849912-3311645180-3193570865-1000Core 2023-02-25 14:19 - 2017-04-09 18:53 - 000000000 ____D C:\Users\Magda\AppData\LocalLow\Mozilla 2023-02-25 14:19 - 2015-05-18 04:55 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2023-02-25 14:18 - 2022-09-30 06:49 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job 2023-02-25 14:18 - 2014-05-29 18:25 - 000000000 ____D C:\Program Files\CCleaner 2023-02-25 14:12 - 2022-07-01 16:43 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-02-25 14:07 - 2019-02-18 22:24 - 000000000 __SHD C:\Users\Magda\IntelGraphicsProfiles 2023-02-25 14:06 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-02-19 18:15 - 2015-10-02 05:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-02-19 18:15 - 2014-06-02 22:40 - 000000000 ____D C:\Program Files (x86)\Opera 2023-02-19 18:04 - 2014-06-14 11:59 - 000003890 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1401745247 2023-02-19 18:00 - 2022-10-12 16:16 - 000002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk 2023-02-10 19:03 - 2014-05-29 17:48 - 000002236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Pliki w katalogu głównym wybranych folderów ======== 2020-03-14 20:55 - 2020-03-14 20:55 - 000000847 _____ () C:\Users\Magda\AppData\Roaming\qnapi.ini 2015-06-22 18:23 - 2015-06-22 18:23 - 000000038 ___SH () C:\Users\Magda\AppData\Local\69ff07055291669bb2b218.72821112 2021-06-27 21:19 - 2021-06-27 21:19 - 000000869 _____ () C:\Users\Magda\AppData\Local\recently-used.xbel 2014-06-05 20:16 - 2014-06-05 20:16 - 000000017 _____ () C:\Users\Magda\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) LastRegBack: 2020-08-25 10:22 ==================== Koniec FRST.txt ========================