Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 23-02-2021 Uruchomiony przez toshiba (administrator) ZZZ (TOSHIBA SATELLITE L755D) (23-02-2021 16:32:02) Uruchomiony z C:\Users\toshiba\Desktop\riverdale\Nowy folder Załadowane profile: toshiba Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Domyślna przeglądarka: Chrome Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) () [Brak podpisu cyfrowego] C:\Program Files (x86)\Edimax\Edimax AC600 Wireless LAN Driver\WPSService20.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (AppEx Networks Corporation -> ) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Browny02\BrYNSvc.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <51> (InsERT S.A. -> InsERT S.A.) C:\Program Files (x86)\Common Files\InsERT\Sterowniki\Uni.net\FramShadow.exe (InsERT S.A. -> InsERT S.A.) C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdhost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.INSERTGT\MSSQL\Binn\sqlservr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <3> (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.230\WsAppService.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [HDD Regenerator] => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1 HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Users\toshiba\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3368600 2021-02-17] (Opera Software AS -> Opera Software) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation -> ) HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\Run: [GG] => C:\Users\toshiba\AppData\Local\GG\Application\gghub.exe [4078144 2018-12-14] (GG Network S.A. -> GG Network S.A.) HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {05ff153f-4bac-11e9-afcc-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {05ff1543-4bac-11e9-afcc-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {0807f9dd-c2a4-11e6-b614-047d7b3c0e49} - E:\autorun.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {16ca8edf-3146-11e6-b598-047d7b3c0e49} - E:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {22cd78f2-e7b7-11e7-bb2a-047d7b3c0e49} - E:\MicroLauncher.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {2907522a-2559-11ea-871f-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {2907522f-2559-11ea-871f-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {2cf6f957-1961-11e9-98b6-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {2dad1b8b-b297-11e9-b470-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {2e1a0ef7-88c3-11e8-9141-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {35078eeb-cd45-11e9-b8a8-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {4c9f7248-3cc0-11e9-af06-047d7b3c0e49} - E:\iLinker.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {568b94ce-72c5-11e8-b909-047d7b3c0e49} - E:\windows\Install\Install.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {578ad6af-1760-11eb-9a42-047d7b3c0e49} - E:\OnePlus_setup.exe /s HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {578ad6c0-1760-11eb-9a42-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {5af18cf1-cd1f-11e8-9227-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {6f585d4b-7e8b-11e8-9125-047d7b3c0e49} - E:\AutoRun.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {74ae695e-4361-11eb-929b-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {74ae6962-4361-11eb-929b-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {791f8911-3418-11e9-a678-047d7b3c0e49} - E:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {791f8915-3418-11e9-a678-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {821e2e4e-3c22-11ea-9411-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {850297cd-5db8-11e9-aec7-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {8e0d0b51-ba9e-11ea-ac4f-047d7b3c0e49} - E:\Setup.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {92ddf0ec-840d-11e8-8eb0-047d7b3c0e49} - E:\AutoRun.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {92ddf0fd-840d-11e8-8eb0-047d7b3c0e49} - E:\AutoRun.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {98a95b08-d020-11e7-8e6f-047d7b3c0e49} - E:\AutoRun.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {98a95b0e-d020-11e7-8e6f-047d7b3c0e49} - E:\AutoRun.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {ac48711c-06d7-11eb-a681-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {c3ef58cd-4335-11ea-8d46-047d7b3c0e49} - E:\Setup.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {cdb9770c-0c57-11eb-b75a-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {cdb97715-0c57-11eb-b75a-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {ce15dd2a-e4bc-11e8-9c39-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {cf88241a-f53d-11e8-b429-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {e6757b5a-cfd5-11ea-837a-047d7b3c0e49} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {e6757b83-cfd5-11ea-837a-047d7b3c0e49} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {ea34baf0-db69-11e9-9033-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {ea79a9f7-a49d-11ea-bc7a-047d7b3c0e49} - E:\Setup.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {f1b613e8-1ee0-11e9-8a10-047d7b3c0e49} - E:\Setup.exe HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\Brother QL-570 Monitor: C:\Windows\system32\QL57L.DLL [54272 2010-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries, Ltd.) HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\...\Print\Monitors\PDF-XChange5-ABBYY-FR15: C:\Windows\system32\pxc50pmaf15.dll [57328 2018-12-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\Installer\chrmstp.exe [2021-02-19] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {08C7D18B-C3CA-4B21-86E6-DE37466C7107} - System32\Tasks\Opera scheduled assistant Autoupdate 1613725912 => C:\Users\toshiba\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-02-17] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\toshiba\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {1104F0A0-4295-4686-B832-B7FB64E7FD58} - System32\Tasks\Opera scheduled Autoupdate 1613725907 => C:\Users\toshiba\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-02-17] (Opera Software AS -> Opera Software) Task: {15C3B129-C30C-4427-B522-DC511BE1CB7B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software) Task: {1F3F01E1-2264-4254-9669-726A08987F5E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.) Task: {88A406F6-D045-4D89-B5D5-50B4B6DE29C4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_pepper.exe [1453112 2019-10-24] (Adobe Inc. -> Adobe) Task: {89ED2A57-E4DD-4914-831A-8D00B77E157C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-21] (Google Inc -> Google Inc.) Task: {8CB48A14-1E5C-4F91-A515-BF768017807E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-11] (Mozilla Corporation -> Mozilla Foundation) Task: {9F3666D0-1C1C-4C14-A207-06B2BA46B6A3} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-11-23] () [Brak podpisu cyfrowego] Task: {A94193D7-B12B-4FA0-8448-86AAA1F92AB0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {CC1E9CD5-8EE3-458D-9924-E6C1201D31EB} - System32\Tasks\Opera GX scheduled Autoupdate 1608711468 => C:\Users\toshiba\AppData\Local\Programs\Opera GX\launcher.exe [1720472 2021-02-16] (Opera Software AS -> Opera Software) Task: {DAC517E5-CBA3-4452-A38B-77D82CD1F44C} - System32\Tasks\{43E453BD-9EC7-43A4-86A2-C66F7E253DF2} => C:\Windows\system32\pcalua.exe -a C:\Users\toshiba\Desktop\ziphone\Setup.exe -d C:\Users\toshiba\Desktop\ziphone Task: {EB69B4DB-06F5-4800-97D9-EB179DC7D61D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-21] (Google Inc -> Google Inc.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{1e06332c-551b-4dd1-839e-c51be690b0db} <==== UWAGA (Ograniczenia - IP) Tcpip\Parameters: [DhcpNameServer] 109.196.95.195 109.196.95.196 Tcpip\..\Interfaces\{A380407D-B5FF-48DD-BAB9-C3FB798D5F02}: [DhcpNameServer] 109.196.95.195 109.196.95.196 FireFox: ======== FF DefaultProfile: qzfynen6.default FF ProfilePath: C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\qzfynen6.default [2021-02-22] FF Extension: (Tampermonkey) - C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\qzfynen6.default\Extensions\firefox@tampermonkey.net.xpi [2020-11-05] FF Extension: (uBlock Origin) - C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\qzfynen6.default\Extensions\uBlock0@raymondhill.net.xpi [2021-02-22] FF Extension: (User-Agent Switcher) - C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\qzfynen6.default\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2020-12-21] FF Extension: (Avast Online Security) - C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\qzfynen6.default\Extensions\wrc@avast.com.xpi [2021-02-22] FF Extension: (Wtyczka Tipli) - C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\qzfynen6.default\Extensions\{a78bba1f-fd0d-47cc-b690-8f631d14e67d}.xpi [2021-01-25] FF Extension: (Video DownloadHelper) - C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\qzfynen6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-21] FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Brak pliku] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Brak pliku] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku] FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-23] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-23] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Brak pliku] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default [2021-02-23] CHR Notifications: Default -> hxxps://24548711174149.eu.webpush.freshchat.com; hxxps://dailyweb.pl; hxxps://mail.google.com; hxxps://virginmobile.pl; hxxps://web.whatsapp.com; hxxps://www.alibaba.com; hxxps://www.pracuj.pl CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms} CHR DefaultSearchKeyword: Default -> duckduckgo.com CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list CHR Session Restore: Default -> [funkcja włączona] CHR Extension: (Prezentacje) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16] CHR Extension: (Dokumenty) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Dysk Google) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24] CHR Extension: (DuckDuckGo) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-01-11] CHR Extension: (YouTube) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-21] CHR Extension: (Adblock Plus - darmowy adblocker) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-30] CHR Extension: (Tampermonkey) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-11-04] CHR Extension: (Arkusze) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16] CHR Extension: (Dokumenty Google offline) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18] CHR Extension: (Video DownloadHelper) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2021-02-18] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30] CHR Extension: (Gmail) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23] CHR Extension: (Chrome Media Router) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-01] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] Opera: ======= OPR Profile: C:\Users\toshiba\AppData\Roaming\Opera Software\Opera Stable [2021-02-23] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Rich Hints Agent) - C:\Users\toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-02-19] StartMenuInternet: (HKLM) OperaStable - C:\Users\toshiba\AppData\Local\Programs\Opera\Launcher.exe StartMenuInternet: (HKU\S-1-5-21-1851017888-1038024472-3138641645-1000) Opera GXStable - "C:\Users\toshiba\AppData\Local\Programs\Opera GX\Launcher.exe" ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) "MsBC27851AApp" => serwis nie został odblokowany. <==== UWAGA HKLM\SYSTEM\ControlSet001\Services\MsBC27851AApp => C:\Windows\System32\MsBC27851AApp.dll <==== UWAGA (Rootkit!/Zablokowana usługa) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] R3 MSSQLFDLauncher$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [41416 2012-06-29] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation) R2 WPSService20; C:\Program Files (x86)\Edimax\Edimax AC600 Wireless LAN Driver\WPSService20.exe [96768 2017-11-24] () [Brak podpisu cyfrowego] R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.230\WsAppService.exe [493280 2017-09-27] (Wondershare Technology Co.,Ltd -> Wondershare) S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\New TunesGo\DriverInstall.exe" [X] ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices) R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation -> AppEx Networks Corporation) R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation -> AppEx Networks Corporation) S3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.) S3 cdrombus; C:\Windows\System32\Drivers\cdrombus.sys [25088 2012-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-11-29] (Qualcomm Atheros -> Qualcomm Atheros Co., Ltd.) S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia) R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [12800 2009-06-15] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA) R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [12800 2009-06-15] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [321992 2012-06-29] (Microsoft Corporation -> Microsoft Corporation) R1 RsFx0320; C:\Windows\System32\DRIVERS\RsFx0320.sys [250048 2016-06-18] (Microsoft Corporation -> Microsoft Corporation) S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [7706960 2018-03-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) NETSVC: MsBC27851AApp -> Brak ścieżki do pliku. ==================== Jeden miesiąc (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2021-02-23 16:30 - 2021-02-23 16:33 - 000000000 ____D C:\FRST 2021-02-23 15:18 - 2021-02-23 15:18 - 000000570 _____ C:\Users\toshiba\Desktop\ESET Online Scanner.lnk 2021-02-23 14:09 - 2021-02-23 14:14 - 000000000 ____D C:\AdwCleaner 2021-02-23 09:48 - 2021-02-23 09:48 - 000073700 _____ C:\Users\toshiba\Desktop\etykieta zybi.pdf 2021-02-22 10:48 - 2021-02-22 10:48 - 000036883 _____ C:\Users\toshiba\Desktop\Faktura_simapka_01_2021.pdf 2021-02-20 11:40 - 2021-02-20 11:40 - 000000000 ____D C:\Users\toshiba\AppData\Roaming\java 2021-02-20 11:38 - 2021-02-22 09:18 - 000000000 ____D C:\Users\toshiba\AppData\Roaming\.tlauncher 2021-02-19 10:11 - 2021-02-19 10:11 - 000004102 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1613725912 2021-02-19 10:11 - 2021-02-19 10:11 - 000003906 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1613725907 2021-02-19 10:11 - 2021-02-19 10:11 - 000001327 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk 2021-02-19 10:11 - 2021-02-19 10:11 - 000001327 _____ C:\ProgramData\Desktop\Przeglądarka Opera.lnk 2021-02-15 12:32 - 2021-02-15 12:32 - 000000000 ____D C:\Program Files (x86)\FONDQXIMSYHLISNDBCFPGGQDFFXNKBARIRJH 2021-02-15 11:58 - 2021-02-15 11:58 - 000181957 _____ C:\Users\toshiba\Desktop\Regulamin Us_ugi cykliczna us_uga Rozmowy i SMSy bez limitu do wszystkich oraz GB.pdf 2021-02-15 11:11 - 2021-02-15 11:11 - 000133229 _____ C:\Users\toshiba\Desktop\FS-ZX_00000273_2020.pdf 2021-02-04 10:05 - 2021-02-04 10:05 - 000000021 _____ C:\Users\toshiba\Desktop\Hasło PLUS.txt 2021-02-03 13:33 - 2021-02-03 13:33 - 000022376 _____ C:\Users\toshiba\Desktop\ZapisRozmowy.pdf 2021-01-25 10:16 - 2021-01-25 10:16 - 000000050 _____ C:\Users\toshiba\Desktop\Nowy dokument tekstowy (5).txt ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2021-02-23 15:36 - 2019-05-07 12:17 - 000000000 ____D C:\Users\toshiba\Desktop\riverdale 2021-02-23 14:34 - 2009-07-14 05:45 - 000031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2021-02-23 14:34 - 2009-07-14 05:45 - 000031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2021-02-23 14:30 - 2017-02-13 11:01 - 000038924 _____ C:\Windows\BRRBCOM.INI 2021-02-23 14:27 - 2019-01-04 09:52 - 000000000 ____D C:\Users\toshiba\AppData\Roaming\GG 2021-02-23 14:24 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-02-23 14:15 - 2019-06-25 07:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2021-02-23 14:14 - 2019-06-25 07:17 - 000000000 ____D C:\Program Files (x86)\Samsung 2021-02-23 10:32 - 2018-11-19 10:23 - 000000000 ____D C:\Users\toshiba\Desktop\faktury 2021-02-22 13:54 - 2018-08-29 13:43 - 000013275 _____ C:\Users\toshiba\Desktop\ekspertyza.odt 2021-02-22 12:45 - 2017-12-08 12:27 - 000000000 ____D C:\Users\toshiba\AppData\LocalLow\Mozilla 2021-02-22 12:27 - 2021-01-11 10:51 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-02-22 12:19 - 2019-02-12 13:14 - 000000000 ____D C:\ProgramData\Mozilla 2021-02-19 09:08 - 2016-05-21 10:40 - 000002190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-02-19 09:08 - 2016-05-21 10:40 - 000002149 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2021-02-18 13:00 - 2020-12-23 09:17 - 000004088 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1608711468 2021-02-18 12:02 - 2017-02-14 10:16 - 000002019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-02-16 10:29 - 2011-02-04 18:38 - 000916912 _____ C:\Windows\system32\perfh015.dat 2021-02-16 10:29 - 2011-02-04 18:38 - 000224762 _____ C:\Windows\system32\perfc015.dat 2021-02-16 10:29 - 2009-07-14 06:13 - 002167396 _____ C:\Windows\system32\PerfStringBackup.INI 2021-02-16 10:29 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2021-02-16 09:57 - 2020-11-17 10:45 - 000000000 ____D C:\Users\toshiba\Downloads\FDMPortable 2021-02-11 12:44 - 2017-02-14 10:17 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2021-02-05 15:31 - 2020-12-23 14:03 - 000010379 _____ C:\Users\toshiba\Desktop\Nowy OpenDocument Dokument tekstowy (4).odt 2021-02-05 09:10 - 2016-05-21 10:39 - 000003482 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2021-02-05 09:10 - 2016-05-21 10:39 - 000003354 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2021-02-01 13:29 - 2019-02-04 09:13 - 000000000 ____D C:\Users\toshiba\AppData\Local\GG 2021-01-28 17:12 - 2019-02-12 11:14 - 000024440 _____ C:\Users\toshiba\Desktop\Kupione telefony na Inter.ods ==================== Pliki w katalogu głównym wybranych folderów ======== 2020-11-25 09:26 - 2020-11-25 09:26 - 001123840 _____ (Karol Winnicki) C:\Users\toshiba\BESTplayer.exe 2016-09-13 09:15 - 2016-09-13 09:15 - 000007605 _____ () C:\Users\toshiba\AppData\Local\Resmon.ResmonCfg ==================== FCheck ================================ (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) FCheck: C:\Windows\system32\jdns_sd.dll [2019-06-12] <==== UWAGA (zerobajtowy plik/folder) ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) ==================== Koniec FRST.txt ========================