Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 06-06-2020 Uruchomiony przez Pati (administrator) PATI-KOMPUTER (SAMSUNG ELECTRONICS CO., LTD. R540/R580/R780/SA41/E452/E852) (13-06-2020 21:45:40) Uruchomiony z C:\Users\Pati\Downloads Załadowane profile: Pati & NeroMediaHomeUser.4 Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) () [Brak podpisu cyfrowego] C:\Windows\Samsung\PanelMgr\caller64.exe () [Brak podpisu cyfrowego] C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Advanced Micro Devices Inc.) [Brak podpisu cyfrowego] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) [Brak podpisu cyfrowego] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Bluestack Systems, Inc. -> BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Bluestack Systems, Inc. -> BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Bluestack Systems, Inc. -> BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\blueconnect\DataCardMonitor.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <8> (Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Samsung Electronics CO., LTD. -> SEC) [Brak podpisu cyfrowego] C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SAMSUNG Electronics) [Brak podpisu cyfrowego] C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [178496 2018-04-19] (ESET, spol. s r.o. -> ESET) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-06] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink -> CyberLink Corp.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5174568 2010-03-08] (Nero AG -> Nero AG) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] () [Brak podpisu cyfrowego] HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\blueconnect\DataCardMonitor.exe [249856 2012-09-11] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [839384 2014-09-16] (Bluestack Systems, Inc. -> BlueStack Systems, Inc.) HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5174568 2010-03-08] (Nero AG -> Nero AG) HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-425697130-2423384976-1920107721-1000\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\chomikbox.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Windows x64\Print Processors\SSP7MPC: C:\Windows\System32\spool\prtprocs\x64\ssp7mpc.dll [33792 2009-08-10] (Windows (R) Server 2003 DDK provider) [Brak podpisu cyfrowego] HKLM\...\Print\Monitors\SSP7M Langmon: C:\Windows\system32\ssp7ml6.dll [27648 2009-08-10] () [Brak podpisu cyfrowego] HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\Installer\chrmstp.exe [2020-06-10] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2010-04-29] (Broadcom Corporation -> Broadcom Corporation.) HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-06-21] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.) ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {19610CA3-48D1-467D-8EA5-E3ABDAED180D} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe Task: {1CEF1903-A239-4716-932C-73A4C616DBCB} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2201192 2010-01-19] (Samsung Electronics CO., LTD. -> SEC) [Brak podpisu cyfrowego] Task: {1E4DDEBF-2A7A-4502-A0AA-94DF3E4FA586} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {2A2E234A-F85B-403C-9A68-BBE8D89D9E9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {47015032-DC23-42E1-A3AC-A705341F0C3C} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {47BF0302-D0CA-43A5-912C-A44D9098D396} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [847360 2010-06-08] (Samsung Electronics Co., Ltd.) [Brak podpisu cyfrowego] Task: {A9E28B6C-D887-4827-A66E-ECB2B07E9DA1} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [1749504 2010-05-06] (SAMSUNG Electronics) [Brak podpisu cyfrowego] Task: {B62C3473-2818-4DF5-8D8A-85689FED7F58} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [6644736 2010-06-01] (Samsung Electronics. Co. Ltd.) [Brak podpisu cyfrowego] Task: {C8E97ADE-91EF-4873-966F-DDC47DFF897E} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [356352 2010-03-29] (SAMSUNG Electronics co., LTD.) [Brak podpisu cyfrowego] Task: {ECC89F17-841D-49A3-962D-4CB28F075E82} - System32\Tasks\EasySpeedUpManager => Command(1): "%programfiles(x86)%\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe" -> /s Task: {ECC89F17-841D-49A3-962D-4CB28F075E82} - System32\Tasks\EasySpeedUpManager => Command(2): C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [719360 [719360 2010-02-10]] (Samsung Electronics Co., Ltd.) [Brak podpisu cyfrowego] (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{8C7EC1FB-1023-4C7F-B871-484617D467BA}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies SA -> Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies SA -> Skype Technologies S.A.) FireFox: ======== FF DefaultProfile: c0py85rr.default FF ProfilePath: C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default [2020-06-13] FF user.js: detected! => C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\c0py85rr.default\user.js [2020-06-11] FF NewTab: Mozilla\Firefox\Profiles\c0py85rr.default -> FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll [2013-02-25] (Adobe Systems Incorporated -> ) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll [2013-02-25] (Adobe Systems Incorporated -> ) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-28] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-08-28] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin HKU\S-1-5-21-425697130-2423384976-1920107721-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pati\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-11] (Unity Technologies ApS -> Unity Technologies ApS) Chrome: ======= CHR Profile: C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default [2020-06-13] CHR Notifications: Default -> hxxps://inpost.pl; hxxps://player.pl; hxxps://www.bzwbk.pl CHR Extension: (Prezentacje) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18] CHR Extension: (Dokumenty) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18] CHR Extension: (Dysk Google) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17] CHR Extension: (YouTube) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-13] CHR Extension: (Dokumenty Google offline) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-11] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03] CHR Extension: (Gmail) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-28] CHR Extension: (Chrome Media Router) - C:\Users\Pati\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-11] CHR HKU\S-1-5-21-425697130-2423384976-1920107721-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2010-07-07] (Microsoft Windows Hardware Compatibility Publisher -> AMD) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-16] (Bluestack Systems, Inc. -> BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-16] (Bluestack Systems, Inc. -> BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-16] (Bluestack Systems, Inc. -> BlueStack Systems, Inc.) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET, spol. s r.o. -> ESET) R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET, spol. s r.o. -> ESET) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2010-03-08] (Nero AG -> Nero AG) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) S2 AOLserver-projop; "C:\project-open\bin\nsd.exe" -S -s projop -t "c:\project-open\servers\projop\etc\config.tcl" S2 pgsql-8.2; "C:\Program Files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -w -N "pgsql-8.2" -D "C:\Program Files (x86)\PostgreSQL\8.2\data\" ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [7195648 2010-07-07] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [265728 2010-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [116736 2010-01-29] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies, Inc.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-16] (Bluestack Systems, Inc. -> BlueStack Systems) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137928 2018-04-12] (ESET, spol. s r.o. -> ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [110432 2018-04-12] (ESET, spol. s r.o. -> ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [196112 2018-04-12] (ESET, spol. s r.o. -> ESET) R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50136 2018-04-12] (ESET, spol. s r.o. -> ESET) R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82816 2018-04-12] (ESET, spol. s r.o. -> ESET) R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [64656 2018-04-12] (ESET, spol. s r.o. -> ESET) R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [108320 2018-04-12] (ESET, spol. s r.o. -> ESET) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-06-12] (Malwarebytes Corporation -> Malwarebytes) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [136192 2010-04-01] (Microsoft Windows Hardware Compatibility Publisher -> ELAN Microelectronics Corp.) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [133632 2008-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2020-06-12] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2020-06-13] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2020-06-13] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2020-06-13] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [106344 2020-06-13] (Malwarebytes Corporation -> Malwarebytes) S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-03-08] (Realtek Semiconductor Corp -> Windows (R) 2003 DDK 3790 provider) R1 SABI; C:\Windows\system32\Drivers\SABI.sys [13824 2010-03-31] (Microsoft Windows Hardware Compatibility Publisher -> SAMSUNG ELECTRONICS) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-02-26] ( () [Brak podpisu cyfrowego]) [Plik w użyciu ] S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-29] (Samsung Electronics CO., LTD. -> Samsung Electronics) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] (Microsoft Windows Hardware Compatibility Publisher -> ) U3 ant8fyfh; C:\Windows\System32\Drivers\ant8fyfh.sys [0 0000-00-00] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) =================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2020-06-13 20:40 - 2020-06-13 20:40 - 000000000 ____D C:\Users\Pati\Desktop\Tor Browser 2020-06-13 19:17 - 2020-06-13 19:17 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2020-06-13 19:17 - 2020-06-13 19:17 - 000106344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2020-06-13 19:17 - 2020-06-13 19:17 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2020-06-13 19:14 - 2020-06-13 19:14 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2020-06-13 15:50 - 2020-06-13 21:47 - 000025282 _____ C:\Users\Pati\Downloads\FRST.txt 2020-06-12 20:10 - 2020-06-12 20:10 - 000275672 _____ C:\Windows\Minidump\061220-26239-01.dmp 2020-06-12 18:47 - 2020-06-12 18:47 - 000014260 _____ C:\Users\Pati\Desktop\Eset.txt 2020-06-12 16:38 - 2020-06-12 16:48 - 000000000 ____D C:\AdwCleaner 2020-06-12 16:37 - 2020-06-12 16:38 - 008402608 _____ (Malwarebytes) C:\Users\Pati\Downloads\AdwCleaner.exe 2020-06-12 09:50 - 2020-06-12 09:50 - 000000000 ____D C:\Users\Pati\AppData\Local\mbamtray 2020-06-12 09:27 - 2020-06-12 09:27 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2020-06-11 19:32 - 2020-06-11 19:32 - 000000000 ____D C:\Users\Pati\AppData\Local\mbam 2020-06-11 19:29 - 2020-06-12 20:09 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2020-06-11 19:29 - 2020-06-12 09:26 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2020-06-11 19:29 - 2020-06-11 19:29 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-06-11 19:29 - 2020-06-11 19:29 - 000001867 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-06-11 19:29 - 2020-06-11 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2020-06-11 19:28 - 2020-06-11 19:28 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-06-11 19:28 - 2020-06-11 19:28 - 000000000 ____D C:\Program Files\Malwarebytes 2020-06-11 19:26 - 2020-06-12 09:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2020-06-11 18:12 - 2020-06-13 20:41 - 000000000 ____D C:\Users\Pati\AppData\LocalLow\Mozilla 2020-06-11 16:08 - 2020-06-13 21:46 - 000000000 ____D C:\FRST 2020-06-11 16:08 - 2020-06-11 16:08 - 002289152 _____ (Farbar) C:\Users\Pati\Downloads\FRST64.exe 2020-06-11 15:32 - 2020-06-11 15:32 - 000000000 ____D C:\ProgramData\SystemAcCrux 2020-06-11 15:31 - 2020-06-11 15:31 - 000000000 ____D C:\Program Files\EaseUS ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2020-06-13 21:40 - 2011-06-25 16:20 - 000003982 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{4EC4E476-C5DB-4EA3-929F-9E2A508BD543} 2020-06-13 19:23 - 2009-07-14 06:45 - 000014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-06-13 19:23 - 2009-07-14 06:45 - 000014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-06-13 19:13 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-06-13 09:00 - 2012-09-13 18:07 - 000000000 ____D C:\Program Files (x86)\WinRAR 2020-06-13 08:56 - 2011-09-13 18:53 - 000000000 ____D C:\Users\Pati\AppData\LocalLow\Temp 2020-06-13 08:50 - 2010-11-24 04:17 - 000000000 ____D C:\Program Files (x86)\McAfee 2020-06-12 21:14 - 2011-10-22 13:22 - 000000000 ____D C:\Program Files\WinRAR 2020-06-12 21:08 - 2013-12-06 23:31 - 000000000 ____D C:\ProgramData\Origin 2020-06-12 21:08 - 2013-12-06 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2020-06-12 21:08 - 2012-09-14 22:27 - 000000000 ____D C:\Program Files\PDFCreator 2020-06-12 21:07 - 2011-06-30 17:04 - 000000000 ____D C:\Program Files (x86)\Opera 2020-06-12 21:05 - 2011-07-11 20:07 - 000000000 ____D C:\Program Files (x86)\Java 2020-06-12 21:03 - 2011-07-14 17:54 - 000000000 ____D C:\Program Files (x86)\NAPI-PROJEKT 2020-06-12 20:11 - 2011-07-13 16:45 - 000000000 ____D C:\Users\NeroMediaHomeUser.4 2020-06-12 20:11 - 2011-06-21 17:25 - 000000000 ____D C:\Users\Pati 2020-06-12 20:10 - 2012-01-08 14:45 - 000000000 ____D C:\Windows\Minidump 2020-06-12 18:23 - 2011-10-22 13:49 - 000000000 ____D C:\Users\Pati\AppData\Local\ESET 2020-06-12 16:49 - 2013-04-18 21:29 - 000000000 ____D C:\Program Files (x86)\Delta 2020-06-12 09:52 - 2020-03-29 20:15 - 000000000 ____D C:\Windows\system32\MRT 2020-06-12 09:20 - 2014-03-28 17:20 - 000000000 ____D C:\project-open 2020-06-12 09:20 - 2012-08-21 22:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-06-12 03:03 - 2020-03-29 20:15 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2020-06-11 23:20 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache 2020-06-11 21:05 - 2011-07-13 15:12 - 000000000 ____D C:\Users\Pati\Documents\Youcam 2020-06-11 20:59 - 2012-07-29 15:16 - 000000000 ____D C:\Program Files (x86)\Ashampoo_PO 2020-06-11 20:59 - 2011-10-22 13:26 - 000000000 ____D C:\Program Files (x86)\TNod User & Password Finder 2020-06-11 20:59 - 2011-07-13 15:17 - 000000000 ____D C:\Users\Pati\Desktop\programy 2020-06-11 19:34 - 2018-05-12 13:39 - 000000000 ____D C:\Users\Pati\AppData\Local\CrashDumps 2020-06-11 19:26 - 2012-08-21 22:35 - 000000000 ____D C:\Users\Pati\AppData\Roaming\Mozilla 2020-06-11 19:26 - 2012-08-21 22:34 - 000000000 ____D C:\ProgramData\Mozilla 2020-06-11 17:40 - 2010-11-25 06:30 - 000000000 ____D C:\Program Files (x86)\Bing Bar Installer 2020-06-10 19:57 - 2020-01-18 21:44 - 000000000 ____D C:\Users\Pati\Desktop\pulpit 2020-06-10 19:29 - 2011-07-07 15:26 - 000002190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-06-10 19:29 - 2011-07-07 15:26 - 000002149 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-06-10 19:29 - 2011-07-07 15:26 - 000002149 _____ C:\ProgramData\Desktop\Google Chrome.lnk ==================== Pliki w katalogu głównym wybranych folderów ======== 2013-12-19 19:08 - 2017-12-14 19:08 - 000000323 _____ () C:\Users\Pati\AppData\Roaming\WB.CFG ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) LastRegBack: 2020-06-11 23:10 ==================== Koniec FRST.txt ========================