Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 01.12.2018 01 Uruchomiony przez Clear (administrator) ELITE (08-12-2018 17:40:09) Uruchomiony z C:\Users\Clear\Downloads Załadowane profile: Clear (Dostępne profile: Clear & Niebezpieczny) Platform: Windows 7 Professional N Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ESET) D:\Programy\ESET\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Sandboxie Holdings, LLC) D:\Programy\Sandboxie\SbieSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\ProgramData\Internet Mobilny\OnlineUpdate\ouc.exe () C:\ProgramData\OnlineUpdate\ouc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Sandboxie Holdings, LLC) D:\Programy\Sandboxie\SbieCtrl.exe (ESET) D:\Programy\ESET\egui.exe (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe () C:\Windows\System32\igfxTray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Update\Install\{0E8123FC-4DA1-462D-BC43-2C2952ACD45A}\70.0.3538.110_69.0.3497.100_chrome_updater.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Google Inc.) C:\Windows\Temp\CR_23ED0.tmp\setup.exe (Google Inc.) C:\Windows\Temp\CR_23ED0.tmp\setup.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Vivaldi Technologies AS) C:\Users\Clear\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS) C:\Users\Clear\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS) C:\Users\Clear\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS) C:\Users\Clear\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS) C:\Users\Clear\AppData\Local\Vivaldi\Application\vivaldi.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.9126.2315\OfficeClickToRun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\perfmon.exe (Vivaldi Technologies AS) C:\Users\Clear\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS) C:\Users\Clear\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS) C:\Users\Clear\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS) C:\Users\Clear\AppData\Local\Vivaldi\Application\vivaldi.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\msconfig.exe (Vivaldi Technologies AS) C:\Users\Clear\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS) C:\Users\Clear\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS) C:\Users\Clear\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS) C:\Users\Clear\AppData\Local\Vivaldi\Application\vivaldi.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893104 2013-08-23] (ELAN Microelectronics Corp.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor) HKLM\...\Run: [egui] => D:\Programy\ESET\ecmdS.exe [324216 2017-10-20] (ESET) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\Run: [SandboxieControl] => D:\Programy\Sandboxie\SbieCtrl.exe [799376 2016-12-14] (Sandboxie Holdings, LLC) HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2016-06-20] (TrueCrypt Foundation) HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\Run: [GoogleChromeAutoLaunch_F0F38BD3E534892FD0751B15B157222C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1469784 2018-09-15] (Google Inc.) HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [1348096 2018-02-10] (Adobe Systems Incorporated) HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\RunOnce: [Uninstall 18.151.0729.0012\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Clear\AppData\Local\Microsoft\OneDrive\18.151.0729.0012\amd64" HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\RunOnce: [Uninstall 18.151.0729.0012] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Clear\AppData\Local\Microsoft\OneDrive\18.151.0729.0012" HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {0159c990-4b03-11e4-9d40-8c89a50ee1a3} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {09ead996-adb3-11e3-b0a9-6c71d9b4ba30} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {1176abed-3f0d-11e4-812e-001e101f2500} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {132f8cb4-6397-11e5-b079-df3982a9d1dc} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {1985ec63-8bf8-11e3-90f6-6c71d9b4ba30} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {202b5aa1-3d77-11e4-83fb-001e101f2c0e} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {52e7e7ef-78bc-11e4-9683-8c89a50ee1a3} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {559117b4-bc7e-11e6-a677-96a004afb088} - H:\LG_PC_Programs.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {64f0d647-2a90-11e6-a931-001e101f57d0} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {659f7a0e-9b4b-11e4-9826-001e101f36d9} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {659f7a10-9b4b-11e4-9826-001e101f36d9} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {8906daa1-0b2f-11e7-8239-6c71d9b4ba30} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {8dcca204-7616-11e8-a7fc-f8b70cd1d0c9} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {9b441729-3d8c-11e4-9a7c-8c89a50ee1a3} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {bcde041b-960b-11e6-a6e9-6c71d9b4ba30} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {bcde0443-960b-11e6-a6e9-6c71d9b4ba30} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {bcde04d2-960b-11e6-a6e9-840128d9946c} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {bcde04e3-960b-11e6-a6e9-840128d9946c} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {bd384451-9e30-11e8-abd1-6c71d9b4ba30} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {cb04ee30-96f3-11e6-bdc5-c4463eb7d6a9} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {cb04ee80-96f3-11e6-bdc5-6c71d9b4ba30} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {cb04ee9a-96f3-11e6-bdc5-6c71d9b4ba30} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {cb04eeef-96f3-11e6-bdc5-6c71d9b4ba30} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {cb04f01c-96f3-11e6-bdc5-6c71d9b4ba30} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {cb04f055-96f3-11e6-bdc5-6c71d9b4ba30} - G:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {de1aabc8-6e1e-11e8-adc9-6c71d9b4ba30} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {de1aabe0-6e1e-11e8-adc9-6c71d9b4ba30} - F:\AutoRun.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {e37bf6a4-ba77-11e4-9030-a857e3f2ab40} - G:\LG_PC_Programs.exe HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\...\MountPoints2: {eb672bec-963f-11e3-a2c7-6c71d9b4ba30} - F:\AutoRun.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [171896 2017-10-27] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [149552 2017-10-27] (NVIDIA Corporation) Startup: C:\Users\Clear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-06-19] ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited) Startup: C:\Users\Clear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wysyłanie do programu OneNote.lnk [2018-09-20] ShortcutTarget: Wysyłanie do programu OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-16] (Bigfoot Networks, Inc.) Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-16] (Bigfoot Networks, Inc.) Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-16] (Bigfoot Networks, Inc.) Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-16] (Bigfoot Networks, Inc.) Winsock: Catalog9 16 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-16] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [216064 2013-05-16] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [216064 2013-05-16] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [216064 2013-05-16] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [216064 2013-05-16] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 16 C:\Windows\system32\BfLLR.dll [216064 2013-05-16] (Bigfoot Networks, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{6684BD3F-8378-4397-A96D-D2E311ED9EF8}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{8B415A3D-27CB-435F-AB2D-FEBF94BE90B4}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{9BADFA77-E3BB-449E-8C67-7AE4819009A2}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{A6A886CA-50CE-447B-A77A-CEFC90D443B5}: [DhcpNameServer] 192.168.44.1 Tcpip\..\Interfaces\{B6B79C70-F7F8-45CF-B1F1-8235EA50E02A}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{CC69E41F-1823-4701-989B-03F4CEF64C44}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKU\S-1-5-21-2709051668-3738397495-2910340050-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-21] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-09-21] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-09-21] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-22] (Microsoft Corporation) BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> D:\Programy\Visual Studio Ultimate\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-09-21] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-09-21] (Microsoft Corporation) Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 15\SPMIEToolbar64.dll [2014-07-29] (Steganos Software GmbH) Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 15\SPMIEToolbar.dll [2014-08-04] (Steganos Software GmbH) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-22] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-22] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-22] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-22] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies) FireFox: ======== FF DefaultProfile: g4hnuy0g.default FF ProfilePath: C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default [2018-09-28] FF NetworkProxy: Mozilla\Firefox\Profiles\g4hnuy0g.default -> backup.ftp", "47.91.235.15" FF Session Restore: Mozilla\Firefox\Profiles\g4hnuy0g.default -> [funkcja włączona] FF Extension: (Facebook Chat Download) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\952f9ffg4ab7ac650@dd218dbabd8.xpi [2017-11-29] [Przestarzałe] FF Extension: (Facebook Chat History Manager) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\fbchathistory@firechm.com.xpi [2017-12-03] [Przestarzałe] FF Extension: (Firebug) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\firebug@software.joehewitt.com.xpi [2018-05-12] [Przestarzałe] FF Extension: (Ghostery – Bloker reklam chroniący prywatność) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\firefox@ghostery.com.xpi [2018-04-21] FF Extension: (MEGA) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\firefox@mega.co.nz.xpi [2018-06-19] FF Extension: (AdF.ly Skipper ★WORKING: 6/1/2017★) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi [2017-06-02] FF Extension: (Google™ Translator) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2016-12-18] [Przestarzałe] FF Extension: (User-Agent Switcher) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\jid1-kyxEAcWua7BEKq@jetpack.xpi [2017-05-13] [Przestarzałe] FF Extension: (Strict Pop-up Blocker) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2017-08-06] [Przestarzałe] FF Extension: (tb7.pl) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\jid1-yA1PzMgpqSEk1Q@jetpack.xpi [2018-06-21] FF Extension: (Torrent Tornado) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\s3torrent@tornado.xpi [2018-06-21] [Przestarzałe] FF Extension: (Tab Counter) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\tabcounter@morac.xpi [2016-03-09] [Przestarzałe] FF Extension: (uBlock Origin) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\uBlock0@raymondhill.net.xpi [2018-05-16] FF Extension: (ChatZilla) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2016-11-10] [Przestarzałe] FF Extension: (Message Seen Disable for Facebook™) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\{7b9de502-149c-8165-ec2c-db01128febfe}.xpi [2017-12-24] FF Extension: (Web of Trust) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-04-18] FF Extension: (Simple RSS Reader (SRR)) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\{A5475360-A7EA-437b-9A79-29208F476940}.xpi [2018-08-20] [Przestarzałe] FF Extension: (FireFTP) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2017-11-16] [Przestarzałe] FF Extension: (Complete YouTube Saver) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2017-06-13] [Przestarzałe] FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2018-05-09] FF Extension: (Video DownloadHelper) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-10-21] [Przestarzałe] FF Extension: (Cookies Manager+) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-07-28] [Przestarzałe] FF Extension: (Adblock Plus) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-16] FF Extension: (DownThemAll!) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-10-12] [Przestarzałe] FF Extension: (Greasemonkey) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-05-16] [Przestarzałe] FF Extension: (Brak nazwy) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\g4hnuy0g.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [nie znaleziono] FF ProfilePath: C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\kjxbx3p3.dev-edition-default [2018-06-18] FF Extension: (ADB Helper) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\kjxbx3p3.dev-edition-default\Extensions\adbhelper@mozilla.org.xpi [2018-03-31] [Przestarzałe] FF Extension: (Valence) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\kjxbx3p3.dev-edition-default\Extensions\fxdevtools-adapters@mozilla.org [2017-08-15] [Przestarzałe] FF Extension: (Torrent Tornado) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\kjxbx3p3.dev-edition-default\Extensions\s3torrent@tornado.xpi [2017-09-08] [Przestarzałe] FF Extension: (Web of Trust) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\kjxbx3p3.dev-edition-default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-06-18] FF Extension: (Complete YouTube Saver) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\kjxbx3p3.dev-edition-default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2017-07-21] [Przestarzałe] FF Extension: (Adblock Plus) - C:\Users\Clear\AppData\Roaming\Mozilla\Firefox\Profiles\kjxbx3p3.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-22] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 15\spmplugin3 FF Extension: (Steganos Password Manager) - C:\Program Files (x86)\Steganos Privacy Suite 15\spmplugin3 [2014-10-09] [Przestarzałe] [Brak podpisu cyfrowego] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-02-01] [Przestarzałe] [Brak podpisu cyfrowego] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-10] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-10] () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Programy\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> D:\Programy\DivX\DivX Web Player\npdivx32.dll [2015-06-29] (DivX, LLC) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-22] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-22] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) StartMenuInternet: Firefox-FFD4EDB6BAA7D4C3 - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe Chrome: ======= CHR Profile: C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default [2018-12-08] CHR Extension: (Prezentacje) - C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-24] CHR Extension: (Dokumenty) - C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24] CHR Extension: (Dysk Google) - C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-29] CHR Extension: (sFTP Client Lite) - C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglilkmokhmhonkciijgnfcjhdoelodp [2018-08-26] CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-12-08] CHR Extension: (xXNurioXx) - C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpeohkfimdfogdnpcnokjkbpankkmil [2018-12-08] CHR Extension: (YouTube) - C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-29] CHR Extension: (Arkusze) - C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24] CHR Extension: (APK Downloader) - C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgljidimohbcmjdabiecfeikkmpbjegm [2018-09-20] CHR Extension: (Dokumenty Google offline) - C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-26] CHR Extension: (Messages Saver for Facebook™) - C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaimmbbnnhmibhbocchkfcakiankbnlk [2017-11-27] CHR Extension: (Gmail) - C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-29] CHR Extension: (Chrome Media Router) - C:\Users\Clear\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-25] CHR Profile: C:\Users\Clear\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-24] Opera: ======= OPR Extension: (TVP.PL Downloader) - C:\Users\Clear\AppData\Roaming\Opera Software\Opera Stable\Extensions\lpbhfckilgccpclafjiapbcelgpfmjfa [2014-12-14] OPR Extension: (Smart RSS) - C:\Users\Clear\AppData\Roaming\Opera Software\Opera Stable\Extensions\nncgmpcdlilgbepbfpeidpjlcdfhmcfp [2016-04-03] OPR Extension: (Adblock Plus) - C:\Users\Clear\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-06-03] StartMenuInternet: (HKLM) OperaStable - D:\Programy\Opera\Launcher.exe ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-04-02] (Realtek Semiconductor Corporation) [Brak podpisu cyfrowego] R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2017-09-04] (AOMEI Tech Co., Ltd.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-25] () R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [Brak podpisu cyfrowego] S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522832 2018-09-06] (Microsoft Corporation) S2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2017-09-18] (Intel) R2 ekrn; D:\Programy\ESET\ekrn.exe [2648184 2017-10-20] (ESET) S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] () R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-08-23] (ELAN Microelectronics Corp.) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2017-01-24] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) S2 Internet Mobilny. RunOuc; C:\Program Files (x86)\Internet Mobilny\UpdateDog\ouc.exe [655712 2011-12-23] () S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) S2 Mobile Partner. RunOuc; D:\Programy\Mobile Partner\UpdateDog\ouc.exe [657504 2012-11-01] () R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-27] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-27] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2205504 2018-07-19] (Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3075400 2018-07-19] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-08] () R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [503296 2013-05-16] () [Brak podpisu cyfrowego] R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [Brak podpisu cyfrowego] R2 SbieSvc; D:\Programy\Sandboxie\SbieSvc.exe [197776 2016-12-14] (Sandboxie Holdings, LLC) S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] () S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [Brak podpisu cyfrowego] R2 Themes; C:\Windows\system32\themeservice.dll [44544 2018-05-20] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] () S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) S3 wifimansvc; D:\Programy\Mobile Partner\eap\wifimansvc.exe [605696 2012-11-10] () [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [51120 2016-12-21] () R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [171952 2016-12-21] () S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-25] () S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] () R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [38320 2017-09-01] () S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [30208 2016-08-31] (LG Electronics Inc.) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (LG Electronics Inc.) R3 BthAudioHF; C:\Windows\System32\drivers\RtkHfp.sys [91208 2013-02-26] (Realtek Semiconductor Corporation) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132848 2017-10-20] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107344 2017-03-09] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2017-10-20] (ESET) R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50752 2017-03-09] (ESET) R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [78192 2017-03-09] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [60544 2017-03-09] (ESET) R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [102160 2017-10-20] (ESET) S3 h647906; C:\Windows\System32\drivers\h647906.sys [62576 2008-12-01] (Your Corporation) S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41096 2008-12-01] (Your Corporation) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-03-07] (Huawei Technologies Co., Ltd.) R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [165824 2013-05-16] (Qualcomm Atheros, Inc.) S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.) S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-10-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50808 2017-10-27] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-10-27] (NVIDIA Corporation) R3 RtkA2dp; C:\Windows\System32\drivers\RtkA2dp.sys [177736 2013-04-18] (Realtek Semiconductor Corporation) R3 RtkAvrcp; C:\Windows\System32\DRIVERS\RtkAvrcp.sys [61152 2012-12-27] (Realtek Semiconductor Corporation) R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [535624 2013-03-28] (Realtek Semiconductor Corporation) S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1475728 2012-11-16] (Realtek Semiconductor Corporation ) R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [407112 2013-04-28] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1475728 2012-11-16] (Realtek Semiconductor Corporation ) R3 SbieDrv; D:\Programy\Sandboxie\SbieDrv.sys [205968 2016-12-14] (Sandboxie Holdings, LLC) S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] () R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-07-29] (Softwareentwicklung Remus - ArchiCrypt - ) S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2016-02-17] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2016-02-17] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2016-02-17] (LG Electronics Inc.) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) R3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [27064 2017-01-03] (Windows (R) Win 7 DDK provider) R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-28] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-28] (Oracle Corporation) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-05-16] (Oracle Corporation) R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2017-01-08] (BigNox Corporation) R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2017-01-08] (BigNox Corporation) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-12-08 17:40 - 2018-12-08 17:47 - 000041505 _____ C:\Users\Clear\Downloads\FRST.txt 2018-12-08 17:38 - 2018-12-08 17:40 - 000000000 ____D C:\FRST 2018-12-08 17:34 - 2018-12-08 17:34 - 002417152 _____ (Farbar) C:\Users\Clear\Downloads\FRST64.exe 2018-12-08 17:22 - 2018-12-08 17:22 - 000003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1414006718 ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-12-08 17:25 - 2009-07-14 05:50 - 000020336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-12-08 17:25 - 2009-07-14 05:50 - 000020336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-12-08 17:23 - 2017-07-27 09:24 - 000003166 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2709051668-3738397495-2910340050-1000 2018-12-08 17:22 - 2016-06-29 23:42 - 000002201 _____ C:\Users\Clear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2018-12-08 17:22 - 2016-06-29 23:42 - 000000000 ___RD C:\Users\Clear\OneDrive 2018-12-08 17:17 - 2014-02-01 14:19 - 000000000 ____D C:\ProgramData\NVIDIA 2018-12-08 17:10 - 2011-04-12 13:11 - 000745560 _____ C:\Windows\system32\perfh015.dat 2018-12-08 17:10 - 2011-04-12 13:11 - 000158198 _____ C:\Windows\system32\perfc015.dat 2018-12-08 17:10 - 2009-07-14 06:12 - 001679164 _____ C:\Windows\system32\PerfStringBackup.INI 2018-12-08 17:10 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2018-12-08 16:08 - 2014-10-02 08:47 - 000000000 __SHD C:\Users\Clear\IntelGraphicsProfiles 2018-12-08 16:03 - 2017-12-07 11:18 - 000000000 ____D C:\ProgramData\OnlineUpdate 2018-12-08 16:02 - 2015-01-27 21:02 - 000000091 _____ C:\HaxLogs.txt 2018-12-08 16:01 - 2018-03-10 13:34 - 000000082 _____ C:\Windows\SysWOW64\winsevr.dat 2018-12-08 16:01 - 2018-03-10 13:34 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper 2018-12-08 16:01 - 2016-06-18 20:36 - 000000000 ____D C:\ProgramData\Realtek 2018-12-08 16:01 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-12-03 16:40 - 2017-12-03 16:40 - 000098304 _____ () C:\Users\Clear\fbchathistory.dat 2016-10-20 19:17 - 2009-04-14 21:31 - 000991232 ____R (Huawei Technologies Co., Ltd.) C:\Users\Clear\AppData\Roaming\LiveUpdate.exe 2016-10-20 19:17 - 2016-10-20 19:17 - 000000696 _____ () C:\Users\Clear\AppData\Roaming\LiveUpdate.ini 2016-10-20 19:17 - 2008-10-11 09:38 - 000927504 _____ (Microsoft Corporation) C:\Users\Clear\AppData\Roaming\mfc40u.dll 2016-10-20 19:17 - 2006-12-02 10:54 - 001060864 _____ (Microsoft Corporation) C:\Users\Clear\AppData\Roaming\mfc71.dll 2016-10-20 19:17 - 2006-12-02 10:54 - 001047552 _____ (Microsoft Corporation) C:\Users\Clear\AppData\Roaming\MFC71u.dll 2016-10-20 19:17 - 2008-10-11 09:38 - 000413696 _____ (Microsoft Corporation) C:\Users\Clear\AppData\Roaming\msvcp60.dll 2016-10-20 19:17 - 2006-12-02 10:54 - 000499712 _____ (Microsoft Corporation) C:\Users\Clear\AppData\Roaming\msvcp71.dll 2016-10-20 19:17 - 2006-12-02 10:54 - 000348160 _____ (Microsoft Corporation) C:\Users\Clear\AppData\Roaming\msvcr71.dll 2016-10-20 19:17 - 2009-04-14 21:28 - 000151552 ____R (Huawei Technologies Co., Ltd.) C:\Users\Clear\AppData\Roaming\XMessageBox.dll 2016-06-18 20:35 - 2018-12-08 17:10 - 000038542 _____ () C:\Users\Clear\AppData\Local\BTServer.log 2015-03-26 21:12 - 2018-05-03 17:12 - 000012288 _____ () C:\Users\Clear\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-01 18:37 - 2014-02-01 18:40 - 000000291 _____ () C:\Users\Clear\AppData\Local\killertool.log 2016-07-23 15:48 - 2016-07-23 15:48 - 000000760 _____ () C:\Users\Clear\AppData\Local\Nox_crash.log 2017-07-18 10:09 - 2017-07-18 10:18 - 000000600 _____ () C:\Users\Clear\AppData\Local\PUTTY.RND 2014-02-19 15:56 - 2018-07-18 10:13 - 000007596 _____ () C:\Users\Clear\AppData\Local\resmon.resmoncfg 2018-08-04 15:41 - 2018-08-04 15:41 - 000000000 _____ () C:\Users\Clear\AppData\Local\{0E0F2EBD-E031-4C13-930B-22E414A314B1} 2018-07-18 04:23 - 2018-07-18 04:23 - 000000000 _____ () C:\Users\Clear\AppData\Local\{2F0D7F90-0E46-4319-9757-A65E65D380DB} 2018-05-26 01:15 - 2018-05-26 01:15 - 000000000 _____ () C:\Users\Clear\AppData\Local\{E6E9D5AC-040D-4A18-997C-0C0AEFE9015E} Niektóre pliki w TEMP: ==================== 2018-04-17 18:33 - 2018-04-17 18:33 - 001884616 _____ (Oracle Corporation) C:\Users\Clear\AppData\Local\Temp\jre-8u171-windows-au.exe 2015-11-30 12:33 - 2015-12-31 17:09 - 000204800 _____ (Sony DADC Austria AG) C:\Users\Niebezpieczny\AppData\Local\Temp\drm_dyndata_7400009.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-09-20 11:44 ==================== Koniec FRST.txt ============================