Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 09-11-2019 Uruchomiony przez Gosia (administrator) GOSIA-KOMPUTER (Dell Inc. Inspiron N5010) (09-11-2019 15:20:24) Uruchomiony z C:\Users\Gosia\Desktop Załadowane profile: Gosia (Dostępne profile: Gosia) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Browny02\BrYNSvc.exe (Dell Inc. -> Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) [Brak podpisu cyfrowego] C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (Dell Inc.) [Brak podpisu cyfrowego] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) [Brak podpisu cyfrowego] C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (G DATA Software AG -> G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G DATA Software AG -> G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (G DATA Software AG -> G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G DATA Software AG -> G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe (G DATA Software AG -> G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKBackup\AVKBackupService.exe (G DATA Software AG -> G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G DATA Software AG -> G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG -> G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler64.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation -> © 2015 Microsoft Corporation) C:\Users\Gosia\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.) [Brak podpisu cyfrowego] HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc. -> Dell Inc.) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [3415592 2019-04-23] (G DATA Software AG -> G DATA Software AG) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G DATA\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [688680 2019-04-23] (G DATA Software AG -> G DATA Software AG) HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== UWAGA HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== UWAGA HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\MountPoints2: F - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\MountPoints2: {0ba667f2-e12e-11e8-bed9-b3a1cf2b5574} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\MountPoints2: {19e6b412-a02e-11e9-bd89-b47e8e106079} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\MountPoints2: {1c782a81-43fb-11e9-89a4-90f18cf9dc78} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\MountPoints2: {4b97d9bb-93e0-11e8-8f70-978803602f78} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\MountPoints2: {4b97dbde-93e0-11e8-8f70-978803602f78} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\MountPoints2: {6072884d-2132-11e8-a73f-806e6f6e6963} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\MountPoints2: {64972dfe-2322-11e9-8bbb-95a16e2f8965} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\MountPoints2: {7e296fc1-687b-11e7-94a6-a6a31da5c17f} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\MountPoints2: {80fd820c-68c6-11e7-94ae-f66146a05e79} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\MountPoints2: {82470e64-fd47-11e8-bb92-c27d2e07d863} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\MountPoints2: {c752d4bb-b901-11e8-824e-82eeb37b967e} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\MountPoints2: {e66c621c-7de3-11e7-a11e-e7da36ce3662} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\MountPoints2: {ec2b269b-9ab8-11e7-8f6a-f6d9499afe7b} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-918902183-1542191918-2377714131-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== UWAGA HKU\S-1-5-21-918902183-1542191918-2377714131-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== UWAGA HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.87\Installer\chrmstp.exe [2019-11-07] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {0364E23B-F6CA-4FAC-9625-46A317932FEF} - System32\Tasks\{301822DB-4B42-4C69-A9EC-152890BDBA20} => C:\Windows\system32\pcalua.exe -a "C:\Users\Gosia\Desktop\aaaaaaaaa\NuMors передача на клавиатуре\setup.exe" -d "C:\Users\Gosia\Desktop\aaaaaaaaa\NuMors передача на клавиатуре" Task: {048C24BC-B37C-4C3A-B3E4-BD952050B1E5} - System32\Tasks\e-pity2017_styczen => C:\Program Files (x86)\e-file\e-pity\Assets\signxml.exe Task: {15C25B31-D9E4-4E91-A692-4C025D10A22E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA Task: {2172250C-9AAD-45A5-85E5-981BDF8968EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-25] (Google Inc -> Google Inc.) Task: {22BDA68E-1B01-4F56-A989-43FEC0B9FE25} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA Task: {26C35056-71EA-4DD4-AAA9-9553004C21C3} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe Task: {2BC70A84-4115-48C2-B61C-9C78F9A7E3D3} - System32\Tasks\{26094BAA-A14C-4F1A-9951-8E733D3EF469} => C:\Users\Gosia\Desktop\SupportAssistLauncher.exe Task: {32907163-CD03-4682-9B31-512CB64896C3} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: {3D460340-831E-4B74-9928-4B59B4E8B5FD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {42BBAFAA-4099-4C25-89B1-55081C6F9C53} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA Task: {5D439EC0-2D8D-430E-A718-FC3EB307525D} - System32\Tasks\{9B3C0E03-E1B0-4FDD-9C61-2A83A9D76FBC} => C:\Users\Gosia\Desktop\SupportAssistLauncher.exe Task: {659124D2-917F-4B32-AB71-EDF3CFDC5B0C} - System32\Tasks\{BE316AE7-24F6-49AB-BE58-AD00B8E2DB1A} => C:\Windows\system32\pcalua.exe -a "C:\Users\Gosia\Downloads\KochMorseTrainer Install (2).exe" -d C:\Users\Gosia\Downloads Task: {6A0BEA66-A246-4003-B02C-B28DE7458A3E} - System32\Tasks\update-S-1-5-21-918902183-1542191918-2377714131-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: {6DF55367-E36F-484A-8547-ACBD6A7A4EE5} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [3728896 2017-07-28] (File Type Advisor) [Brak podpisu cyfrowego] Task: {70E92C76-703D-433B-B0C9-73D984787DA1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16494464 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {78E81816-DBDB-4E60-AF4C-BC933CD2E160} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems) Task: {7BE11F95-CEEA-42F6-8D01-D9F7D87E8C13} - System32\Tasks\e-pity2017_kwiecien => C:\Program Files (x86)\e-file\e-pity\Assets\signxml.exe Task: {8C205AE8-93FD-4D45-8398-18B847B933C3} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Brak pliku <==== UWAGA Task: {9600E03E-AE63-4E93-B447-55CBA2DBCB0D} - System32\Tasks\{5B96BBC2-5F34-4733-850F-FDE9EF6741C1} => C:\Windows\system32\pcalua.exe -a C:\Users\Gosia\AppData\Local\Temp\Temp1_RevelationV2_[www.programosy.pl].zip\SetupRevelationV2.exe <==== UWAGA Task: {A2CC6429-07C6-4578-815B-5E20E846030C} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {B327753D-89AD-413E-B26C-FD20D618BEF8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA Task: {B5971195-BCEE-49FC-BB6E-9533D1499776} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-25] (Google Inc -> Google Inc.) Task: {B9E3ED70-E60C-4CC3-B4B8-433B9357BEC6} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Brak pliku <==== UWAGA Task: {CED24606-7EA8-4556-A5C2-5B085D52C07B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA Task: {E066F85D-6007-4319-B63C-441C71A379A0} - System32\Tasks\{672E3E03-5336-4CA7-82A6-97A9F1CE3F1A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe" -d C:\Users\Gosia\Desktop -c launchui (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\update-S-1-5-21-918902183-1542191918-2377714131-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0 Tcpip\..\Interfaces\{0281F0F1-31B8-4889-A321-D76A88AAD3D6}: [DhcpNameServer] 192.168.0.1 0.0.0.0 Tcpip\..\Interfaces\{F778FFAA-788E-463E-B3F2-9732AB07F3F8}: [DhcpNameServer] 192.168.0.1 0.0.0.0 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-918902183-1542191918-2377714131-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-07] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-07] (Google Inc -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-16] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 1 CHR HomePage: Profile 1 -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pl-pl CHR StartupUrls: Profile 1 -> "hxxp://www.interia.pl/" CHR Notifications: Profile 1 -> hxxps://multikino.pl; hxxps://www.eobuwie.com.pl; hxxps://www.facebook.com; hxxps://www.youtube.com CHR Profile: C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default [2019-08-29] CHR DownloadDir: C:\Users\Gosia\Desktop CHR Extension: (Dysk Google) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (Kaspersky Protection) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2018-01-16] CHR Extension: (YouTube) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-25] CHR Extension: (Adblock Plus) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27] CHR Extension: (Google Search) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (AdBlock) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-13] CHR Extension: (Opisz i wyślij screen) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdddabjhelpilpnpgondfmehhcplpiin [2017-01-19] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19] CHR Extension: (Gmail) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-25] CHR Extension: (Chrome Media Router) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08] CHR Profile: C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-08-29] CHR Profile: C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-11-09] CHR Extension: (Dokumenty) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Dysk Google) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-13] CHR Extension: (YouTube) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-13] CHR Extension: (Adblock Plus - darmowy adblocker) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-22] CHR Extension: (Dokumenty Google offline) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16] CHR Extension: (Usuń wszystkie posty Facebook™) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mnjffgbbcofcajpmooahlcnjgpfmpifk [2019-01-05] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-07] CHR Extension: (e-pity - dodatek) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ofoeigeaodhbjogdigckajfhjbonaofg [2019-09-06] CHR Extension: (Gmail) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-24] CHR Profile: C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-29] CHR HKU\S-1-5-21-918902183-1542191918-2377714131-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [5973816 2019-04-23] (G DATA Software AG -> G DATA Software AG) R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [2890568 2019-04-24] (G DATA Software AG -> G Data Software AG) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] R2 GDBackupSvc; C:\Program Files (x86)\G DATA\InternetSecurity\AVKBackup\AVKBackupService.exe [4315176 2019-04-23] (G DATA Software AG -> G DATA Software AG) R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3847024 2019-04-24] (G DATA Software AG -> G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [1493520 2019-04-23] (G DATA Software AG -> G DATA Software AG) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-25] (Microsoft Windows -> Microsoft Corporation) R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.) R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-05-08] (Techporch Incorporated -> Dell Inc.) S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation) S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2019-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [47664 2019-05-14] (G DATA Software AG -> G DATA Software AG) R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [38984 2018-10-10] (G DATA Software AG -> G DATA Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [507648 2019-05-14] (G DATA Software AG -> G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [217240 2019-05-14] (G DATA Software AG -> G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [76960 2019-05-14] (G DATA Software AG -> G DATA Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [125640 2018-02-21] (G DATA Software AG -> G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [233864 2019-05-14] (G DATA Software AG -> G Data Software AG) S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows (R) Win 7 DDK provider) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (Sqa.com(Test) -> QUALCOMM Incorporated) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2019-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-10-25] (Disc Soft Ltd -> Duplex Secure Ltd.) S3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [515584 2010-06-17] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [Brak podpisu cyfrowego] S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) =================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-11-09 15:20 - 2019-11-09 15:22 - 000023363 _____ C:\Users\Gosia\Desktop\FRST.txt 2019-11-09 15:18 - 2019-11-09 15:18 - 000000000 ____D C:\Users\Gosia\Desktop\FRST-OlderVersion 2019-11-09 15:17 - 2019-11-09 15:21 - 000000000 ____D C:\FRST 2019-11-08 22:56 - 2019-11-09 15:18 - 002259968 _____ (Farbar) C:\Users\Gosia\Desktop\FRST64.exe 2019-11-03 17:02 - 2019-08-19 02:49 - 000287232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys 2019-11-03 17:02 - 2019-08-19 02:49 - 000226560 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbmdm.sys 2019-11-03 17:02 - 2019-08-19 02:49 - 000127360 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_cdcacm.sys 2019-11-03 17:02 - 2019-08-19 02:49 - 000116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_usbdev.sys 2019-11-03 17:02 - 2019-08-19 02:49 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys 2019-11-03 17:02 - 2019-08-19 02:49 - 000018944 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbccgpfilter.sys 2019-10-28 11:49 - 2019-10-28 11:58 - 000000448 _____ C:\Users\Gosia\cwstudio.ini 2019-10-28 11:48 - 2019-10-28 11:48 - 000000000 ____D C:\Users\Gosia\Desktop\cwstudio-0.9.6-win-dos 2019-10-24 18:23 - 2019-10-25 11:30 - 000000000 ____D C:\Users\Gosia\Desktop\Opony nowe 2019-10-24 16:15 - 2019-11-04 13:12 - 000000000 ____D C:\Users\Gosia\Desktop\opony 2019-10-22 18:24 - 2019-10-22 18:24 - 000039354 _____ C:\Users\Gosia\Desktop\Bilet_23485.pdf 2019-10-21 13:21 - 2019-10-21 13:21 - 000994015 _____ C:\Users\Gosia\Desktop\kodeks_cywilny_ujednolicony_2015.pdf 2019-10-16 19:40 - 2019-09-19 05:30 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll 2019-10-16 19:40 - 2019-09-19 05:27 - 000110592 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll 2019-10-16 19:40 - 2019-09-17 03:33 - 000162016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2019-10-16 19:40 - 2019-09-17 03:28 - 000738816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2019-10-16 19:40 - 2019-09-10 03:27 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2019-10-16 19:40 - 2019-09-10 03:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2019-10-16 19:40 - 2019-09-10 01:09 - 002863104 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2019-10-16 19:40 - 2019-09-10 01:09 - 001717760 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2019-10-16 19:40 - 2019-09-10 01:09 - 000802816 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2019-10-16 19:40 - 2019-09-10 01:09 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2019-10-16 19:40 - 2019-09-10 01:09 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2019-10-16 19:40 - 2019-09-10 01:09 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2019-10-16 19:40 - 2019-09-10 01:09 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2019-10-16 19:40 - 2019-09-10 01:09 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2019-10-14 18:47 - 2019-10-14 18:47 - 000000000 ____D C:\Users\Gosia\AppData\Local\LogMeIn 2019-10-14 18:47 - 2019-10-14 18:47 - 000000000 ____D C:\ProgramData\LogMeIn 2019-10-10 19:29 - 2019-10-10 19:30 - 000000000 ____D C:\Users\Gosia\Desktop\HANIA ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-11-09 15:13 - 2017-11-27 23:26 - 000000388 _____ C:\Windows\Tasks\update-S-1-5-21-918902183-1542191918-2377714131-1000.job 2019-11-09 14:44 - 2009-07-14 05:45 - 000015456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-11-09 14:44 - 2009-07-14 05:45 - 000015456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-11-09 14:37 - 2015-10-25 23:25 - 000262144 _____ C:\Windows\system32\config\elam 2019-11-09 14:32 - 2017-12-17 11:37 - 000000000 ____D C:\Users\Gosia\AppData\Roaming\FileAdvisor 2019-11-09 14:30 - 2017-11-27 23:26 - 000000388 _____ C:\Windows\Tasks\update-sys.job 2019-11-09 14:30 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-11-08 22:50 - 2016-06-14 12:19 - 000000000 ____D C:\Users\Gosia\AppData\Roaming\Audacity 2019-11-08 21:46 - 2019-09-27 19:28 - 000000309 _____ C:\Users\Gosia\Desktop\Nowy dokument tekstowy.txt 2019-11-07 12:05 - 2018-10-08 17:35 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update 2019-11-07 11:53 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\tracing 2019-11-07 10:33 - 2015-10-25 18:10 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-11-07 10:26 - 2015-10-25 18:10 - 000003484 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2019-11-07 10:26 - 2015-10-25 18:10 - 000003356 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2019-11-07 10:26 - 2015-10-25 18:10 - 000000000 ____D C:\Program Files (x86)\Google 2019-11-04 21:56 - 2015-11-02 18:39 - 000000000 ____D C:\Program Files\Common Files\Apple 2019-11-04 21:56 - 2015-11-02 18:38 - 000000000 ____D C:\ProgramData\Apple 2019-11-04 21:54 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2019-11-04 21:40 - 2018-07-01 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2019-11-04 21:30 - 2018-06-19 14:24 - 001099776 ___SH C:\Users\Gosia\Desktop\Thumbs.db 2019-10-30 18:44 - 2009-07-14 18:55 - 000741726 _____ C:\Windows\system32\perfh015.dat 2019-10-30 18:44 - 2009-07-14 18:55 - 000156766 _____ C:\Windows\system32\perfc015.dat 2019-10-30 18:44 - 2009-07-14 06:13 - 001697194 _____ C:\Windows\system32\PerfStringBackup.INI 2019-10-30 17:23 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF 2019-10-28 11:49 - 2015-10-24 17:53 - 000000000 ____D C:\Users\Gosia 2019-10-28 09:59 - 2015-11-12 11:19 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-10-25 11:09 - 2019-08-31 15:05 - 000000000 ____D C:\Users\Gosia\AppData\Roaming\ObviousIdea 2019-10-24 19:42 - 2019-09-08 19:50 - 000000000 ____D C:\Users\Gosia\Desktop\Pogoda 2019-10-21 12:11 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache 2019-10-21 12:10 - 2015-10-26 17:20 - 000000000 ____D C:\Users\Gosia\AppData\Local\ElevatedDiagnostics 2019-10-20 19:48 - 2015-10-25 21:54 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2019-10-16 20:11 - 2015-10-27 20:58 - 000000000 ___SD C:\Windows\system32\CompatTel 2019-10-16 20:11 - 2015-10-27 20:58 - 000000000 ____D C:\Windows\system32\appraiser 2019-10-16 19:47 - 2015-10-25 14:23 - 001669800 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2019-10-14 18:49 - 2015-10-25 20:40 - 000000000 ____D C:\Users\Gosia\AppData\Local\Adobe 2019-10-10 14:12 - 2016-10-08 19:20 - 000000000 ____D C:\Windows\pss 2019-10-10 13:58 - 2019-05-07 18:08 - 000308696 _____ C:\Windows\system32\FNTCACHE.DAT 2019-10-10 13:55 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions ==================== Pliki w katalogu głównym wybranych folderów ======== 2016-03-12 10:26 - 2016-03-12 10:26 - 000000000 _____ () C:\Users\Gosia\AppData\Roaming\gdfw.log 2016-03-12 10:26 - 2016-08-31 20:58 - 000001558 _____ () C:\Users\Gosia\AppData\Roaming\gdscan.log 2016-05-14 22:41 - 2019-03-14 13:51 - 000007599 _____ () C:\Users\Gosia\AppData\Local\Resmon.ResmonCfg 2017-11-27 23:26 - 2017-11-27 23:26 - 000000003 _____ () C:\Users\Gosia\AppData\Local\updater.log 2017-11-27 23:26 - 2017-11-27 23:28 - 000000059 _____ () C:\Users\Gosia\AppData\Local\UserProducts.xml ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) LastRegBack: 2019-10-30 09:55 ==================== Koniec FRST.txt ========================