Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 15-04-2020 Uruchomiony przez krzysztof (administrator) LENOVO (LENOVO 4174CW8) (15-04-2020 22:27:28) Uruchomiony z C:\FRST64 Załadowane profile: UpdatusUser & krzysztof (Dostępne profile: Laptop & UpdatusUser & krzysztof) Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (@ByELDI -> @ByELDI) [Brak podpisu cyfrowego] C:\Program Files\KMSpico\Service_KMS.exe (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (AuthenTec, Inc. -> Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Ericsson AB -> Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel(R) Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (LENOVO -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (LENOVO -> Lenovo) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> ) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant Systems, Inc. -> Conexant systems, Inc.) HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86312 2013-03-05] (AuthenTec, Inc. -> Authentec Inc.) HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files (x86)\Opera\assistant\browser_assistant.exe [3024920 2020-04-08] (Opera Software AS -> Opera Software) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-07] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\...\Authentication\Credential Providers: [{18CBEEAA-6708-41A1-9379-D08915333CF2}] -> C:\Program Files\ThinkVantage Fingerprint Software\provider.dll [2013-03-05] (AuthenTec, Inc. -> Authentec Inc.) HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\ThinkPad\Bluetooth Software\\BtwCP.dll [2013-05-14] (Broadcom Corporation -> Broadcom Corporation.) HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll [2013-05-14] (Broadcom Corporation -> Broadcom Corporation.) HKLM\Software\...\Authentication\Credential Provider Filters: [{AE583D93-8D1B-424F-9858-5623FB7824EE}] -> C:\Program Files\ThinkVantage Fingerprint Software\provider.dll [2013-03-05] (AuthenTec, Inc. -> Authentec Inc.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-10-29] (NVIDIA CORPORATION -> NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-10-29] (NVIDIA CORPORATION -> NVIDIA Corporation) Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-04-23] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.) Startup: C:\Users\krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\serwer.bat [2015-06-02] () [Brak podpisu cyfrowego] Startup: C:\Users\krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wysyłanie do programu OneNote.lnk [2020-03-12] ShortcutTarget: Wysyłanie do programu OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {1316FCF3-0396-40A1-B7BF-2C27159F327A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-05-08] (Google Inc -> Google Inc.) Task: {1D2250E3-3D00-459F-AB72-F9AA49AA4D3A} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [Brak podpisu cyfrowego] Task: {1FF7C604-A12D-4ED7-896D-97EFD1C3CE4D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [16832 2015-07-01] (LENOVO -> Lenovo) Task: {40C3CD00-F60E-4B95-9101-FAD29D8F450F} - System32\Tasks\Opera scheduled Autoupdate 1431457071 => C:\Program Files (x86)\Opera\launcher.exe [1355800 2020-04-08] (Opera Software AS -> Opera Software) Task: {4BBB549F-F4A5-48C6-AFBE-22FEC79ADD5E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [1163560 2016-11-01] (Microsoft Corporation -> Microsoft Corporation) Task: {52355A8F-928E-4B4E-8872-8182C42D247F} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758984 2020-01-08] (Lenovo -> ) Task: {838A33EF-9077-4192-A3F4-3399FBAAE88A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1f14422d8d4e8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-05-08] (Google Inc -> Google Inc.) Task: {8B08D520-8C1B-4393-BAA0-1CB4C2F792CB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [977672 2016-11-01] (Microsoft Corporation -> Microsoft Corporation) Task: {8B40DA37-E5B5-44F6-9B7F-5338EFEFDF39} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems) Task: {B3A34FBA-D03D-4FD8-8DE4-B9EA5980D388} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [3649704 2016-04-14] (LENOVO -> Lenovo Group Limited) Task: {CE96DE33-6E3B-4C14-99D9-CEDA66B8E5ED} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758984 2020-01-08] (Lenovo -> ) Task: {DB154BF2-A323-452A-986B-42AB275B644F} - System32\Tasks\Opera scheduled assistant Autoupdate 1576957726 => C:\Program Files (x86)\Opera\launcher.exe [1355800 2020-04-08] (Opera Software AS -> Opera Software) Task: {DCB69001-1D50-4FFA-AAEC-24778CB385B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-05-08] (Google Inc -> Google Inc.) Task: {FF16AEBC-768C-488A-BE9C-669F40F4B49A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [977672 2016-11-01] (Microsoft Corporation -> Microsoft Corporation) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: Nie znaleziono pliku Hosts w domyślnym katalogu Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{5E08AB2C-270B-4A94-B272-FFDF974FAD8F}: [DhcpNameServer] 10.0.1.4 Tcpip\..\Interfaces\{D55E75A1-D75A-4BEC-9E01-550B9E4772A3}: [DhcpNameServer] 192.168.43.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com HKU\S-1-5-21-3927854613-2608156586-4117075644-1001\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com HKU\S-1-5-21-3927854613-2608156586-4117075644-1002\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation -> Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation -> Microsoft Corporation) DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxps://kitchenplanner.ikea.com/pl/Core/Player/2020PlayerAX_IKEA_Win32.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-08-09] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: 9klbp651.default FF DefaultProfile: 39s6seyr.default FF ProfilePath: C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\iigqej75.czysty [2020-03-13] FF ProfilePath: C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default [2020-04-15] FF Homepage: Mozilla\Firefox\Profiles\9klbp651.default -> about:blank FF Extension: (Youtube to audio converter) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\2conv@hotger.com.xpi [2018-09-09] FF Extension: (Flash Video Downloader) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\artur.dubovoy@gmail.com.xpi [2018-09-09] FF Extension: (Flash Video Downloader) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\ductloanphuok@gmail.com.xpi [2019-12-15] FF Extension: (British English Dictionary (Updated)) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\en-gb@flyingtophat.co.uk [2015-08-27] [Przestarzałe] [Brak podpisu cyfrowego] FF Extension: (Ghostery – Bloker reklam chroniący prywatność) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\firefox@ghostery.com.xpi [2020-03-25] FF Extension: (FlashStopper) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\flashstopper@byo.co.il.xpi [2018-09-09] [Przestarzałe] FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2020-03-25] FF Extension: (Eliminator Slajdów) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\jid0-GaZOxvWNYcafEsmayJDIG3XXVi8@jetpack.xpi [2015-09-17] [Przestarzałe] FF Extension: (Open Multiple URLs) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\openmultipleurls@ustat.de.xpi [2020-03-25] FF Extension: (uBlock Origin) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\uBlock0@raymondhill.net.xpi [2020-03-25] FF Extension: (RefControl) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2017-11-08] [Przestarzałe] FF Extension: (ScrapBook) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2016-08-29] [Przestarzałe] FF Extension: (YouTube Classic) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\{6acd0f4d-ab79-4b79-9b28-8bde65ae355c}.xpi [2019-10-25] FF Extension: (YouTube Converter Button) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\{8f4bbf79-5514-4d04-a901-d5fabfe91d73}.xpi [2019-10-08] FF Extension: (CookieCuller) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2016-05-02] [Przestarzałe] FF Extension: (Greasemonkey) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-03-25] FF Extension: (User Agent Switcher) - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\9klbp651.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2017-11-08] [Przestarzałe] FF ProfilePath: C:\Users\krzysztof\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\39s6seyr.default [2020-02-29] FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2014-07-09] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2014-07-09] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-06] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-28] (NVIDIA CORPORATION -> NVIDIA Corporation) [Brak podpisu cyfrowego] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-28] (NVIDIA CORPORATION -> NVIDIA Corporation) [Brak podpisu cyfrowego] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3927854613-2608156586-4117075644-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\krzysztof\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-03-21] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FF Plugin HKU\S-1-5-21-3927854613-2608156586-4117075644-1002: SkypeForBusinessPlugin-16.2 -> C:\Users\krzysztof\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.498\npGatewayNpapi.dll [2019-07-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin HKU\S-1-5-21-3927854613-2608156586-4117075644-1002: SkypeForBusinessPlugin64-16.2 -> C:\Users\krzysztof\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.498\npGatewayNpapi-x64.dll [2019-07-03] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default [2020-04-15] CHR Notifications: Default -> hxxps://book.lufthansa.com; hxxps://hqcollect.me; hxxps://wfirma.pl; hxxps://www-flyuia-com.gravitec.net CHR Extension: (Prezentacje) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Flash Video Downloader) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2019-05-07] CHR Extension: (Dokumenty) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Dysk Google) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-27] CHR Extension: (YouTube) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29] CHR Extension: (uBlock Origin) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-02-06] CHR Extension: (Google Search) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-27] CHR Extension: (Arkusze) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Dokumenty Google offline) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-13] CHR Extension: (Stream Video Downloader) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2020-03-27] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04] CHR Extension: (Gmail) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24] CHR Extension: (Chrome Media Router) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation -> Microsoft Corporation) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (LENOVO -> Lenovo.) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-10-25] (Mixbyte Inc -> Freemake) S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [710144 2016-09-06] (LENOVO -> Lenovo.) R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB -> Ericsson AB) ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 5U877; C:\Windows\System32\DRIVERS\5U877.sys [166016 2011-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh co.,Ltd.) S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-06-13] (Ericsson AB -> Ericsson AB) S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-06-13] (Ericsson AB -> Ericsson AB) S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB -> Ericsson AB) S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation -> MCCI Corporation) S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation -> MCCI Corporation) S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation -> MCCI Corporation) S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation -> MCCI Corporation) R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [97792 2012-05-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [217600 2012-05-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-10-29] (NVIDIA Corporation -> NVIDIA Corporation) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2020-04-15] (PAIPTAC Driver -> ) R2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [101888 2011-05-25] (Microsoft Windows Hardware Compatibility Publisher -> REDC) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated -> Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (AuthenTec, Inc. -> Authentec Inc.) S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB -> Ericsson AB) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) =================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2020-04-13 22:40 - 2020-04-14 14:47 - 000000000 ____D C:\Users\krzysztof\Downloads\wfirma 2020-04-05 20:55 - 2020-04-05 20:55 - 002133068 _____ C:\Users\krzysztof\Downloads\TexasBukkake.com Natalie Rae.mp4 2020-04-05 00:28 - 2020-04-15 22:19 - 000185856 _____ C:\Users\krzysztof\Desktop\windykacje!.xls 2020-04-03 16:06 - 2020-04-03 16:06 - 000604653 _____ C:\Users\krzysztof\Downloads\46605494_2255101574814012_868516771794346922_n.mp4 2020-03-29 21:50 - 2020-04-15 10:51 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-03-26 10:08 - 2020-03-26 10:46 - 000000000 ____D C:\Users\krzysztof\Downloads\Andrea Riseborough 2020-03-25 22:48 - 2020-03-25 22:48 - 024311298 _____ C:\Users\krzysztof\Downloads\Videoansprache Prof Dr Winfried Speitkamp[540, Mp4].mp4 2020-03-21 09:20 - 2020-03-21 09:20 - 000000000 ____D C:\Users\krzysztof\Documents\Zoom 2020-03-21 09:20 - 2020-03-21 09:20 - 000000000 ____D C:\Users\krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2020-03-21 09:19 - 2020-03-21 09:20 - 000000000 ____D C:\Users\krzysztof\AppData\Roaming\Zoom ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2020-04-15 22:27 - 2020-03-12 21:23 - 000000000 ____D C:\FRST 2020-04-15 22:26 - 2020-03-12 21:23 - 000000000 ____D C:\FRST64 2020-04-15 21:56 - 2009-07-14 06:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-04-15 21:56 - 2009-07-14 06:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-04-15 21:55 - 2015-06-29 21:02 - 000000000 ____D C:\Users\krzysztof\AppData\Roaming\uTorrent 2020-04-15 18:54 - 2017-07-05 17:37 - 000031152 _____ C:\Windows\system32\Drivers\pmxdrv.sys 2020-04-15 14:43 - 2020-01-02 00:52 - 000540672 _____ C:\Users\krzysztof\Desktop\teraz 2020 Q1.xls 2020-04-15 09:42 - 2015-05-12 19:46 - 000000000 ____D C:\Program Files (x86)\Opera 2020-04-15 09:41 - 2015-05-12 20:57 - 000003884 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1431457071 2020-04-15 08:50 - 2019-10-24 22:37 - 000101888 _____ C:\Users\krzysztof\Desktop\wydatki teraz.xls 2020-04-15 08:36 - 2015-05-08 16:44 - 000001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2020-04-13 11:47 - 2017-03-04 17:13 - 000000000 ____D C:\Users\krzysztof\Downloads\zxc 2020-04-12 21:58 - 2015-05-25 16:01 - 000000000 ____D C:\Users\krzysztof\AppData\Roaming\vlc 2020-04-12 12:25 - 2011-02-04 19:38 - 000756100 _____ C:\Windows\system32\perfh015.dat 2020-04-12 12:25 - 2011-02-04 19:38 - 000161440 _____ C:\Windows\system32\perfc015.dat 2020-04-12 12:25 - 2009-07-14 07:13 - 001703484 _____ C:\Windows\system32\PerfStringBackup.INI 2020-04-12 12:25 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2020-04-08 21:21 - 2019-12-21 21:48 - 000004046 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1576957726 2020-04-02 16:25 - 2020-03-15 14:00 - 000159232 _____ C:\Users\krzysztof\Desktop\pilna windykacja.xls 2020-04-02 11:44 - 2018-09-09 21:55 - 000000000 ____D C:\Users\krzysztof\AppData\LocalLow\Mozilla 2020-03-26 10:44 - 2019-10-22 10:23 - 000000000 ____D C:\pcx2 2020-03-25 22:17 - 2015-05-07 10:07 - 000000000 ____D C:\ProgramData\Mozilla 2020-03-25 22:17 - 2015-05-07 10:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-03-24 20:18 - 2016-10-15 14:00 - 000000000 ____H C:\Users\krzysztof\Downloads\descript.ion 2020-03-20 23:53 - 2016-12-17 12:43 - 000003356 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore1d1f14422d8d4e8 2020-03-20 23:53 - 2015-05-08 16:44 - 000003484 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2020-03-20 19:39 - 2018-02-24 21:44 - 000000000 ____D C:\Users\krzysztof\AppData\Local\Power Query Telemetry 2020-03-20 15:01 - 2015-10-08 15:19 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2020-03-20 15:01 - 2015-10-08 15:19 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2020-03-16 23:23 - 2019-03-10 00:50 - 000000000 ____D C:\1 mov ok ==================== Pliki w katalogu głównym wybranych folderów ======== 2015-06-02 13:57 - 2015-06-02 13:57 - 000000077 _____ () C:\Users\krzysztof\serwer.bat 2016-06-20 16:07 - 2016-11-04 12:19 - 000004608 _____ () C:\Users\krzysztof\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-10-27 01:16 - 2015-10-27 01:16 - 000000218 _____ () C:\Users\krzysztof\AppData\Local\recently-used.xbel 2017-06-06 21:27 - 2017-06-06 21:27 - 000007602 _____ () C:\Users\krzysztof\AppData\Local\Resmon.ResmonCfg 2019-06-01 12:58 - 2019-06-01 12:58 - 000000000 _____ () C:\Users\krzysztof\AppData\Local\{26FE7DE6-A0B2-454F-9208-B312050D83F0} 2019-05-12 17:04 - 2019-05-12 17:04 - 000000000 _____ () C:\Users\krzysztof\AppData\Local\{295EC99A-D8D8-445E-B1D5-46FEDFD73555} 2019-05-08 10:00 - 2019-05-08 10:00 - 000000000 _____ () C:\Users\krzysztof\AppData\Local\{6BFF75F3-C9A5-4397-B022-E67B829A1B35} 2019-04-25 06:33 - 2019-04-25 06:33 - 000000000 _____ () C:\Users\krzysztof\AppData\Local\{A0539E78-897D-4B6E-BDF4-115986E3D058} 2019-04-30 08:32 - 2019-04-30 08:32 - 000000000 _____ () C:\Users\krzysztof\AppData\Local\{B69D4D1D-CE91-431D-B831-0DAEA50240B8} 2019-05-31 10:14 - 2019-05-31 10:14 - 000000000 _____ () C:\Users\krzysztof\AppData\Local\{BC637631-9D07-4FCA-8CDF-A2EEDFD5D865} 2019-05-01 19:41 - 2019-05-01 19:41 - 000000000 _____ () C:\Users\krzysztof\AppData\Local\{D756B32D-7F45-4E22-91F7-39EE31BEFD8C} 2019-05-11 09:03 - 2019-05-11 09:03 - 000000000 _____ () C:\Users\krzysztof\AppData\Local\{EA86D4F2-AD59-48BB-99A4-2F4BA4FBB9D8} 2019-05-30 09:42 - 2019-05-30 09:42 - 000000000 _____ () C:\Users\krzysztof\AppData\Local\{EDB9A4B2-28E0-4A1F-A7BA-13584E2D3614} 2019-05-19 10:14 - 2019-05-19 10:14 - 000000000 _____ () C:\Users\krzysztof\AppData\Local\{F9C6C45A-BED4-469F-ADFB-225B28147814} ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) LastRegBack: 2020-04-10 10:42 ==================== Koniec FRST.txt ========================