Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 05-04-2022 Uruchomiony przez Tom (administrator) DESKTOP-7NRDIOE (07-04-2022 09:35:00) Uruchomiony z C:\Users\Tom\Desktop Załadowane profile: Tom Platform: Microsoft Windows 10 Enterprise 2016 LTSB Wersja 1607 14393.4886 (X64) Język: Polski (Polska) Domyślna przeglądarka: Chrome Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareDesktop.exe ->) (Adaware Software (Lavasoft Software Canada Inc.) -> ) C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.191.0\QtWebEngineProcess.exe (C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareTray.exe ->) (Adaware Software (Lavasoft Software Canada Inc.) -> ) C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareDesktop.exe (cmd.exe ->) (Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.BrowserExtensionHost.exe (explorer.exe ->) () [Brak podpisu cyfrowego] C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe (explorer.exe ->) () [Brak podpisu cyfrowego] C:\Program Files\HD Audio PCI-e Audio Device\CPL\FaceLift_x64.exe (explorer.exe ->) () [Brak podpisu cyfrowego] C:\Windows\System\GfsMgr64.exe (explorer.exe ->) () [Brak podpisu cyfrowego] C:\Windows\System\HsMgr64.exe (explorer.exe ->) () [Brak podpisu cyfrowego] C:\Windows\SysWOW64\ExMgr.exe (explorer.exe ->) () [Brak podpisu cyfrowego] C:\Windows\SysWOW64\GfsMgr.exe (explorer.exe ->) (Adaware Software (Lavasoft Software Canada Inc.) -> ) C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareTray.exe (explorer.exe ->) (Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.exe (explorer.exe ->) (BUREL VINCENT -> VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <36> (explorer.exe ->) (JRiver, Inc. -> JRiver, Inc.) [Brak podpisu cyfrowego] C:\Program Files\J River\Media Center 24\Media Center 24.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (services.exe ->) (Adaware Software (Lavasoft Software Canada Inc.) -> ) C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareService.exe (services.exe ->) (Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\AdguardSvc.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe (svchost.exe ->) (ALCPU -> ALCPU) C:\Program Files\Core Temp\Core Temp.exe (svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe <4> ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [GFS64] => C:\Windows\system\GfsMgr64.exe [286720 2013-04-26] () [Brak podpisu cyfrowego] HKLM\...\Run: [GFS] => C:\Windows\syswow64\GfsMgr.exe [204800 2013-04-26] () [Brak podpisu cyfrowego] HKLM\...\Run: [SC808HDEX] => C:\Windows\syswow64\ExMgr.exe [204800 2011-02-26] () [Brak podpisu cyfrowego] HKLM\...\Run: [SC808HDSound] => C:\Program Files\HD Audio PCI-e Audio Device\CPL\FaceLift_x64.exe [2401792 2015-07-28] () [Brak podpisu cyfrowego] HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [13463552 2015-08-11] (C-Media Corporation) [Brak podpisu cyfrowego] HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () [Brak podpisu cyfrowego] HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () [Brak podpisu cyfrowego] HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [AdAwareTray] => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareTray.exe [4876024 2021-12-08] (Adaware Software (Lavasoft Software Canada Inc.) -> ) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-3750971359-2291300900-3584184018-1001\...\Run: [OscarEditor] => C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe [3345408 2012-08-17] () [Brak podpisu cyfrowego] HKU\S-1-5-21-3750971359-2291300900-3584184018-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5703528 2020-11-20] (Adguard Software Limited -> Adguard Software Ltd) HKU\S-1-5-21-3750971359-2291300900-3584184018-1001\...\MountPoints2: {dae32736-2132-11ec-98d2-bc5ff448238d} - "J:\HiSuiteDownLoader.exe" HKLM\...\Windows x64\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1100PP.DLL [74240 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\...\Print\Monitors\Advanced TCP/IP Port Monitor: C:\Windows\system32\mvtcpmon.dll [541184 2009-06-25] (Marvell Semiconductor, Inc.) [Brak podpisu cyfrowego] HKLM\...\Print\Monitors\HP1100LM: C:\Windows\system32\HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-25] (Google LLC -> Google LLC) Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JRiver Media Center 24.lnk [2020-01-25] ShortcutTarget: JRiver Media Center 24.lnk -> C:\Program Files\J River\Media Center 24\Media Center 24.exe (JRiver, Inc. -> JRiver, Inc.) [Brak podpisu cyfrowego] Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2022-04-05] ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe (BUREL VINCENT -> VB-AUDIO Software) GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {137922D4-8A73-4B5E-B0C9-877B4BA1ABBF} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [109697976 2021-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task => {35EF4182-F900-4632-B072-8639E4478A61} Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task => {35EF4182-F900-4632-B072-8639E4478A61} Task: {247BC336-4BEC-4060-9D29-85FD6704F96E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.) Task: {62EF5E2B-E63B-47E5-83F3-1F11DCB68740} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2021-01-08] (Microsoft Windows -> Microsoft Corporation) Task: {8A32DA49-46C3-4733-8AF3-BB1BCDA00F6C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {A7136BAF-D18A-4CE7-97EF-8EFBF042DB54} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2021-01-08] (Microsoft Windows -> Microsoft Corporation) Task: {EEA6839F-A037-4E66-9696-ED219676A220} - System32\Tasks\Core Temp Autostart Tom => C:\Program Files\Core Temp\Core Temp.exe [1011592 2019-08-30] (ALCPU -> ALCPU) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{8090b525-2dd2-4c0d-ae04-22fade6b83cb}: [NameServer] 45.95.11.175,193.37.68.40 Tcpip\..\Interfaces\{8090b525-2dd2-4c0d-ae04-22fade6b83cb}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF DefaultProfile: nn9rk9bi.default FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nn9rk9bi.default [2022-04-07] FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\ottt41rp.default-release-1623336488532 [2022-04-07] FF Session Restore: Mozilla\Firefox\Profiles\ottt41rp.default-release-1623336488532 -> [funkcja włączona] FF Extension: (Simple Translate) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\ottt41rp.default-release-1623336488532\Extensions\simple-translate@sienori.xpi [2021-11-21] FF Extension: (Tab Session Manager) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\ottt41rp.default-release-1623336488532\Extensions\Tab-Session-Manager@sienori.xpi [2021-11-21] FF Extension: (Dark space - The best dynamic theme) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\ottt41rp.default-release-1623336488532\Extensions\{22b0eca1-8c02-4c0d-a5d7-6604ddd9836e}.xpi [2021-06-11] FF Extension: (DarkTheme) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\ottt41rp.default-release-1623336488532\Extensions\{99c277af-d778-4a0b-9faa-b1d8165f0a55}.xpi [2021-06-11] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default [2022-04-07] CHR DownloadDir: I:\SCIAGANE CHR Notifications: Default -> hxxps://www.szybkiezwroty.pl CHR Session Restore: Default -> [funkcja włączona] CHR Extension: (Prezentacje) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-06-10] CHR Extension: (Dokumenty) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-06-10] CHR Extension: (Dysk Google) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24] CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-24] CHR Extension: (Session Buddy) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2021-06-10] CHR Extension: (Asystent przeglądarki AdGuard) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbohpolgemkbfphodcfgnpjcmedcjhpn [2022-03-04] CHR Extension: (Arkusze) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-06-10] CHR Extension: (Dodatek Google Analytics Opt-out firmy Google) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2021-06-10] CHR Extension: (Dokumenty Google offline) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-09] CHR Extension: (Szafir SDK Web) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjalhnomhafafofonpdihihjnbafkipc [2021-10-04] CHR Extension: (Simple Translate) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibplnjkanclpjokhdolnendpplpjiace [2022-03-09] CHR Extension: (Morpheon Dark) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2022-01-18] CHR Extension: (Ghostery – Bloker reklam chroniący prywatność) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2022-03-26] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-10] CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22] CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\System Profile [2022-04-07] CHR HKLM-x32\...\Chrome\Extension: [mlomiejdfkolichcflejclcbmpeaniij] Opera: ======= OPR Profile: C:\Users\Tom\AppData\Roaming\Opera Software\Opera Stable [2022-04-07] OPR Extension: (Rich Hints Agent) - C:\Users\Tom\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-03-26] OPR Extension: (Amazon Assistant Promotion) - C:\Users\Tom\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-03-26] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 adawareantivirusservice; C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareService.exe [587104 2021-12-08] (Adaware Software (Lavasoft Software Canada Inc.) -> ) R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [177000 2020-11-20] (Adguard Software Limited -> Adguard Software Ltd) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.) S3 ATLOISAService; C:\Windows\system\ATLOISAService.exe [512000 2013-10-26] (Cmedia Electronics Inc.) [Brak podpisu cyfrowego] S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8615864 2020-05-20] (BattlEye Innovations e.K. -> ) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2020-01-26] (EasyAntiCheat Oy -> Epic Games, Inc) R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [126880 2012-09-27] (Hewlett-Packard Company -> HP) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2020-01-24] () [Brak podpisu cyfrowego] S3 MagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [347576 2021-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 Media Center 24 Service; C:\Program Files\J River\Media Center 24\JRService.exe [448912 2018-07-26] (JRiver, Inc. -> JRiver, Inc.) R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [347576 2021-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2866144 2021-11-02] (Microsoft Corporation -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-24] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-24] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [93184 2020-04-07] (Microsoft Windows Hardware Compatibility Publisher -> ) R3 ALSysIO; C:\Users\Tom\AppData\Local\Temp\ALSysIO64.sys [47240 2022-04-07] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== UWAGA R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2020-01-24] (ASROCK Incorporation -> ASRock Incorporation) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2014-07-30] (ASROCK Incorporation -> ASRock Inc.) R3 AsrVDrive; C:\Windows\system32\DRIVERS\AsrVDrive.sys [24400 2015-02-03] (ASROCK Incorporation -> ASRock Inc.) S3 AxtuDrv; C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [21768 2020-01-24] (ASROCK Incorporation -> RW-Everything) S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider) S3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-MEDIA ELECTRONICS INC. -> C-Media Inc) R3 FMHdAudAddService; C:\Windows\system32\DRIVERS\SC808HDB64.sys [64000 2014-12-19] (C-MEDIA ELECTRONICS INC. -> C-Media Electronics Inc.) R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [176008 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC) R3 jrvad_service; C:\Windows\system32\drivers\JRiverWDMDriver.sys [47480 2018-07-02] (JRiver, Inc. -> JRiver, Inc.) R3 mango_dev_ad; C:\Windows\system32\drivers\mango_ad.sys [32768 2015-05-29] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) S3 mango_dev_usb; C:\Windows\System32\Drivers\mango_usb.sys [24576 2015-05-29] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] (Microsoft Windows -> ) S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group) R0 secnvme; C:\Windows\System32\drivers\secnvme.sys [134000 2019-09-27] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 VBAudioVMAUXVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmauxvaio64_win10.sys [71920 2022-04-03] (Vincent Burel -> Windows (R) Win 7 DDK provider) R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win10.sys [71712 2022-04-03] (Vincent Burel -> Windows (R) Win 7 DDK provider) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [45664 2020-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [355760 2020-01-24] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-24] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2022-04-07 09:21 - 2022-04-07 09:21 - 000000008 __RSH C:\ProgramData\ntuser.pol 2022-04-07 09:17 - 2022-04-07 09:21 - 000010451 _____ C:\Users\Tom\Desktop\Fixlog.txt 2022-04-07 08:33 - 2022-04-07 09:35 - 000021364 _____ C:\Users\Tom\Desktop\FRST.txt 2022-04-07 08:33 - 2022-04-07 08:32 - 002365440 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe 2022-04-07 07:48 - 2022-04-07 07:48 - 000002399 _____ C:\Users\Public\Desktop\Adaware Antivirus.lnk 2022-04-07 07:48 - 2022-04-07 07:48 - 000000000 ____D C:\Users\Tom\AppData\Roaming\adaware 2022-04-07 07:48 - 2022-04-07 07:48 - 000000000 ____D C:\Users\Tom\AppData\Local\AdAwareDesktop 2022-04-07 07:48 - 2022-04-07 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware 2022-04-07 07:48 - 2022-04-07 07:48 - 000000000 ____D C:\Program Files\adaware 2022-04-07 07:47 - 2022-04-07 07:47 - 000000000 ____D C:\ProgramData\adaware 2022-04-07 00:05 - 2022-04-07 00:05 - 000000000 ____D C:\Users\Tom\AppData\Local\ESET 2022-04-06 23:09 - 2022-04-07 07:00 - 000000000 ____D C:\ProgramData\PCPitstopDat 2022-04-06 23:08 - 2022-04-07 07:00 - 000000000 ____D C:\ProgramData\PCPitstop 2022-04-06 23:08 - 2022-04-07 07:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Pitstop 2022-04-06 22:49 - 2022-04-06 22:49 - 000619140 _____ C:\ProgramData\cl.1649278071.bdinstall.v2.bin 2022-04-06 22:49 - 2022-04-06 22:49 - 000111268 _____ C:\ProgramData\cl.kit.1649278070.bdinstall.v2.bin 2022-04-06 22:49 - 2022-04-06 22:49 - 000000000 ____D C:\ProgramData\Gemma 2022-04-06 22:49 - 2022-04-06 22:49 - 000000000 ____D C:\ProgramData\Atc 2022-04-06 22:49 - 2022-04-06 22:49 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4 2022-04-06 22:48 - 2022-04-06 22:48 - 000000000 ____D C:\Windows\system32\elambkup 2022-04-06 22:48 - 2022-04-06 22:48 - 000000000 ____D C:\ProgramData\BDLogging 2022-04-06 22:33 - 2022-04-07 09:35 - 000000000 ____D C:\FRST 2022-04-05 07:28 - 2022-04-05 07:28 - 000001140 _____ C:\Users\Tom\Desktop\Revo Uninstaller Pro.lnk 2022-04-04 23:19 - 2015-05-29 09:22 - 000024576 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\mango_usb.sys 2022-04-04 23:19 - 2015-05-29 09:21 - 000032768 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\mango_ad.sys 2022-04-04 08:01 - 2022-04-04 08:01 - 000000000 ____D C:\ProgramData\WavePad 2022-04-03 22:15 - 2022-04-03 22:15 - 000000000 ____D C:\Program Files (x86)\round emerge 2022-04-03 08:31 - 2022-04-07 08:30 - 000042988 _____ C:\Users\Tom\AppData\Roaming\VoiceMeeterBananaDefault.xml 2022-04-03 08:21 - 2022-04-03 08:21 - 000001298 _____ C:\Users\Tom\Desktop\Voicemeeter Banana.LNK 2022-04-03 08:02 - 2022-04-05 08:17 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio 2022-04-03 08:02 - 2022-04-05 08:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio 2022-04-03 08:02 - 2022-04-05 08:17 - 000000000 ____D C:\Program Files\VB 2022-04-03 08:02 - 2022-04-03 08:02 - 000071920 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vbaudio_vmauxvaio64_win10.sys 2022-04-03 08:01 - 2022-04-05 08:17 - 000000000 ____D C:\Program Files (x86)\VB 2022-04-03 08:01 - 2022-04-03 08:01 - 000071712 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vbaudio_vmvaio64_win10.sys 2022-04-03 00:04 - 2022-04-06 10:04 - 000000000 ____D C:\Users\Tom\AppData\Roaming\TIDAL 2022-04-03 00:04 - 2022-04-03 00:04 - 000002193 _____ C:\Users\Tom\Desktop\TIDAL.lnk 2022-04-03 00:04 - 2022-04-03 00:04 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TIDAL Music AS 2022-04-03 00:04 - 2022-04-03 00:04 - 000000000 ____D C:\Users\Tom\AppData\Local\TIDAL 2022-04-03 00:04 - 2022-04-03 00:04 - 000000000 ____D C:\Users\Tom\AppData\Local\SquirrelTemp 2022-03-27 00:15 - 2022-04-05 00:27 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Disc-Soft 2022-03-27 00:15 - 2022-03-27 00:15 - 000000000 ____D C:\Users\Tom\AppData\Local\Disc_Soft_Ltd 2022-03-27 00:14 - 2022-04-05 00:27 - 000000000 ____D C:\ProgramData\Disc-Soft 2022-03-26 21:31 - 2022-04-06 22:28 - 000000000 ____D C:\AdwCleaner 2022-03-26 21:19 - 2022-04-07 07:02 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2022-03-26 21:05 - 2022-03-26 21:05 - 000000008 _____ C:\ProgramData\ts.dat 2022-03-26 21:05 - 2022-03-26 21:05 - 000000004 _____ C:\ProgramData\lock.dat 2022-03-26 21:05 - 2022-03-26 21:05 - 000000004 _____ C:\ProgramData\lir.bats 2022-03-26 20:58 - 2022-03-26 21:04 - 000000000 _____ C:\Windows\system32\userDns.conf 2022-03-26 20:58 - 2022-03-26 20:58 - 000001397 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk 2022-03-26 20:58 - 2022-03-26 20:58 - 000000000 ____D C:\Users\Tom\AppData\Local\Opera Software 2022-03-26 20:57 - 2022-03-26 21:06 - 000000000 ____D C:\ProgramData\DiskOptimizer 2022-03-26 20:57 - 2022-03-26 20:57 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Opera Software 2022-03-26 20:57 - 2022-03-26 20:57 - 000000000 ____D C:\Users\Tom\AppData\Local\Package Cache 2022-03-20 20:52 - 2022-03-20 20:52 - 000000772 _____ C:\Users\Tom\Desktop\TaxMachine PITy - pity roczne, e-deklaracje.lnk 2022-03-12 22:09 - 2022-03-14 23:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2022-04-07 09:34 - 2021-01-11 19:32 - 000000000 ____D C:\ProgramData\Adguard 2022-04-07 09:27 - 2020-01-24 03:44 - 001647884 _____ C:\Windows\system32\PerfStringBackup.INI 2022-04-07 09:27 - 2016-07-17 00:03 - 000570338 _____ C:\Windows\system32\perfh015.dat 2022-04-07 09:27 - 2016-07-17 00:03 - 000111070 _____ C:\Windows\system32\perfc015.dat 2022-04-07 09:27 - 2016-07-16 13:45 - 000000000 ____D C:\Windows\INF 2022-04-07 09:21 - 2021-11-30 23:49 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Samsung Magician 2022-04-07 09:21 - 2021-01-11 19:32 - 000000000 ____D C:\Program Files (x86)\Adguard 2022-04-07 09:21 - 2020-01-24 03:48 - 000000000 __SHD C:\Users\Tom\IntelGraphicsProfiles 2022-04-07 09:21 - 2020-01-24 03:37 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2022-04-07 09:20 - 2016-07-16 08:04 - 000032768 _____ C:\Windows\system32\config\BBI 2022-04-07 09:19 - 2021-04-12 08:45 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Temp 2022-04-07 09:17 - 2016-07-16 13:47 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2022-04-07 09:17 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy 2022-04-07 08:46 - 2020-01-26 23:45 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Mozilla 2022-04-07 08:45 - 2020-01-26 23:45 - 000000000 ____D C:\ProgramData\Mozilla 2022-04-07 08:26 - 2020-01-24 03:37 - 000000000 ____D C:\Windows\system32\SleepStudy 2022-04-06 23:10 - 2016-07-16 13:47 - 000000000 ___SD C:\Windows\Downloaded Program Files 2022-04-06 22:12 - 2016-07-16 13:47 - 000000000 ___HD C:\Windows\ELAMBKUP 2022-04-06 22:10 - 2020-01-25 23:50 - 000000000 ____D C:\Users\Tom\AppData\Roaming\uTorrent 2022-04-06 21:45 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\system32\NDF 2022-04-05 23:31 - 2021-06-05 18:30 - 000002106 _____ C:\Users\Tom\Desktop\Key.txt 2022-04-05 08:23 - 2020-01-24 18:23 - 000007659 _____ C:\Users\Tom\AppData\Local\Resmon.ResmonCfg 2022-04-05 08:13 - 2020-01-25 17:27 - 000000000 ____D C:\Users\Tom\AppData\Local\ElevatedDiagnostics 2022-04-04 21:53 - 2020-01-24 09:39 - 000021288 _____ (RW-Everything) C:\Windows\SysWOW64\Drivers\ArdDrv.sys 2022-04-04 08:01 - 2020-01-24 03:43 - 000000000 ____D C:\ProgramData\Package Cache 2022-04-03 17:42 - 2020-12-15 00:48 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Spotify 2022-04-03 17:40 - 2020-12-15 00:48 - 000000000 ____D C:\Users\Tom\AppData\Local\Spotify 2022-03-27 08:55 - 2020-01-24 03:40 - 000000000 ____D C:\Users\Tom 2022-03-26 20:29 - 2020-01-24 04:11 - 000000000 ____D C:\Program Files (x86)\Google 2022-03-25 23:30 - 2020-01-24 04:12 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-03-25 23:30 - 2020-01-24 04:12 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2022-03-20 20:52 - 2020-05-18 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxMachine PITy 2022-03-16 19:15 - 2021-11-29 10:33 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk 2022-03-16 19:15 - 2021-11-29 10:33 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk 2022-03-16 19:15 - 2020-01-28 20:09 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2022-03-14 23:42 - 2020-05-05 08:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2022-03-09 00:52 - 2020-01-24 10:00 - 000000000 ____D C:\Windows\system32\MRT 2022-03-09 00:50 - 2020-01-24 10:00 - 145666720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Pliki w katalogu głównym wybranych folderów ======== 2020-02-11 12:23 - 2020-11-05 09:14 - 000000258 _____ () C:\ProgramData\fontcacheev1.dat 2022-03-26 21:05 - 2022-03-26 21:05 - 000000004 _____ () C:\ProgramData\lock.dat 2022-03-26 21:05 - 2022-03-26 21:05 - 000000008 _____ () C:\ProgramData\ts.dat 2019-08-05 23:16 - 2020-08-09 21:40 - 000051448 _____ () C:\Program Files (x86)\AutoMapa EU.md5 2022-04-03 08:31 - 2022-04-07 08:30 - 000042988 _____ () C:\Users\Tom\AppData\Roaming\VoiceMeeterBananaDefault.xml 2021-02-10 17:02 - 2021-02-10 17:08 - 000000027 _____ () C:\Users\Tom\AppData\Local\ExeLock.lg 2021-02-10 17:06 - 2021-02-10 17:06 - 000000016 _____ () C:\Users\Tom\AppData\Local\lck 2020-01-24 18:23 - 2022-04-05 08:23 - 000007659 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) LastRegBack: 2022-04-03 09:38 ==================== Koniec FRST.txt ========================