Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 12-08.2024 Uruchomiony przez jware (administrator) IGUSIA (MSI MS-7681) (21-08-2024 20:40:01) Uruchomiony z C:\Users\jware\Desktop\FRST64.exe Załadowane profile: jware Platforma: Microsoft Windows 10 Pro Wersja 22H2 19045.4780 (X64) Język: Polski (Polska) Domyślna przeglądarka: FF Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Brak podpisu cyfrowego] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (explorer.exe ->) (Telegram FZ-LLC -> Telegram FZ-LLC) \\IGUSIA\Users\jware\AppData\Roaming\Telegram Desktop\Telegram.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8> (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11> (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Brak podpisu cyfrowego] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WebManagement.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe (services.exe ->) (Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2429.10.0_x64__cv1g1gvanyjgm\WhatsApp.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4> ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [V0770Mon.exe] => C:\WINDOWS\V0770Mon.exe [43120 2015-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.) HKLM-x32\...\Run: [TrayProcess] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe [1413768 2021-07-02] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Brak podpisu cyfrowego] HKLM\Software\Policies\...\system: [EnableSmartScreen] 0 HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\95.0.2.0\GoogleDriveFS.exe [60929128 2024-08-12] (Google LLC -> Google, Inc.) HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\95.0.2.0\GoogleDriveFS.exe [60929128 2024-08-12] (Google LLC -> Google, Inc.) HKU\S-1-5-21-2404278863-482792713-4167860027-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44970408 2024-07-16] (Gen Digital Inc. -> Piriform Software Ltd) HKU\S-1-5-21-2404278863-482792713-4167860027-1002\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49958368 2022-02-01] (Google LLC -> ) HKU\S-1-5-21-2404278863-482792713-4167860027-1002\...\Run: [CiscoMeetingDaemon] => C:\Users\jware\AppData\Local\WebEx\ciscowebexstart.exe [4525896 2021-06-26] (Cisco WebEx LLC -> Cisco Webex LLC) HKU\S-1-5-21-2404278863-482792713-4167860027-1002\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\95.0.2.0\GoogleDriveFS.exe [60929128 2024-08-12] (Google LLC -> Google, Inc.) HKU\S-1-5-21-2404278863-482792713-4167860027-1002\...\Run: [MicrosoftEdgeAutoLaunch_D07D96DC2DED046FA41EECA0AAF1B6C8] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3814952 2024-08-14] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2404278863-482792713-4167860027-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4379496 2024-05-16] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-2404278863-482792713-4167860027-1002\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2748520 2024-05-19] (Electronic Arts, Inc. -> Electronic Arts) HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\95.0.2.0\GoogleDriveFS.exe [60929128 2024-08-12] (Google LLC -> Google, Inc.) HKLM\...\Windows x64\Print Processors\SSP7MPC: C:\Windows\System32\spool\prtprocs\x64\ssp7mpc.dll [36864 2011-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider) HKLM\...\Windows x64\Print Processors\us015PC: C:\Windows\System32\spool\prtprocs\x64\us015pc.dll [52088 2019-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider) HKLM\...\Print\Monitors\PDF Architect 7 Monitor: C:\Windows\system32\spool\DRIVERS\x64\pdf architect_pdfpmon_v.4.12.26.3.dll [932984 2020-01-30] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com)) HKLM\...\Print\Monitors\PDFill Writer Monitor: C:\Program Files (x86)\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll [38824 2021-06-12] (PlotSoft LLC -> Windows (R) Codename Longhorn DDK provider) HKLM\...\Print\Monitors\SSP7M Langmon: C:\WINDOWS\system32\ssp7ml6.dll [34304 2011-06-22] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\...\Print\Monitors\us008 Langmon: us008lm.dll (Brak pliku) HKLM\...\Print\Monitors\us015 Langmon: C:\WINDOWS\system32\us015lm.dll [31096 2019-08-26] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\chrmstp.exe [2024-08-15] (Google LLC -> Google LLC) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA ==================== Zaplanowane zadania (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {51577F72-177A-402A-ABA5-4BD1954E8333} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1563080 2024-07-31] (Adobe Inc. -> Adobe Inc.) Task: {C2A7B059-FB40-4D7E-90A4-5740FCC56B48} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [829408 2024-07-16] (Gen Digital Inc. -> Gen Digital Inc.) Task: {EA0D6210-08D6-46F8-A20A-728152F629A1} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-07-16] (Gen Digital Inc. -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "26d2dac7-0ff0-4ccb-a88c-e3991a3d7ed6" --version "6.26.11169" --silent Task: {61277B5A-BC0F-467B-858C-2229BC2C9D3B} - System32\Tasks\CCleanerSkipUAC - jware => C:\Program Files\CCleaner\CCleaner.exe [38931368 2024-07-16] (Gen Digital Inc. -> Piriform Software Ltd) Task: {19FEB031-3ED0-40A0-B0A0-83989DE27608} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\jware\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2022-01-02] (ESET, spol. s r.o. -> ESET) Task: {CB43A1AE-829B-4704-800E-6F6C30F585E0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\jware\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2022-01-02] (ESET, spol. s r.o. -> ESET) Task: {59F2FA08-C37C-4E2E-AAD4-E727403FF6EB} - System32\Tasks\e-pity2023_kwiecien => C:\Program Files (x86)\e-file\e-pity\Assets\signxml.exe [35328 2024-03-08] (e-file sp. z o.o. sp. k.) [Brak podpisu cyfrowego] Task: {BA26EA70-5869-434D-BEFF-547AB5DD9A8E} - System32\Tasks\e-pity2023_styczen => C:\Program Files (x86)\e-file\e-pity\Assets\signxml.exe [35328 2024-03-08] (e-file sp. z o.o. sp. k.) [Brak podpisu cyfrowego] Task: {4476D3C3-FBA8-484C-BE3A-96AC887BC4FD} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem129.0.6651.0{340A0167-D36D-464B-9EF1-81A0782E8E5D} => C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe [4906600 2024-08-11] (Google LLC -> Google LLC) Task: {542B1893-A31C-4FBE-999A-51C527E49160} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28584424 2024-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {DB70C4F6-C078-4A36-B776-C2D47538F3FB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28584424 2024-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {A323688E-6469-426D-A573-B70A7B0A1934} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312288 2024-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {BF54547C-7CA0-4D36-B0DE-72CC6349F239} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312288 2024-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {9FE50E01-386B-4AD6-B0AA-D85B94B66A91} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [182240 2024-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {AAC45C45-E7D4-47E4-AAC5-802E953DE23C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {EB3D296C-6A91-40B1-AA64-006CCE78F8A5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1ABB2370-3EA7-4EB1-9D62-03E74DF7FCA1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {231B962A-7F2D-4A23-8179-779B66BC8B0C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {08C8A385-2410-448C-9CD4-ACB2E322C5DE} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2404278863-482792713-4167860027-1002 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676936 2024-08-20] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (dane wartości zawierają 6 znaków więcej). Task: {707A9A8B-2F2A-4759-BA5A-5D43D595106C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-08-20] (Mozilla Corporation -> Mozilla Foundation) Task: {2394A870-3598-42C8-8052-1444146BF215} - System32\Tasks\Start - Usługa klawiatury dotykowej i panelu pisma ręcznego => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [455680 2024-02-14] (Microsoft Windows -> Microsoft Corporation) -> C:\\-ExecutionPolicy Bypass -File C:\TabletInputService.ps1 (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{24c60f65-ea72-41f4-82c0-eb3c1d1474f2}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{24c60f65-ea72-41f4-82c0-eb3c1d1474f2}: [DhcpDomain] home Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\jware\AppData\Local\Microsoft\Edge\User Data\Default [2024-08-21] Edge DownloadDir: Default -> C:\Users\jware\Downloads Edge Notifications: Default -> hxxps://czytam.pl; hxxps://ebok.pgnig.pl; hxxps://freebitco.in; hxxps://mail.google.com; hxxps://programtv.onet.pl; hxxps://www.elektroda.pl; hxxps://www.pkobp.pl Edge HomePage: Default -> hxxps://www.google.pl/ Edge StartupUrls: Default -> "hxxps://google.pl/" Edge Extension: (Dokumenty Google offline) - C:\Users\jware\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-29] Edge Extension: (Edge relevant text changes) - C:\Users\jware\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24] Edge Extension: (Translate Selected Text with Google) - C:\Users\jware\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\obocpangfamkffjllmcfnieeoacoheda [2023-04-07] Edge Extension: (uBlock Origin) - C:\Users\jware\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-08-07] Edge Extension: (Super proste automatyczne odświeżanie) - C:\Users\jware\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pgkgdkdbeiajlbfglhnabmkbbfojoncd [2020-12-16] Edge Profile: C:\Users\jware\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2024-08-13] Edge Extension: (Dokumenty Google offline) - C:\Users\jware\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-17] Edge Extension: (Edge relevant text changes) - C:\Users\jware\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24] FireFox: ======== FF DefaultProfile: 5p3pg3hv.default FF ProfilePath: C:\Users\jware\AppData\Roaming\Mozilla\Firefox\Profiles\5p3pg3hv.default [2022-02-06] FF user.js: detected! => C:\Users\jware\AppData\Roaming\Mozilla\Firefox\Profiles\5p3pg3hv.default\user.js [2020-01-23] FF ProfilePath: C:\Users\jware\AppData\Roaming\Mozilla\Firefox\Profiles\o1qn8hyl.default-release-1719352001579 [2024-08-21] FF Homepage: Mozilla\Firefox\Profiles\o1qn8hyl.default-release-1719352001579 -> hxxps://www.google.pl/?hl=pl FF Notifications: Mozilla\Firefox\Profiles\o1qn8hyl.default-release-1719352001579 -> hxxps://freebitco.in FF Extension: (Check4Change) - C:\Users\jware\AppData\Roaming\Mozilla\Firefox\Profiles\o1qn8hyl.default-release-1719352001579\Extensions\check4change-owner@mozdev.org.xpi [2024-06-26] FF Extension: (Snap Links) - C:\Users\jware\AppData\Roaming\Mozilla\Firefox\Profiles\o1qn8hyl.default-release-1719352001579\Extensions\snaplinks@snaplinks.mozdev.org.xpi [2024-06-26] FF Extension: (Google Translator for Firefox) - C:\Users\jware\AppData\Roaming\Mozilla\Firefox\Profiles\o1qn8hyl.default-release-1719352001579\Extensions\translator@zoli.bod.xpi [2024-07-13] FF Extension: (uBlock Origin) - C:\Users\jware\AppData\Roaming\Mozilla\Firefox\Profiles\o1qn8hyl.default-release-1719352001579\Extensions\uBlock0@raymondhill.net.xpi [2024-08-01] FF HKLM\...\Firefox\Extensions: [pdf_architect_7_conv_v.2@pdfforge.org] - C:\Program Files\PDF Architect 7\creator\plugins\FirefoxAddin\pdf_architect_7_conv_v.2@pdfforge.org.xpi => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_7_conv_v.2@pdfforge.org] - C:\Program Files\PDF Architect 7\creator\plugins\FirefoxAddin\pdf_architect_7_conv_v.2@pdfforge.org.xpi => nie znaleziono FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-08-03] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\jware\AppData\Local\Google\Chrome\User Data\Default [2024-08-13] CHR Extension: (Dokumenty Google offline) - C:\Users\jware\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-05] CHR Extension: (Online Security) - C:\Users\jware\AppData\Local\Google\Chrome\User Data\Default\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok [2023-05-05] CHR Extension: (Video Speed Controller) - C:\Users\jware\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2023-05-05] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\jware\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-22] CHR Extension: (e-pity - dodatek) - C:\Users\jware\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofoeigeaodhbjogdigckajfhjbonaofg [2021-10-22] CHR HKLM\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok] CHR HKU\S-1-5-21-2404278863-482792713-4167860027-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKU\S-1-5-21-2404278863-482792713-4167860027-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok] CHR HKU\S-1-5-21-2404278863-482792713-4167860027-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok] CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-07-31] (Adobe Inc. -> Adobe Inc.) S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085864 2024-07-16] (Gen Digital Inc. -> Piriform Software Ltd) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13995624 2024-07-31] (Microsoft Corporation -> Microsoft Corporation) S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [12128360 2024-05-19] (Electronic Arts, Inc. -> Electronic Arts) R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [43656 2021-07-02] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Brak podpisu cyfrowego] R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe [1427024 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522096 2024-08-14] (Microsoft Windows Publisher -> Microsoft Corporation) R3 VssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{E23EB829-BD62-418B-A17A-9D9ADC94B4BC} [22384 2023-11-14] (Microsoft Windows -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe [3199648 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe [133704 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [280064 2022-10-12] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [147968 2022-04-15] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [74296 2021-04-25] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [54328 2021-04-25] (Microsoft Windows Hardware Compatibility Publisher -> ) R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [22784 2021-04-25] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [341760 2021-04-25] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) R2 googledrivefs31626; C:\Program Files\Google\Drive File Stream\Drivers\31626\googledrivefs31626.sys [384096 2024-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 V0770Vid; C:\WINDOWS\system32\DRIVERS\V0770Vid.sys [390136 2015-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-08-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602504 2024-08-08] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-08-08] (Microsoft Windows -> Microsoft Corporation) S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2024-08-21 20:35 - 2024-08-21 20:40 - 000024323 _____ C:\Users\jware\Desktop\FRST.txt 2024-08-21 20:35 - 2024-08-21 20:35 - 000076954 _____ C:\Users\jware\Downloads\Addition.txt 2024-08-20 22:35 - 2024-08-20 22:35 - 002397184 _____ (Farbar) C:\Users\jware\Desktop\FRST64.exe 2024-08-20 21:48 - 2024-08-20 22:41 - 000000162 _____ C:\Users\jware\Desktop\blad.txt 2024-08-20 17:57 - 2024-08-20 21:45 - 000000000 ____D C:\Program Files\Mozilla Firefox 2024-08-14 11:18 - 2024-08-14 11:18 - 000000000 ___HD C:\$WinREAgent 2024-08-13 01:40 - 2024-08-13 01:40 - 000031222 _____ C:\Users\jware\Documents\cc_20240813_014027.reg 2024-08-02 19:19 - 2024-08-02 19:19 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2024-08-02 19:17 - 2024-08-02 19:17 - 000002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (Preview).lnk 2024-07-31 23:56 - 2024-07-31 23:56 - 000786163 _____ C:\Users\jware\Downloads\2024_postanowienie_koncowe_sadu.pdf 2024-07-31 23:56 - 2024-07-31 23:56 - 000109090 _____ C:\Users\jware\Downloads\2024_oplata_za_grob_Polaniec.pdf 2024-07-31 23:55 - 2024-07-31 23:55 - 000211760 _____ C:\Users\jware\Downloads\2024_pelnomocnictwo_Kazik_Ewa.pdf 2024-07-28 16:32 - 2024-07-28 16:32 - 022331293 _____ C:\Users\jware\Downloads\2024-07-16_07-51-05_OnGeo_Raport_o_terenie.pdf 2024-07-28 16:24 - 2024-07-28 16:24 - 003614198 _____ C:\Users\jware\Downloads\Połaniec II_tekst prognozy_wyłożenie_03.2024.pdf ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2024-08-21 20:40 - 2022-02-06 18:15 - 000000000 ____D C:\FRST 2024-08-21 20:37 - 2022-02-08 21:14 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2024-08-21 20:20 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-08-21 20:13 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration 2024-08-21 17:55 - 2020-03-10 22:36 - 000000000 ____D C:\Users\jware\AppData\Roaming\Telegram Desktop 2024-08-21 00:53 - 2021-12-18 01:48 - 000000138 _____ C:\Users\jware\Desktop\tinytask-1-77.ini 2024-08-20 23:46 - 2020-11-10 15:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2024-08-20 23:06 - 2020-11-10 15:45 - 000005874 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2024-08-20 23:06 - 2019-12-07 17:09 - 002058416 _____ C:\WINDOWS\system32\perfh015.dat 2024-08-20 23:06 - 2019-12-07 17:09 - 000545720 _____ C:\WINDOWS\system32\perfc015.dat 2024-08-20 22:58 - 2020-11-10 15:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2024-08-20 22:58 - 2020-11-10 15:35 - 000008192 ___SH C:\DumpStack.log.tmp 2024-08-20 22:58 - 2019-12-07 11:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2024-08-20 21:45 - 2020-01-22 15:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2024-08-20 20:39 - 2024-06-19 19:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2024-08-20 20:39 - 2020-01-22 15:13 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2024-08-17 02:05 - 2023-02-04 13:46 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2404278863-482792713-4167860027-1002 2024-08-17 02:05 - 2022-02-06 20:31 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2404278863-482792713-4167860027-1002 2024-08-17 02:05 - 2020-11-10 15:36 - 000002459 _____ C:\Users\jware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2024-08-16 19:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2024-08-16 19:46 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2024-08-16 12:33 - 2020-06-02 23:45 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-08-15 23:01 - 2021-12-17 18:08 - 000000000 ____D C:\WINDOWS\SystemTemp 2024-08-15 23:01 - 2020-09-05 00:28 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2024-08-15 20:13 - 2022-02-06 14:34 - 000016943 _____ C:\Users\jware\Desktop\carapas.xlsx — skrót .lnk.xlsx 2024-08-14 21:57 - 2020-01-22 15:03 - 000000000 ____D C:\Users\jware\AppData\Roaming\Microsoft\Excel 2024-08-14 12:06 - 2020-01-22 15:07 - 000000000 ____D C:\Users\jware\AppData\Roaming\Microsoft\Word 2024-08-14 12:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2024-08-14 12:03 - 2020-11-10 15:35 - 000445512 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2024-08-14 12:03 - 2019-12-07 17:12 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents 2024-08-14 12:03 - 2019-12-07 17:12 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2024-08-14 12:03 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2024-08-14 12:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2024-08-14 12:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2024-08-14 12:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2024-08-14 12:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2024-08-14 12:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2024-08-14 12:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup 2024-08-14 12:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2024-08-14 12:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2024-08-14 12:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2024-08-14 12:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2024-08-14 12:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning 2024-08-14 12:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2024-08-14 11:32 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2024-08-14 11:27 - 2020-11-10 15:39 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2024-08-14 01:21 - 2020-01-23 00:50 - 000000000 ____D C:\WINDOWS\system32\MRT 2024-08-14 01:18 - 2020-01-23 00:50 - 197093640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2024-08-14 00:16 - 2022-03-13 16:11 - 000001308 _____ C:\Users\jware\Desktop\ESET Online Scanner.lnk 2024-08-14 00:16 - 2020-10-07 23:05 - 000001414 _____ C:\Users\jware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2024-08-13 01:39 - 2020-01-22 15:32 - 000000000 ____D C:\Program Files\CCleaner 2024-08-13 01:38 - 2024-02-19 13:41 - 000000000 ____D C:\Program Files (x86)\Steam 2024-08-13 01:37 - 2022-03-28 19:51 - 000000000 ____D C:\Users\jware\AppData\Local\CrashDumps 2024-08-13 01:35 - 2021-02-09 20:11 - 000000000 ____D C:\MIOTLA 2024-08-12 20:42 - 2020-01-22 14:20 - 000000000 ____D C:\Users\jware\AppData\Local\Packages 2024-08-12 18:56 - 2021-09-08 22:40 - 000002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk 2024-08-12 18:56 - 2021-09-08 22:40 - 000002008 _____ C:\Users\Default\Desktop\Google Slides.lnk 2024-08-12 18:56 - 2021-09-08 22:40 - 000002008 _____ C:\Users\Default\Desktop\Google Sheets.lnk 2024-08-12 18:56 - 2021-09-08 22:40 - 000001996 _____ C:\Users\Default\Desktop\Google Docs.lnk 2024-08-11 19:45 - 2022-04-26 21:37 - 000003840 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn 2024-08-11 19:45 - 2022-04-26 21:37 - 000003398 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime 2024-08-08 19:49 - 2020-01-22 14:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2024-08-06 02:07 - 2020-11-10 15:36 - 000000000 ____D C:\Users\jware 2024-08-06 02:04 - 2022-09-29 15:32 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job 2024-08-05 18:46 - 2022-11-19 03:18 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk 2024-08-05 18:46 - 2022-10-13 01:35 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2024-08-05 18:46 - 2022-03-29 21:50 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2024-08-02 19:17 - 2021-04-08 21:09 - 000000000 ____D C:\Program Files\Microsoft Office 2024-08-01 14:52 - 2023-12-27 08:44 - 000000000 ____D C:\Users\jware\AppData\Local\MinecraftInstaller 2024-08-01 14:52 - 2023-12-26 20:37 - 000000000 ____D C:\Users\jware\AppData\Roaming\.minecraft 2024-08-01 13:37 - 2024-02-17 09:14 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy_4.dll 2024-08-01 13:37 - 2023-12-26 20:36 - 002799096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll 2024-08-01 13:37 - 2023-12-26 20:36 - 000755304 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll 2024-08-01 13:37 - 2023-12-26 20:36 - 000222712 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll 2024-08-01 13:37 - 2023-12-26 20:36 - 000206440 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll 2024-08-01 13:37 - 2023-12-26 20:36 - 000144888 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll 2024-08-01 13:37 - 2023-12-26 20:36 - 000108024 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe 2024-08-01 13:37 - 2023-12-26 20:36 - 000075368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe 2024-08-01 13:37 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2024-07-29 18:28 - 2022-09-29 15:32 - 000003380 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting 2024-07-29 18:28 - 2022-02-07 00:09 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2024-07-28 23:09 - 2022-02-06 00:36 - 000003566 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-07-28 23:09 - 2022-02-06 00:36 - 000003472 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b766fa6e9274 2024-07-26 15:04 - 2020-01-25 15:13 - 000000000 ____D C:\Users\jware\AppData\Local\ElevatedDiagnostics 2024-07-26 13:24 - 2020-01-22 14:23 - 000000000 ____D C:\Users\jware\AppData\Local\PlaceholderTileLogoFolder 2024-07-25 22:54 - 2020-01-22 19:41 - 000001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk 2024-07-25 22:54 - 2020-01-22 19:41 - 000000000 ____D C:\Users\jware\AppData\Roaming\Notepad++ 2024-07-25 20:31 - 2020-02-04 14:43 - 000000000 ____D C:\Users\jware\Documents\KAZIK 2024-07-23 20:34 - 2020-02-04 14:45 - 000000000 ____D C:\Users\jware\Documents\IGA ==================== Pliki w katalogu głównym wybranych folderów ======== 2021-08-03 22:03 - 2021-08-03 23:25 - 000000040 _____ () C:\Users\jware\AppData\Roaming\cdr.ini 2023-09-01 15:01 - 2023-09-01 15:01 - 000000878 _____ () C:\Users\jware\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) ==================== Koniec FRST.txt ========================