Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 03-05-2020 Uruchomiony przez user (administrator) WES (MSI MS-7808) (07-05-2020 15:51:01) Uruchomiony z I:\portableapps\programy przenosne\frdt Załadowane profile: user (Dostępne profile: user) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Anton Diesel -> ) C:\Unreal Commander\UnrealCommander64.exe (CobianSoft, Luis Cobian) [Brak podpisu cyfrowego] C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel(R) Corporation) [Brak podpisu cyfrowego] C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Smart Connect software -> ) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Kaspersky Lab -> AO Kaspersky Lab) C:\Users\user\AppData\Local\Temp\{6936A233-41DB-4DF4-BE07-F32C13551162}\{F680BDA0-3FA2-478D-9775-3FA9EF095669}.exe (Luis Cobian, CobianSoft) [Brak podpisu cyfrowego] C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe (Luis Cobian, CobianSoft) [Brak podpisu cyfrowego] C:\Program Files (x86)\Cobian Backup 11\Cobian.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe (Microsoft) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl) D:\inne\inne\inne\KeePass-1.29\KeePass.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.20.2.57\NortonSecurity.exe <2> ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6963272 2013-01-15] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation -> Intel Corporation) HKLM-x32\...\Run: [M17A] => C:\Windows\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [86120 2018-11-14] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM-x32\...\RunOnce: [{CFCFC2D5-83CC-4976-8117-0544B6894001}] => cmd.exe /C start /D "C:\Users\user\AppData\Local\Temp" /B {CFCFC2D5-83CC-4976-8117-0544B6894001}.cmd HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\Run: [Cobian Backup 11] => C:\Program Files (x86)\Cobian Backup 11\Cobian.exe [720896 2012-12-05] (Luis Cobian, CobianSoft) [Brak podpisu cyfrowego] HKLM\Software\...\AppCompatFlags\Custom\Acrobat.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\Acrobat.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\AcroRd32.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\AcroRd32.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\EXCEL.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\EXCEL.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\firefox.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\firefox.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\INFOPATH.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\INFOPATH.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\i_view32.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\i_view32.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\java.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\java.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\javaw.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\javaw.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\javaws.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\javaws.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\JDownloader2.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\JDownloader2.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\KeePass.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\KeePass.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\LYNC.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\LYNC.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\MSACCESS.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\MSACCESS.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\MSPUB.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\MSPUB.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\OIS.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\OIS.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\OUTLOOK.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\OUTLOOK.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\POWERPNT.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\POWERPNT.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\PPTVIEW.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\PPTVIEW.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\thunderbird.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\thunderbird.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\UnrealCommander64.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\UnrealCommander64.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\VISIO.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\VISIO.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\vlc.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\vlc.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\VPREVIEW.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\VPREVIEW.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\WINWORD.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\WINWORD.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\wordpad.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\Custom\wordpad.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database HKLM\Software\...\AppCompatFlags\InstalledSDB\{e1c810aa-f7cc-4aaf-ada1-181863075f9b}: [DatabasePath] -> C:\Windows\AppPatch\Custom\Custom64\{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb [2020-05-03] HKLM\Software\...\AppCompatFlags\InstalledSDB\{f8c4cc07-6dc4-418f-b72b-304fcdb64052}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb [2020-05-03] GroupPolicy: Ograniczenia ? <==== UWAGA ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {6BB96249-D920-4845-B688-A4059911D634} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.20.2.57\SymErr.exe [117056 2020-03-20] (Symantec Corporation -> Symantec Corporation) Task: {97C93125-D7CB-4637-8026-89ABC5AF8FEB} - System32\Tasks\{48CB974F-E6AF-4E8F-8203-9260808A2F28} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\jre-8u221-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== UWAGA Task: {B3A7F327-D8FF-4511-A71D-5C0861667A34} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [127176 2020-05-06] (Mozilla Corporation -> Mozilla Foundation) Task: {D826AADF-68E9-4214-BC05-D95411C1D252} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2162704 2020-03-20] (Symantec Corporation -> Symantec Corporation) Task: {DFBD47E1-4831-4B10-8C29-AE60ED5D6A8D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.20.2.57\WSCStub.exe [645008 2020-03-20] (Symantec Corporation -> Symantec Corporation) Task: {E637F62D-AF91-4CB3-8F8B-138E5FB2D500} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.20.2.57\SymErr.exe [117056 2020-03-20] (Symantec Corporation -> Symantec Corporation) Task: {F70F8892-061A-43DB-AE8A-38EF74C665D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{6FDF1764-895D-4722-A5E7-191BD42C40E7}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Internet Explorer: ================== BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.20.2.57\coIEPlg.dll [2020-03-20] (Symantec Corporation -> Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_251\bin\ssv.dll [2020-04-16] (Oracle America, Inc. -> Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-04-16] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.20.2.57\coIEPlg.dll [2020-03-20] (Symantec Corporation -> Symantec Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.20.2.57\coIEPlg.dll [2020-03-20] (Symantec Corporation -> Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.20.2.57\coIEPlg.dll [2020-03-20] (Symantec Corporation -> Symantec Corporation) FireFox: ======== FF DefaultProfile: arfyil4k.default FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default [2020-05-07] FF DownloadDir: D:\inne\pobieranie FF Homepage: Mozilla\Firefox\Profiles\arfyil4k.default -> about:blank FF Extension: (Disconnect) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\2.0@disconnect.me.xpi [2019-07-23] FF Extension: (Dark Reader) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\addon@darkreader.org.xpi [2020-05-04] FF Extension: (Bloker reklam AdGuard) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\adguardadblocker@adguard.com.xpi [2020-04-10] FF Extension: (Click to Play per-element) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\ClickToPlayPerElement@uaSad.addons.mozilla.org.xpi [2017-02-02] [Przestarzałe] FF Extension: (Cookie AutoDelete) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\CookieAutoDelete@kennydo.com.xpi [2020-04-23] FF Extension: (Ghostery – Bloker reklam chroniący prywatność) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\firefox@ghostery.com.xpi [2020-04-13] FF Extension: (HTTPS Everywhere) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\https-everywhere@eff.org.xpi [2020-03-27] FF Extension: (Self-Destructing Cookies) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-03-25] [Przestarzałe] FF Extension: (Privacy Badger) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2020-02-20] FF Extension: (noflash) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\jid1-n8wH2cBfc2QaUj@jetpack.xpi [2018-10-23] FF Extension: (MyJDownloader Browser Extension) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2019-10-16] [UpdateUrl:hxxps://my.jdownloader.org/extensions/firefox.json] FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2020-05-01] FF Extension: (Norton Safe Web) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\nortonsafeweb@symantec.com.xpi [2020-05-05] FF Extension: (uBlock Origin) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\uBlock0@raymondhill.net.xpi [2020-04-22] FF Extension: (uMatrix) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\uMatrix@raymondhill.net.xpi [2019-09-05] FF Extension: (Privacy Possum) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\woop-NoopscooPsnSXQ@jetpack.xpi [2019-07-22] FF Extension: (Empty Cache Button) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2017-11-21] FF Extension: (NoScript) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2020-04-21] FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arfyil4k.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-01-03] FF Plugin: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-04-16] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-04-16] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Internal - Intel® Identity Protection Technology Software -> Intel Corporation) [Brak podpisu cyfrowego] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Internal - Intel® Identity Protection Technology Software -> Intel Corporation) [Brak podpisu cyfrowego] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Brak pliku] FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Brak pliku] FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Brak pliku] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.20.2.57\Exts\Chrome.crx CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.20.2.57\Exts\Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S4 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [239616 2012-07-28] (Microsoft Windows Hardware Compatibility Publisher -> AMD) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-09-19] (BattlEye Innovations e.K. -> ) R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian) [Brak podpisu cyfrowego] R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33448 2016-07-25] (Microsoft Corporation -> Microsoft Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Trusted Connect Service -> Intel(R) Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] (Intel(R) Smart Connect software -> ) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-03-21] (Malwarebytes Inc -> Malwarebytes) R2 NortonSecurity; C:\Program Files (x86)\Norton Security\Engine\22.20.2.57\NortonSecurity.exe [344760 2020-03-20] (Symantec Corporation -> Symantec Corporation) R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2018-12-20] (Microsoft) [Brak podpisu cyfrowego] S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [694016 2019-10-10] (Oracle Corporation -> Oracle Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-10-29] (Microsoft Windows -> Microsoft Corporation) R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2018-12-20] (Microsoft) [Brak podpisu cyfrowego] R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R0 288C017F; C:\Windows\System32\drivers\288C017F.sys [478392 2020-05-07] (Kaspersky Lab -> Kaspersky Lab ZAO) S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10278912 2012-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [368640 2012-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104976 2016-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20200504.001\BHDrvx64.sys [1952136 2019-09-30] (Symantec Corporation -> Symantec Corporation) R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1614020.039\ccSetx64.sys [192376 2020-03-20] (Symantec Corporation -> Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-10-29] (Symantec Corporation -> Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154288 2019-10-10] (Symantec Corporation -> Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20200506.061\IDSvia64.sys [1451016 2020-04-07] (Symantec Corporation -> Symantec Corporation) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-08-16] (Intel(R) Smart Connect software -> ) R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-08-16] (Intel(R) Smart Connect software -> ) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-16] (Intel(R) Smart Connect software -> ) R1 SRTSP; C:\Windows\System32\drivers\NGCx64\1614020.039\SRTSP64.SYS [889520 2020-03-20] (Symantec Corporation -> Symantec Corporation) R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1614020.039\SRTSPX64.SYS [50864 2020-03-20] (Symantec Corporation -> Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1614020.039\SYMEFASI64.SYS [1964552 2020-03-20] (Symantec Corporation -> Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-15] (Symantec Corporation -> Symantec Corporation) R3 SymEvnt; C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\SymPlatform\SymEvnt.sys [712368 2020-01-18] (Symantec Corporation -> Symantec Corporation) R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1614020.039\Ironx64.SYS [316656 2020-03-20] (Symantec Corporation -> Symantec Corporation) R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1614020.039\symnets.sys [575280 2020-03-20] (Symantec Corporation -> Symantec Corporation) S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [237376 2019-10-11] (Oracle Corporation -> Oracle Corporation) R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [248464 2019-10-11] (Oracle Corporation -> Oracle Corporation) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [175040 2019-10-11] (Oracle Corporation -> Oracle Corporation) R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies) S3 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1614020.039\wpCtrlDrv.sys [1012120 2020-03-20] (Symantec Corporation -> Symantec Corporation) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2020-05-07] (Intel(R) Smart Connect software -> ) S3 cpuz136; \??\i:\portableapps\programy przenosne\wizard\pcwiz_x64.sys [X] S1 MpKslDrv; \??\C:\Windows\Temp\MpKslDrv.sys [X] S3 MSICDSetup; \??\E:\CDriver64.sys [X] S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\SDSDefs\20170202.009\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\SDSDefs\20170202.009\EX64.SYS [X] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] S4 nvvhci; system32\DRIVERS\nvvhci.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) =================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2020-05-07 15:14 - 2020-05-07 15:51 - 000000000 ____D C:\FRST 2020-05-07 14:54 - 2020-05-07 14:54 - 000094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2020-05-07 14:34 - 2020-05-07 14:34 - 000274544 _____ C:\Windows\Minidump\050720-39359-01.dmp 2020-05-07 14:33 - 2020-05-07 14:33 - 1755198744 _____ C:\Windows\MEMORY.DMP 2020-05-07 12:25 - 2020-05-07 12:25 - 000478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\288C017F.sys 2020-05-07 09:14 - 2020-05-07 09:14 - 000000000 ____D C:\Windows\system32\Tasks\Remediation 2020-05-06 20:35 - 2020-05-06 20:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2020-05-06 18:25 - 2020-05-06 20:02 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-05-04 11:14 - 2020-05-07 14:59 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla 2020-05-03 18:08 - 2020-05-03 18:09 - 000338864 _____ C:\Windows\system32\FNTCACHE.DAT 2020-05-02 12:57 - 2020-05-02 12:57 - 000084592 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2020-05-02 12:30 - 2020-05-06 19:48 - 000000000 ____D C:\Users\user\AppData\Local\NPE 2020-04-19 18:44 - 2020-04-19 18:44 - 000000222 _____ C:\Users\user\Desktop\Sudden Strike 4.url 2020-04-19 18:43 - 2020-04-19 18:43 - 000000000 ____D C:\Users\user\AppData\LocalLow\Kite Games 2020-04-11 15:02 - 2020-04-11 15:02 - 000000000 ____D C:\Quarantine 2020-04-09 19:13 - 2020-04-11 11:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2020-04-08 06:15 - 2020-04-08 06:15 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2020-05-07 15:50 - 2016-05-09 20:59 - 000000000 ___RD C:\Unreal Commander 2020-05-07 15:13 - 2009-07-14 06:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-05-07 15:13 - 2009-07-14 06:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-05-07 14:54 - 2018-09-19 15:59 - 000000000 ____D C:\ProgramData\NVIDIA 2020-05-07 14:54 - 2013-08-01 19:40 - 000034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys 2020-05-07 14:54 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-05-07 14:34 - 2019-08-22 19:42 - 000000000 ____D C:\Windows\Minidump 2020-05-07 11:48 - 2016-10-29 16:09 - 000000000 ____D C:\Program Files (x86)\Steam 2020-05-07 09:09 - 2016-05-09 21:11 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc 2020-05-06 20:35 - 2019-11-27 21:36 - 000000000 ____D C:\Program Files\VideoLAN 2020-05-06 20:30 - 2016-05-09 21:00 - 000000000 ____D C:\Program Files (x86)\VideoLAN 2020-05-06 20:20 - 2017-02-25 20:36 - 000007590 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg 2020-05-06 20:02 - 2016-05-09 20:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-05-06 18:54 - 2018-09-26 13:23 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps 2020-05-06 16:33 - 2017-03-03 10:53 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2020-05-06 16:21 - 2019-11-29 17:12 - 000000000 ____D C:\Users\user\.VirtualBox 2020-05-06 16:15 - 2019-11-28 23:07 - 000000000 ____D C:\ProgramData\VirtualBox 2020-05-04 11:14 - 2017-11-14 20:05 - 000000000 ____D C:\Users\user\AppData\Roaming\Mozilla 2020-05-04 11:14 - 2017-11-14 20:05 - 000000000 ____D C:\Users\user\AppData\Local\Mozilla 2020-05-03 07:59 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF 2020-04-30 18:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2020-04-30 13:24 - 2018-09-24 11:21 - 000000000 ____D C:\Users\user\Documents\American Truck Simulator 2020-04-28 07:33 - 2011-04-12 15:21 - 000740098 _____ C:\Windows\system32\perfh015.dat 2020-04-28 07:33 - 2011-04-12 15:21 - 000155672 _____ C:\Windows\system32\perfc015.dat 2020-04-28 07:33 - 2009-07-14 07:13 - 001669190 _____ C:\Windows\system32\PerfStringBackup.INI 2020-04-27 09:34 - 2016-05-09 21:48 - 000000000 ____D C:\ProgramData\Norton 2020-04-16 08:14 - 2017-04-19 15:12 - 000000000 ____D C:\Program Files\Java 2020-04-16 08:14 - 2016-05-09 21:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2020-04-16 08:12 - 2017-04-19 15:12 - 000129192 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll ==================== Pliki w katalogu głównym wybranych folderów ======== 2017-03-08 20:08 - 2017-03-18 01:00 - 000004608 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-02-25 20:36 - 2020-05-06 20:20 - 000007590 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) LastRegBack: 2020-04-08 19:54 ==================== Koniec FRST.txt ========================