Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 22-01-2021 Uruchomiony przez Marcin (administrator) DESKTOP-6TNIDK7 (ASUSTeK Computer Inc. K54C) (22-01-2021 18:01:06) Uruchomiony z C:\Users\Marcin\Downloads Załadowane profile: Marcin Platform: Windows 10 Home Wersja 2004 19041.746 (X64) Język: Polski (Polska) Domyślna przeglądarka: Chrome Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) () [Brak podpisu cyfrowego] C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpServer.exe () [Brak podpisu cyfrowego] C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe () [Brak podpisu cyfrowego] C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <10> (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe (Huawei Technologies Co., Ltd. -> ) C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2011.11613.0_x64__8wekyb3d8bbwe\Cortana.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.8043.0_x64__8wekyb3d8bbwe\GameBar.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.8043.0_x64__8wekyb3d8bbwe\GameBarFT.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.8043.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm\Bluetooth Suite\AdminService.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16697352 2000-01-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2020-01-16] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.) HKLM\...\Winlogon: [LegalNoticeCaption] Witam Cię serdecznie HKU\S-1-5-21-3226224125-705978768-3437366758-1001\...\Run: [AceStream] => C:\Users\Marcin\AppData\Roaming\ACEStream\engine\ace_engine.exe [27960 2018-08-23] (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies) HKLM\...\Windows x64\Print Processors\HPM1210PrintProc: C:\Windows\System32\spool\prtprocs\x64\HPM1210PP.dll [74240 2012-09-29] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\...\Print\Monitors\HPM1210LM: C:\WINDOWS\system32\HPM1210LM.DLL [409088 2012-09-29] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-07] (Google LLC -> Google LLC) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {3C0E2F16-1375-4093-9784-0F43F32BA6E3} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2000-01-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {4185E143-BDD6-4A44-8E46-4D4ABADD680D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {45CEC55C-339E-44B2-B60F-F03A913631E1} - System32\Tasks\ACC => C:\Program Files\DriverSetupUtility\FUB\FUB_Send.bat [2331 2015-06-22] () [Brak podpisu cyfrowego] Task: {513446EB-4468-4A70-8CC3-1B236EF15821} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-27] (Google Inc -> Google Inc.) Task: {6C220EB3-4869-4488-827D-6BD906B17CEC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {6DD7D7B7-C7A7-4B38-941D-8CA5D1EA094B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-27] (Google Inc -> Google Inc.) Task: {75A53D44-C121-48A0-9565-3831E3ECC7B7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-21] (Microsoft Corporation -> Microsoft Corporation) Task: {779A3304-97E1-4EA4-A7E3-D1A3CE06F2BF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {784422C8-D3D3-4D8D-85AB-BBE06F7B5E3C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16697352 2000-01-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {891B7928-688C-452D-8890-DCE7FF1831B2} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2000-01-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {9FA63B89-D1AE-4339-870E-234AD4B02F48} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-21] (Microsoft Corporation -> Microsoft Corporation) Task: {A13FB496-F53D-4B1E-9F22-A5F19DC3B7ED} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23061896 2021-01-09] (Microsoft Corporation -> Microsoft Corporation) Task: {CD54D884-7799-4A0C-BA57-2B441F71B582} - System32\Tasks\klcp_update => CodecTweakTool.exe Task: {D205A9DD-FF52-49C4-86E7-0DEEFA9715EF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23061896 2021-01-09] (Microsoft Corporation -> Microsoft Corporation) Task: {E7C14635-255E-467C-AE8D-5A6B5EA9172A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {EEA7AE42-457B-45D6-9C35-0FD7200A7D75} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F14A1A11-592F-4C6A-9E05-496736400F74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4071344 2021-01-18] (Microsoft Corporation -> Microsoft Corporation) Task: {FC8C54F7-82BA-4B8C-BB03-F1323CD7DD84} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4071344 2021-01-18] (Microsoft Corporation -> Microsoft Corporation) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 217.172.224.160 89.231.1.206 Tcpip\..\Interfaces\{8b4ff8a2-2884-42a1-b691-aa13e4423327}: [DhcpNameServer] 217.172.224.160 89.231.1.206 Tcpip\..\Interfaces\{a409e06a-3c14-4da8-bcfa-8cd1c3780248}: [DhcpNameServer] 217.172.224.160 89.231.1.206 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA Edge: ======= Edge Profile: C:\Users\Marcin\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-08] FireFox: ======== FF HKU\S-1-5-21-3226224125-705978768-3437366758-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Marcin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi FF Extension: (Ace Script) - C:\Users\Marcin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-11-26] FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-01-23] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-01-23] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-01-23] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-18] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-10-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-01-23] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @web.com/mycloudframe -> C:\Program Files (x86)\Star4Live\Star4Live_P2P\npmycloudframe.dll [Brak pliku] FF Plugin HKU\S-1-5-21-3226224125-705978768-3437366758-1001: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\Marcin\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies) Chrome: ======= CHR Profile: C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default [2021-01-22] CHR Notifications: Default -> hxxps://live.efortuna.pl; hxxps://www.51015kids.eu CHR Extension: (Prezentacje) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-27] CHR Extension: (Dokumenty) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-27] CHR Extension: (Dysk Google) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-01] CHR Extension: (YouTube) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-27] CHR Extension: (Arkusze) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-27] CHR Extension: (Dokumenty Google offline) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18] CHR Extension: (AdBlock — najlepszy bloker reklam) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-01-18] CHR Extension: (Ace Script) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2018-12-16] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-12] CHR Extension: (Gmail) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-01] CHR Extension: (Chrome Media Router) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-08] CHR HKU\S-1-5-21-3226224125-705978768-3437366758-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-01-10] (Apple Inc. -> Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm\Bluetooth Suite\adminservice.exe [347024 2017-06-01] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960904 2021-01-03] (Microsoft Corporation -> Microsoft Corporation) R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [126856 2012-11-08] (Hewlett-Packard Company -> HP) R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192320 2020-09-07] (Huawei Technologies Co., Ltd. -> ) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes) R2 P2PService; C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe [11264 2016-05-05] () [Brak podpisu cyfrowego] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665240 2019-02-26] (TeamViewer GmbH -> TeamViewer GmbH) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2020-09-07] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-05] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-05] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2021-01-22 18:01 - 2021-01-22 18:01 - 000018345 _____ C:\Users\Marcin\Downloads\FRST.txt 2021-01-22 17:58 - 2021-01-22 17:58 - 002296320 _____ (Farbar) C:\Users\Marcin\Downloads\FRST64.exe 2021-01-21 16:42 - 2021-01-21 16:42 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2021-01-21 16:42 - 2021-01-21 16:42 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2021-01-21 16:42 - 2021-01-21 16:42 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2021-01-21 16:42 - 2021-01-21 16:42 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2021-01-21 16:42 - 2021-01-21 16:42 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2021-01-21 16:42 - 2021-01-21 16:42 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2021-01-21 16:42 - 2021-01-21 16:42 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2021-01-21 16:42 - 2021-01-21 16:42 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2021-01-21 16:42 - 2021-01-21 16:42 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax 2021-01-21 16:42 - 2021-01-21 16:42 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax 2021-01-21 16:42 - 2021-01-21 16:42 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll 2021-01-21 16:42 - 2021-01-21 16:42 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2021-01-21 16:42 - 2021-01-21 16:42 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-01-21 16:42 - 2021-01-21 16:42 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2021-01-21 16:42 - 2021-01-21 16:42 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2021-01-21 16:42 - 2021-01-21 16:42 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll 2021-01-21 16:42 - 2021-01-21 16:42 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll 2021-01-21 16:41 - 2021-01-21 16:41 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2021-01-21 16:41 - 2021-01-21 16:41 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-01-21 16:41 - 2021-01-21 16:41 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-01-21 16:41 - 2021-01-21 16:41 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl 2021-01-21 16:41 - 2021-01-21 16:41 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-01-21 16:41 - 2021-01-21 16:41 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl 2021-01-21 16:41 - 2021-01-21 16:41 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-01-21 16:41 - 2021-01-21 16:41 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll 2021-01-21 16:41 - 2021-01-21 16:41 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2021-01-21 16:41 - 2021-01-21 16:41 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll 2021-01-21 16:41 - 2021-01-21 16:41 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2021-01-21 16:41 - 2021-01-21 16:41 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl 2021-01-21 16:41 - 2021-01-21 16:41 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2021-01-21 16:41 - 2021-01-21 16:41 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe 2021-01-21 16:41 - 2021-01-21 16:41 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-01-21 16:40 - 2021-01-21 16:40 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-01-21 16:40 - 2021-01-21 16:40 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-01-21 16:40 - 2021-01-21 16:40 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-01-21 16:40 - 2021-01-21 16:40 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll 2021-01-21 16:40 - 2021-01-21 16:40 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll 2021-01-21 16:40 - 2021-01-21 16:40 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2021-01-21 16:40 - 2021-01-21 16:40 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-01-21 16:40 - 2021-01-21 16:40 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll 2021-01-08 14:14 - 2021-01-08 14:14 - 000477675 _____ C:\Users\Marcin\Desktop\Załącznik do maila.zip 2021-01-08 09:26 - 2021-01-08 14:07 - 000000000 ____D C:\Program Files\Mozilla Thunderbird 2021-01-08 09:14 - 2021-01-08 09:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime 2021-01-08 09:11 - 2021-01-08 09:11 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-01-08 09:11 - 2021-01-08 09:11 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-01-08 09:11 - 2021-01-08 09:11 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-01-08 09:11 - 2021-01-08 09:11 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll 2021-01-08 09:11 - 2021-01-08 09:11 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl 2021-01-08 09:11 - 2021-01-08 09:11 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl 2021-01-08 09:11 - 2021-01-08 09:11 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2021-01-08 09:11 - 2021-01-08 09:11 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2021-01-08 09:11 - 2021-01-08 09:11 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe 2021-01-08 09:10 - 2021-01-08 09:10 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-01-08 09:10 - 2021-01-08 09:10 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-01-08 09:10 - 2021-01-08 09:10 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-01-08 09:10 - 2021-01-08 09:10 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-01-08 09:10 - 2021-01-08 09:10 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll 2021-01-08 09:10 - 2021-01-08 09:10 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll 2021-01-08 09:10 - 2021-01-08 09:10 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-01-08 09:10 - 2021-01-08 09:10 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-01-08 09:10 - 2021-01-08 09:10 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2021-01-22 18:01 - 2018-10-27 14:13 - 000000000 ____D C:\FRST 2021-01-22 17:35 - 2018-10-28 10:05 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2021-01-22 17:31 - 2020-11-17 13:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-01-22 00:18 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-01-21 17:58 - 2020-11-17 13:09 - 001767980 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-01-21 17:58 - 2019-12-07 16:08 - 000785414 _____ C:\WINDOWS\system32\perfh015.dat 2021-01-21 17:58 - 2019-12-07 16:08 - 000152274 _____ C:\WINDOWS\system32\perfc015.dat 2021-01-21 17:58 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2021-01-21 17:54 - 2020-11-17 13:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-01-21 17:54 - 2020-11-17 13:01 - 000437632 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-01-21 17:54 - 2020-11-17 13:00 - 000008192 ___SH C:\DumpStack.log.tmp 2021-01-21 17:54 - 2019-03-01 21:19 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2021-01-21 17:53 - 2019-12-07 16:11 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-01-21 17:53 - 2019-12-07 16:11 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-01-21 17:53 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender 2021-01-21 17:53 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-01-21 17:19 - 2018-10-27 13:29 - 000000000 ____D C:\ProgramData\updater2 2021-01-21 16:46 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-01-21 16:41 - 2016-07-16 13:58 - 000413698 __RSH C:\bootmgr 2021-01-21 16:40 - 2020-11-17 13:03 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2021-01-21 16:01 - 2020-12-05 19:59 - 000003416 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6bcda18b536b6 2021-01-21 16:01 - 2020-11-17 13:11 - 000003510 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-01-21 16:01 - 2020-11-17 13:01 - 000000000 ____D C:\Users\Marcin 2021-01-21 15:58 - 2018-10-27 19:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-01-21 15:57 - 2018-10-27 13:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-01-21 15:54 - 2018-10-29 12:55 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-01-21 15:54 - 2018-10-29 12:55 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-01-18 21:46 - 2020-06-10 21:37 - 000002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-01-18 21:46 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-01-18 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-01-18 21:41 - 2020-10-09 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2021-01-08 14:23 - 2018-10-29 15:45 - 000000000 ____D C:\Users\Marcin\AppData\Local\PlaceholderTileLogoFolder 2021-01-08 14:07 - 2020-01-15 11:26 - 000000000 ____D C:\Users\Marcin\AppData\LocalLow\Mozilla 2021-01-08 14:07 - 2018-10-27 13:32 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2021-01-08 14:01 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-01-08 14:01 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2021-01-07 18:13 - 2018-10-27 12:37 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-01-07 18:13 - 2018-10-27 12:37 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-01-07 18:07 - 2020-09-10 12:08 - 000000000 ___DC C:\WINDOWS\Panther 2020-12-28 19:47 - 2020-11-17 13:11 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3226224125-705978768-3437366758-1001 2020-12-28 19:47 - 2020-11-17 13:01 - 000002410 _____ C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-12-28 19:47 - 2018-10-27 12:36 - 000000000 ___RD C:\Users\Marcin\OneDrive 2020-12-28 19:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat ==================== FCheck ================================ (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) FCheck: C:\WINDOWS\system32\Drivers\farflt.sys [2018-10-28] <==== UWAGA (zerobajtowy plik/folder) FCheck: C:\WINDOWS\system32\Drivers\mbam.sys [2018-10-28] <==== UWAGA (zerobajtowy plik/folder) FCheck: C:\WINDOWS\system32\Drivers\mwac.sys [2018-10-28] <==== UWAGA (zerobajtowy plik/folder) ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) ==================== Koniec FRST.txt ========================