Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 27-12-2021 Uruchomiony przez Artur (administrator) WINDOWS10-ARTUR (Dell Inc. Latitude E5470) (29-12-2021 18:00:06) Uruchomiony z C:\Users\Artur\Desktop\FRST64 Załadowane profile: Artur Platform: Microsoft Windows 10 Pro Wersja 1909 18363.1198 (X64) Język: Polski (Polska) Domyślna przeglądarka: Opera Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) () [Brak podpisu cyfrowego] C:\Programy\Narzędzia\Inne Narzędzia\ClipX\clipx.exe (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (ALPS ELECTRIC CO., LTD. -> ALPSALPINE CO., LTD.) C:\Program Files\DellTPad\hidfind.exe (CJSC Computing Forces -> ) C:\Program Files (x86)\WebMoney Agent\wmagent.exe (Code Sector -> Code Sector) C:\Programy\Akcesoria\Inne Akcesoria\TeraCopy\TeraCopy\TeraCopyService.exe (Crystal Rich Ltd -> Crystal Rich Ltd) [Brak podpisu cyfrowego] C:\Programy\Narzędzia\Inne Narzędzia\USB Safely Remove\USB Safely Remove\USBSafelyRemove.exe (Crystal Rich Ltd -> Crystal Rich Ltd) C:\Programy\Narzędzia\Inne Narzędzia\USB Safely Remove\USB Safely Remove\USBSRService.exe (David Carpenter -> ) C:\Programy\Narzędzia\Narzędzia Dyskowe I Plikowe\Everything\Everything.exe (Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (eVenture Limited -> eVenture Limited) C:\Program Files (x86)\hide.me VPN\hidemesvc.exe (Google LLC -> ) C:\Program Files\Google\Drive File Stream\54.0.2.0\crashpad_handler.exe (Greatis Software LLC -> Greatis Software, LLC) C:\Windows\UPDATE\SU10Guard.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_654e79489f2b9f28\igfxCUIService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_654e79489f2b9f28\igfxEM.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_654e79489f2b9f28\IntelCpHDCPSvc.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_654e79489f2b9f28\IntelCpHeciSvc.exe (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (Malwarebytes Corporation -> Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation -> Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation -> Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation) C:\Program Files\Broadcom\CV\bin\HostControlService.exe (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation) C:\Program Files\Broadcom\CV\bin\HostStorageService.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Opera Software AS -> Opera Software) C:\Programy\Internet I Komunikacja\Przeglądarki Stron WWW\Opera\82.0.4227.43\opera_crashreporter.exe (Opera Software AS -> Opera Software) C:\Programy\Internet I Komunikacja\Przeglądarki Stron WWW\Opera\opera.exe <68> (Pango Inc. -> Pango Inc.) C:\Program Files (x86)\Hotspot Shield\10.9.13\bin\cmw_srv.exe (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7193.611\DSAPI.exe (philandro Software GmbH -> AnyDesk Software GmbH) C:\Programy\Narzędzia\Narzędzia Administracyjne I Internetowe\AnyDesk\AnyDesk.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [779152 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) HKLM\...\Run: [USB Safely Remove] => C:\Programy\Narzędzia\Inne Narzędzia\USB Safely Remove\USB Safely Remove\USBSafelyRemove.exe [6466416 2017-11-08] (Crystal Rich Ltd -> Crystal Rich Ltd) [Brak podpisu cyfrowego] HKLM\...\Run: [Network Configuration] => C:\Program Files (x86)\Okidata\ActKey\Network Configuration.exe [832744 2016-10-25] (Oki Data Corporation -> Oki Data Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9230280 2017-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489384 2017-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Inc -> Waves Audio Ltd.) HKLM-x32\...\Run: [ClipX] => C:\Programy\Narzędzia\Inne Narzędzia\ClipX\clipx.exe [68608 2005-11-30] () [Brak podpisu cyfrowego] HKLM-x32\...\Run: [ATNSOFT Text Paster] => C:\Programy\Narzędzia\Narzędzia Systemowe\Text Paster\ATNSOFT Text Paster\textpaster.exe [2162936 2015-09-02] (ATNSOFT -> ATNSOFT) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [47432 2013-08-15] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [31048 2013-08-15] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1176208 2017-11-09] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) HKLM-x32\...\Run: [wmagent.exe] => C:\Program Files (x86)\WebMoney Agent\wmagent.exe [210400 2009-10-19] (CJSC Computing Forces -> ) HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.2.0\GoogleDriveFS.exe [55330648 2021-12-14] (Google LLC -> Google, Inc.) HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.2.0\GoogleDriveFS.exe [55330648 2021-12-14] (Google LLC -> Google, Inc.) HKU\S-1-5-21-582382116-2524087355-1443837786-1004\...\Run: [Epic Privacy Browser Installer] => C:\Users\Artur\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2020-07-20] (Google Inc (TEST) -> Epic Privacy Browser) [Brak podpisu cyfrowego] HKU\S-1-5-21-582382116-2524087355-1443837786-1004\...\Run: [Mailbird] => C:\Programy\Internet I Komunikacja\Klienty Poczty e-mail\Mailbird\Mailbird.exe [13503304 2021-01-17] (Mailbird, Inc. -> Mailbird) HKU\S-1-5-21-582382116-2524087355-1443837786-1004\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.2.0\GoogleDriveFS.exe [55330648 2021-12-14] (Google LLC -> Google, Inc.) HKU\S-1-5-21-582382116-2524087355-1443837786-1004\...\Policies\Explorer: [NoSecurityTab] 1 HKU\S-1-5-21-582382116-2524087355-1443837786-1004\...\MountPoints2: {46c58fb9-1956-11e8-a9f5-e4a7a0ec279a} - "E:\startme.exe" HKU\S-1-5-21-582382116-2524087355-1443837786-1004\...\MountPoints2: {879491c1-70de-11ea-aaa4-e4a7a0ec279a} - "E:\DTLplus_Launcher.exe" HKU\S-1-5-21-582382116-2524087355-1443837786-1004\...\MountPoints2: {b11b79fa-e0ec-11ea-aaca-e4a7a0ec279a} - "E:\startme.exe" HKU\S-1-5-21-582382116-2524087355-1443837786-1004\...\MountPoints2: {d153377c-3a72-11eb-aad3-e4a7a0ec279a} - "F:\startme.exe" HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.2.0\GoogleDriveFS.exe [55330648 2021-12-14] (Google LLC -> Google, Inc.) HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4685120 2020-11-12] (Microsoft Windows -> Microsoft Corporation) <==== UWAGA HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-13] (Google LLC -> Google LLC) IFEO\dismHost.exe: [Debugger] * IFEO\EOSNOTIFY.EXE: [Debugger] * IFEO\InstallAgent.exe: [Debugger] * IFEO\MusNotification.exe: [Debugger] * IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] * IFEO\remsh.exe: [Debugger] * IFEO\SIHClient.exe: [Debugger] * IFEO\UpdateAssistant.exe: [Debugger] * IFEO\UPFC.EXE: [Debugger] * IFEO\UsoClient.exe: [Debugger] * IFEO\WaaSMedic.exe: [Debugger] * IFEO\WaasMedicAgent.exe: [Debugger] * IFEO\Windows10Upgrade.exe: [Debugger] * IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] * Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2021-12-14] ShortcutTarget: AnyDesk.lnk -> C:\Programy\Narzędzia\Narzędzia Administracyjne I Internetowe\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) Startup: C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\erreur.exe [2017-07-06] () <==== UWAGA [zerobajtowy plik/folder] GroupPolicy: Ograniczenia ? <==== UWAGA Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {07614340-E1DA-4AD0-9D37-7820E5AC7E1E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1919CB7A-3D4B-46BB-AEBA-B41925D4EC9B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {205470FD-B6F0-45C8-A0E2-839B3F566D39} - System32\Tasks\Mozilla\Firefox Default Browser Agent 5B52463271E6FB43 => C:\Programy\Internet I Komunikacja\Przeglądarki Stron WWW\Mozilla Firefox\default-browser-agent.exe do-task "5B52463271E6FB43" Task: {34A6301F-8347-4ED7-AF28-C7ED107D9F61} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [816960 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {3BC78540-B959-4363-BD7C-C6838594734F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe (Brak pliku) Task: {47C11D1E-189C-4456-B294-7442993F12E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-16] (Google Inc -> Google Inc.) Task: {5702F6B5-6DB2-44EC-A4CA-F9B147C02AE7} - System32\Tasks\Opera scheduled Autoupdate 1541447012 => C:\Programy\Internet I Komunikacja\Przeglądarki Stron WWW\Opera\launcher.exe [2256592 2021-12-21] (Opera Software AS -> Opera Software) Task: {5EEF781E-37F3-4653-9F7F-F419E2EC8C46} - System32\Tasks\2BrightSparks\SyncBackPro\DESKTOP-QK66L0J-Artur\SyncBackPro => C:\Programy\Narzędzia\Archiwizacja Danych\SyncBackPro\SyncBack\SyncBackPro.exe [31432248 2017-08-22] (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte. Ltd.) Task: {68095743-ECAE-4441-B880-1BEC5E4D1AB0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {77C96E56-B5E9-4EC8-8099-39F3C8061476} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {916B6341-4D30-4197-A1C1-7382CD96E9B0} - System32\Tasks\ThrottleStop => C:\Programy\Narzędzia\Inne Narzędzia\ThrottleStop\ThrottleStop.exe [3903904 2021-02-15] (TechPowerUp LLC -> uWebb Software) Task: {9F251CBF-D3E2-4CFD-92C0-D320ADA01206} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489384 2017-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {A06EA066-9D00-4CC1-A777-DFBDD72B2489} - System32\Tasks\GoogleUpdateTaskMachineUA1d5795d158339b7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-16] (Google Inc -> Google Inc.) Task: {A8AAC26F-7992-4411-8C04-E2884D695EFA} - System32\Tasks\RegBak => C:\Program Files\Acelogix\RegBak\Uruchamianie\NirCmd.bat [76 2017-07-15] () [Brak podpisu cyfrowego] <==== UWAGA Task: {B79BAABE-ABFD-40FF-9FBB-850CAC0E64EE} - System32\Tasks\GoogleUpdateTaskMachineCore1d5795d157d9845 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-16] (Google Inc -> Google Inc.) Task: {C06B1F4A-5F05-482C-8930-49E764EDEA4B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Programy\Biuro\Pakiety Biurowe\Microsoft Office 2016\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {E0118052-3D60-40D6-B2CB-125F2A11C3D6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {F0F74D2C-1118-455D-B8F2-2C618C555739} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Programy\Biuro\Pakiety Biurowe\Microsoft Office 2016\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {F5627E61-138D-4767-AF0B-8F0B20922297} - System32\Tasks\Tweaking.com - Registry Backup => C:\Programy\Narzędzia\Narzędzia Systemowe\Tweaking.com - Registry Backup\TweakingRegistryBackup.exe [1471384 2016-11-18] (Tweaking LLC -> Tweaking.com) Task: {F682183F-1DFA-486B-A235-179ECBC381D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-16] (Google Inc -> Google Inc.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{3e8a2762-b17f-4198-9d2d-485a54d0ff15}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{8698DF64-698F-42A6-9FD0-22E4A588F69D}: [NameServer] 198.18.0.1 198.18.0.2 Tcpip\..\Interfaces\{afb54709-c476-459a-8225-ad4c670bcb8f}: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{cdebe68b-f17d-4510-bae0-cd1a7d788946}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{e93a9a96-b362-4b7c-bf81-0958f1c6f2c1}: [DhcpNameServer] 8.8.8.8 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA Edge: ======= DownloadDir: D:\XXX\Alexa Tomas Edge HomeButtonPage: HKU\S-1-5-21-582382116-2524087355-1443837786-1004 -> hxxps://www.google.pl/ Edge Session Restore: HKU\S-1-5-21-582382116-2524087355-1443837786-1004 -> [funkcja włączona] Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-02-10] Edge Extension: (Brak nazwy) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.48.0.0_neutral__qq0fmhteeht3j [nie znaleziono] Edge DefaultProfile: Default Edge Profile: C:\Users\Artur\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-27] Edge DownloadDir: Default -> D:\XXX\Alexa Tomas Edge Notifications: Default -> hxxps://freshannouncement.com Edge HomePage: Default -> hxxps://www.google.pl/ Edge DefaultSearchURL: Default -> hxxps://www.google.pl/search?q={searchTerms}&ie={inputEncoding?}&oe={outputEncoding?} Edge Session Restore: Default -> [funkcja włączona] Edge Extension: (LastPass: Free Password Manager) - C:\Users\Artur\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2021-12-14] Edge Extension: (uBlock Origin) - C:\Users\Artur\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2021-12-14] FireFox: ======== FF DefaultProfile: k43ym6cr.default FF DefaultProfile: njgl1my2.default FF ProfilePath: C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default [2021-12-18] FF DownloadDir: C:\Users\Artur\Desktop\FILEJOKER FF Homepage: Mozilla\Firefox\Profiles\k43ym6cr.default -> hxxps://www.google.pl/?gws_rd=ssl FF Session Restore: Mozilla\Firefox\Profiles\k43ym6cr.default -> [funkcja włączona] FF Notifications: Mozilla\Firefox\Profiles\k43ym6cr.default -> hxxps://my.jdownloader.org FF NewTabOverride: Mozilla\Firefox\Profiles\k43ym6cr.default -> Disabled: {59006e53-dbee-4b2d-9bee-f229aafec7c3} FF NewTabOverride: Mozilla\Firefox\Profiles\k43ym6cr.default -> Enabled: Tab-Session-Manager@sienori FF Extension: (Go to Bottom of Page Button) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\bottom-page-single@codefisher.org.xpi [2020-07-22] FF Extension: (FindBar Tweak) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\fbt@quicksaver.xpi [2017-07-07] [Przestarzałe] FF Extension: (YouTube Video and Audio Downloader) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-07-11] [Przestarzałe] FF Extension: (MyJDownloader Browser Extension) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2021-10-13] [UpdateUrl:hxxps://my.jdownloader.org/extensions/firefox.json] FF Extension: (h264ify) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\jid1-TSgSxBhncsPBWQ@jetpack.xpi [2019-11-20] FF Extension: (S3.Translator) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\s3google@translator.xpi [2018-10-10] FF Extension: (LastPass: Free Password Manager) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\support@lastpass.com.xpi [2021-10-13] FF Extension: (Tab Session Manager) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\Tab-Session-Manager@sienori.xpi [2021-10-13] FF Extension: (Licznik kart) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\tabCounter@waldemar.b.xpi [2018-03-08] FF Extension: (Go to Top of Page Button) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\top-page-single@codefisher.org.xpi [2020-07-11] FF Extension: (uBlock Origin) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\uBlock0@raymondhill.net.xpi [2020-12-29] FF Extension: (Undo Close Tab Replacement) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\undotab@darktrojan.net.xpi [2017-07-05] [Przestarzałe] FF Extension: (Session Manager) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-07-19] [Przestarzałe] FF Extension: (AntiCaptcha automatic captcha solver) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\{487609b5-5ca6-4c62-8523-11f3e1db851c}.xpi [2021-10-13] [UpdateUrl:hxxps://antcpt.com/downloads/firefox/update_manifest.json] FF Extension: (Ivan Gurkin aka paradoxfm) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\{59006e53-dbee-4b2d-9bee-f229aafec7c3}.xpi [2018-06-17] FF Extension: (YouTube High Definition) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2021-10-13] FF Extension: (Greasemonkey) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2021-10-13] FF ProfilePath: C:\Users\Artur\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\njgl1my2.default [2021-12-18] FF Extension: (Polski Language Pack) - C:\Users\Artur\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\njgl1my2.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-10-13] [Przestarzałe] FF Extension: (Polski słownik poprawnej pisowni) - C:\Users\Artur\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\njgl1my2.default\Extensions\pl@dictionaries.addons.mozilla.org [2017-10-13] [Przestarzałe] FF Extension: (uBlock Origin) - C:\Users\Artur\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\njgl1my2.default\Extensions\uBlock0@raymondhill.net.xpi [2017-10-11] FF Extension: (Brak nazwy) - C:\Programy\Internet I Komunikacja\Przeglądarki Stron WWW\Cyberfox\browser\features\CTR@8pecxstudios.com.xpi [nie znaleziono] FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Programy\Biuro\Przeglądarki Dokumentów\Foxit Reader\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi FF Extension: (Foxit PDF Creator) - C:\Programy\Biuro\Przeglądarki Dokumentów\Foxit Reader\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2018-06-04] [Przestarzałe] FF HKLM\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Programy\Biuro\Przeglądarki Dokumentów\Foxit Reader\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi FF Extension: (Foxit PDF Creator) - C:\Programy\Biuro\Przeglądarki Dokumentów\Foxit Reader\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi [2018-06-04] FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Programy\Biuro\Przeglądarki Dokumentów\Foxit Reader\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi FF HKLM-x32\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Programy\Biuro\Przeglądarki Dokumentów\Foxit Reader\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-20] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-20] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Programy\Biuro\Przeglądarki Dokumentów\Foxit Reader\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Programy\Biuro\Przeglądarki Dokumentów\Foxit Reader\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Programy\Biuro\Przeglądarki Dokumentów\Foxit Reader\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Programy\Biuro\Przeglądarki Dokumentów\Foxit Reader\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Programy\Biuro\Przeglądarki Dokumentów\Foxit Reader\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Programy\Biuro\Przeglądarki Dokumentów\Foxit Reader\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin HKU\S-1-5-21-582382116-2524087355-1443837786-1004: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\Artur\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2020-07-20] (Google Inc (TEST) -> Epic Privacy Browser) [Brak podpisu cyfrowego] FF Plugin HKU\S-1-5-21-582382116-2524087355-1443837786-1004: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Artur\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2020-07-20] (Google Inc (TEST) -> Epic Privacy Browser) [Brak podpisu cyfrowego] FF Plugin HKU\S-1-5-21-582382116-2524087355-1443837786-1004: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-07-20] (Ubisoft Entertainment Sweden AB -> ) StartMenuInternet: Firefox-5B52463271E6FB43 - C:\Programy\Internet I Komunikacja\Przeglądarki Stron WWW\Mozilla Firefox\firefox.exe Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default [2021-12-28] CHR HomePage: Default -> hxxps://www.google.pl/ CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/" CHR NewTab: Default -> Not-active:"chrome-extension://kddckpmlbneidbekmajhmhikeegjdgcd/index.html" CHR Session Restore: Default -> [funkcja włączona] CHR Extension: (h264ify) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2019-11-20] CHR Extension: (Dokumenty) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16] CHR Extension: (Dysk Google) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29] CHR Extension: (Session Manager) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2018-04-23] CHR Extension: (YouTube) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-16] CHR Extension: (Ddict Translate: Translator - Dictionary) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpggmmljdiliancllaapiggllnkbjocb [2021-12-03] CHR Extension: (uBlock Origin) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-12-07] CHR Extension: (S3.Translator) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnnjfbneojbmioajinefnflopdohjk [2020-12-01] CHR Extension: (Tampermonkey) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-07-09] CHR Extension: (Session Buddy) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2020-05-11] CHR Extension: (Arkusze) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16] CHR Extension: (Edytor Office) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2021-12-25] CHR Extension: (Dokumenty Google offline) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-03] CHR Extension: (Super Easy Auto Refresh) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\globgafddkdlnalejlkcpaefakkhkdoa [2020-08-25] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-12-14] CHR Extension: (Undo Closed Tabs Button) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieehkmoiljghfkejgahoheemdjpdinml [2021-10-13] CHR Extension: (Looper for YouTube) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2021-07-16] CHR Extension: (Mate Translate - translator, słownik) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2021-12-25] CHR Extension: (Lightning Speed Dial) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\kddckpmlbneidbekmajhmhikeegjdgcd [2017-10-16] CHR Extension: (Zrób pełny, całkowity zrzut ekranu strony internetowej - FireShot) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2021-10-13] CHR Extension: (Black & White) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhhlgkfginnlendpfkhcmldikeepoefa [2021-12-15] CHR Extension: (FreshStart - Cross Browser Session Manager) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2017-11-19] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-16] CHR Extension: (Gmail) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23] CHR Profile: C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-08-30] CHR Profile: C:\Users\Artur\AppData\Local\Google\Chrome\User Data\System Profile [2021-11-02] CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Programy\Biuro\Przeglądarki Dokumentów\Foxit Reader\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2018-06-04] CHR HKU\S-1-5-21-582382116-2524087355-1443837786-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Programy\Biuro\Przeglądarki Dokumentów\Foxit Reader\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2018-06-04] Opera: ======= OPR Profile: C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable [2021-12-29] OPR Notifications: Opera Stable -> hxxps://azu7.notalkettoft.info; hxxps://mail.tutanota.com; hxxps://members.spyfam.com; hxxps://members.tiny4k.com; hxxps://wallet.wmtransfer.com; hxxps://www.facebook.com; hxxps://www.onet.pl; hxxps://www.paradyz.com; hxxps://www.pyszne.pl; hxxps://www1a.delmarmora.pro OPR DefaultSearchURL: Opera Stable -> hxxp://gerald.top OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Free Download Manager) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2021-10-19] OPR Extension: (SimpleUndoClose) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\aipamoaneebnhkfefefbfmhimclgafig [2018-11-05] OPR Extension: (Rich Hints Agent) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-12-24] OPR Extension: (MyJDownloader Browser Extension) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbclnkmbcmdfamfeaagadifibbongnmf [2020-07-09] OPR Extension: (Ddict Translate: Translator - Dictionary) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\fcfpagpiibkilokeihmaggjgheaemgbi [2021-12-03] OPR Extension: (Auto HD|LQ for YouTube™) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\ffhgcaphggeinepalgnajphijbndmmhp [2018-11-05] OPR Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\ffhogmjbkahkkpjpjmeppoegnjhpopmc [2018-11-05] OPR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\gjpihpkhgfngnbhhfdehlcmgfahbciip [2020-05-17] OPR Extension: (LastPass: Free Password Manager) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2021-12-13] OPR Extension: (Amazon Assistant Promotion) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-10-13] OPR Extension: (uBlock Origin) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2021-12-08] OPR Extension: (V7 Sessions) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmbgihnlknbjgjhmekjeoidpfimabpp [2020-02-20] OPR Extension: (AntiCaptcha automatic captcha solver) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\lncaoejhfdpcafpkkcddpjnhnodcajfg [2021-12-20] [UpdateUrl:hxxps://antcpt.com/downloads/firefox/update_manifest.json] <==== UWAGA OPR Extension: (Violent monkey) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2018-11-05] OPR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\pncpfofkienlinhfknpmgjnjhdoclfhh [2019-07-17] StartMenuInternet: (HKU\S-1-5-21-582382116-2524087355-1443837786-1004) OperaStable - "C:\Programy\Internet I Komunikacja\Przeglądarki Stron WWW\Opera\Launcher.exe" ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AnyDesk; C:\Programy\Narzędzia\Narzędzia Administracyjne I Internetowe\AnyDesk\AnyDesk.exe [3803376 2021-12-14] (philandro Software GmbH -> AnyDesk Software GmbH) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [284720 2020-08-08] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3563568 2020-08-08] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [490032 2020-08-08] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7193.611\DSAPI.exe [987632 2020-09-21] (PC-Doctor, Inc. -> PC-Doctor, Inc.) R2 Everything; C:\Programy\Narzędzia\Narzędzia Dyskowe I Plikowe\Everything\Everything.exe [2197608 2017-06-07] (David Carpenter -> ) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2017-05-19] (FUTUREMARK INC -> Futuremark) R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [144944 2020-08-19] (eVenture Limited -> eVenture Limited) R2 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1047000 2017-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation) R2 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [51160 2017-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation) R2 hshld_10.9.13; C:\Program Files (x86)\Hotspot Shield\10.9.13\bin\cmw_srv.exe [224760 2020-11-20] (Pango Inc. -> Pango Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [452576 2016-02-09] (Malwarebytes Corporation -> Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [901088 2016-02-09] (Malwarebytes Corporation -> Malwarebytes Corporation) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc. -> Nuance Communications, Inc.) S3 SandraAgentSrv; C:\Programy\Narzędzia\Testowanie I Diagnostyka\SiSoftware Sandra\SiSoftware Sandra Business 2016.RTMa\RpcAgentSrv.exe [76784 2015-12-20] (SiSoftware SPC -> SiSoftware) [Brak podpisu cyfrowego] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6153048 2020-11-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SU10Guard; C:\Windows\UPDATE\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2020-09-01] (Dell Inc. -> Dell Inc.) S3 SystemExplorerHelpService; C:\Programy\Narzędzia\Narzędzia Systemowe\System Explorer\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Miroslav Topolar -> Mister Group) R2 TeraCopyService; C:\Programy\Akcesoria\Inne Akcesoria\TeraCopy\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector -> Code Sector) R2 USBSafelyRemoveService; C:\Programy\Narzędzia\Inne Narzędzia\USB Safely Remove\USB Safely Remove\USBSRService.exe [1666416 2015-01-09] (Crystal Rich Ltd -> Crystal Rich Ltd) R2 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [268248 2017-05-25] (Microsoft Windows Hardware Compatibility Publisher -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited) S4 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2198016 2018-08-28] (Sony) [Brak podpisu cyfrowego] S2 DellClientManagementService; "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe" [X] ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [88480 2018-01-12] (Tages SAS -> ) S3 BazisPortableCDBus; C:\WINDOWS\System32\drivers\BazisPortableCDBus.sys [283480 2018-05-02] (Sysprogs OU -> Sysprogs OU) R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.) R3 DellRctl; C:\WINDOWS\System32\drivers\DellRctl.sys [33616 2016-09-22] (FPT USA Corp. -> ) R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [138760 2021-01-14] (ADAPP SASU -> Dokan Project) S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-11-09] (Disc Soft Ltd -> Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-11-09] (Disc Soft Ltd -> Disc Soft Ltd) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [33448 2016-12-07] (CHENGDU YIWO Tech Development Co., Ltd. -> ) S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Brak podpisu cyfrowego] R1 googledrivefs3688; C:\WINDOWS\System32\DRIVERS\googledrivefs3688.sys [381456 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.) R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [28424 2018-04-15] (Glarysoft LTD -> Glarysoft Ltd) R1 hideFirewall; C:\WINDOWS\System32\drivers\hideFirewall.sys [79488 2020-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) R1 HWiNFO; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [55960 2018-05-22] (Martin Malik - REALiX -> REALiX(tm)) R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43680 2017-07-24] (Tages SA -> ) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-02-09] (Malwarebytes Corporation -> Malwarebytes Corporation) R3 MpKsl9c981e94; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10950975-63C4-4B20-8158-33726A9CF564}\MpKslDrv.sys [48360 2021-12-29] (Microsoft Windows -> Microsoft Corporation) R1 pango_netfilter2; C:\WINDOWS\System32\drivers\pango_netfilter2.sys [94080 2020-11-20] (Pango Inc. -> Pango Inc) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) S3 SANDRA; C:\Programy\Narzędzia\Testowanie I Diagnostyka\SiSoftware Sandra\SiSoftware Sandra Business 2016.RTMa\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware Ltd -> SiSoftware) R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [30352 2016-10-07] (STMICROELECTRONICS S.R.L. -> ST Microelectronics) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project) R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project) R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [825176 2021-12-27] (IDRIX SARL -> IDRIX) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation) R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [38176 2020-08-23] (WireGuard LLC -> WireGuard LLC) S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X] S3 cpuz148; \??\C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) (Wszystkie) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2021-12-29 17:57 - 2021-12-29 18:00 - 000000000 ____D C:\Users\Artur\Desktop\FRST64 2021-12-29 17:40 - 2021-12-29 17:40 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant 2021-12-29 17:37 - 2021-12-29 17:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software 2021-12-29 17:37 - 2021-12-29 17:37 - 000000000 ____D C:\Users\Artur\Documents\Mixpad Projects 2021-12-29 15:16 - 2021-12-29 17:37 - 000000000 ____D C:\Users\Artur\AppData\Roaming\NCH Software 2021-12-29 14:58 - 2021-12-29 14:58 - 003398112 _____ (Microsoft Corporation) C:\Users\Artur\Desktop\Windows10Upgrade9252.exe 2021-12-29 09:59 - 2021-12-29 10:01 - 000000018 _____ C:\Users\Artur\Desktop\Nowy dokument tekstowy.txt 2021-12-28 07:43 - 2021-12-28 07:43 - 000000101 _____ C:\Users\Artur\Desktop\dysk.txt 2021-12-27 00:54 - 2021-12-27 00:54 - 000000000 ____D C:\Users\Artur\AppData\Roaming\VeraCrypt 2021-12-27 00:51 - 2021-12-27 00:51 - 000825176 _____ (IDRIX) C:\WINDOWS\system32\Drivers\veracrypt.sys 2021-12-27 00:51 - 2021-12-27 00:51 - 000001112 _____ C:\Users\Public\Desktop\VeraCrypt.lnk 2021-12-27 00:51 - 2021-12-27 00:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt 2021-12-24 21:25 - 2021-12-14 07:44 - 000381456 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3688.sys 2021-12-18 07:39 - 2021-12-18 07:41 - 000003512 _____ C:\WINDOWS\system32\Tasks\ThrottleStop 2021-12-18 06:39 - 2021-12-18 06:39 - 000000000 ____D C:\ProgramData\Intel Telemetry 2021-12-14 13:04 - 2021-12-29 17:57 - 000000000 ____D C:\ProgramData\AnyDesk 2021-12-14 13:04 - 2021-12-14 13:04 - 000002153 _____ C:\Users\Public\Desktop\AnyDesk.lnk 2021-12-14 13:04 - 2021-12-14 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk 2021-12-14 13:01 - 2021-12-29 14:59 - 000000000 ____D C:\Users\Artur\AppData\Roaming\AnyDesk 2021-12-02 18:14 - 2021-12-02 18:14 - 000000000 ____D C:\Program Files\DTU 2021-12-02 18:12 - 2021-12-02 18:12 - 000003218 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_PushButton 2021-12-02 18:12 - 2021-12-02 18:12 - 000000000 ____D C:\Program Files\Waves 2021-12-02 18:11 - 2021-12-02 18:11 - 000000000 ____D C:\WINDOWS\LastGood.Tmp ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2021-12-29 18:00 - 2018-04-14 08:28 - 000000000 ____D C:\FRST 2021-12-29 17:39 - 2020-02-14 12:09 - 000000000 ____D C:\Users\Artur 2021-12-29 17:38 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-12-29 17:36 - 2018-12-18 11:10 - 000000000 ____D C:\TEMP 2021-12-29 17:32 - 2020-02-14 12:16 - 001768484 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-12-29 17:32 - 2019-03-19 13:24 - 000787240 _____ C:\WINDOWS\system32\perfh015.dat 2021-12-29 17:32 - 2019-03-19 13:24 - 000152986 _____ C:\WINDOWS\system32\perfc015.dat 2021-12-29 17:32 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF 2021-12-29 17:30 - 2017-10-16 11:57 - 000000000 ____D C:\Program Files (x86)\Google 2021-12-29 17:28 - 2020-11-20 19:16 - 000000000 ____D C:\WINDOWS\UPDATE 2021-12-29 17:28 - 2020-02-14 12:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-12-29 17:28 - 2020-01-24 16:04 - 000000000 ____D C:\Program Files (x86)\Dell 2021-12-29 17:28 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-12-29 17:28 - 2017-11-08 20:03 - 000000000 ____D C:\Users\Artur\AppData\Roaming\USBSafelyRemove 2021-12-29 17:28 - 2017-07-03 10:21 - 000000000 __SHD C:\Users\Artur\IntelGraphicsProfiles 2021-12-29 17:28 - 2017-06-30 04:43 - 000470481 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt 2021-12-29 17:28 - 2017-06-30 04:42 - 000000000 ____D C:\Intel 2021-12-29 17:25 - 2019-11-22 14:20 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2021-12-29 17:23 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Globalization 2021-12-29 16:45 - 2020-02-14 12:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-12-29 15:20 - 2017-07-03 15:26 - 000000000 ____D C:\Users\Artur\AppData\Roaming\TeraCopy 2021-12-29 15:08 - 2017-11-04 07:24 - 000000000 ____D C:\Users\Artur\AppData\Local\ElevatedDiagnostics 2021-12-28 23:45 - 2020-02-14 12:18 - 000000078 _____ C:\WINDOWS\system32\WINDOWS10-ARTUR.Windows 10 (build 18363).txt 2021-12-27 01:28 - 2021-10-29 17:03 - 000000000 ____D C:\Users\Artur\Desktop\Majtkomat 2021-12-24 21:29 - 2020-02-14 12:15 - 000004288 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1541447012 2021-12-24 21:29 - 2018-11-05 20:43 - 000001413 _____ C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk 2021-12-24 21:25 - 2021-03-14 13:35 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk 2021-12-18 08:09 - 2018-01-22 12:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2021-12-18 08:09 - 2017-09-04 22:09 - 000000000 ____D C:\ProgramData\Package Cache 2021-12-18 08:09 - 2017-06-30 04:42 - 000000000 ____D C:\Program Files\Intel 2021-12-18 06:58 - 2019-03-19 05:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-12-18 06:55 - 2020-11-06 19:46 - 000000000 ___HD C:\$WINDOWS.~BT 2021-12-18 06:55 - 2020-02-14 12:14 - 000015243 _____ C:\WINDOWS\diagwrn.xml 2021-12-18 06:55 - 2020-02-14 12:14 - 000015243 _____ C:\WINDOWS\diagerr.xml 2021-12-18 06:55 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Registration 2021-12-18 06:53 - 2018-01-22 12:24 - 000000000 ____D C:\ProgramData\Intel 2021-12-18 06:51 - 2020-11-20 19:21 - 000000000 ____D C:\WINDOWS\Panther 2021-12-18 02:20 - 2020-06-06 01:01 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-12-17 04:43 - 2020-08-24 20:07 - 000000000 ____D C:\Users\Artur\Desktop\Tor Browser 2021-12-16 04:00 - 2018-05-01 06:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-12-14 21:38 - 2020-06-24 01:02 - 000000000 ____D C:\Users\Artur\AppData\Local\CrashDumps 2021-12-14 14:33 - 2020-08-03 20:48 - 000000000 ____D C:\Users\Artur\Desktop\zdjęcia z nad morza 2021-12-13 22:46 - 2017-10-16 11:57 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-12-11 10:50 - 2020-06-06 01:01 - 000003510 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-12-11 10:50 - 2020-06-06 01:01 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-12-02 18:12 - 2017-06-30 04:44 - 000000000 ____D C:\WINDOWS\system32\RTCOM 2021-12-02 18:12 - 2017-06-30 04:43 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM ==================== Pliki w katalogu głównym wybranych folderów ======== 2017-07-03 12:06 - 2017-07-03 12:06 - 000000779 _____ () C:\Users\Artur\AppData\Roaming\gdscan.log 2018-04-10 14:08 - 2018-12-07 18:01 - 015597568 _____ () C:\Users\Artur\AppData\Roaming\Sandra.mdb 2020-07-20 08:41 - 2020-07-20 08:41 - 000000021 _____ () C:\Users\Artur\AppData\Local\Autosofted License.txt 2018-11-01 16:01 - 2019-08-03 21:46 - 050616672 _____ (Sony) C:\Users\Artur\AppData\Local\pcc.exe 2020-07-11 15:13 - 2020-07-11 15:28 - 000000128 _____ () C:\Users\Artur\AppData\Local\PUTTY.RND 2020-02-10 14:43 - 2020-02-10 14:43 - 000010573 _____ () C:\Users\Artur\AppData\Local\recently-used.xbel 2017-07-04 15:24 - 2020-05-30 02:22 - 000007615 _____ () C:\Users\Artur\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) ==================== Koniec FRST.txt ========================