Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 31-10-2023 Uruchomiony przez Rysiek (administrator) RYSIEK-KOMP (Hewlett-Packard HP Compaq 8200 Elite CMT PC) (31-10-2023 11:59:56) Uruchomiony z D:\Pulpit\Krystian Antywirus\FRST64.exe Załadowane profile: Rysiek Platforma: Microsoft Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Domyślna przeglądarka: FF Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2> (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe (explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (nvvsvc.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (SEIKO EPSON CORPORATION) [Brak podpisu cyfrowego] C:\Program Files (x86)\epson\Creativity Suite\Event Manager\EEventManager.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe (services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (services.exe ->) (Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbengine.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe <3> (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2> (services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation -> Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8468184 2015-05-22] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [1225920 2014-04-30] (NVIDIA CORPORATION -> NVIDIA Corporation) [Brak podpisu cyfrowego] HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2012-01-19] (Intel Corporation -> Intel Corporation) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2006-03-17] (SEIKO EPSON CORPORATION) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4187856 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Ograniczenia <==== UWAGA HKU\S-1-5-21-1865058350-1116019282-1544485513-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2017-03-13] (Glarysoft LTD -> Glarysoft Ltd) HKLM\...\Windows x64\Print Processors\hpcpp185: C:\Windows\System32\spool\prtprocs\x64\hpcpp185.dll [654008 2016-01-12] (HP Inc. -> HP Inc.) HKLM\...\Windows x64\Print Processors\hpcpp250: C:\Windows\System32\spool\prtprocs\x64\hpcpp250.dll [850024 2020-08-20] (HP Inc. -> HP Inc.) HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\Windows\system32\HPMPW081.DLL [127488 2016-01-12] (HP Inc. -> HP Inc.) HKLM\...\Print\Monitors\HPMLM180: C:\Windows\system32\hpmlm180.dll [310456 2016-01-12] (HP Inc. -> Hewlett-Packard Company) HKLM\...\Print\Monitors\HPMLM225: C:\Windows\system32\hpmlm225.dll [315496 2020-08-20] (HP Inc. -> HP Inc.) BootExecute: autocheck autochk * ==================== Zaplanowane zadania (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {73290322-0000-48FB-88B6-86C93E8C5A5B} - System32\Tasks\{760962D6-38C1-4D95-BB0F-0D2EDBAC761E} => C:\Windows\system32\pcalua.exe [9728 2016-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a D:\Pulpit\GstarCAD_2020_PL_200701_SP2_64bit.exe -d D:\Pulpit Task: {0B74AFA9-3B32-4E3E-AF20-A19C2DF59882} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08-02] (Adobe Inc. -> Adobe Inc.) Task: {47276D0B-EA91-48DA-962D-7942525CDF97} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) Task: {8DB379B6-6C98-4313-84C2-FB614306F9D2} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) Task: {BF0CE33B-23B7-4B42-91C2-9C2A7D87406D} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) Task: {2E647C4F-5970-439D-B33E-755C68C6B5B8} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) Task: {7A4457E8-129B-4D56-A1F9-ACC999A6D35E} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) Task: {EB4BCC03-79F8-4B97-AD99-091039A92F1D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) Task: {4FC9CC0E-C982-46B1-B977-FFD9CB38C2DE} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [134608 2017-03-13] (Glarysoft LTD -> Glarysoft Ltd) Task: {5B50614F-CEF4-46D5-9161-BAF22E2894B2} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [898000 2017-03-13] (Glarysoft LTD -> Glarysoft Ltd) Task: {88D868B1-D345-436A-82E1-5BC919032A6E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-09-13] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {766FD2AD-D136-4E32-8EDB-B0FFE62DA7E4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [724384 2023-09-13] (Mozilla Corporation -> Mozilla Foundation) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0E1105B1-EDD5-4E04-B954-6DCE92922FD2}: [NameServer] 156.154.70.25,156.154.71.25 Tcpip\..\Interfaces\{0E1105B1-EDD5-4E04-B954-6DCE92922FD2}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF DefaultProfile: fxtt90lb.default FF ProfilePath: C:\Users\Rysiek\AppData\Roaming\Mozilla\Firefox\Profiles\fxtt90lb.default [2023-10-31] FF DownloadDir: D:\X-Archiwum\2-Pulpit FF Homepage: Mozilla\Firefox\Profiles\fxtt90lb.default -> hxxp://www.onet.pl/ FF Extension: (MaDonnas Aurora Blue) - C:\Users\Rysiek\AppData\Roaming\Mozilla\Firefox\Profiles\fxtt90lb.default\Extensions\{abeb6cbe-c171-4bc8-8047-6783e8513546}.xpi [2021-05-30] FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-05-20] (NVIDIA CORPORATION -> NVIDIA Corporation) [Brak podpisu cyfrowego] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-05-20] (NVIDIA CORPORATION -> NVIDIA Corporation) [Brak podpisu cyfrowego] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2023-09-07] (Adobe Inc. -> Adobe Systems Inc.) ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-08-02] (Adobe Inc. -> Adobe Inc.) R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [98208 2009-11-17] (Andrea Electronics -> Andrea Electronics Corporation) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334144 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2675504 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1044176 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2019-02-01] (HP Inc.) [Brak podpisu cyfrowego] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2019-02-01] (HP Inc.) [Brak podpisu cyfrowego] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) S3 klvssbridge64_18.0.0; Brak ImagePath S2 KSDE5.3; Brak ImagePath ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [29088 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [861592 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [53808 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2017-03-15] (Glarysoft Ltd -> Glarysoft Ltd) R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [58880 2008-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Infineon Technologies AG) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [121488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [51368 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO) R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project) S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [78848 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation) S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [180224 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation) R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [36904 2020-04-08] (Feitian Technologies Co., Ltd. -> Feitian Technologies Co., Ltd.) R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2023-10-30 21:55 - 2023-10-31 12:58 - 000000000 ____D C:\ProgramData\Norton 2023-10-30 21:55 - 2023-10-30 21:55 - 000000000 ____D C:\Users\Rysiek\AppData\Local\NPE 2023-10-04 13:56 - 2023-10-31 12:00 - 000000000 ___DC C:\FRST ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2023-10-31 12:58 - 2023-09-13 05:52 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-10-31 12:58 - 2022-02-28 14:30 - 000000000 ___DC C:\Program Files\COMODO 2023-10-31 12:58 - 2022-02-28 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2023-10-31 12:58 - 2021-10-12 11:33 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2023-10-31 12:58 - 2016-04-02 12:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-10-31 12:58 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration 2023-10-31 12:58 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2023-10-31 12:58 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\AppCompat 2023-10-31 11:58 - 2022-02-28 16:20 - 000000000 ____D C:\Windows\system32\Tasks\COMODO 2023-10-31 11:58 - 2022-02-28 14:28 - 000000000 ____D C:\ProgramData\Comodo 2023-10-31 11:58 - 2016-04-02 13:41 - 000000000 ____D C:\ProgramData\NVIDIA 2023-10-31 11:58 - 2016-04-02 12:30 - 000000000 ____D C:\Users\Rysiek 2023-10-31 11:58 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-10-31 08:50 - 2016-11-18 14:37 - 000000000 ____D C:\Users\Rysiek\AppData\LocalLow\Mozilla 2023-10-31 08:10 - 2009-07-14 05:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2023-10-31 08:10 - 2009-07-14 05:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) LastRegBack: 2023-10-30 10:23 ==================== Koniec FRST.txt ========================