Dzień dobry Bardzo proszę o analizę załączonych logów i pomoc. Od jakiegoś czasu przeglądarka Chrom sama się wyłącza. Wcześniej podczas uruchamiania systemu pojawiało się okienko "taskmgr.exe", z jakimś ciągiem znaków, a następnie znikało. Patrzyłem w zaplanowanych zadaniach systemu, ale nic podejrzanego nie znalazłem. Skanowałem komputer Eset, Malwarebytes, Adwclenerem i Loarisem. Dodatkowo zresetowałem plik host, ustawienia przeglądarki, Windows update, zaporę, proxy, klucze śledzenia itd. Pomimo tego chrome i tak się sam zamykał po jakimś czasie i często występował błąd Windows Explorera przy otwieraniu folderów :( Kilka dni temu włączyłem najnowszego Combofixa. Okienko "taskmgr.exe" już się nie pojawia przy uruchomieniu, jak i błąd Windows Explorera ustąpił. Niestety Chrom po jakimś czasie nadal sam się nagle zamyka - niezależnie, czy z niego korzystam czy nie, pomimo że go przeinstalowałem, jak i jego rozszerzenia - wygląda to na jakieś zaplanowane zadanie w systemie, ale nie wiem jak to naprawić :-? Bardzo proszę o pomoc i pozdrawiam.
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 27-06-2020
Uruchomiony przez MAREK (administrator) MAREK-KOMPUTER (28-06-2020 12:58:35)
Uruchomiony z C:\Users\MAREK\Desktop
Załadowane profile: MAREK
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesy (filtrowane) =================
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
(Adguard Software Limited - & gt; Adguard Software Ltd) C:\Program Files\Adguard\Adguard.exe
(Adguard Software Limited - & gt; Adguard Software Ltd) C:\Program Files\Adguard\AdguardSvc.exe
(Advanced Micro Devices, Inc. - & gt; Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc. - & gt; Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(Creative Technology - & gt; Creative Technology Ltd) C:\Windows\System32\CtHelper.exe
(Creative Technology Ltd) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(ESET, spol. s r.o. - & gt; ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. - & gt; ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC - & gt; Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe & lt; 13 & gt;
(Google LLC - & gt; Google LLC) C:\Program Files\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Intel Corporation - & gt; Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - & gt; Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Konstantin Polyakov IP - & gt; Chemtable Software) C:\Program Files\Reg Organizer\StartupCheckingService.exe
(Logitech - & gt; Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
(Logitech - & gt; Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
(Malwarebytes Inc - & gt; Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc - & gt; Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows Hardware Compatibility Publisher - & gt; AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher - & gt; AMD) C:\Windows\System32\atiesrxx.exe
(O & O Software GmbH - & gt; O & O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Renesas Electronics Corporation - & gt; Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Samsung Electronics CO., LTD. - & gt; ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Samsung Electronics CO., LTD. - & gt; ) C:\Windows\System32\SecUPDUtilSvc.exe
==================== Rejestr (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
HKLM\...\Run: [NUSB3MON] = & gt; C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation - & gt; Renesas Electronics Corporation)
HKLM\...\Run: [IAStorIcon] = & gt; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation - & gt; Intel Corporation)
HKLM\...\Run: [StartCCC] = & gt; C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-04] (Advanced Micro Devices, Inc. - & gt; Advanced Micro Devices, Inc.)
HKLM\...\Run: [CTHelper] = & gt; C:\Windows\system32\CTHELPER.EXE* [19456 2012-10-11] () [Brak podpisu cyfrowego] [Plik w użyciu]
HKLM\...\Run: [egui] = & gt; C:\Program Files\ESET\ESET Security\ecmds.exe [174712 2020-04-02] (ESET, spol. s r.o. - & gt; ESET)
HKLM\...\Run: [OODefragTray] = & gt; C:\Program Files\OO Software\Defrag\oodtray.exe [3776888 2020-05-11] (O & O Software GmbH - & gt; O & O Software GmbH)
HKU\S-1-5-21-2543001091-3019591363-2805725220-1000\...\Run: [Adguard] = & gt; C:\Program Files\Adguard\Adguard.exe [5597032 2020-06-04] (Adguard Software Limited - & gt; Adguard Software Ltd)
HKU\S-1-5-21-2543001091-3019591363-2805725220-1000\Software\Policies\...\system: [disablecmd] 0
HKU\S-1-5-21-2543001091-3019591363-2805725220-1000\Control Panel\Desktop\\SCRNSAVE.EXE - & gt;
HKLM\...\Windows NT x86\Print Processors\us005PC: C:\Windows\System32\spool\prtprocs\W32X86\us005pc.dll [38424 2016-09-29] (Microsoft Windows Hardware Compatibility Publisher - & gt; Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows NT x86\Print Processors\us013PC: C:\Windows\System32\spool\prtprocs\W32X86\us013pc.dll [29696 2015-08-20] (Windows (R) Codename Longhorn DDK provider) [Brak podpisu cyfrowego] [Plik w użyciu]
HKLM\...\Windows NT x86\Print Processors\us015PC: C:\Windows\System32\spool\prtprocs\W32X86\us015pc.dll [38264 2019-08-26] (Microsoft Windows Hardware Compatibility Publisher - & gt; Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\PDF-XChange5-ABBYY-FR: C:\Windows\system32\pxc50pmaf.dll [59584 2016-10-03] (Tracker Software Products (Canada) Ltd - & gt; Tracker Software Products (Canada) Ltd.)
HKLM\...\Print\Monitors\us005 Langmon: C:\Windows\system32\us005lm.dll [27152 2016-09-29] (Microsoft Windows Hardware Compatibility Publisher - & gt; )
HKLM\...\Print\Monitors\us013 Langmon: C:\Windows\system32\us013lm.dll [18432 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher - & gt; )
HKLM\...\Print\Monitors\us015 Langmon: C:\Windows\system32\us015lm.dll [27000 2019-08-26] (Microsoft Windows Hardware Compatibility Publisher - & gt; )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] - & gt; C:\Program Files\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-27] (Google LLC - & gt; Google LLC)
BootExecute: autocheck autochk * icarus_rvrt.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia & lt; ==== UWAGA
==================== Zaplanowane zadania (filtrowane) ============
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
Task: {2361C9F9-9FB3-41C0-853B-8F6CAD851BA0} - System32\Tasks\Reg Organizer Applications Updates Check = & gt; C:\Program Files\Reg Organizer\RegOrganizer.exe -SilentUpdatesCheck
Task: {266D7AE4-96B3-45E1-9D83-CEF687FB2D99} - System32\Tasks\Java Platform SE Auto Updater = & gt; C:\Program Files\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. - & gt; Oracle Corporation)
Task: {276D542B-120A-4697-ACB8-B4A47C77BC9E} - System32\Tasks\GoogleUpdateTaskMachineCore = & gt; C:\Program Files\Google\Update\GoogleUpdate.exe [156104 2020-06-27] (Google LLC - & gt; Google LLC)
Task: {31A96D83-6A07-439E-9049-5B1A03F6D898} - System32\Tasks\GoogleUpdateTaskMachineUA = & gt; C:\Program Files\Google\Update\GoogleUpdate.exe [156104 2020-06-27] (Google LLC - & gt; Google LLC)
Task: {494FE87F-3BB4-4A4E-AA14-4B85A4F82B72} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 = & gt; C:\Program Files\Microsoft Office\Office16\msoia.exe [314544 2015-07-31] (Microsoft Corporation - & gt; Microsoft Corporation)
Task: {6A23F5F7-E9DB-4827-9FB2-44D09B40A2EB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat = & gt; C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [124632 2015-07-31] (Microsoft Corporation - & gt; Microsoft Corporation)
Task: {A9FFFF80-2873-4796-9F8B-1C4A64F432FA} - System32\Tasks\Adobe Acrobat Update Task = & gt; C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. - & gt; Adobe Systems)
Task: {BDC258CA-8AB0-4367-820F-C4C991566ECA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 = & gt; C:\Program Files\Microsoft Office\Office16\msoia.exe [314544 2015-07-31] (Microsoft Corporation - & gt; Microsoft Corporation)
Task: {C3E35D50-D739-4DE6-9260-26D6CB616680} - \Trojan Remover - & gt; Brak pliku & lt; ==== UWAGA
(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)
==================== Internet (filtrowane) ====================
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{26EF9921-CD63-42A8-A821-098E807593BD}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{CE652034-43D8-4A03-84D9-CD6131C0ED9B}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=msnhome
HKU\S-1-5-21-2543001091-3019591363-2805725220-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKU\S-1-5-21-2543001091-3019591363-2805725220-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2543001091-3019591363-2805725220-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\S-1-5-21-2543001091-3019591363-2805725220-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.pl/?gws_rd=ssl#spf=1593260643449
BHO: Skype for Business Browser Helper - & gt; {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - & gt; C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2020-03-17] (Microsoft Corporation - & gt; Microsoft Corporation)
BHO: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation - & gt; Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper - & gt; {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - & gt; C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation - & gt; Microsoft Corporation)
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-08-13] (Microsoft Corporation - & gt; Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-08-13] (Microsoft Corporation - & gt; Microsoft Corporation)
Edge:
======
Edge Profile: C:\Users\MAREK\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-18]
FireFox:
========
FF Plugin: @cuminas.jp/DjVuPlugin - & gt; C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation - & gt; Cuminas Corporation)
FF Plugin: @java.com/DTPlugin,version=11.251.2 - & gt; C:\Program Files\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-05-14] (Oracle America, Inc. - & gt; Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.251.2 - & gt; C:\Program Files\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-05-14] (Oracle America, Inc. - & gt; Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 - & gt; C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-03-17] (Microsoft Corporation - & gt; Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - & gt; C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation - & gt; Microsoft Corporation)
FF Plugin: Adobe Reader - & gt; C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-20] (Adobe Inc. - & gt; Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default [2020-06-28]
CHR DownloadDir: C:\Users\MAREK\Desktop
CHR Extension: (Prezentacje) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-27]
CHR Extension: (Dokumenty) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-27]
CHR Extension: (Dysk Google) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-06-27]
CHR Extension: (Bloker reklam AdGuard) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2020-06-28]
CHR Extension: (YouTube) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-27]
CHR Extension: (Tampermonkey) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-06-27]
CHR Extension: (Arkusze) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-27]
CHR Extension: (Edytor Office) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2020-06-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-27]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-06-28]
CHR Extension: (Google Hangouts) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2020-06-27]
CHR Extension: (Opisz i wyślij screen) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdddabjhelpilpnpgondfmehhcplpiin [2020-06-27]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-06-27]
CHR Extension: (PDF Viewer) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm [2020-06-27]
CHR Extension: (Print Friendly & PDF) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2020-06-27]
CHR Extension: (Gmail) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-06-27]
CHR Extension: (Chrome Media Router) - C:\Users\MAREK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-27]
==================== Usługi (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [175976 2020-06-04] (Adguard Software Limited - & gt; Adguard Software Ltd)
S4 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88648 2020-02-25] (Adobe Inc. - & gt; Adobe Systems)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [214528 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher - & gt; AMD)
S4 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [56480 2010-10-27] (Atheros Communications Inc. - & gt; Atheros Commnucations) [Brak podpisu cyfrowego] [Plik w użyciu]
R2 Chemtable Startup Checking; C:\Program Files\Reg Organizer\StartupCheckingService.exe [ ]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2018-09-01] (Creative Labs) [Brak podpisu cyfrowego] [Plik w użyciu]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2018-09-01] (Creative Labs) [Brak podpisu cyfrowego] [Plik w użyciu]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [Brak podpisu cyfrowego] [Plik w użyciu]
S3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1087320 2015-08-10] (Disc Soft Ltd - & gt; Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1959232 2020-04-02] (ESET, spol. s r.o. - & gt; ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [1959232 2020-04-02] (ESET, spol. s r.o. - & gt; ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [5547464 2020-02-27] (Malwarebytes Inc - & gt; Malwarebytes)
S4 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [236576 2020-04-03] (TEFINCOM S.A. - & gt; )
S2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1377656 2020-04-28] (O & O Software GmbH - & gt; O & O Software GmbH)
R2 SamsungUPDUtilSvc; C:\Windows\system32\SecUPDUtilSvc.exe [143664 2019-08-29] (Samsung Electronics CO., LTD. - & gt; )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows - & gt; Microsoft Corporation)
===================== Sterowniki (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [62368 2020-04-07] (Adguard Software Limited - & gt; )
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [19503104 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher - & gt; Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [532480 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher - & gt; Advanced Micro Devices, Inc.)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [47144 2010-10-27] (Atheros Communications Inc. - & gt; Windows (R) Win 7 DDK provider)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [87568 2016-03-01] (Microsoft Windows Hardware Compatibility Publisher - & gt; Advanced Micro Devices)
S3 COMMONFX; C:\Windows\System32\drivers\COMMONFX.SYS [101216 2012-10-11] (Creative Technology - & gt; Creative Technology Ltd)
R3 COMMONFX.SYS; C:\Windows\System32\drivers\COMMONFX.SYS [101216 2012-10-11] (Creative Technology - & gt; Creative Technology Ltd)
S3 CTAUDFX; C:\Windows\System32\drivers\CTAUDFX.SYS [556896 2012-10-11] (Creative Technology - & gt; Creative Technology Ltd)
R3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [556896 2012-10-11] (Creative Technology - & gt; Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [348944 2012-10-11] (Creative Technology - & gt; Creative Technology Ltd)
S3 CTERFXFX; C:\Windows\System32\drivers\CTERFXFX.SYS [102752 2012-10-11] (Creative Technology - & gt; Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\Windows\System32\drivers\CTERFXFX.SYS [102752 2012-10-11] (Creative Technology - & gt; Creative Technology Ltd)
S3 CTSBLFX; C:\Windows\System32\drivers\CTSBLFX.SYS [568160 2012-10-11] (Creative Technology - & gt; Creative Technology Ltd)
R3 CTSBLFX.SYS; C:\Windows\System32\drivers\CTSBLFX.SYS [568160 2012-10-11] (Creative Technology - & gt; Creative Technology Ltd)
S3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [131064 2014-03-24] (HID Global - & gt; HID Global Corporation)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [25016 2018-09-01] (Disc Soft Ltd - & gt; Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [39992 2018-09-01] (Disc Soft Ltd - & gt; Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [131512 2020-04-02] (ESET, spol. s r.o. - & gt; ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [91416 2020-04-02] (ESET, spol. s r.o. - & gt; ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [149600 2020-04-02] (ESET, spol. s r.o. - & gt; ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [46480 2020-04-02] (ESET, spol. s r.o. - & gt; ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [71208 2020-04-02] (ESET, spol. s r.o. - & gt; ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [56120 2020-03-18] (ESET, spol. s r.o. - & gt; ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [99488 2020-04-02] (ESET, spol. s r.o. - & gt; ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129056 2020-04-15] (Malwarebytes Corporation - & gt; Malwarebytes)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [800608 2012-10-11] (Creative Technology - & gt; Creative Technology Ltd)
R3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [164704 2012-10-11] (Creative Technology - & gt; Creative Technology Ltd)
S3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [191328 2012-10-11] (Creative Technology - & gt; Creative Technology Ltd)
S2 Kmm4xNT; C:\Windows\System32\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk) [Brak podpisu cyfrowego] [Plik w użyciu]
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech - & gt; Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech - & gt; Logitech, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [178952 2020-06-27] (Malwarebytes Inc - & gt; Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [159592 2020-06-28] (Malwarebytes Inc - & gt; Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [64080 2020-06-28] (Malwarebytes Inc - & gt; Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [213912 2020-06-27] (Malwarebytes Inc - & gt; Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [102512 2020-06-28] (Malwarebytes Inc - & gt; Malwarebytes)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Microsoft Windows Hardware Compatibility Publisher - & gt; Intel Corporation)
R0 mv91xx; C:\Windows\System32\DRIVERS\mv91xx.sys [261160 2010-08-27] (Marvell Semiconductor - & gt; Marvell Semiconductor, Inc.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation - & gt; Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation - & gt; Renesas Electronics Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2013-03-12] (Realtek Semiconductor Corp - & gt; Realtek Semiconductor Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [19528 2019-05-31] (HP Inc. - & gt; )
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [31496 2018-07-24] (TEFINCOM S.A. - & gt; The OpenVPN Project)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam_prewin8.sys [28984 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher - & gt; Western Digital Technologies)
S3 catchme; \??\C:\Users\MAREK\AppData\Local\Temp\catchme.sys [X] & lt; ==== UWAGA
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
==================== NetSvcs (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
==================== Jeden miesiąc (utworzone) ===================
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2020-06-28 12:58 - 2020-06-28 12:59 - 000023472 _____ C:\Users\MAREK\Desktop\FRST.txt
2020-06-28 12:53 - 2020-06-28 12:58 - 000000000 ____D C:\FRST
2020-06-28 12:52 - 2020-06-27 20:11 - 002015232 _____ (Farbar) C:\Users\MAREK\Desktop\FRST.exe
2020-06-28 11:37 - 2020-06-28 11:37 - 000159592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-06-28 11:37 - 2020-06-28 11:37 - 000102512 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-06-28 11:37 - 2020-06-28 11:37 - 000064080 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-06-27 18:22 - 2020-06-27 18:22 - 000178952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-06-27 18:03 - 2020-04-07 19:14 - 000062368 _____ () C:\Windows\system32\Drivers\adgnetworktdidrv.sys
2020-06-27 18:02 - 2020-06-27 18:02 - 000000000 ____D C:\Users\MAREK\AppData\Local\Adguard_Software_Ltd
2020-06-27 18:01 - 2020-06-27 18:01 - 000000000 ____D C:\Users\MAREK\AppData\Roaming\Adguard Software Ltd
2020-06-27 18:00 - 2020-06-28 12:59 - 000000000 ____D C:\ProgramData\Adguard
2020-06-27 18:00 - 2020-06-28 11:37 - 000000000 ____D C:\Program Files\Adguard
2020-06-27 18:00 - 2020-06-27 18:00 - 000000903 _____ C:\Users\Public\Desktop\Adguard.lnk
2020-06-27 18:00 - 2020-06-27 18:00 - 000000903 _____ C:\ProgramData\Desktop\Adguard.lnk
2020-06-27 18:00 - 2020-06-27 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdGuard
2020-06-27 16:37 - 2020-06-27 16:37 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-06-27 16:26 - 2020-06-27 17:32 - 000002914 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2020-06-27 16:26 - 2020-06-27 17:26 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2020-06-27 16:26 - 2020-06-27 17:24 - 000002969 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2020-06-27 16:26 - 2020-06-27 17:20 - 000002797 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2020-06-27 16:26 - 2020-06-27 17:17 - 000002927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2020-06-27 16:26 - 2020-06-27 17:17 - 000002853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2020-06-27 16:26 - 2020-06-27 17:17 - 000002817 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2020-06-27 16:26 - 2020-06-27 17:17 - 000002809 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2020-06-27 16:26 - 2020-06-27 17:17 - 000002803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2020-06-27 16:26 - 2020-06-27 17:17 - 000002773 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2020-06-27 16:25 - 2020-06-27 16:25 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-27 16:24 - 2020-06-27 16:24 - 000000000 ____D C:\Windows\PCHEALTH
2020-06-27 16:24 - 2020-06-27 16:24 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2020-06-27 16:24 - 2020-06-27 16:24 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2020-06-27 16:22 - 2020-06-27 17:16 - 000000000 ____D C:\Windows\SHELLNEW
2020-06-27 16:22 - 2020-06-27 16:22 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2020-06-27 16:21 - 2020-06-27 16:24 - 000000000 ____D C:\Program Files\Microsoft Office
2020-06-27 16:19 - 2020-06-27 16:19 - 000000000 __RHD C:\MSOCache
2020-06-27 15:51 - 2020-06-27 15:51 - 000002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-27 15:50 - 2020-06-27 15:50 - 000003472 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-06-27 15:50 - 2020-06-27 15:50 - 000003344 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-06-27 13:37 - 2020-06-27 13:37 - 000003842 _____ C:\Windows\system32\Tasks\Reg Organizer Applications Updates Check
2020-06-27 00:18 - 2020-06-27 17:47 - 000112392 _____ C:\Users\MAREK\AppData\Local\GDIPFONTCACHEV1.DAT
2020-06-26 00:24 - 2020-06-26 00:24 - 000007612 _____ C:\Users\MAREK\AppData\Local\Resmon.ResmonCfg
2020-06-25 21:27 - 2020-06-27 17:46 - 000427416 _____ C:\Windows\system32\FNTCACHE.DAT
2020-06-21 12:56 - 2020-06-21 13:41 - 000000000 ____D C:\Windows\erdnt
2020-06-09 20:37 - 2020-06-24 21:13 - 000000000 ____D C:\Windows\system32\Tasks\AVG
2020-06-09 20:27 - 2020-06-09 20:27 - 000000000 ____D C:\Program Files\Common Files\AVG
2020-06-09 20:26 - 2020-06-08 13:38 - 000124744 _____ (AVG Technologies) C:\Windows\system32\icarus_rvrt.exe
2020-05-30 13:24 - 2020-05-30 13:24 - 000001292 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2020-05-30 13:24 - 2020-05-30 13:24 - 000001292 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2020-05-30 13:24 - 2020-05-30 13:24 - 000000000 ____D C:\Users\MAREK\AppData\Local\VS Revo Group
2020-05-30 13:24 - 2020-05-30 13:24 - 000000000 ____D C:\ProgramData\VS Revo Group
2020-05-30 13:24 - 2020-05-30 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2020-05-30 13:24 - 2020-05-30 13:24 - 000000000 ____D C:\Program Files\VS Revo Group
2020-05-30 13:24 - 2016-12-21 14:52 - 000035632 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2020-05-29 22:19 - 2020-06-27 14:55 - 000213912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-05-29 21:15 - 2020-05-29 21:15 - 000001134 _____ C:\Users\Public\Desktop\Reg Organizer.lnk
2020-05-29 21:15 - 2020-05-29 21:15 - 000001134 _____ C:\ProgramData\Desktop\Reg Organizer.lnk
2020-05-29 21:14 - 2020-05-29 21:14 - 000000000 ____D C:\ProgramData\Chemtable Software
2020-05-29 21:13 - 2020-05-29 21:15 - 000000000 ___SD C:\Program Files\Reg Organizer
2020-05-29 21:13 - 2020-05-29 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Organizer
2020-05-29 21:13 - 2020-05-29 21:13 - 000000000 ____D C:\Users\MAREK\AppData\Roaming\ChemTable Software
==================== Jeden miesiąc (zmodyfikowane) ==================
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2020-06-28 12:52 - 2018-09-02 01:25 - 000000000 ____D C:\Users\MAREK\Documents\Moje dokumenty-31-08-2018
2020-06-28 12:42 - 2009-07-14 06:34 - 000036048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-06-28 12:42 - 2009-07-14 06:34 - 000036048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-06-28 12:27 - 2011-04-12 07:08 - 000743420 _____ C:\Windows\system32\perfh015.dat
2020-06-28 12:27 - 2011-04-12 07:08 - 000157020 _____ C:\Windows\system32\perfc015.dat
2020-06-28 12:27 - 2010-11-20 23:01 - 001678024 _____ C:\Windows\system32\PerfStringBackup.INI
2020-06-28 12:27 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2020-06-28 11:40 - 2018-09-03 22:43 - 000004008 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{E2B15039-44FE-402E-8C02-E2C20D18A75D}
2020-06-28 11:37 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-28 11:36 - 2018-09-01 16:46 - 000032592 _____ C:\Windows\system32\BMXStateBkp-{00000009-00000000-00000002-00001102-00000004-20071102}.rfx
2020-06-28 11:36 - 2018-09-01 16:46 - 000032592 _____ C:\Windows\system32\BMXState-{00000009-00000000-00000002-00001102-00000004-20071102}.rfx
2020-06-28 11:36 - 2018-09-01 16:46 - 000031608 _____ C:\Windows\system32\BMXCtrlState-{00000009-00000000-00000002-00001102-00000004-20071102}.rfx
2020-06-28 11:36 - 2018-09-01 16:46 - 000031608 _____ C:\Windows\system32\BMXBkpCtrlState-{00000009-00000000-00000002-00001102-00000004-20071102}.rfx
2020-06-28 11:36 - 2018-09-01 16:46 - 000011564 _____ C:\Windows\system32\DVCState-{00000009-00000000-00000002-00001102-00000004-20071102}.rfx
2020-06-28 11:33 - 2018-09-02 13:24 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-06-28 11:33 - 2018-09-02 13:14 - 000000000 ____D C:\Users\MAREK\AppData\Roaming\Samsung
2020-06-27 18:50 - 2018-09-02 13:13 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2020-06-27 18:49 - 2018-09-02 13:12 - 000000000 ____D C:\Program Files\Samsung
2020-06-27 18:21 - 2018-09-01 15:09 - 000000000 ____D C:\Users\MAREK
2020-06-27 18:09 - 2018-09-09 12:41 - 000000000 ____D C:\Users\MAREK\AppData\Roaming\qBittorrent
2020-06-27 18:00 - 2018-09-01 16:18 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-27 17:32 - 2009-07-14 04:04 - 000000478 _____ C:\Windows\win.ini
2020-06-27 16:42 - 2009-07-14 04:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-06-27 16:22 - 2009-07-14 04:37 - 000000000 ____D C:\Program Files\Common Files\System
2020-06-27 15:51 - 2018-09-01 16:26 - 000000000 ____D C:\Users\MAREK\AppData\Local\Google
2020-06-27 15:51 - 2018-09-01 16:25 - 000000000 ____D C:\Program Files\Google
2020-06-27 13:12 - 2019-04-09 11:39 - 000000000 ____D C:\Users\MAREK\AppData\Roaming\AVG
2020-06-27 13:12 - 2019-04-09 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Technologies
2020-06-27 13:08 - 2018-09-01 17:51 - 000000000 ____D C:\ProgramData\Avg
2020-06-27 01:50 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\LiveKernelReports
2020-06-26 22:58 - 2018-09-01 22:17 - 000000000 ____D C:\Users\MAREK\AppData\Roaming\vlc
2020-06-24 21:10 - 2018-09-01 15:09 - 000000000 ____D C:\Users\MAREK\AppData\Local\VirtualStore
2020-06-23 20:21 - 2020-05-23 00:09 - 000001180 _____ C:\Users\MAREK\Desktop\ERU-LEX-DO-23-06-2020.lnk
2020-06-21 17:51 - 2020-03-24 15:22 - 000000000 ____D C:\Users\MAREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome
2020-06-21 13:24 - 2009-07-14 04:04 - 000000215 _____ C:\Windows\system.ini
2020-06-17 22:52 - 2018-09-01 22:30 - 000004466 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-06-11 12:26 - 2019-03-30 22:55 - 000000000 ____D C:\Users\MAREK\Documents\Pliki programu Outlook
2020-06-07 16:05 - 2018-09-01 22:29 - 000002029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-05-30 18:03 - 2009-07-14 06:53 - 000032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-05-29 21:13 - 2020-04-04 22:24 - 000000000 ____D C:\Users\MAREK\AppData\Local\ChemTable Software
==================== Pliki w katalogu głównym wybranych folderów ========
2019-11-30 20:27 - 2019-11-30 20:27 - 000000257 _____ () C:\ProgramData\fontcacheev1.dat
2020-06-26 00:24 - 2020-06-26 00:24 - 000007612 _____ () C:\Users\MAREK\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
LastRegBack: 2020-06-27 21:39
==================== Koniec FRST.txt ========================