Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07.01.2019 Ran by ALINA (administrator) on ALINA-PC (08-01-2019 17:19:56) Running from C:\Users\ALINA\Desktop Loaded Profiles: ALINA (Available Profiles: ALINA & DefaultAppPool) Platform: Windows 10 Pro Version 1803 17134.376 (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Philips Consumer Electronics) C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips) C:\Windows\VPro530.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Farbar) C:\Users\ALINA\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation) HKU\S-1-5-21-3795130716-403384620-1226518042-1000\...\Run: [Philips Intelligent Agent] => C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe [613792 2008-02-21] (Philips Consumer Electronics) HKU\S-1-5-21-3795130716-403384620-1226518042-1000\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [1456128 2018-12-13] (Adobe Systems Incorporated) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-07] (Google Inc.) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPro530.lnk [2015-08-24] ShortcutTarget: VPro530.lnk -> C:\Windows\VPro530.exe (Philips) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.12 10.0.0.13 Tcpip\..\Interfaces\{27a4ac0f-bd53-47f7-8394-d5a4ccf42b66}: [DhcpNameServer] 10.0.0.12 10.0.0.13 Internet Explorer: ================== FireFox: ======== FF DefaultProfile: kzz8tlil.default FF ProfilePath: C:\Users\ALINA\AppData\Roaming\TomTom\HOME\Profiles\c94kr1q9.default [2016-10-15] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-07-30] [Legacy] [not signed] FF ProfilePath: C:\Users\ALINA\AppData\Roaming\Mozilla\Firefox\Profiles\kzz8tlil.default [2018-11-28] FF Homepage: Mozilla\Firefox\Profiles\kzz8tlil.default -> www.wp.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-13] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-13] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-26] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-26] (Google Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default [2019-01-08] CHR Extension: (Prezentacje) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-21] CHR Extension: (Dokumenty) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-21] CHR Extension: (Dysk Google) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-29] CHR Extension: (YouTube) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29] CHR Extension: (Google Search) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-17] CHR Extension: (Arkusze) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-21] CHR Extension: (Dokumenty Google offline) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-27] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-01] CHR Extension: (Gmail) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17] CHR Extension: (Chrome Media Router) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-02] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-10-27] (Microsoft Corporation) S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-24] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-24] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 NMgamingmsFltr; C:\WINDOWS\system32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd) R3 phaudlwr; C:\WINDOWS\system32\DRIVERS\phaudlwr.sys [114608 2009-10-20] (Philips Applied Technologies) R3 SPC530; C:\WINDOWS\system32\drivers\SPC530.sys [583168 2008-05-21] ( ) R3 SPC530m; C:\WINDOWS\system32\drivers\SPC530m.sys [8192 2008-05-21] ( ) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-24] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-24] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-24] (Microsoft Corporation) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-01-08 17:19 - 2019-01-08 17:21 - 000009042 _____ C:\Users\ALINA\Desktop\FRST.txt 2019-01-08 17:19 - 2019-01-08 17:17 - 002424832 _____ (Farbar) C:\Users\ALINA\Desktop\FRST64 (1).exe 2019-01-08 17:18 - 2019-01-08 17:18 - 007320272 _____ (Malwarebytes) C:\Users\ALINA\Desktop\adwcleaner_7.2.6.0.exe 2019-01-08 17:17 - 2019-01-08 17:17 - 002424832 _____ (Farbar) C:\Users\ALINA\Downloads\FRST64 (1).exe 2018-12-19 16:37 - 2018-12-19 16:37 - 000000000 _____ C:\Users\ALINA\AppData\Local\{BDF9F597-CFA4-4FD0-AFD5-77549EFF69C0} ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-01-08 17:19 - 2017-03-24 21:04 - 000000000 ____D C:\FRST 2019-01-08 17:12 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-01-08 17:06 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-01-08 17:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-01-08 17:05 - 2018-11-17 18:49 - 000000000 ____D C:\Users\ALINA\AppData\Local\D3DSCache 2019-01-08 16:57 - 2018-10-27 21:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-01-08 13:20 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2019-01-08 13:20 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-01-08 12:55 - 2015-07-25 18:24 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-01-08 12:52 - 2015-07-25 18:24 - 137260640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-01-08 12:21 - 2015-07-17 12:18 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-01-08 12:21 - 2015-07-17 12:18 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-01-07 17:11 - 2018-10-27 22:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-12-27 17:02 - 2018-01-13 22:22 - 000000000 ____D C:\Program Files\rempl 2018-12-26 12:41 - 2018-02-02 00:05 - 000000000 ____D C:\Users\ALINA\AppData\Local\Packages 2018-12-26 12:34 - 2018-10-27 22:08 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2018-12-26 12:34 - 2018-10-27 22:08 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2018-12-24 13:12 - 2018-02-13 19:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-12-19 16:39 - 2018-10-27 21:50 - 000000000 ____D C:\Users\ALINA 2018-12-13 17:18 - 2018-11-21 19:05 - 006351872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2018-12-13 17:18 - 2018-10-27 22:08 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-12-13 17:18 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-12-13 17:18 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-12-13 17:15 - 2010-11-21 04:27 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2017-12-21 19:16 - 2017-12-21 19:16 - 000007601 _____ () C:\Users\ALINA\AppData\Local\Resmon.ResmonCfg 2018-12-19 16:37 - 2018-12-19 16:37 - 000000000 _____ () C:\Users\ALINA\AppData\Local\{BDF9F597-CFA4-4FD0-AFD5-77549EFF69C0} ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-10-27 21:40 ==================== End of FRST.txt ============================