Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 20.02.2019 02 Uruchomiony przez Ilona (administrator) ILONAPC (22-02-2019 18:43:16) Uruchomiony z C:\Users\Ilona\Desktop Załadowane profile: Ilona (Dostępne profile: Ilona) Platform: Windows 10 Home Wersja 1803 17134.523 (X64) Język: Polski (Polska) Domyślna przeglądarka nie została wykryta! Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe () C:\ProgramData\OnlineUpdate\ouc.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Update\1.3.33.23\GoogleCrashHandler.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Update\1.3.33.23\GoogleCrashHandler64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Google Inc.) C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation -> NVIDIA Corporation) HKLM...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> ) HKLM...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3943056 2017-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.) HKLM-x32...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [63272 2015-05-31] (ASUS Cloud Corporation -> ) HKLM-x32...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [AVGUI.exe] => "C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe" /gui HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] C:\WINDOWS\system32\0 [0 2015-06-13] () HKLM\...\Policies\Explorer: [NoRecentDocsHistory] C:\WINDOWS\system32\0 [0 2015-06-13] () HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3876101205-1982445149-2308264728-1001\...\Run: [Google Update] => C:\Users\Ilona\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [605992 2018-12-20] (Google Inc -> Google Inc.) HKU\S-1-5-21-3876101205-1982445149-2308264728-1001\...\Run: [GoogleChromeAutoLaunch_6661B3FC507514C554CFA7AC15126BC7] => C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe [1587680 2018-12-12] (Google Inc -> Google Inc.) HKU\S-1-5-21-3876101205-1982445149-2308264728-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Ilona\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" HKU\S-1-5-21-3876101205-1982445149-2308264728-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Ilona\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" HKU\S-1-5-21-3876101205-1982445149-2308264728-1001\...\RunOnce: [Uninstall 18.240.1202.0004\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ilona\AppData\Local\Microsoft\OneDrive\18.240.1202.0004\amd64" HKU\S-1-5-21-3876101205-1982445149-2308264728-1001\...\RunOnce: [Uninstall 18.240.1202.0004] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ilona\AppData\Local\Microsoft\OneDrive\18.240.1202.0004" HKU\S-1-5-21-3876101205-1982445149-2308264728-1001\...\MountPoints2: {83927202-6de1-11e5-8269-70778179f0b4} - "F:\LaunchU3.exe" -a HKU\S-1-5-21-3876101205-1982445149-2308264728-1001\...\MountPoints2: {cd95b250-5f9a-11e8-85d8-70778179f0b4} - "F:\AutoRun.exe" HKU\S-1-5-21-3876101205-1982445149-2308264728-1001\...\MountPoints2: {cd95b9be-5f9a-11e8-85d8-70778179f0b4} - "F:\AutoRun.exe" HKU\S-1-5-21-3876101205-1982445149-2308264728-1001\...\MountPoints2: {d86f1351-5d48-11e8-85d6-c2d5bd936e2c} - "F:\AutoRun.exe" Startup: C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - .lnk [2019-01-26] ShortcutTarget: Powiadomienia monitorowania tuszu - .lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62 Tcpip\..\Interfaces\{0b04d54c-ee6f-4598-938e-ceb50f7ca1f2}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{0f6ac3b8-3b8e-4c83-9ee1-b40e17e731e1}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{2efe515d-9961-481d-9ba9-bb54f6350709}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{3191f82d-e78d-4686-bc39-f5a9f8320c6c}: [DhcpNameServer] 62.179.1.63 62.179.1.62 Tcpip\..\Interfaces\{32bb768f-0e66-4371-abf6-3612296e73c8}: [DhcpNameServer] 194.204.152.34 194.204.159.1 Tcpip\..\Interfaces\{629e6883-cd07-42a3-acd8-51e6db04e83d}: [DhcpNameServer] 62.179.1.63 62.179.1.62 Tcpip\..\Interfaces\{8dbd2b25-ab52-4ebd-8906-255b08f8dbf7}: [DhcpNameServer] 192.168.32.1 Tcpip\..\Interfaces\{db818c31-057e-4948-8b7b-faa0901693e1}: [NameServer] 213.158.199.1 213.158.199.5 Internet Explorer: ================== HKU\S-1-5-21-3876101205-1982445149-2308264728-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB SearchScopes: HKU\S-1-5-21-3876101205-1982445149-2308264728-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={AC4B8469-7DB6-4A43-9195-F0A13DE8DCFA}&mid=e8b40cf9393247cca401a13ec79d1947-57129aa183244a27ffdd8d019735aa8da5b2432d&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0117tb&pr=fr&d=2016-08-18 22:32:38&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-12-22] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-12-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-02-25] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-02-25] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () FF Plugin HKU\S-1-5-21-3876101205-1982445149-2308264728-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ilona\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.) FF Plugin HKU\S-1-5-21-3876101205-1982445149-2308264728-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ilona\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.gazeta.pl/0,0.html?p=125 CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default [2019-02-22] CHR Extension: (Dokumenty) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Dysk Google) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Dokumenty Google offline) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21] CHR Extension: (AdBlock) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-22] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09] CHR Extension: (Gmail) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-25] CHR Extension: (Chrome Media Router) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-29] CHR HKU\S-1-5-21-3876101205-1982445149-2308264728-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3876101205-1982445149-2308264728-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [551896 2015-09-20] (Protection Technology, Ltd. -> Protection Technology) S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [Brak podpisu cyfrowego] S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> ) R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-18] (Intel(R) Software -> Intel Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent Inc -> WildTangent) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] (Huawei Technologies Co., Ltd. -> ) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel(R) pGFX -> Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2014-10-03] (Intel® Trusted Connect Service -> Intel(R) Corporation) S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [682072 2015-02-24] (Huawei Technologies Co.,Ltd. -> ) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [156960 2015-02-25] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) S2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2016-10-16] () [Brak podpisu cyfrowego] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation -> NVIDIA Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-22] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-22] (Microsoft Corporation -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 appdrv01; C:\WINDOWS\System32\Drivers\appdrv01.sys [3852976 2015-09-20] (Protection Technology, Ltd. -> Protection Technology) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [38720 2014-09-18] (Intel(R) Software -> Intel Corporation) R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [38208 2014-09-18] (Intel(R) Software -> Intel Corporation) R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [216360 2014-09-18] (Intel(R) Software -> Intel Corporation) S3 ew_hwusbdev; C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys [109568 2013-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 ew_usbenumfilter; C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys [18688 2015-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [19976 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> ASUS) S3 HPMoA407; C:\WINDOWS\System32\drivers\HPMoA407.sys [25088 2011-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.) S3 HPubA407; C:\WINDOWS\System32\Drivers\HPubA407.sys [18944 2012-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.) R3 huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [91648 2013-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 hwusb_cdcacm; C:\WINDOWS\system32\DRIVERS\ew_cdcacm.sys [125952 2015-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 hwusb_wwanecm; C:\WINDOWS\System32\drivers\ew_wwanecm.sys [380800 2015-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [79016 2014-08-26] (Intel(R) Software -> Intel Corporation) R3 m76usb; C:\WINDOWS\System32\drivers\m76usb.sys [563360 2015-06-03] (MEDIATEK INC. -> Ralink Technology Corp.) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80160 2015-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.) R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2018-04-12] (Microsoft Windows -> MediaTek Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_1aae4f19e68d0780\nvlddmkm.sys [17003280 2017-12-12] (NVIDIA Corporation -> NVIDIA Corporation) S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [428032 2017-02-16] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-22] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-22] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-02-22 18:22 - 2019-02-22 18:26 - 000052622 _____ C:\Users\Ilona\Desktop\Addition.txt 2019-02-22 18:19 - 2019-02-22 18:44 - 000024507 _____ C:\Users\Ilona\Desktop\FRST.txt 2019-02-22 18:19 - 2019-02-22 18:43 - 000000000 ____D C:\FRST 2019-02-22 18:17 - 2019-02-22 18:17 - 002435072 _____ (Farbar) C:\Users\Ilona\Desktop\FRST64.exe 2019-02-09 01:46 - 2019-02-09 01:46 - 000000000 ____D C:\WINDOWS\LastGood 2019-02-09 00:42 - 2019-02-09 00:44 - 000000000 ____D C:\rejestr 2019-02-08 23:35 - 2019-02-09 01:18 - 000042904 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2019-02-08 22:37 - 2019-02-08 22:37 - 000000000 ____D C:\Users\Ilona\Desktop\ProcessExplorer 2019-02-08 22:22 - 2019-02-08 22:32 - 000000000 ____D C:\Program Files\CCleaner 2019-02-08 22:22 - 2019-02-08 22:22 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-02-08 22:22 - 2019-02-08 22:22 - 000002872 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2019-02-08 22:22 - 2019-02-08 22:22 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-02-08 22:22 - 2019-02-08 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-02-08 22:19 - 2019-02-08 22:19 - 000000000 ____D C:\WINDOWS\LastGood.Tmp 2019-01-26 16:44 - 2018-09-20 05:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll ==================== Jeden miesiąc (zmodyfikowane) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-02-22 18:43 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-02-22 18:40 - 2018-05-21 23:16 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3876101205-1982445149-2308264728-1001 2019-02-22 18:40 - 2018-05-21 22:54 - 000002452 _____ C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-02-22 18:40 - 2015-08-25 20:18 - 000000000 ___RD C:\Users\Ilona\OneDrive 2019-02-22 18:38 - 2015-06-13 10:50 - 000002549 _____ C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-02-22 18:37 - 2018-05-21 23:16 - 000004210 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D37509D4-DECB-4FC0-A288-E4907BD58CF9} 2019-02-22 18:30 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-02-22 18:30 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-02-22 18:28 - 2018-07-03 20:25 - 000000000 ____D C:\ProgramData\Packages 2019-02-22 18:10 - 2018-05-21 23:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-02-22 18:08 - 2018-12-17 12:22 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1 2019-02-22 18:08 - 2018-05-21 23:16 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2 2019-02-22 18:08 - 2018-05-21 22:54 - 000000000 ____D C:\Users\Ilona\AppData\Local\PS_Desktop 2019-02-22 18:05 - 2015-09-01 20:30 - 000000000 ____D C:\Users\Ilona\AppData\Roaming\HpUpdate 2019-02-22 18:02 - 2015-06-13 10:24 - 000000165 _____ C:\Users\Ilona\AppData\Roaming\sp_data.sys 2019-02-22 18:02 - 2015-06-13 10:23 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture 2019-02-22 17:59 - 2018-06-13 09:49 - 000000000 ____D C:\ProgramData\OnlineUpdate 2019-02-22 17:59 - 2017-05-31 00:10 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2019-02-22 17:59 - 2015-06-13 10:22 - 000000000 __SHD C:\Users\Ilona\IntelGraphicsProfiles 2019-02-22 17:58 - 2018-05-21 23:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-02-22 17:58 - 2017-05-31 00:11 - 000000000 ____D C:\ProgramData\NVIDIA 2019-02-22 17:57 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-02-09 01:46 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF 2019-02-09 01:43 - 2018-05-21 23:08 - 001763504 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-02-09 01:43 - 2018-04-12 16:51 - 000785012 _____ C:\WINDOWS\system32\perfh015.dat 2019-02-09 01:43 - 2018-04-12 16:51 - 000152122 _____ C:\WINDOWS\system32\perfc015.dat 2019-02-09 01:43 - 2015-08-25 20:28 - 000000000 ____D C:\ProgramData\Avg 2019-02-09 01:43 - 2015-08-25 20:28 - 000000000 ____D C:\Program Files (x86)\AVG 2019-02-09 01:43 - 2015-08-25 20:26 - 000000000 ____D C:\Users\Ilona\AppData\Local\AvgSetupLog 2019-02-09 01:33 - 2018-05-21 22:54 - 000000000 ____D C:\Users\Ilona\AppData\Local\AVG 2019-02-09 01:33 - 2016-06-10 17:11 - 000000000 ____D C:\Users\Ilona\AppData\Roaming\AVG 2019-02-09 01:30 - 2016-04-18 18:23 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2019-02-09 01:06 - 2018-05-21 22:54 - 000000000 ____D C:\Users\Ilona 2019-02-09 01:01 - 2018-06-26 16:44 - 000000000 ____D C:\Users\Ilona\AppData\Local\CrashDumps 2019-02-09 01:01 - 2018-05-20 22:12 - 000000000 ___DC C:\WINDOWS\Panther 2019-02-09 01:01 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ModemLogs 2019-02-09 01:01 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-02-09 00:53 - 2018-05-21 22:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-02-02 19:35 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-01-26 16:31 - 2015-06-13 10:50 - 000001074 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3876101205-1982445149-2308264728-1001UA.job 2019-01-26 16:31 - 2015-06-13 10:50 - 000001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3876101205-1982445149-2308264728-1001Core.job ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-06-13 10:24 - 2019-02-22 18:02 - 000000165 _____ () C:\Users\Ilona\AppData\Roaming\sp_data.sys 2015-08-26 08:58 - 2015-08-26 08:58 - 000003584 _____ () C:\Users\Ilona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dllhost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dllhost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-05-21 22:47 ==================== Koniec FRST.txt ============================