Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Prośba o analizę FRST - wolna praca systemu W10

23 Gru 2019 13:53 171 6
  • Poziom 3  
    po wymianie na SSD potrafi czasem się przywiesić na czymś i tak stoi. Przed wymianą dysku było identycznie.
    Spoiler:
    Code:
    Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 22-12-2019
    
    Uruchomiony przez Tomasz (23-12-2019 13:48:41)
    Uruchomiony z C:\
    Windows 10 Home Wersja 1803 17134.885 (X64) (2018-06-24 15:44:49)
    Tryb startu: Normal
    ==========================================================


    ==================== Konta użytkowników: =============================

    Administrator (S-1-5-21-3781354841-244443197-3607214379-500 - Administrator - Disabled)
    Gość (S-1-5-21-3781354841-244443197-3607214379-501 - Limited - Disabled)
    Konto domyślne (S-1-5-21-3781354841-244443197-3607214379-503 - Limited - Disabled)
    Tomasz (S-1-5-21-3781354841-244443197-3607214379-1001 - Administrator - Enabled) => C:\Users\Tomasz
    WDAGUtilityAccount (S-1-5-21-3781354841-244443197-3607214379-504 - Limited - Disabled)

    ==================== Centrum zabezpieczeń ========================

    (Załączenie wejścia w fixlist spowoduje jego usunięcie.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Zainstalowane programy ======================

    (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

    Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version:  - Microsoft)
    Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version:  - Microsoft)
    Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version:  - Microsoft)
    ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
    AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.91 - ICEpower a/s)
    Avast SecureLine for Asustek (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.3 - AVAST Software)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
    easy Sports-Graphics 3.0 Demo (HKLM-x32\...\{45ADDCB1-0812-4888-968A-D16F8C985CC4}) (Version: 1.0.0 - easy Sports-Software)
    Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
    Galeria fotografii (HKLM-x32\...\{77655DF6-A143-4A25-A5F8-127C8CE63EDA}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Gaming Assistant (HKLM-x32\...\{C27B0A7C-BD18-46EF-984A-CCD2799F4CD4}) (Version: 1.0.2 - ASUS)
    Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
    Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
    Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3781354841-244443197-3607214379-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Movie Maker (HKLM-x32\...\{DAE8CC57-EBF5-4D46-8572-9A0C769D6F16}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 71.0 (x64 pl) (HKLM\...\Mozilla Firefox 71.0 (x64 pl)) (Version: 71.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 71.0.0.7275 - Mozilla)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    NVIDIA Sterownik graficzny 388.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.57 - NVIDIA Corporation)
    Pakiet sterowników systemu Windows - ASUS (ATP) Mouse  (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS)
    Panel sterowania NVIDIA 388.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.57 - NVIDIA Corporation) Hidden
    Podstawowe programy Windows Live (HKLM-x32\...\{8FFD72FC-4FFA-472D-9F76-AEC85F602F9D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
    Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
    UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
    Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

    Packages:
    =========
    365Agile Mobile App -> C:\Program Files\WindowsApps\1313F85E.365AgileMobile_3.3.0.9_x86__trxcy790zfcf4 [2018-05-05] (365 Agile Limited)
    ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.1.8.0_x64__qmba6cd70vzyy [2019-11-13] (ASUSTeK COMPUTER INC.)
    Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.154.400.0_x86__kgqvnymyfvs32 [2019-12-11] (king.com)
    Converter Bot -> C:\Program Files\WindowsApps\16200DatassemblyResearch.ConverterBot_1.1.22.0_x64__pzzx47jxjmsae [2018-04-07] (Datassembly Research)
    Dell Document Hub -> C:\Program Files\WindowsApps\DellPrinter.DellDocumentHub_1.7.0.6_x64__nmdn7k89bxsn6 [2019-08-25] (DELL GLOBAL B.V. (SINGAPORE BRANCH))
    Dodatek Aparat multimediów dla aplikacji Zdjęcia -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
    Dodatek Zdjęcia -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-16] (Microsoft Corporation)
    Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2017-07-16] (Flipboard)
    Gameloft Games -> C:\Program Files\WindowsApps\A278AB0D.GameloftGames_1.0.2.6_x86__h6adky7gbf63m [2016-08-19] (Gameloft.)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-15] (HP Inc.)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
    Microsoft News - Wiadomości -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-11] (Microsoft Studios) [MS Ad]
    MSN Finanse -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
    MSN Pogoda -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
    MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-26] (Netflix, Inc.)
    Pomocnik telefonu Microsoft -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-13] (Microsoft Corporation)
    RAR Opener -> C:\Program Files\WindowsApps\DeviceDoctor.RAROpener_1.3.48.0_x64__mkdtfchztkfbm [2017-09-21] (Tiny Opener)
    Rozszerzenie wideo MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-27] (Microsoft Corporation)
    TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2016-11-17] (TripAdvisor LLC)
    Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

    ==================== Niestandardowe rejestracje CLSID (filtrowane): ==============

    (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [Brak podpisu cyfrowego]
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [Brak podpisu cyfrowego]
    ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSContextMenu.dll [2015-05-31] (ASUS Cloud Corporation -> ASUS Cloud Corporation)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-04] (NVIDIA Corporation -> NVIDIA Corporation)

    ==================== Codecs (filtrowane) ====================

    ==================== Skróty & WMI ========================

    ==================== Załadowane moduły (filtrowane) =============

    2015-04-22 14:59 - 2015-04-22 14:59 - 001489920 _____ (ASUS Cloud Corporation.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll
    2019-09-10 16:58 - 2019-09-10 16:57 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Brak podpisu cyfrowego] C:\Program Files\AVAST Software\SecureLine\libcrypto-1_1.dll

    ==================== Alternate Data Streams (filtrowane) ========

    (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)

    AlternateDataStreams: C:\Users\Tomasz\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]

    ==================== Tryb awaryjny (filtrowane) ==================

    ==================== Powiązania plików (filtrowane) =================

    ==================== Internet Explorer - Witryny zaufane i z ograniczeniami ==========

    ==================== Hosts - zawartość: =========================

    (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

    2015-07-10 12:04 - 2019-12-23 13:32 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

    ==================== Inne obszary ===========================

    (Obecnie brak automatycznej naprawy dla tej sekcji.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-3781354841-244443197-3607214379-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tomasz\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{7a81a3da-0182-4721-a3d2-08f85796435f}.JPG
    DNS Servers: Urządzenie nie jest podłączone do internetu.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
    Zapora systemu Windows [funkcja włączona]

    ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

    (Załączenie wejścia w fixlist spowoduje jego usunięcie.)

    HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk"
    HKLM\...\StartupApproved\Run: => "NvBackend"
    HKLM\...\StartupApproved\Run32: => "GrooveMonitor"

    ==================== Reguły Zapory systemu Windows (filtrowane) ================

    (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

    FirewallRules: [{D3F5AC74-2864-4D12-9035-066BE566BB1D}] => (Allow) LPort=1900
    FirewallRules: [{CF01431A-B616-4779-AA40-EE7173D13C52}] => (Allow) LPort=2869
    FirewallRules: [{F8D90059-F681-41D0-85E9-97CD93159883}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{0C8EB727-90D7-4362-AD04-400713956C91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{0A36C04B-58F5-4A87-B408-3476BD0F3386}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [TCP Query User{F95FF076-72CB-422B-9CC4-12BD895FD315}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [UDP Query User{D038AD4A-27F9-44BD-A4EC-067FFAFA2282}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

    ==================== Punkty Przywracania systemu =========================

    13-11-2019 22:38:48 Windows Update
    01-12-2019 13:29:50 Windows Update
    08-12-2019 12:41:39 Windows Update
    11-12-2019 20:42:11 Windows Update
    23-12-2019 13:27:39 JRT Pre-Junkware Removal

    ==================== Wadliwe urządzenia w Menedżerze urządzeń ============


    ==================== Błędy w Dzienniku zdarzeń: ========================

    Dziennik Aplikacja:
    ==================
    Error: (12/23/2019 01:38:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (12/23/2019 01:38:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (12/23/2019 01:38:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (12/23/2019 01:23:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (12/23/2019 01:23:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (12/23/2019 01:23:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (12/23/2019 01:16:37 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version:  8.1.10602.174
    DPTF Build Date:  Jul 23 2015 11:24:10
    Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function:  DptfEvent
    Message:  Received unexpected event
    Framework Event:  DptfResume [3]

    Error: (12/22/2019 09:55:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


    Dziennik System:
    =============
    Error: (12/23/2019 01:35:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Synchronizuj hosta_617df.

    Error: (12/23/2019 01:34:29 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT)
    Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Uruchom do aplikacji serwera COM z identyfikatorem klasy CLSID
    Windows.SecurityCenter.WscBrokerManager
     i identyfikatorem aplikacji APPID
    Niedostępny
     użytkownikowi ZARZĄDZANIE NT\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

    Error: (12/23/2019 01:34:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Nie można uruchomić usługi GamesAppIntegrationService z powodu następującego błędu:
    Nie można odnaleźć określonego pliku.

    Error: (12/23/2019 01:32:37 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT)
    Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     i identyfikatorem aplikacji APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

    Error: (12/23/2019 01:32:37 PM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT)
    Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     i identyfikatorem aplikacji APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

    Error: (12/23/2019 01:32:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Nie można uruchomić usługi ASUSGiftBoxDekstop z powodu następującego błędu:
    Nie można odnaleźć określonego pliku.

    Error: (12/23/2019 01:32:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Nie można uruchomić usługi Asus WebStorage Windows Service z powodu następującego błędu:
    Nie można odnaleźć określonego pliku.

    Error: (12/23/2019 01:30:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Usługa NVIDIA Display Container LS niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.


    CodeIntegrity:
    ===================================

    Date: 2019-12-23 13:32:23.127
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-12-23 09:36:11.879
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-12-22 22:25:38.824
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-12-22 21:51:37.572
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-12-22 20:39:05.931
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-12-22 19:25:56.453
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-12-22 19:06:11.062
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-12-19 19:16:17.864
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    ==================== Statystyki pamięci ===========================

    BIOS: American Megatrends Inc. X555LJ.504 08/04/2015
    Płyta główna: ASUSTeK COMPUTER INC. X555LJ
    Procesor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
    Procent pamięci w użyciu: 25%
    Całkowita pamięć fizyczna: 8094.36 MB
    Dostępna pamięć fizyczna: 6038.7 MB
    Całkowita pamięć wirtualna: 9374.36 MB
    Dostępna pamięć wirtualna: 7416.91 MB

    ==================== Dyski ================================

    Drive c: (OS) (Fixed) (Total:222.29 GB) (Free:54.67 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)]
    Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
    Drive f: (1TB) (Removable) (Total:3.74 GB) (Free:0.01 GB) NTFS

    \\?\Volume{bb5be63f-62d8-40a3-9a0a-41d97beff34f}\ () (Fixed) (Total:0.9 GB) (Free:0.45 GB) NTFS
    \\?\Volume{ebbbb4ec-e190-4198-8053-236a3bbdecad}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Tablica partycji ====================

    ==========================================================
    Disk: 0 (Size: 223.6 GB) (Disk ID: B6777207)

    Partition: GPT.

    ==========================================================
    Disk: 1 (Size: 3.7 GB) (Disk ID: 87DBD8DE)
    Partition 1: (Not Active) - (Size=3.7 GB) - (Type=07 NTFS)

    ==================== Koniec  Addition.txt =======================


    Spoiler:
    Code:
    Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 22-12-2019
    
    Uruchomiony przez Tomasz (administrator)  DESKTOP-FT3ADQ6 (ASUSTeK COMPUTER INC. X555LJ) (23-12-2019 13:47:48)
    Uruchomiony z C:\
    Załadowane profile: Tomasz (Dostępne profile: Tomasz)
    Platform: Windows 10 Home Wersja 1803 17134.885 (X64) Język: Polski (Polska)
    Domyślna przeglądarka: FF
    Tryb startu: Normal
    Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Procesy (filtrowane) =================

    (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

    () [Brak podpisu cyfrowego] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
    (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
    (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    ==================== Rejestr (filtrowane) ===================

    (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation -> NVIDIA Corporation)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-3781354841-244443197-3607214379-1001\...\MountPoints2: {37b6b467-255f-11ea-9e56-28c2dd9cbfe6} - "E:\LaunchU3.exe" -a
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-09-11]
    ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)

    ==================== Zaplanowane zadania (filtrowane) ============

    (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

    Task: {0F724339-577C-491F-9A42-A3630B041AC8} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
    Task: {180C9B1C-4440-4EE5-8DF6-CD23141AF8A7} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16165632 2015-07-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {1C128E6E-9C5E-4BB6-8005-C21167E7AE57} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    Task: {27DC44E6-93B9-4310-BDE1-075B67254D68} - System32\Tasks\WpsExternal_Tomasz_20161006171919 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [626688 2016-10-06] (KINGSOFT JAPAN, INC. -> Zhuhai Kingsoft Office Software Co.,Ltd)
    Task: {8860A5BE-D63F-4090-82E2-86EBDE7D1871} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [505200 2015-05-29] (Dropbox, Inc -> )
    Task: {AF7E7051-3CE0-41A5-B41C-4932AF0F5638} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe
    Task: {B2DC7B63-0C08-4D03-A331-70247724FC2C} - System32\Tasks\Avast SecureLine VPN Update => c:\program files\avast software\secureline\vpnupdate.exe [1390472 2019-10-24] (AVAST Software s.r.o. -> AVAST Software)
    Task: {BD551E1E-590E-4A6F-B55E-04A6CFA83C1D} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
    Task: {C8250A69-D969-428C-A15A-58D966A6D942} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    Task: {E3B05D7C-B0A3-4A8A-9101-908E4D0855A0} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-07-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {E5C80475-4CA8-49F4-A7F3-7000F800F04D} - System32\Tasks\WpsKtpcntrQingTask_Tomasz => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5783\office6\ktpcntr.exe
    Task: {EE771ABF-D6B4-415A-836F-1D44DDF93713} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    Task: {F7247093-4D1F-4E6D-AA40-074BB72B1AA8} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe

    (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

    Task: C:\WINDOWS\Tasks\WpsExternal_Tomasz_20161006171919.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe~/wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll
    Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Tomasz.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5783\office6\ktpcntr.exeÃqing 10.1.0.5783 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads

    ==================== Internet (filtrowane) ====================

    (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{497c721e-0a17-4073-b6bc-580bc8d4758f}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{e67cc217-0890-4d0f-a0c7-ca87a7ebe4dc}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-3781354841-244443197-3607214379-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
    SearchScopes: HKU\S-1-5-21-3781354841-244443197-3607214379-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-3781354841-244443197-3607214379-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

    FireFox:
    ========
    FF DefaultProfile: yt436bgy.default
    FF ProfilePath: C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\yt436bgy.default [2019-12-23]
    FF Notifications: Mozilla\Firefox\Profiles\yt436bgy.default -> hxxps://www.onlinevideoconverter.com; hxxps://s1.converto.io; hxxps://s4.converto.io; hxxps://www.onet.pl
    FF Extension: (Rozszerzenie Trusted Shops) - C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\yt436bgy.default\Extensions\jid1-PBNne26X1Kn6hQ@jetpack.xpi [2019-12-18]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [Brak pliku]

    ==================== Usługi (filtrowane) ===================

    (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

    R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [415992 2019-01-30] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
    R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-04] (Intel(R) Software -> Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel(R) pGFX -> Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
    S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Brak podpisu cyfrowego]
    R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Brak podpisu cyfrowego]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [6828424 2019-10-23] (AVAST Software s.r.o. -> AVAST Software)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
    S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [175104 2016-10-06] (KINGSOFT JAPAN, INC. -> Zhuhai Kingsoft Office Software Co.,Ltd)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

    ===================== Sterowniki (filtrowane) ===================

    (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

    R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
    R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUSTeK Computer Inc. -> ASUS Corporation)
    S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
    S3 dot4usb; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [49056 2012-10-19] (Hewlett-Packard Company -> Microsoft Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-08-04] (Intel(R) Software -> Intel Corporation)
    R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [41976 2015-08-04] (Intel(R) Software -> Intel Corporation)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-08-04] (Intel(R) Software -> Intel Corporation)
    R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
    R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel(R) Software -> Intel Corporation)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_1aae4f19e68d0780\nvlddmkm.sys [17003280 2017-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek Semiconductor Corp -> Realtek )
    R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [428032 2017-02-16] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (filtrowane) ===================

    (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


    ==================== Jeden miesiąc (utworzone) ===================

    (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

    2019-12-23 13:47 - 2019-12-23 13:48 - 000016652 _____ C:\FRST.txt
    2019-12-23 13:47 - 2019-12-23 13:48 - 000000000 ____D C:\FRST
    2019-12-23 13:47 - 2019-12-23 13:46 - 002260480 _____ (Farbar) C:\FRST64.exe
    2019-12-23 13:40 - 2019-12-23 13:40 - 000066608 _____ C:\ProgramData\agent.uninstall.1577104800.bdinstall.v2.bin
    2019-12-23 13:39 - 2019-12-23 13:39 - 000403736 _____ C:\ProgramData\cl.uninstall.1577104748.bdinstall.v2.bin
    2019-12-23 13:30 - 2019-12-23 13:30 - 000000000 ____D C:\AdwCleaner
    2019-12-23 13:25 - 2019-12-23 13:25 - 000000000 ____D C:\Users\Tomasz\AppData\Local\OneDrive
    2019-12-23 13:23 - 2019-12-23 13:23 - 000294058 _____ C:\TDSSKiller.3.1.0.15_23.12.2019_13.23.16_log.txt
    2019-12-22 22:19 - 2019-12-22 22:19 - 000000000 ____D C:\Users\Tomasz\AppData\LocalLow\IGDump
    2019-12-22 22:17 - 2019-12-22 22:17 - 000000000 ____D C:\Users\Tomasz\AppData\Local\mbamtray
    2019-12-22 22:17 - 2019-12-22 22:17 - 000000000 ____D C:\Users\Tomasz\AppData\Local\mbam
    2019-12-22 22:17 - 2019-12-22 22:17 - 000000000 ____D C:\Users\Tomasz\AppData\Local\cache
    2019-12-22 22:16 - 2019-12-22 22:16 - 001883976 _____ (Malwarebytes) C:\Users\Tomasz\Downloads\MBSetup.exe
    2019-12-22 22:16 - 2019-12-22 22:16 - 000000000 ____D C:\Program Files\Malwarebytes
    2019-12-22 20:09 - 2019-12-22 20:09 - 000000165 ____H C:\Users\Tomasz\Desktop\~$Wietnam, plan podróży.xlsx
    2019-12-11 22:01 - 2019-12-22 21:05 - 000596722 _____ C:\Users\Tomasz\Desktop\wietnam_wiza.zip
    2019-12-08 12:47 - 2019-12-23 13:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2019-12-08 12:41 - 2019-12-08 17:59 - 000000000 ____D C:\Program Files\CUAssistant

    ==================== Jeden miesiąc (zmodyfikowane) ==================

    (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

    2019-12-23 13:43 - 2018-08-05 01:30 - 000000000 ____D C:\WINDOWS\Minidump
    2019-12-23 13:43 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2019-12-23 13:43 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
    2019-12-23 13:41 - 2019-09-09 13:08 - 000004294 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
    2019-12-23 13:40 - 2018-01-18 01:07 - 000000000 ____D C:\Program Files\Bitdefender Agent
    2019-12-23 13:40 - 2015-08-15 06:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    2019-12-23 13:40 - 2015-08-15 06:29 - 000000000 ____D C:\Program Files (x86)\ASUS
    2019-12-23 13:39 - 2018-01-18 01:12 - 000000000 ____D C:\ProgramData\Bitdefender
    2019-12-23 13:39 - 2018-01-18 01:12 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
    2019-12-23 13:39 - 2018-01-18 01:12 - 000000000 ____D C:\Program Files\Bitdefender
    2019-12-23 13:38 - 2018-06-24 16:48 - 000005638 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-12-23 13:38 - 2018-04-12 16:51 - 004317208 _____ C:\WINDOWS\system32\perfh015.dat
    2019-12-23 13:38 - 2018-04-12 16:51 - 001206178 _____ C:\WINDOWS\system32\perfc015.dat
    2019-12-23 13:38 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2019-12-23 13:32 - 2018-06-24 16:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-12-23 13:32 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-12-23 13:32 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-12-23 13:32 - 2017-11-05 11:21 - 000000000 ____D C:\ProgramData\NVIDIA
    2019-12-23 13:32 - 2017-11-05 11:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2019-12-23 13:32 - 2016-08-19 20:41 - 000000000 __SHD C:\Users\Tomasz\IntelGraphicsProfiles
    2019-12-23 13:30 - 2016-08-19 20:38 - 000000000 ____D C:\ProgramData\ASUS
    2019-12-23 13:17 - 2016-08-21 15:55 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
    2019-12-23 13:17 - 2016-08-19 20:41 - 000000165 _____ C:\Users\Tomasz\AppData\Roaming\sp_data.sys
    2019-12-23 09:35 - 2018-06-24 16:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-12-22 22:17 - 2018-04-11 22:04 - 000131072 _____ C:\WINDOWS\system32\config\ELAM
    2019-12-22 22:13 - 2016-11-19 13:11 - 000000000 ____D C:\Users\Tomasz\AppData\LocalLow\Mozilla
    2019-12-22 20:03 - 2019-11-10 18:27 - 000011773 _____ C:\Users\Tomasz\Desktop\Wietnam, plan podróży.xlsx
    2019-12-22 19:26 - 2018-06-24 16:39 - 000000000 ____D C:\Users\Tomasz
    2019-12-22 19:14 - 2018-06-24 16:44 - 000004226 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{C33C7AC5-622B-47ED-A91A-C030B95BA04C}
    2019-12-20 23:06 - 2018-12-02 18:12 - 000000000 ____D C:\Users\Tomasz\Desktop\Indie 2018 dokumenty
    2019-12-20 22:52 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-12-20 22:52 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-12-11 20:42 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-12-11 20:42 - 2016-09-06 20:09 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-12-11 20:42 - 2016-09-06 20:09 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-12-08 21:41 - 2016-08-19 20:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-12-08 18:00 - 2016-08-19 20:45 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

    ==================== Pliki w katalogu głównym wybranych folderów ========

    2016-08-19 20:41 - 2019-12-23 13:17 - 000000165 _____ () C:\Users\Tomasz\AppData\Roaming\sp_data.sys

    ==================== SigCheck ============================

    (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

    ==================== Koniec  FRST.txt ========================


    Zastosowałem Spoiler by post był bardziej przejrzysty.
    RADU23
    Darmowe szkolenie: Ethernet w przemyśle dziś i jutro. Zarejestruj się za darmo.
  • Poziom 1  
  • Pomocny post
    Poziom 1  
  • Pomocny post
    Poziom 42  
    Otwórz notatnik i wklej:

    CloseProcesses:
    AlternateDataStreams: C:\Users\Tomasz\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]
    HKU\S-1-5-21-3781354841-244443197-3607214379-1001\...\MountPoints2: {37b6b467-255f-11ea-9e56-28c2dd9cbfe6} - "E:\LaunchU3.exe" -a
    Task: {0F724339-577C-491F-9A42-A3630B041AC8} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKU\S-1-5-21-3781354841-244443197-3607214379-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-3781354841-244443197-3607214379-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [Brak pliku]
    2019-12-23 13:30 - 2019-12-23 13:30 - 000000000 ____D C:\AdwCleaner
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    Następnym razem logi załączaj jako pliki tekstowe w załączniku.
  • Pomocny post
    Poziom 1  
  • Poziom 3  
    rozwiązałem chociaż nie chciałem tego robić poprzez format, dzięki za pomoc