Solved High CPU, RAM and Hard Drive Usage For No Reason

XMial

TS Rookie
Hello, I just downloaded some file off the internet and it has my hard drive, RAM running at a high usage as well as my CPU; this is despite having nothing else running in the backgroud.

When I go to the 'users' page in the task manager it show me that there is 64 of users (copies of my account)

I scanned the laptop /w windows defender, malwarbates and turned on the safety mode. Now after the restart malwerbytes wont even open.


Please someone help.
 

Broni

Malware Annihilator
Welcome aboard


Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 

XMial

TS Rookie
I got FRST and did the scan but the logs are in Polish and I tried to change the windows language but the app still runs in Polish. Do you know how I can change that?
 

Broni

Malware Annihilator
No reason to change anything. As a matter of fact, Polish is my native language :)
 

XMial

TS Rookie
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 30-09-2019
Uruchomiony przez Jakub Lesniak (administrator) DESKTOP-8NQ6T3S (LENOVO 81AK) (01-10-2019 18:03:31)
Uruchomiony z C:\Users\Jakub Lesniak\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Załadowane profile: Jakub Lesniak (Dostępne profile: Jakub Lesniak)
Platform: Windows 10 Home Wersja 1903 18362.239 (X64) Język: Polish (Poland)
Domyślna przeglądarka: Chrome
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesy (filtrowane) =================
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Conexant Systems LLC -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Conexant Systems, Inc.) [Brak podpisu cyfrowego] C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_392f5842cc30daa1\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_392f5842cc30daa1\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.152.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
==================== Rejestr (filtrowane) ===========================
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [604496 2017-08-07] (Conexant Systems LLC -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1832280 2017-06-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-10-01] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
==================== Zaplanowane zadania (filtrowane) =============
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
Task: {02648706-8648-42F0-B8BA-AB36A213CFCC} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [415744 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {6B106BD6-F8EE-4CAB-8A9A-52A7E337EB7B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-01] (Google Inc -> Google Inc.)
Task: {A43B8E34-D8F0-4568-8254-06838142E365} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe [1832280 2017-06-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
Task: {BD823B82-B4E9-47A0-BB72-7542ECE0E4E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-01] (Google Inc -> Google Inc.)
Task: {C17D36CC-85A8-42F2-BE0A-BA6784EE85BA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
Task: {F2B1B04A-5AB9-4CD5-A1EE-90696D88FCDE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

==================== Internet (filtrowane) ====================
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{eb88a25a-aeb1-4f97-9916-73a7061dbb0b}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Internet Explorer:
==================
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-10-01] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-10-01] (Google Inc -> Google LLC)
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Session Restore: Default -> [funkcja włączona]
CHR Profile: C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default [2019-10-01]
CHR Extension: (Slides) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-01]
CHR Extension: (BetterTTV) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2019-10-01]
CHR Extension: (Docs) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-01]
CHR Extension: (Google Drive) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-01]
CHR Extension: (YouTube) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-01]
CHR Extension: (Honey) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-10-01]
CHR Extension: (uBlock Origin) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-10-01]
CHR Extension: (FrankerFaceZ) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2019-10-01]
CHR Extension: (Facebook Pixel Helper) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2019-10-01]
CHR Extension: (Sheets) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-01]
CHR Extension: (News Feed Eradicator for Facebook) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2019-10-01]
CHR Extension: (Google Docs Offline) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-10-01]
CHR Extension: (AdBlock) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-10-01]
CHR Extension: (Follow) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2019-10-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-10-01]
CHR Extension: (Gmail) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-01]
CHR Extension: (Chrome Media Router) - C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-01]
==================== Usługi (filtrowane) ====================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [417536 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [132096 2016-04-28] (Conexant Systems, Inc.) [Brak podpisu cyfrowego]
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [197120 2017-07-13] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-08] (Intel Corporation -> Intel Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [541936 2018-03-28] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 SAService; C:\Windows\system32\SAsrv.exe [416576 2016-10-27] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Sterowniki (filtrowane) ======================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [16304 2019-10-01] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [552848 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [69536 2017-11-08] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [382880 2017-11-08] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2019-08-27] (Malwarebytes Corporation -> Malwarebytes)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [136256 2018-03-28] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-10-01] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-10-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-10-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-10-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116832 2019-10-01] (Malwarebytes Corporation -> Malwarebytes)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7708160 2019-03-19] (Microsoft Windows -> Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_df17dd2b12980ebc\nvlddmkm.sys [20424848 2018-12-24] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

==================== Jeden miesiąc (utworzone) ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2019-10-01 13:08 - 2019-10-01 13:08 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Roaming\Google
2019-10-01 12:48 - 2019-10-01 11:49 - 000000000 ____D C:\Windows\Panther
2019-10-01 12:37 - 2019-10-01 18:03 - 000000000 ____D C:\FRST
2019-10-01 12:35 - 2019-10-01 12:35 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-10-01 12:34 - 2019-10-01 12:34 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-10-01 12:34 - 2019-10-01 12:34 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-10-01 12:34 - 2019-10-01 12:34 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-10-01 12:34 - 2019-10-01 12:34 - 000116832 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-10-01 12:34 - 2019-10-01 12:34 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-10-01 12:34 - 2019-10-01 12:34 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Local\mbamtray
2019-10-01 12:34 - 2019-10-01 12:34 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Local\mbam
2019-10-01 12:34 - 2019-10-01 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-10-01 12:34 - 2019-10-01 12:34 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-01 12:34 - 2019-10-01 12:34 - 000000000 ____D C:\Program Files\Malwarebytes
2019-10-01 12:34 - 2019-08-27 05:50 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-10-01 12:34 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-10-01 12:27 - 2019-03-18 15:20 - 005739008 _____ (Microsoft Corporation) C:\Windows\system32\prm0009.dll
2019-10-01 12:27 - 2019-03-18 15:19 - 002629120 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll
2019-10-01 12:27 - 2019-03-18 15:07 - 006359552 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0009.dll
2019-10-01 12:27 - 2019-03-18 15:01 - 005496832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData0009.dll
2019-10-01 12:21 - 2019-10-01 18:00 - 000000000 __SHD C:\Users\Jakub Lesniak\IntelGraphicsProfiles
2019-10-01 12:21 - 2019-10-01 12:22 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Local\Intel
2019-10-01 12:21 - 2019-10-01 12:21 - 000002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premium Security.lnk
2019-10-01 12:21 - 2019-10-01 12:21 - 000002076 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2019-10-01 12:20 - 2019-10-01 14:02 - 000000000 ____D C:\ProgramData\NVIDIA
2019-10-01 12:20 - 2019-10-01 12:20 - 000552848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2019-10-01 12:20 - 2019-10-01 12:20 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-10-01 12:20 - 2019-10-01 12:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-10-01 12:20 - 2019-10-01 12:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-10-01 12:20 - 2019-10-01 12:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-10-01 12:20 - 2019-10-01 12:10 - 000355720 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-10-01 12:20 - 2018-12-11 08:07 - 008459772 _____ C:\Windows\system32\nvcoproc.bin
2019-10-01 12:20 - 2018-12-11 08:07 - 005338320 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-10-01 12:20 - 2018-12-11 08:07 - 002620456 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-10-01 12:20 - 2018-12-11 08:07 - 001767920 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-10-01 12:20 - 2018-12-11 08:07 - 000651248 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-10-01 12:20 - 2018-12-11 08:07 - 000450600 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-10-01 12:20 - 2018-12-11 08:07 - 000149304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll
2019-10-01 12:20 - 2018-12-11 08:07 - 000124968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-10-01 12:20 - 2018-12-11 08:07 - 000082800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-10-01 12:20 - 2018-12-10 12:29 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-10-01 12:20 - 2017-11-08 10:40 - 000069536 _____ (Intel Corporation) C:\Windows\system32\Drivers\dptf_cpu.sys
2019-10-01 12:19 - 2018-12-24 22:39 - 000552248 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-10-01 12:19 - 2018-12-24 22:39 - 000457016 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-10-01 12:19 - 2018-12-24 22:38 - 001461024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-10-01 12:19 - 2018-12-24 22:38 - 001126144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-10-01 12:19 - 2018-12-24 22:38 - 000969120 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2019-10-01 12:19 - 2018-12-24 22:38 - 000631232 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-10-01 12:19 - 2018-12-24 22:38 - 000540368 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2019-10-01 12:19 - 2018-12-24 22:38 - 000521472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-10-01 12:19 - 2018-12-24 22:37 - 040261192 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-10-01 12:19 - 2018-12-24 22:37 - 035157064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-10-01 12:19 - 2018-12-24 22:37 - 015909336 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-10-01 12:19 - 2018-12-24 22:37 - 013203912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-10-01 12:19 - 2018-12-24 22:37 - 004946120 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-10-01 12:19 - 2018-12-24 22:37 - 004316552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-10-01 12:19 - 2018-12-24 22:37 - 002003392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-10-01 12:19 - 2018-12-24 22:37 - 001511872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-10-01 12:19 - 2018-12-24 22:37 - 001167592 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-10-01 12:19 - 2018-12-24 22:37 - 000914592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-10-01 12:19 - 2018-12-24 22:37 - 000858256 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2019-10-01 12:19 - 2018-12-24 22:37 - 000448256 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2019-10-01 12:19 - 2018-12-24 22:36 - 019714456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-10-01 12:19 - 2018-12-24 22:36 - 016990080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-10-01 12:19 - 2018-12-24 22:36 - 004999896 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-10-01 12:19 - 2018-12-24 22:36 - 004258776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-10-01 12:19 - 2018-12-24 22:18 - 000104590 _____ C:\Windows\system32\nvidia-smi.1.pdf
2019-10-01 12:19 - 2018-12-24 22:18 - 000045542 _____ C:\Windows\system32\nvinfo.pb
2019-10-01 12:15 - 2018-08-09 09:37 - 004660696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsDMFT64.dll
2019-10-01 12:14 - 2019-10-01 12:14 - 000000000 ____D C:\ProgramData\Intel
2019-10-01 12:14 - 2019-10-01 12:14 - 000000000 ____D C:\Intel
2019-10-01 12:14 - 2019-10-01 12:14 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2019-10-01 12:12 - 2019-10-01 13:19 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Local\Google
2019-10-01 12:12 - 2019-10-01 12:18 - 000003568 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-01 12:12 - 2019-10-01 12:18 - 000003444 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-01 12:12 - 2019-10-01 12:12 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-01 12:12 - 2019-10-01 12:12 - 000002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-10-01 12:12 - 2019-10-01 12:12 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-01 12:12 - 2019-02-22 02:54 - 003160592 _____ (Intel Corporation) C:\Windows\system32\mfx_mft_vp9ve_64.dll
2019-10-01 12:12 - 2019-02-22 02:54 - 002570336 _____ (Intel Corporation) C:\Windows\SysWOW64\mfx_mft_vp9ve_32.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 024883432 _____ (Intel Corporation) C:\Windows\system32\mfxplugin64_hw.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 020831792 _____ (Intel Corporation) C:\Windows\system32\libmfxhw64.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 019737984 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 011710696 _____ (Intel Corporation) C:\Windows\SysWOW64\mfxplugin32_hw.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 003167392 _____ (Intel Corporation) C:\Windows\system32\mfx_mft_h265ve_64.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 003146984 _____ (Intel Corporation) C:\Windows\system32\mfx_mft_h264ve_64.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 002992360 _____ (Intel Corporation) C:\Windows\system32\mfx_mft_mjpgvd_64.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 002952112 _____ (Intel Corporation) C:\Windows\system32\mfx_mft_encrypt_64.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 002576040 _____ (Intel Corporation) C:\Windows\SysWOW64\mfx_mft_h265ve_32.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 002561856 _____ (Intel Corporation) C:\Windows\SysWOW64\mfx_mft_h264ve_32.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 002434280 _____ (Intel Corporation) C:\Windows\SysWOW64\mfx_mft_mjpgvd_32.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 002410856 _____ (Intel Corporation) C:\Windows\SysWOW64\mfx_mft_encrypt_32.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 001014808 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 001014808 _____ C:\Windows\system32\vulkan-1.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 000878640 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 000878640 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 000274712 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-10-01 12:12 - 2019-02-22 02:53 - 000274712 _____ C:\Windows\system32\vulkaninfo.exe
2019-10-01 12:12 - 2019-02-22 02:53 - 000249096 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-10-01 12:12 - 2019-02-22 02:53 - 000249096 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-10-01 12:12 - 2019-02-22 02:53 - 000205128 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 000176944 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 000161512 _____ C:\Windows\SysWOW64\libGLESv2.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 000147688 _____ C:\Windows\SysWOW64\libEGL.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 000145152 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 000126184 _____ C:\Windows\SysWOW64\libGLESv1_CM.dll
2019-10-01 12:12 - 2019-02-22 02:53 - 000120040 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2019-10-01 12:12 - 2019-02-22 02:37 - 001376256 _____ C:\Windows\system32\c_64.cpa
2019-10-01 12:12 - 2019-02-22 02:37 - 001361159 _____ C:\Windows\SysWOW64\c_32.cpa
2019-10-01 12:12 - 2019-02-22 02:37 - 000071457 _____ C:\Windows\SysWOW64\h265e_32.vp
2019-10-01 12:12 - 2019-02-22 02:37 - 000070988 _____ C:\Windows\SysWOW64\vp9e_32.vp
2019-10-01 12:12 - 2019-02-22 02:37 - 000069813 _____ C:\Windows\SysWOW64\he_32.vp
2019-10-01 12:12 - 2019-02-22 02:37 - 000065205 _____ C:\Windows\SysWOW64\mj_32.vp
2019-10-01 12:12 - 2019-02-22 02:37 - 000057143 _____ C:\Windows\SysWOW64\dev_32.vp
2019-10-01 12:12 - 2019-02-22 02:37 - 000056359 _____ C:\Windows\system32\dev_64.vp
2019-10-01 12:12 - 2019-02-22 02:37 - 000014013 _____ C:\Windows\system32\h265e_64.vp
2019-10-01 12:12 - 2019-02-22 02:37 - 000013852 _____ C:\Windows\system32\vp9e_64.vp
2019-10-01 12:12 - 2019-02-22 02:37 - 000013417 _____ C:\Windows\system32\he_64.vp
2019-10-01 12:12 - 2019-02-22 02:37 - 000013185 _____ C:\Windows\system32\mj_64.vp
2019-10-01 12:12 - 2019-02-22 02:37 - 000001125 _____ C:\Windows\SysWOW64\cpa_32.vp
2019-10-01 12:12 - 2019-02-22 02:37 - 000001125 _____ C:\Windows\system32\cpa_64.vp
2019-10-01 12:11 - 2019-10-01 12:11 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Roaming\AVAST Software
2019-10-01 12:11 - 2019-10-01 12:11 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Local\CEF
2019-10-01 12:10 - 2019-10-01 12:20 - 000003990 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-10-01 12:10 - 2019-10-01 12:20 - 000000000 ____D C:\ProgramData\Packages
2019-10-01 12:10 - 2019-10-01 12:10 - 000848432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-10-01 12:10 - 2019-10-01 12:10 - 000460448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-10-01 12:10 - 2019-10-01 12:10 - 000316528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-10-01 12:10 - 2019-10-01 12:10 - 000274456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-10-01 12:10 - 2019-10-01 12:10 - 000236024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-10-01 12:10 - 2019-10-01 12:10 - 000209552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-10-01 12:10 - 2019-10-01 12:10 - 000204824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-10-01 12:10 - 2019-10-01 12:10 - 000171520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-10-01 12:10 - 2019-10-01 12:10 - 000110320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-10-01 12:10 - 2019-10-01 12:10 - 000083792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-10-01 12:10 - 2019-10-01 12:10 - 000065120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-10-01 12:10 - 2019-10-01 12:10 - 000042736 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-10-01 12:10 - 2019-10-01 12:10 - 000016304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2019-10-01 12:10 - 2019-10-01 12:10 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2019-10-01 12:10 - 2019-10-01 12:10 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-10-01 12:09 - 2019-10-01 12:10 - 000000000 ____D C:\ProgramData\AVAST Software
2019-10-01 12:09 - 2019-10-01 12:09 - 000000000 ____D C:\Windows\system32\Intel
2019-10-01 12:09 - 2019-10-01 12:09 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Local\Conexant
2019-10-01 12:09 - 2019-10-01 12:09 - 000000000 ____D C:\Program Files\AVAST Software
2019-10-01 12:09 - 2017-11-08 10:40 - 000382880 _____ (Intel Corporation) C:\Windows\system32\Drivers\esif_lf.sys
2019-10-01 12:08 - 2019-10-01 12:08 - 000000000 ___HD C:\Users\Jakub Lesniak\MicrosoftEdgeBackups
2019-10-01 12:08 - 2019-10-01 12:08 - 000000000 ____D C:\Windows\UCI
2019-10-01 12:08 - 2019-10-01 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
2019-10-01 12:07 - 2019-10-01 12:09 - 000000000 ____D C:\ProgramData\Conexant
2019-10-01 12:07 - 2019-10-01 12:07 - 000000102 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2019-10-01 12:07 - 2019-10-01 12:07 - 000000000 ____D C:\ProgramData\Dolby
2019-10-01 12:07 - 2019-10-01 12:07 - 000000000 ____D C:\Program Files\Dolby
2019-10-01 12:07 - 2017-05-31 10:38 - 000004664 _____ C:\Windows\system32\Drivers\CxSfPt.dat
2019-10-01 12:07 - 2016-10-27 15:14 - 000416576 _____ (Conexant Systems, Inc.) C:\Windows\system32\SASrv.exe
2019-10-01 12:07 - 2015-09-16 15:10 - 000225624 _____ (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
2019-10-01 12:06 - 2019-10-01 12:07 - 000000000 ____D C:\ProgramData\UIU
2019-10-01 12:06 - 2019-10-01 12:07 - 000000000 ____D C:\Program Files\CONEXANT
2019-10-01 12:06 - 2019-10-01 12:06 - 001705080 _____ (TODO: <Company name>) C:\Windows\SysWOW64\RebootPrompt.exe
2019-10-01 12:06 - 2019-10-01 12:06 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Local\Comms
2019-10-01 12:05 - 2019-10-01 12:05 - 000000000 ____D C:\Windows\system32\Tasks\S-1-5-21-3806314910-127600565-441782998-1001
2019-10-01 12:00 - 2019-10-01 12:27 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Local\PlaceholderTileLogoFolder
2019-10-01 11:55 - 2019-10-01 12:08 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Local\MicrosoftEdge
2019-10-01 11:55 - 2019-10-01 11:55 - 000001446 _____ C:\Users\Jakub Lesniak\Desktop\Microsoft Edge.lnk
2019-10-01 11:55 - 2019-10-01 11:55 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Local\D3DSCache
2019-10-01 11:55 - 2019-10-01 11:55 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-10-01 11:54 - 2019-10-01 12:26 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Local\Packages
2019-10-01 11:54 - 2019-10-01 12:21 - 001678734 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-01 11:54 - 2019-10-01 12:17 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Local\Publishers
2019-10-01 11:54 - 2019-10-01 11:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-10-01 11:54 - 2019-10-01 11:54 - 000000000 ___RD C:\Users\Jakub Lesniak\3D Objects
2019-10-01 11:54 - 2019-10-01 11:54 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Roaming\Adobe
2019-10-01 11:54 - 2019-10-01 11:54 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Local\VirtualStore
2019-10-01 11:54 - 2019-10-01 11:54 - 000000000 ____D C:\Users\Jakub Lesniak\AppData\Local\ConnectedDevicesPlatform
2019-10-01 11:53 - 2019-10-01 12:21 - 000000000 ____D C:\Users\Jakub Lesniak
2019-10-01 11:53 - 2019-10-01 11:53 - 000000020 ___SH C:\Users\Jakub Lesniak\ntuser.ini
2019-10-01 11:53 - 2019-10-01 11:53 - 000000000 _SHDL C:\Users\Jakub Lesniak\Ustawienia lokalne
2019-10-01 11:53 - 2019-10-01 11:53 - 000000000 _SHDL C:\Users\Jakub Lesniak\Szablony
2019-10-01 11:53 - 2019-10-01 11:53 - 000000000 _SHDL C:\Users\Jakub Lesniak\Moje dokumenty
2019-10-01 11:53 - 2019-10-01 11:53 - 000000000 _SHDL C:\Users\Jakub Lesniak\Menu Start
2019-10-01 11:53 - 2019-10-01 11:53 - 000000000 _SHDL C:\Users\Jakub Lesniak\Documents\Moje wideo
2019-10-01 11:53 - 2019-10-01 11:53 - 000000000 _SHDL C:\Users\Jakub Lesniak\Documents\Moje obrazy
2019-10-01 11:53 - 2019-10-01 11:53 - 000000000 _SHDL C:\Users\Jakub Lesniak\Documents\Moja muzyka
2019-10-01 11:53 - 2019-10-01 11:53 - 000000000 _SHDL C:\Users\Jakub Lesniak\Dane aplikacji
2019-10-01 11:53 - 2019-10-01 11:53 - 000000000 _SHDL C:\Users\Jakub Lesniak\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2019-10-01 11:53 - 2019-10-01 11:53 - 000000000 _SHDL C:\Users\Jakub Lesniak\AppData\Local\Historia
2019-10-01 11:53 - 2019-10-01 11:53 - 000000000 _SHDL C:\Users\Jakub Lesniak\AppData\Local\Dane aplikacji
2019-10-01 11:53 - 2019-03-19 05:46 - 000001105 _____ C:\Users\Jakub Lesniak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-10-01 11:52 - 2019-10-01 11:52 - 000000000 ____D C:\ProgramData\USOShared
2019-10-01 11:52 - 2019-07-09 02:54 - 002874368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Public\Documents\Moje wideo
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Public\Documents\Moje obrazy
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Public\Documents\Moja muzyka
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default\Ustawienia lokalne
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default\Szablony
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default\Moje dokumenty
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default\Menu Start
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default\Documents\Moje wideo
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default\Documents\Moje obrazy
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default\Documents\Moja muzyka
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default\Dane aplikacji
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default\AppData\Local\Historia
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default\AppData\Local\Dane aplikacji
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default User\Ustawienia lokalne
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default User\Szablony
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default User\Moje dokumenty
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default User\Menu Start
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default User\Documents\Moje wideo
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default User\Documents\Moje obrazy
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default User\Documents\Moja muzyka
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default User\Dane aplikacji
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Historia
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Dane aplikacji
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\ProgramData\Szablony
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\ProgramData\Pulpit
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\ProgramData\Menu Start
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\ProgramData\Dokumenty
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\ProgramData\Dane aplikacji
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 _SHDL C:\Documents and Settings
2019-10-01 11:50 - 2019-10-01 11:50 - 000000000 ____D C:\Windows\minidump
2019-10-01 11:48 - 2019-10-01 13:01 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-10-01 11:48 - 2019-10-01 12:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-01 11:48 - 2019-10-01 11:48 - 000258584 _____ C:\Windows\system32\FNTCACHE.DAT
2019-10-01 11:48 - 2019-10-01 11:48 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-10-01 11:48 - 2019-10-01 11:48 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-10-01 11:48 - 2019-10-01 11:48 - 000000000 ____D C:\Windows\ServiceProfiles
2019-09-20 00:33 - 2019-09-20 00:33 - 000052936 _____ (Lenovo Group Ltd.) C:\Windows\system32\Drivers\AcpiVpc.sys
==================== Jeden miesiąc (zmodyfikowane) ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2019-10-01 18:02 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-01 12:48 - 2019-03-19 05:49 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-10-01 12:42 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\AppReadiness
2019-10-01 12:34 - 2019-03-19 05:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-10-01 12:29 - 2019-03-19 13:25 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-10-01 12:29 - 2019-03-19 13:25 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-10-01 12:29 - 2019-03-19 13:23 - 000000000 ____D C:\Windows\SysWOW64\winrm
2019-10-01 12:29 - 2019-03-19 13:23 - 000000000 ____D C:\Windows\SysWOW64\WCN
2019-10-01 12:29 - 2019-03-19 13:23 - 000000000 ____D C:\Windows\SysWOW64\slmgr
2019-10-01 12:29 - 2019-03-19 13:23 - 000000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2019-10-01 12:29 - 2019-03-19 13:23 - 000000000 ____D C:\Windows\system32\winrm
2019-10-01 12:29 - 2019-03-19 13:23 - 000000000 ____D C:\Windows\system32\WCN
2019-10-01 12:29 - 2019-03-19 13:23 - 000000000 ____D C:\Windows\system32\slmgr
2019-10-01 12:29 - 2019-03-19 13:23 - 000000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\SysWOW64\F12
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\F12
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\oobe
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\oobe
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\migwiz
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\IME
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\System
2019-10-01 12:29 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-10-01 12:29 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\servicing
2019-10-01 12:29 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\CbsTemp
2019-10-01 12:28 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-01 12:27 - 2019-03-19 13:25 - 000000000 ____D C:\Windows\OCR
2019-10-01 12:21 - 2019-03-19 13:23 - 000750394 _____ C:\Windows\system32\perfh015.dat
2019-10-01 12:21 - 2019-03-19 13:23 - 000144990 _____ C:\Windows\system32\perfc015.dat
2019-10-01 12:21 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2019-10-01 12:21 - 2019-03-19 05:37 - 000524288 _____ C:\Windows\system32\config\BBI
2019-10-01 12:20 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\Help
2019-10-01 12:08 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\USOPrivate
2019-10-01 11:53 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2019-10-01 11:52 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\spool
2019-10-01 11:52 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-10-01 11:50 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ServiceState
2019-10-01 11:50 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows NT
2019-10-01 11:48 - 2019-03-19 05:52 - 000000000 ___RD C:\Windows\PrintDialog
2019-10-01 11:48 - 2019-03-19 05:37 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-09-04 02:56 - 2019-03-19 05:56 - 000835480 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-09-04 02:56 - 2019-03-19 05:56 - 000179816 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== SigCheck ===============================
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
==================== Koniec FRST.txt ============================
 

XMial

TS Rookie
Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 30-09-2019
Uruchomiony przez Jakub Lesniak (01-10-2019 18:05:05)
Uruchomiony z C:\Users\Jakub Lesniak\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Wersja 1903 18362.239 (X64) (2019-10-01 10:50:10)
Tryb startu: Normal
==========================================================

==================== Konta użytkowników: =============================
Administrator (S-1-5-21-3806314910-127600565-441782998-500 - Administrator - Disabled)
Gość (S-1-5-21-3806314910-127600565-441782998-501 - Limited - Disabled)
Jakub Lesniak (S-1-5-21-3806314910-127600565-441782998-1001 - Administrator - Enabled) => C:\Users\Jakub Lesniak
Konto domyślne (S-1-5-21-3806314910-127600565-441782998-503 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3806314910-127600565-441782998-504 - Limited - Disabled)
==================== Centrum zabezpieczeń ========================
(Załączenie wejścia w fixlist spowoduje jego usunięcie.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
==================== Zainstalowane programy ======================
(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Dolby Audio X2 Windows API SDK (HKLM\...\{F994125B-7BF5-4A38-A569-82833CEB24DC}) (Version: 0.8.4.83 - Dolby Laboratories, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
NVIDIA Sterownik graficzny 417.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.35 - NVIDIA Corporation)
Panel sterowania NVIDIA 417.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 417.35 - NVIDIA Corporation) Hidden
Packages:
=========
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.25.5.0_x86__kgqvnymyfvs32 [2019-10-01] (king.com)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.2.0.0_x64__8j3eq9eme6ctt [2019-10-01] (INTEL CORP)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe [2019-10-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-10-01] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.11280.0_x86__8wekyb3d8bbwe [2019-10-01] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2019-10-01] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-10-01] (NVIDIA Corp.)
==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-12-11] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-01] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
==================== Skróty & WMI ========================
(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

ShortcutWithArgument: C:\Users\Jakub Lesniak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Załadowane moduły (filtrowane) ==============
2019-10-01 12:07 - 2019-10-01 12:07 - 000369152 _____ ( ) [Brak podpisu cyfrowego] C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.CxHef9fb4ae#\f41354e3b99b52c3fa665ca42dcb8349\Interop.CxHDAudioAPILib.ni.dll
2019-10-01 12:07 - 2019-10-01 12:07 - 000018944 _____ ( ) [Brak podpisu cyfrowego] C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.CxUtilSvcLib\9b937bb8771d23ce31f0f3843f40e8a7\Interop.CxUtilSvcLib.ni.dll
2019-10-01 12:07 - 2017-07-05 19:36 - 001168384 _____ (Conexant Systems, Inc.) [Brak podpisu cyfrowego] C:\Program Files\Conexant\SAII\CxHDAudioAPI.dll
==================== Alternate Data Streams (filtrowane) =========
==================== Tryb awaryjny (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Powiązania plików (filtrowane) ===============
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)

==================== Internet Explorer - Witryny zaufane I z ograniczeniami ===============
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)

==================== Hosts - zawartość: ===============================
(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)
2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Inne obszary ============================
(Obecnie brak automatycznej naprawy dla tej sekcji.)
HKU\S-1-5-21-3806314910-127600565-441782998-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Zapora systemu Windows [funkcja włączona]
==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==
Załączenie wejścia w fixlist spowoduje jego usunięcie.

==================== Reguły Zapory systemu Windows (filtrowane) ===============
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
FirewallRules: [{B137A771-46F5-4C53-908C-B9139F54EB86}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Punkty Przywracania systemu =========================
01-10-2019 12:06:39 Windows Update
==================== Wadliwe urządzenia w Menedżerze urządzeń =============

==================== Błędy w Dzienniku zdarzeń: =========================
Dziennik Aplikacja:
==================
Error: (10/01/2019 12:13:00 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: ZARZĄDZANIE NT)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 24752 and the required size was 34144.
Error: (10/01/2019 11:55:29 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8db63db6-4f8f-46d6-a448-66444faaaa72;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
Error: (10/01/2019 11:55:27 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=8db63db6-4f8f-46d6-a448-66444faaaa72
Error: (10/01/2019 11:55:27 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7
Error: (10/01/2019 11:54:21 AM) (Source: ESENT) (EventID: 455) (User: )
Description: StartMenuExperienceHost (6320,R,98) TILEREPOSITORYS-1-5-21-3806314910-127600565-441782998-1001: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\Jakub Lesniak\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (10/01/2019 11:54:21 AM) (Source: ESENT) (EventID: 522) (User: )
Description: StartMenuExperienceHost (6320,P,98) TILEREPOSITORYS-1-5-21-3806314910-127600565-441782998-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Odmowa dostępu. ". The operation will fail with error -1032 (0xfffffbf8).
Error: (10/01/2019 11:53:31 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8db63db6-4f8f-46d6-a448-66444faaaa72;NotificationInterval=1440;Trigger=TimerEvent
Error: (10/01/2019 11:53:31 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=8db63db6-4f8f-46d6-a448-66444faaaa72

Dziennik System:
=============
Error: (10/01/2019 11:52:02 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Rozszerzenia I powiadomienia drukarek service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (10/01/2019 11:48:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Pomoc IP service terminated with the following error:
The device is not ready.
Error: (10/01/2019 11:48:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The netprofm service terminated with the following error:
The device is not ready.

CodeIntegrity:
===================================
Date: 2019-10-01 18:03:53.921
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-01 18:03:37.670
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-01 18:03:02.805
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-01 18:02:47.606
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-01 18:02:22.715
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-01 18:02:04.587
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-01 18:01:49.578
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-01 18:01:38.591
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Statystyki pamięci ===========================
BIOS: LENOVO 5ZCN27WW 11/23/2017
Motherboard: LENOVO LNVNB161216
Procesor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Procent pamięci w użyciu: 70%
Całkowita pamięć fizyczna: 8101.22 MB
Dostępna pamięć fizyczna: 2394.61 MB
Całkowita pamięć wirtualna: 10021.22 MB
Dostępna pamięć wirtualna: 2914.23 MB
==================== Dyski ================================
Drive c: () (Fixed) (Total:237.84 GB) (Free:206.31 GB) NTFS
\\?\Volume{40dc23c1-1921-4709-a6b7-8498b7cbda7d}\ (Odzyskiwanie) (Fixed) (Total:0.52 GB) (Free:0.1 GB) NTFS
\\?\Volume{f8933389-f493-4d70-ac52-5ba7661a582a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Tablica partycji ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: AA63FF3F)
Partition: GPT.
==================== Koniec Addition.txt ============================
 

Broni

Malware Annihilator
So far I don't see much there....

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

XMial

TS Rookie
Rouge Killer:


RogueKiller Anti-Malware V13.5.0.0 (x64) [Sep 24 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18362) 64 bits
Started in : Normal mode
User : Jakub Lesniak [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20191002_114658, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/10/02 17:31:00 (Duration : 00:05:47)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Chrome Addon
[PUP.Gen0 (Potentially Malicious)] Honey (C:\Users\Jakub Lesniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\BMNLCJ~1) -- bmnlcjabgnpnenekpadlanbbkooimhnj -> Found
 

XMial

TS Rookie
Malwarebytes:

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 02/10/2019
Scan Time: 17:41
Log File: 7c9baaf2-e533-11e9-bc83-000000000000.json
-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.627
Update Package Version: 1.0.12737
Licence: Trial
-System Information-
OS: Windows 10 (Build 18362.356)
CPU: x64
File System: NTFS
User: DESKTOP-8NQ6T3S\Jakub Lesniak
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 260819
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 28 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)

(end)
 

XMial

TS Rookie
Adw Cleaner:

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-04-2019
# Database: 2019-09-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-02-2019
# Duration: 00:00:13
# OS: Windows 10 Home
# Scanned: 35645
# Detected: 0

***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.

AdwCleaner_Debug.log - [4879 octets] - [02/10/2019 17:42:42]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########