Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018 Ran by ALINA (administrator) on ALINA-PC (27-10-2018 14:40:03) Running from C:\Users\ALINA\Desktop Loaded Profiles: ALINA (Available Profiles: ALINA & DefaultAppPool) Platform: Windows 10 Pro Version 1709 16299.431 (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\9f6166092e0d2850b552dcc26b20de04\WindowsUpdateBox.exe (Microsoft Corporation) C:\$WINDOWS.~BT\Sources\SetupHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Philips Consumer Electronics) C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips) C:\Windows\VPro530.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKU\S-1-5-21-3795130716-403384620-1226518042-1000\...\Run: [Philips Intelligent Agent] => C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe [613792 2008-02-21] (Philips Consumer Electronics) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPro530.lnk [2015-08-24] ShortcutTarget: VPro530.lnk -> C:\Windows\VPro530.exe (Philips) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.12 10.0.0.13 Tcpip\..\Interfaces\{27a4ac0f-bd53-47f7-8394-d5a4ccf42b66}: [DhcpNameServer] 10.0.0.12 10.0.0.13 Internet Explorer: ================== FireFox: ======== FF DefaultProfile: kzz8tlil.default FF ProfilePath: C:\Users\ALINA\AppData\Roaming\TomTom\HOME\Profiles\c94kr1q9.default [2016-10-16] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-07-30] [Legacy] [not signed] FF ProfilePath: C:\Users\ALINA\AppData\Roaming\Mozilla\Firefox\Profiles\kzz8tlil.default [2018-10-27] FF Homepage: Mozilla\Firefox\Profiles\kzz8tlil.default -> www.wp.pl/ FF Extension: (Avira Browser Safety) - C:\Users\ALINA\AppData\Roaming\Mozilla\Firefox\Profiles\kzz8tlil.default\Extensions\abs@avira.com.xpi [2018-10-27] FF Extension: (Firefox Monitor) - C:\Users\ALINA\AppData\Roaming\Mozilla\Firefox\Profiles\kzz8tlil.default\features\{be0df406-b891-42b6-879d-db73c61e125d}\fxmonitor@mozilla.org.xpi [2018-09-30] FF Extension: (Telemetry coverage) - C:\Users\ALINA\AppData\Roaming\Mozilla\Firefox\Profiles\kzz8tlil.default\features\{be0df406-b891-42b6-879d-db73c61e125d}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-09-30] [Legacy] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-27] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-27] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default [2018-09-24] CHR Extension: (Prezentacje) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-21] CHR Extension: (Dokumenty) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-21] CHR Extension: (Dysk Google) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-29] CHR Extension: (YouTube) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29] CHR Extension: (Google Search) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-17] CHR Extension: (Arkusze) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-21] CHR Extension: (Dokumenty Google offline) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-24] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-01] CHR Extension: (Gmail) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17] CHR Extension: (Chrome Media Router) - C:\Users\ALINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-24] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-02-02] (Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-27] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 NMgamingmsFltr; C:\WINDOWS\system32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd) R3 phaudlwr; C:\WINDOWS\system32\DRIVERS\phaudlwr.sys [114608 2009-10-20] (Philips Applied Technologies) R3 SPC530; C:\WINDOWS\system32\drivers\SPC530.sys [583168 2008-05-21] ( ) R3 SPC530m; C:\WINDOWS\system32\drivers\SPC530m.sys [8192 2008-05-21] ( ) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-27] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-27] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-27] (Microsoft Corporation) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-27 14:24 - 2018-10-27 14:26 - 000030757 _____ C:\Users\ALINA\Desktop\Addition.txt 2018-10-27 14:21 - 2018-10-27 14:41 - 000009000 _____ C:\Users\ALINA\Desktop\FRST.txt 2018-10-27 14:20 - 2018-10-27 14:19 - 007592144 _____ (Malwarebytes) C:\Users\ALINA\Desktop\AdwCleaner.exe 2018-10-27 14:19 - 2018-10-27 14:19 - 007592144 _____ (Malwarebytes) C:\Users\ALINA\Downloads\AdwCleaner.exe 2018-10-27 14:18 - 2018-10-27 14:16 - 002414592 _____ (Farbar) C:\Users\ALINA\Desktop\FRST64.exe 2018-10-27 14:16 - 2018-10-27 14:16 - 002414592 _____ (Farbar) C:\Users\ALINA\Downloads\FRST64.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-27 14:40 - 2017-03-24 22:04 - 000000000 ____D C:\FRST 2018-10-27 14:40 - 2015-07-25 18:05 - 000000000 ____D C:\Users\ALINA\AppData\Roaming\Skype 2018-10-27 14:36 - 2016-12-01 00:30 - 000000000 ____D C:\Users\ALINA\AppData\LocalLow\Mozilla 2018-10-27 14:36 - 2016-11-30 22:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-10-27 14:36 - 2015-07-17 15:15 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-10-27 14:35 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-10-27 14:35 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-10-27 14:35 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-10-27 14:32 - 2018-02-13 20:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-10-27 14:06 - 2018-06-09 21:34 - 006226432 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2018-10-27 14:06 - 2018-03-13 15:07 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-10-27 14:06 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-10-27 14:06 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-09-30 13:01 - 2018-04-12 12:19 - 000000000 ___HD C:\$WINDOWS.~BT 2018-09-30 12:52 - 2015-07-17 15:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-09-28 13:02 - 2017-12-18 20:24 - 000000000 ___DC C:\WINDOWS\Panther ==================== Files in the root of some directories ======= 2017-12-21 20:16 - 2017-12-21 20:16 - 000007601 _____ () C:\Users\ALINA\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2018-10-27 14:09 - 2018-10-27 14:10 - 062637240 _____ (Skype Technologies S.A.) C:\Users\ALINA\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-08-26 14:01 ==================== End of FRST.txt ============================