xCrystal utworzono 31 sierpnia 2019 utworzono 31 sierpnia 2019 Krótko, zwięźle i na temat- zaczął mi wariować komputer, programy przestają działać, nie włączają się, bluescreen'y.. Nie wiem czy pomoże log z Combofixa. Spoiler ComboFix 18-08-08.01 - Filip 09/01/2019 0:54.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.8148.6226 [GMT 2:00] Uruchomiony z: d:\program files (x86)\Pobrane\scoped_dir8760_24472\ComboFix.exe AV: Kaspersky Free *Enabled/Updated* {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8} SP: Kaspersky Free *Enabled/Updated* {B1D2E896-6D96-7460-F17A-838B9D00DD65} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\loltxd.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_WINMON . . ((((((((((((((((((((((((( Pliki utworzone od 2019-07-28 do 2019-08-31 ))))))))))))))))))))))))))))))) . . 2019-08-31 22:29 . 2019-08-31 22:29 -------- d-----w- C:\found.005 2019-08-31 15:00 . 2019-08-31 15:00 -------- d-----w- C:\found.004 2019-08-31 14:04 . 2019-08-31 14:04 -------- d-----w- C:\found.003 2019-08-31 13:54 . 2019-01-08 14:32 153328 ----a-w- c:\windows\system32\drivers\mbae64.sys 2019-08-31 13:50 . 2019-08-31 13:50 66556 ----a-w- c:\programdata\agent.uninstall.1567259400.bdinstall.v2.bin 2019-08-31 13:37 . 2019-08-31 13:37 -------- d-----w- C:\found.002 2019-08-31 13:08 . 2019-08-31 13:09 -------- d-----w- C:\AdwCleaner 2019-08-30 14:59 . 2019-08-30 14:59 -------- d-----w- C:\found.001 2019-08-30 09:49 . 2019-02-28 16:04 66848 ----a-w- c:\windows\system32\drivers\adgnetworktdidrv.sys 2019-08-15 08:09 . 2019-08-15 08:09 -------- d-----w- c:\users\Filip\AppData\Local\VCLStylesSkin 2019-08-14 16:18 . 2019-08-14 16:18 -------- d-----w- c:\programdata\WEBZEN 2019-08-13 23:00 . 2019-08-13 23:00 5244984 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2019-08-07 19:46 . 2019-08-08 20:20 -------- d-----w- c:\users\Filip\AppData\Roaming\Wargaming.net 2019-08-07 19:32 . 2019-08-07 19:32 -------- d-----w- c:\programdata\Wargaming.net 2019-08-05 19:06 . 2016-03-24 23:35 4855048 ----a-w- c:\windows\system32\rtwlanu.sys 2019-08-05 19:06 . 2016-03-24 23:35 4855048 ----a-w- c:\windows\system32\drivers\rtwlanu.sys 2019-08-05 19:06 . 2016-03-24 23:35 30472 ----a-w- c:\windows\system32\rtlCoInst.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2019-08-29 08:42 . 2018-10-03 18:19 7220352 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2019-08-27 10:05 . 2018-12-14 21:38 226168 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2019-08-26 16:37 . 2018-12-14 21:38 226168 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2019-08-24 08:31 . 2019-06-09 00:15 217216 ----a-w- c:\windows\system32\drivers\klflt.sys 2019-08-24 08:31 . 2019-02-13 12:09 122488 ----a-w- c:\windows\system32\drivers\klbackupflt.sys 2019-08-24 08:31 . 2019-06-09 00:15 1123456 ----a-w- c:\windows\system32\drivers\klif.sys 2019-08-24 08:27 . 2019-06-09 00:15 151768 ----a-w- c:\windows\system32\klhkum.dll 2019-08-24 08:27 . 2019-02-13 12:09 1093240 ----a-w- c:\windows\system32\drivers\klhk.sys 2019-08-13 23:01 . 2017-12-16 23:20 842296 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2019-08-13 23:01 . 2017-12-16 23:20 175160 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2019-07-18 19:17 . 2019-05-31 21:07 508864 ----a-w- c:\windows\system32\nvumdshimx.dll 2019-07-18 16:13 . 2017-12-16 23:39 38756680 ----a-w- c:\windows\system32\nvwgf2umx.dll 2019-07-18 16:13 . 2017-12-16 23:39 18089824 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2019-07-18 16:12 . 2017-12-16 23:39 4934728 ----a-w- c:\windows\system32\nvapi64.dll 2019-07-17 21:10 . 2017-12-16 23:41 5435192 ----a-w- c:\windows\system32\nvcpl.dll 2019-07-17 21:10 . 2017-12-16 23:41 2637352 ----a-w- c:\windows\system32\nvsvc64.dll 2019-07-17 21:10 . 2017-12-16 23:41 83440 ----a-w- c:\windows\system32\nv3dappshextr.dll 2019-07-17 21:10 . 2017-12-16 23:41 650608 ----a-w- c:\windows\system32\nv3dappshext.dll 2019-07-17 21:10 . 2017-12-16 23:41 451056 ----a-w- c:\windows\system32\nvmctray.dll 2019-07-17 21:10 . 2017-12-16 23:41 1767920 ----a-w- c:\windows\system32\nvsvcr.dll 2019-07-17 21:10 . 2017-12-16 23:41 125424 ----a-w- c:\windows\system32\nvshext.dll 2019-07-16 08:18 . 2017-12-16 23:41 8642772 ----a-w- c:\windows\system32\nvcoproc.bin 2019-06-18 08:59 . 2018-12-24 20:03 2164080 ----a-w- c:\windows\SysWow64\nvspcap.dll 2019-06-18 08:59 . 2018-12-24 20:03 1316664 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll 2019-06-18 08:59 . 2018-12-24 20:03 2785776 ----a-w- c:\windows\system32\nvspcap64.dll 2019-06-18 08:56 . 2017-12-16 23:41 1951 ----a-w- c:\windows\NvTelemetryContainerRecovery.bat 2019-06-13 03:37 . 2017-12-16 23:41 179184 ----a-w- c:\windows\system32\nvaudcap64v.dll 2019-06-13 03:37 . 2017-12-16 23:41 154608 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2019-06-09 01:08 . 2018-02-12 02:17 56144 ----a-w- c:\windows\system32\drivers\klim6.sys 2019-06-09 01:08 . 2019-02-13 12:09 177280 ----a-w- c:\windows\system32\drivers\klwtp.sys 2019-06-09 01:08 . 2019-02-13 12:09 86656 ----a-w- c:\windows\system32\drivers\kldisk.sys 2019-06-09 01:08 . 2018-01-15 03:16 56656 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2019-06-09 01:07 . 2017-05-30 16:51 49280 ----a-w- c:\windows\system32\drivers\klpd.sys 2019-06-09 01:07 . 2017-12-11 09:49 57464 ----a-w- c:\windows\system32\drivers\klmouflt.sys 2019-06-09 01:07 . 2018-02-24 03:17 201552 ----a-w- c:\windows\system32\drivers\kneps.sys 2019-06-09 01:07 . 2019-02-13 12:09 72016 ----a-w- c:\windows\system32\drivers\klbackupdisk.sys 1601-01-03 20:26 . 1601-01-03 20:26 73216 ------w- c:\program files (x86)\uGdVUvwEI.exe 1601-01-03 20:26 . 1601-01-03 20:26 73216 ------w- c:\program files (x86)\nYXdaxXyKQ.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2018-10-18 02:48 . 75D67181BAFE8251AE16BC2E77F30A36 . 25737728 . . [------] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.19180_none_f5c1531c37191b66\mshtml.dll [7] 2018-09-18 . BAFBDABB6C8B0947043DBC64BDAAFAA2 . 25735168 . . [11.00.9600.19180] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.19155_none_f5bde056371c4f86\mshtml.dll [7] 2017-11-14 . 153F36822704831A1D0F58F3C3497C0B . 25731072 . . [11.00.9600.18860] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18860_none_f573a12e3753af28\mshtml.dll [7] 2017-06-27 . 33063F69D8E97D6A5C81AE5D9083239D . 25770496 . . [11.00.9600.18450] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18449_none_f59c13423735f35f\mshtml.dll [7] 2017-06-27 . 523F47400273489EC40B0D2735DE0787 . 25731584 . . [11.00.9600.18710] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18709_none_f577a2563751e1d6\mshtml.dll [7] 2017-05-14 . C9A3BD66728425F4F843FD4523A4FF36 . 25738752 . . [11.00.9600.18698] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18697_none_f58ba26c374176b2\mshtml.dll [-] 2017-04-04 . F1F004FA94F13DFC83DDA232326158A7 . 25746944 . . [11.00.9600.18618] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_f59a25aa3737acc2\mshtml.dll [-] 2017-04-04 . F1F004FA94F13DFC83DDA232326158A7 . 25746944 . . [11.00.9600.18618] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18426_none_f59a5706373773ce\mshtml.dll [7] 2010-11-21 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll [-] 2018-10-18 02:48 . 75D67181BAFE8251AE16BC2E77F30A36 . 25737728 . . [------] .. c:\windows\system32\mshtml.dll . [7] 2016-11-10 . 34BA256FBF83457F9D5E51A56DB54542 . 1009152 . . [6.1.7601.23594] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [7] 2016-11-10 . 34BA256FBF83457F9D5E51A56DB54542 . 1009152 . . [6.1.7601.23594] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23594_none_2b915fa59d5abee0\user32.dll [-] 2016-11-10 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2018-12-14 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2016-11-10 . 3CB074875AC88A7C1010A2A7F9881A8C . 833024 . . [6.1.7601.23594] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [7] 2016-11-10 . 3CB074875AC88A7C1010A2A7F9881A8C . 833024 . . [6.1.7601.23594] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23594_none_35e609f7d1bb80db\user32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}] 2019-06-09 01:07 1179344 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\ieext\ie_plugin.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{C500C267-63BF-451F-8797-4D720C9A2ED9}"= "c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\IEExt\ie_plugin.dll" [2019-06-09 1179344] . [HKEY_CLASSES_ROOT\clsid\{c500c267-63bf-451f-8797-4d720c9a2ed9}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2019-08-10 19:15 1292408 ----a-w- c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2] @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}" [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}] 2019-08-10 19:15 1292408 ----a-w- c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3] @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}] 2019-08-10 19:15 1292408 ----a-w- c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2019-08-10 19:15 1292408 ----a-w- c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2019-08-10 19:15 1292408 ----a-w- c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive6] @="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}" [HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}] 2019-08-10 19:15 1292408 ----a-w- c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adguard"="d:\program files (x86)\Adguard\Adguard.exe" [2019-05-29 4157800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2019-07-17 601784] "M0G98CYCLONERun"="c:\program files (x86)\GAMING MOUSE CYCLONE\M0G98MON.exe" [2015-10-27 3192320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 ClickToRunSvc;Usługa Szybka instalacja pakietu Microsoft Office;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x] R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x] R3 EasyAntiCheat;EasyAntiCheat;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe [x] R3 fcvsc;fcvsc;c:\windows\system32\drivers\fcvsc.sys;c:\windows\SYSNATIVE\drivers\fcvsc.sys [x] R3 gencounter;Licznik generacji funkcji Microsoft Hyper-V;c:\windows\system32\drivers\vmgencounter.sys;c:\windows\SYSNATIVE\drivers\vmgencounter.sys [x] R3 hyperkbd;hyperkbd;c:\windows\system32\drivers\hyperkbd.sys;c:\windows\SYSNATIVE\drivers\hyperkbd.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 klvssbridge64_19.0.0;klvssbridge64_19.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\vssbridge64.exe [x] R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0050.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0050.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x] R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTCore64;RTCore64;d:\program files (x86)\MSI Afterburner\RTCore64.sys;d:\program files (x86)\MSI Afterburner\RTCore64.sys [x] R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 usbrndis6;Karta USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x] R3 USER_ESRV_SVC_QUEENCREEK;User Energy Server Service queencreek;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x] R3 YSDrv;VBox Support Driver;c:\program files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys;c:\program files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [x] S0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x] S0 iusb3hcs;Sterownik przełącznika kontrolera hosta Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x] S1 adgnetworktdidrv;adgnetworktdidrv;c:\windows\system32\drivers\adgnetworktdidrv.sys;c:\windows\SYSNATIVE\drivers\adgnetworktdidrv.sys [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x] S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x] S1 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x] S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x] S1 klim6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 Adguard Service;Adguard Service;d:\program files (x86)\Adguard\AdguardSvc.exe;d:\program files (x86)\Adguard\AdguardSvc.exe [x] S2 AVP19.0.0;Usługa Kaspersky Anti-Virus 19.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 DSAService;Intel(R) Driver & Support Assistant;c:\program files (x86)\Intel Driver and Support Assistant\DSAService.exe;c:\program files (x86)\Intel Driver and Support Assistant\DSAService.exe [x] S2 ESRV_SVC_QUEENCREEK;Energy Server Service queencreek;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [x] S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 KSDE3.0.0;Usługa Kaspersky Secure Connection 3.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [x] S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x] S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x] S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x] S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x] S2 Origin Web Helper Service;Origin Web Helper Service;d:\program files (x86)\Origin\OriginWebHelperService.exe;d:\program files (x86)\Origin\OriginWebHelperService.exe [x] S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x] S2 RemoteMouseService;RemoteMouseService;c:\program files (x86)\Remote Mouse\RemoteMouseService.exe;c:\program files (x86)\Remote Mouse\RemoteMouseService.exe [x] S2 RzSurroundVADStreamingService;RzSurroundVADStreamingService;c:\program files (x86)\Razer\Razer Surround\Driver\RzSurroundVADStreamingService.exe;c:\program files (x86)\Razer\Razer Surround\Driver\RzSurroundVADStreamingService.exe [x] S2 SystemUsageReportSvc_QUEENCREEK;Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK;c:\program files\Intel Driver and Support Assistant\SUR\SurSvc.exe;c:\program files\Intel Driver and Support Assistant\SUR\SurSvc.exe [x] S3 AmUStor;Al USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x] S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x] S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Sterownik kontrolera hosta Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\DRIVERS\kltap.sys;c:\windows\SYSNATIVE\DRIVERS\kltap.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RZSURROUNDVADService;Razer Surround Audio Service;c:\windows\system32\drivers\RzSurroundVAD.sys;c:\windows\SYSNATIVE\drivers\RzSurroundVAD.sys [x] S3 semav6msr64;semav6msr64;c:\windows\system32\drivers\semav6msr64.sys;c:\windows\SYSNATIVE\drivers\semav6msr64.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x] S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}] 2019-06-09 01:07 1410256 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ieext\ie_plugin.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{C500C267-63BF-451F-8797-4D720C9A2ED9}"= "c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\IEExt\ie_plugin.dll" [2019-06-09 1410256] . [HKEY_CLASSES_ROOT\CLSID\{C500C267-63BF-451F-8797-4D720C9A2ED9}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2019-08-10 19:15 1473352 ----a-w- c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2] @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}" [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}] 2019-08-10 19:15 1473352 ----a-w- c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3] @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}] 2019-08-10 19:15 1473352 ----a-w- c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2019-08-10 19:15 1473352 ----a-w- c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2019-08-10 19:15 1473352 ----a-w- c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive6] @="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}" [HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}] 2019-08-10 19:15 1473352 ----a-w- c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2019-01-15 18391096] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted vmickvpexchange vmicvss vmicshutdown HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted vmictimesync . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <-loopback> uInternet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888 IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105 Trusted Zone: localhost TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{940CA9D9-081D-448B-8442-3A1CA604F34B}: NameServer = 8.8.8.8 TCP: Interfaces\{D9FC6EB9-6B22-405B-993C-F36CD940A601}: NameServer = 8.8.8.8 TCP: Interfaces\{E75EA2E2-EF40-47CC-985B-59CA3757D5CF}: NameServer = 8.8.8.8 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLL Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL . . ------- Skojarzenia plików ------- . inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1 txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1 . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avpui.exe c:\windows\system32\PnkBstrA.exe c:\program files (x86)\Remote Mouse\RemoteMouseCore.exe c:\program files (x86)\Remote Mouse\RemoteMouse.exe c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe . ************************************************************************** . Czas ukończenia: 2019-09-01 01:07:27 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2019-08-31 23:07 . Przed: 6 253 576 192 bajtów wolnych Po: 5 961 613 312 bajtów wolnych . - - End Of File - - 9C840F0858F2EA3B3203252164A3F469 A36C5E4F47E84449FF07ED3517B43A31
Twój_Anioł_Stróż komentarz 1 września 2019 komentarz 1 września 2019 Cytuj 1601-01-03 20:26 . 1601-01-03 20:26 73216 ------w- c:\program files (x86)\uGdVUvwEI.exe 1601-01-03 20:26 . 1601-01-03 20:26 73216 ------w- c:\program files (x86)\nYXdaxXyKQ.exe To mi się nie podoba! Zrób logi z FRST > http://www.forumpc.pl/topic/277786-nieingerencyjne-narzędzia-do-tworzenia-logów-systemowych/?p=2010191 przed skanem zaznacz: Additional.txt, Shortcut.txt,
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.