Forum.instalki.pl

Dzień dobry.

Chciałbym prosić o weryfikację logów.
Objaw.
Na laptopie, na świeżo zainstalowanym Win8.1 (bez zainstalowanych zbędnych gadżetów) kursor myszki zastyga co jakiś czas na ułamek sekundy. Objaw pojawia się na świeżo uruchomionej maszynie i na już długo pracującej (czyli nie jest to raczej kwestia startujących w tle usług).

FRST https://justpaste.it/1vasj
FRST Addition https://justpaste.it/24iii
HijackThis https://justpaste.it/6vjrj


[wiadomość zawierała zbyt wiele znaków, więc podaję linki do logów]

Pozdrawiam,
Adam

Sprawdzenie logów wieczorem, puki co pokaż jeszcze screen z Crystal Disk Info, ocenimy stan dysku twardego.

Dysk masz sprawny. Zobacz jeszcze zachowanie systemu podczas czystego rozruchu i uaktualnij sterowniki i oprogramowanie w nim. Do oprogramowania uyj darmowego PatchMyPC.Do sterowników SnailDriver :
https://sites.google.com/site/twierdzaciemnosci/windows/aktualizacja-sterownikow-za-pomoca-aplikacji-snaildriver
Tu jak czysty rozruch zrobić :
https://support.microsoft.com/pl-pl/help/929135/how-to-perform-a-clean-boot-in-windows

Uruchom "FRST". NA klawiaturze naciśnij jednocześnie "CTRL+Y" .Otworzy się Notatnik, wklej do niego:

Kod: Zaznacz wszystko

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
U3 iswSvc; no ImagePath
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> [CC]{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> [CC]{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => -> No File
EmptyTemp:

Na klawiaturze naciśnij jednocześnie "CTRL+S". W "FRST uruchom opcję na "Fix / Napraw". Następnie pobierz darmowy "AdwCleaner" i pokaż raport ze skanowania:
https://sites.google.com/site/twierdzaciemnosci/windows/adwcleaner-instrukcja-uzywania-programu

Tak jak sugerowałem aktualizuj sterowniki w systemie, system zgłasza problemy:

Kod: Zaznacz wszystko

==================== Faulty Device Manager Devices =============

Name: Intel(R) Atom(TM)/Celeron(R)/Pentium(R) Processor Intel DPTF Thermal Framework Device - 3400
Description: Intel(R) Atom(TM)/Celeron(R)/Pentium(R) Processor Intel DPTF Thermal Framework Device - 3400
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Mobile 5th Generation Intel(R) Core(TM) Camarillo Device - 1603
Description: Mobile 5th Generation Intel(R) Core(TM) Camarillo Device - 1603
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Error: (12/14/2018 11:53:52 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Hej, zrobiłem jak napisałeś.

Po aktualizacji sterowników nadal została jakaś sierotka bez:
https://www.screencast.com/t/kv8ttqVB

AdwCleaner nie nic znalazł.
System jakby płynniej chodzi.

Jest sens porównywać start na czystym systemie?

Nie tyle start co i płynność działania.
Ta sierotka to jakaś karta sieciowa, czy modem...Zobacz co na to "Driver identifier", to alternatywa "SanailDrivers". Pokaż jeszcze nowe logi z "FRST", czyli główny i "Addition". Przeskanj system jeszcze "RK" i pokaż log. Program ten pobierz najlepiej w wersji "Portable":
https://sites.google.com/site/twierdzaciemnosci/windows/roguekiller-usuwaniezlosliwegooprogramowania

FRST: https://justpaste.it/3awx7

RK nie nie znalazł.

Czy driveridentifier.com jest bezpieczny? Znalazłem trochę wpisów, że sam z siebie wrzuca reklamy.

Addition

Kod: Zaznacz wszystko

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by adam (16-12-2018 20:01:20)
Running from D:\Downloads\System Tools
Windows 8.1 Pro (Update) (X64) (2018-12-06 19:06:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

adam (S-1-5-21-537903363-2798869277-3563865902-1001 - Administrator - Enabled) => C:\Users\adam
Administrator (S-1-5-21-537903363-2798869277-3563865902-500 - Administrator - Disabled)
Guest (S-1-5-21-537903363-2798869277-3563865902-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {8D637332-9C08-995E-98D7-8237936B0E9F}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 3.0.14 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
Check Point SBA (HKLM\...\{B212ABB9-E151-444B-975C-8A3EA9DC8EFB}) (Version: 86.4.9056 - Check Point Software Technologies Ltd.) Hidden
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.22 - NVIDIA Corporation) Hidden
ELAN Touchpad 11.5.16.2_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.16.2 - ELAN Microelectronic Corp.)
eM Client (HKLM-x32\...\{E1A91386-A21E-484E-8FED-47BA87671427}) (Version: 7.2.34062.0 - eM Client Inc.)
FastStone Image Viewer 6.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.7 - FastStone Soft)
FontBase 2.6.6 (HKU\S-1-5-21-537903363-2798869277-3563865902-1001\...\ffc1e284-e25b-515d-b453-93eb9fe955eb) (Version: 2.6.6 - Dominik Levitsky Studio)
foobar2000 v1.4.1 (HKLM-x32\...\foobar2000) (Version: 1.4.1 - Peter Pawlowski)
HD Video Converter Factory Pro 17.0 (HKLM-x32\...\HD Video Converter Factory Pro) (Version: 17.0 - WonderFox Soft, Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4385 - Intel Corporation)
jAlbum (HKLM\...\{EB433E79-52E8-455C-9140-1F8068A3ACCC}) (Version: 13.3 - Jalbum AB)
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
KeePass Password Safe 2.40 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.40 - Dominik Reichl)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Mediatek Bluetooth (HKLM\...\{1C41AEAE-7DD5-29D6-FA5F-D1E8A12ECE4E}) (Version: 11.0.760.0 - Mediatek)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11029.20108 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-537903363-2798869277-3563865902-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 64.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 64.0 (x64 en-GB)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6 - Notepad++ Team)
NVIDIA Graphics Driver 417.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.22 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 5.0.55.0 - Ralink)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
RogueKiller version 13.0.16.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.0.16.0 - Adlice Software)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.0.1910 - Samsung Electronics)
Sandboxie 5.26 (64-bit) (HKLM\...\Sandboxie) (Version: 5.26 - Sandboxie Holdings, LLC)
Skype version 8.36 (HKLM-x32\...\Skype_is1) (Version: 8.36 - Skype Technologies S.A.)
SnailDriver 2 Lite version 2.1.2.0 (HKLM-x32\...\{3189DA22-4E71-4794-9F3D-39A3DE0062DE}_is1) (Version: 2.1.2.0 - Snailsuite)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WhereIsIt? 2014 (HKLM-x32\...\whereisit-wii_is1) (Version: 2014 - Robert Galle)
Windows Driver Package - ASUS (ATP) Mouse  (01/13/2015 1.0.0.233) (HKLM\...\8335D73177E6D80E7ADC00FED2275758BD28AEFB) (Version: 01/13/2015 1.0.0.233 - ASUS)
ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.001.0704 - Check Point Software) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{6F277433-5A52-4DC5-AA23-ECE8FD045EBD}) (Version: 15.4.062.17802 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.4.062.17802 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{37F2A556-851C-46BA-BDD4-48745E7A106B}) (Version: 15.4.062.17802 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-537903363-2798869277-3563865902-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-11-12] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-03-27] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-11-29] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {034FB27D-AA4D-43F1-9F9C-FD0BE330C7A1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-28] (Piriform Ltd)
Task: {05C3BA7C-32B0-4910-ADFD-7FCC2A83AB12} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-11-29] (NVIDIA Corporation)
Task: {0A17BEB1-8AD8-41BF-8117-6F5637211AC3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {115695B8-AA5B-4B2A-BD6F-E09E56930866} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-28] (Piriform Software Ltd)
Task: {12348269-B60D-4B06-86D7-2D54C2F8E920} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-07] (Microsoft Corporation)
Task: {146A32B3-5DA2-42E9-9D14-363D075E75D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-12-08] (Microsoft Corporation)
Task: {15840BBA-F7A3-4F9E-BE35-7E59B1CE4EC4} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-06-29] (Realtek Semiconductor)
Task: {1FD07CA2-819E-41C3-9F10-0868260EA0C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {2D3958C9-B35C-4A0A-BDD1-47687F575772} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-07] (Microsoft Corporation)
Task: {2D580328-B726-4F60-A8B1-4E3639D88A75} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-14] (Microsoft Corporation)
Task: {307F9EF6-4C15-4861-864A-F9314F3AA343} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {311A5163-7422-4510-95E6-07DB510184F7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-12-14] (Microsoft Corporation)
Task: {315D7CFC-6418-41AD-BAFE-345F22281D88} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-11-29] (NVIDIA Corporation)
Task: {38969C6B-6754-489B-9420-F63A77B08A6C} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {6649CAFD-6DDC-4782-B6FB-A069AF0AFF20} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-14] (Microsoft Corporation)
Task: {6ACF899D-3B83-4A55-9CAF-DFA82A2C88EA} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2018-10-05] (Samsung Electronics Co. Ltd.)
Task: {82E3B68D-2CAC-4277-8A64-947F3BA3758E} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-11-29] (NVIDIA Corporation)
Task: {830616B5-6B3D-4EE8-BB56-071FB541EA81} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-03-18] (AsusTek)
Task: {83129F0D-45BA-4EED-9F5B-DCA2AFCEB2DF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-12-14] (Microsoft Corporation)
Task: {89059439-0E15-4FC9-B39A-6999438BA962} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {8A1B5E02-D441-4547-9623-B4B8CB82AC1C} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-11-29] (NVIDIA Corporation)
Task: {8A8AB9E9-5FAA-4EA6-8737-4445ADA1AAB2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-11-29] (NVIDIA Corporation)
Task: {9770F37B-50AD-4FDF-A251-77B1CD5FA5C8} - System32\Tasks\SnailDriver2_Lite_Launch => C:\Program Files (x86)\SnailSuite\SnailDriver 2 Lite\SnailLaunch.exe [2018-07-26] (SnailDrivers)
Task: {A3107D51-F0B8-4BB7-A82C-052561856C66} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-06-29] (Realtek Semiconductor)
Task: {A92EA702-50DC-40D9-87A8-A546440A7F8C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-12-08] (Microsoft Corporation)
Task: {AE8A1BD7-8A8D-4F4F-A1E0-815E5B60202D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-11-29] (NVIDIA Corporation)
Task: {B5D6C8A1-A0D1-4035-A711-C1B33444BE39} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-11-29] (NVIDIA Corporation)
Task: {DB10FEC2-F0BD-407A-8D78-7EC1D87DAD3C} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {DD8856BA-FB7C-4BD6-AEC6-78707A9ADA20} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-12-14] (Microsoft Corporation)
Task: {E9C54D33-A42F-4305-95EC-68ACBBA9F8A5} - System32\Tasks\SnailDriver2_Lite_SkipUAC => C:\Program Files (x86)\SnailSuite\SnailDriver 2 Lite\SnailDriver.exe [2018-07-26] (Snail)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-11-12 23:35 - 2018-11-12 23:35 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2018-12-06 20:55 - 2018-03-27 07:01 - 000381928 _____ () C:\Windows\system32\igfxTray.exe
2018-10-25 02:39 - 2018-10-25 02:39 - 000033016 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
2018-10-25 01:44 - 2018-10-25 01:44 - 000163576 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\TPCommonCLI.dll
2018-08-29 15:21 - 2018-08-29 15:21 - 000095992 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationProxyWrapperLib.dll
2018-09-05 11:11 - 2018-09-05 11:11 - 000104184 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Reputation\ReputationProviderCLI.dll
2018-12-14 19:30 - 2018-06-01 16:28 - 000148480 _____ () C:\Program Files (x86)\SnailSuite\SnailDriver 2 Lite\CrashRpt1403.dll
2018-12-14 19:30 - 2018-06-01 16:28 - 000797696 _____ () C:\Program Files (x86)\SnailSuite\SnailDriver 2 Lite\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-537903363-2798869277-3563865902-1001\Control Panel\Desktop\\Wallpaper -> D:\Documents\Dzogczen\A.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-537903363-2798869277-3563865902-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-537903363-2798869277-3563865902-1001\...\StartupApproved\Run: => "Uninstall 18.151.0729.0013"
HKU\S-1-5-21-537903363-2798869277-3563865902-1001\...\StartupApproved\Run: => "Uninstall 18.151.0729.0013\amd64"
HKU\S-1-5-21-537903363-2798869277-3563865902-1001\...\StartupApproved\Run: => "Lync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{77F3ECB4-0A40-4D64-8CA8-081929B6B83D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4D8B1072-8B09-49B4-B673-6EFB74B080FF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0E34502E-2944-4480-9B96-225E1C8D14E1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{FCDB8CB7-322F-42C9-A88E-618C45888497}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A07778EB-7A17-44B9-AF59-7030D9298F97}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FCB3F1DE-794C-49B6-806E-6B18CAC06AE7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{95F137AD-C3BB-4376-AF7B-77A62FEA7363}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C9889982-F0F1-4EE0-B803-EE0B398CCD90}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{E423DCDA-E434-4DDE-9716-E3C0C5BCA400}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{7F9E91CC-BE13-412A-8527-C69EF39216A6}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{8E34D195-C425-4D9A-BE0E-F1CF20F54C5E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{FC25DDA0-5356-40F0-BCC9-05FBA7BCE3D1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{BAD0CE86-4BD6-450B-87C7-970F92EF5722}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D3B98615-D1B5-4ECE-8E62-33AA05D8047C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{9207AA93-7846-478A-9047-9B80E7B74160}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

==================== Restore Points =========================

14-12-2018 19:32:58 Snail Driver install restore point

==================== Faulty Device Manager Devices =============

Name: Mobile 5th Generation Intel(R) Core(TM) Camarillo Device - 1603
Description: Mobile 5th Generation Intel(R) Core(TM) Camarillo Device - 1603
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/15/2018 10:27:22 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPService
ServiceMainThread:  NotifyServiceStatusRunning() failed.

Error: (12/15/2018 10:27:22 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyConfigTDPService
NotifyServiceStatusRunning:  DeviceIoControl() failed.
Last error = [0x0000001f]

Error: (12/15/2018 03:45:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Odzyskiwanie was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (12/14/2018 10:08:26 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain:  CreateSharedMemory() failed.
Session ID = 2

Error: (12/14/2018 10:08:26 PM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 2

Error: (12/14/2018 07:44:49 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfInvalidPolicyRemover
DptfInvalidPolicyRemover:  executeFile() failed.

Error: (12/14/2018 07:44:48 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfInvalidPolicyRemover
executeFile:  failed to remove item for policy guid [97C68AE7-15FA-499C-B8C9-5DA81D606E0A]
directive:  [dependency]
value:  [64568CCD-6597-4BFC-B9D6-9D33854013CE]

Error: (12/14/2018 07:44:48 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfInvalidPolicyRemover
executeLine:  invalid directive.


System errors:
=============
Error: (12/16/2018 02:25:04 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume E:.

A corruption was found in a file system index structure.  The file reference number is 0x200000002af22.  The name of the file is "\2018-11-17 - Marta ASUS backup przed LinuxMint\D\Desktop\z telefonu".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

Error: (12/16/2018 02:24:21 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume62

Error: (12/15/2018 10:27:03 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/15/2018 10:26:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CPEFR service.

Error: (12/15/2018 05:27:30 PM) (Source: DCOM) (EventID: 10010) (User: ak)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (12/15/2018 05:27:00 PM) (Source: DCOM) (EventID: 10010) (User: ak)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (12/15/2018 03:40:24 PM) (Source: DCOM) (EventID: 10010) (User: ak)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (12/15/2018 03:39:54 PM) (Source: DCOM) (EventID: 10010) (User: ak)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2018-12-15 22:22:48.663
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {E0FDB641-08EB-4E83-B92C-28859C9BD67A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-15 17:26:36.184
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {99BE178A-B859-4987-ACC8-C785A4B7F33E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-15 15:38:59.485
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {D9BE8E36-1B6B-4468-AD7D-525809E67709}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-14 10:56:52.509
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {DA58425A-FE19-494F-939A-C151E083E41B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-14 10:51:22.445
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {D9297ADF-52DD-4222-AE98-A919CC5AD424}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-10 21:25:08.631
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.

Date: 2018-12-08 16:32:42.126
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: The resource is too old to be compatible.
Signature version: 1.155.266.0;1.155.266.0
Engine version: 1.1.9700.0

Date: 2018-12-08 15:28:46.275
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version: 1.1.15500.2
Previous Engine Version: 1.1.9700.0
Error Code: 0x8050800c
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support.

Date: 2018-12-07 12:38:32.708
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.

Date: 2018-12-07 08:40:40.333
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2018-12-16 15:01:58.923
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-15 15:39:05.376
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-15 15:39:05.204
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-14 10:50:07.683
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-11 08:32:10.311
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-08 10:52:10.826
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-07 08:40:33.582
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 27%
Total physical RAM: 12187.36 MB
Available physical RAM: 8793.08 MB
Total Virtual: 12187.36 MB
Available Virtual: 8425.36 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:100.53 GB) (Free:47.46 GB) NTFS
Drive d: (Dane) (Fixed) (Total:131.83 GB) (Free:68.58 GB) NTFS

\\?\Volume{1fabe3ec-4883-4953-a60f-8c9889add6e5}\ (Odzyskiwanie) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Z tego co pamietam jest bezpieczny. Reklamami sie nie martw. Uważaj podczas instlacji by nie zainstalowac nic niechcianego.

Uruchom "FRST". NA klawiaturze naciśnij jednocześnie "CTRL+Y" .Otworzy się Notatnik, wklej do niego:

Kod: Zaznacz wszystko

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-537903363-2798869277-3563865902-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://robbo.niepokoj.com/pl
U3 iswSvc; no ImagePath
EmptyTemp:

Na klawiaturze naciśnij jednocześnie "CTRL+S". W "FRST uruchom opcję na "Fix / Napraw". po naprawie otrzymasz "Fixlog", pokaż go również na forum. nie wiem czy wdcześniej wykonałeś naprawę, bo widze te same elementy co wcześniej dałem w skrypcie. BraK także też nowego logu "Addition", tego też proszę pokaż.
Teraz widze ze pokazałeś mi stary log a nie nowy, takze skryptu nie wykonuj tylko pokaż nowe wygenerowane logi z "FRST" , czyli "FRST.txt" i "Addition.txt". Czyba że skryptu nie wykonałeś jeszcze, to wykonaj go, ale ten pierwszy i pokaż "Fixlog".

FRST https://justpaste.it/222gd
Addition https://justpaste.it/1rjew

Możliwe, że przez pomyłkę wkleiłem stare logi, ale testy/czyszczenia wykonywałem na bieżąco. Podane logi już po wykonaniu kolejnego czyszczenia.

Dzięki serdeczne za pomoc.

Adam

Uruchom "FRST". NA klawiaturze naciśnij jednocześnie "CTRL+Y" .Otworzy się Notatnik, wklej do niego:

Kod: Zaznacz wszystko

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
U3 iswSvc; no ImagePath
EmptyTemp:

Na klawiaturze naciśnij jednocześnie "CTRL+S". W "FRST uruchom opcję na "Fix / Napraw". pokaż otrzymany "fixlog", log zamieni "fixlist".