ADVERTISEMENT

FRST.txt

Czy Windows Defender usunął trojana Vigorf.A i inne wirusy?

Proszę, logi z FRST.


Download file - link to post

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 12-08-2020
Uruchomiony przez pc (administrator) DESKTOP-R1AD4K7 (OEGStone DH61CR) (15-08-2020 15:21:48)
Uruchomiony z C:\Users\pc\Downloads
Załadowane profile: pc
Platform: Windows 10 Pro Wersja 2004 19041.450 (X64) Język: Polski (Polska)
Domyślna przeglądarka: Opera
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AVG Technologies USA, LLC - & gt; AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC - & gt; AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC - & gt; AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC - & gt; AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe & lt; 2 & gt;
(AVG Technologies USA, LLC - & gt; AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(Even Balance, Inc. - & gt; ) C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Inc - & gt; Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc - & gt; Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation - & gt; Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe & lt; 6 & gt;
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.2005.1675.0_x64__8wekyb3d8bbwe\Time.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13110.41006.0_x64__8wekyb3d8bbwe\commsapps.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13110.41006.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13110.41006.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12007.1001.2.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows - & gt; Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows - & gt; Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows - & gt; Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows - & gt; Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows - & gt; Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows - & gt; Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher - & gt; Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.8-0\MsMpEng.exe
(NVIDIA Corporation - & gt; Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation - & gt; NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe & lt; 2 & gt;
(NVIDIA Corporation - & gt; NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe & lt; 2 & gt;
(Oracle America, Inc. - & gt; Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. - & gt; Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Paramount Software UK Ltd - & gt; Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd - & gt; Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd - & gt; Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(ResolveDevOps Limited - & gt; ResolveDevOps Limited) C:\Users\pc\AppData\Roaming\ProductAuthenticationService\pas.exe

==================== Rejestr (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [Reflect UI] = & gt; C:\Program Files\Macrium\Common\ReflectUI.exe [6544000 2019-12-24] (Paramount Software UK Ltd - & gt; Paramount Software UK Ltd)
HKLM\...\Run: [AVGUI.exe] = & gt; C:\Program Files\AVG\Antivirus\AvLaunch.exe [156808 2020-07-30] (AVG Technologies USA, LLC - & gt; AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Riot Vanguard] = & gt; C:\Program Files\Riot Vanguard\vgtray.exe [353776 2020-07-30] (Riot Games, Inc. - & gt; Riot Games, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] = & gt; C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. - & gt; Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] = & gt; C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows - & gt; Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] = & gt; C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows - & gt; Microsoft Corporation)
HKU\S-1-5-21-1329284337-975840654-1324334793-1001\...\Run: [Discord] = & gt; C:\Users\pc\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. - & gt; Discord Inc.)
HKU\S-1-5-21-1329284337-975840654-1324334793-1001\...\Run: [SteamServerBrowser] = & gt; C:\Users\pc\AppData\Roaming\SteamServerBrowser\SteamServerBrowser.exe [172488 2019-01-13] (Crossgate Consulting Limited - & gt; )
HKU\S-1-5-21-1329284337-975840654-1324334793-1001\...\Run: [ProductAuthenticationService] = & gt; C:\Users\pc\AppData\Roaming\ProductAuthenticationService\pas.exe [1004072 2019-05-07] (ResolveDevOps Limited - & gt; ResolveDevOps Limited)
HKU\S-1-5-21-1329284337-975840654-1324334793-1001\...\Run: [CCleaner Smart Cleaning] = & gt; C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd - & gt; Piriform Ltd)
HKU\S-1-5-21-1329284337-975840654-1324334793-1001\...\Run: [Steam] = & gt; C:\Program Files (x86)\Steam\steam.exe [3377440 2020-07-31] (Valve - & gt; Valve Corporation)
HKU\S-1-5-21-1329284337-975840654-1324334793-1001\...\Run: [EpicGamesLauncher] = & gt; C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32406416 2020-08-11] (Epic Games Inc. - & gt; Epic Games, Inc.)
HKU\S-1-5-21-1329284337-975840654-1324334793-1001\...\Run: [Spotify] = & gt; C:\Users\pc\AppData\Roaming\Spotify\Spotify.exe [23394024 2020-08-08] (Spotify AB - & gt; Spotify Ltd)
HKU\S-1-5-21-1329284337-975840654-1324334793-1001\...\Run: [Overwolf] = & gt; C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1752920 2020-08-10] (Overwolf Ltd - & gt; Overwolf Ltd.)
HKU\S-1-5-21-1329284337-975840654-1324334793-1001\...\Run: [Opera Browser Assistant] = & gt; C:\Users\pc\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3126296 2020-08-11] (Opera Software AS - & gt; Opera Software)
HKLM\...\Print\Monitors\HP E111 Status Monitor: C:\WINDOWS\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard - & gt; HP Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia & lt; ==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia & lt; ==== UWAGA

==================== Zaplanowane zadania (filtrowane) ============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {087B7210-7181-4E26-B9A0-6A9AC46BFFE0} - System32\Tasks\CCleaner Update = & gt; C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd - & gt; Piriform Software Ltd)
Task: {0BD7ED96-0CD7-45E1-80DD-1D0831B230C2} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} = & gt; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation - & gt; NVIDIA Corporation)
Task: {1BA1AB2A-A405-4548-A37F-6890718AE90B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance = & gt; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\MpCmdRun.exe [516776 2020-08-05] (Microsoft Windows Publisher - & gt; Microsoft Corporation)
Task: {25F4748A-EA07-43C2-85D0-2F8BC98B0C58} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} = & gt; C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation - & gt; NVIDIA Corporation)
Task: {347CB375-B0FE-447E-BFEE-AE314D107B29} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} = & gt; C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation - & gt; NVIDIA Corporation)
Task: {369A0052-422E-44A7-A92E-45A5300D914A} - System32\Tasks\Adobe Flash Player Updater = & gt; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-21] (Adobe Inc. - & gt; Adobe)
Task: {45380379-C991-410D-9B29-43EA6DEAB706} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} = & gt; C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation - & gt; NVIDIA Corporation)
Task: {610B95CD-68D4-446A-8168-902E7EABE39B} - System32\Tasks\Adobe Flash Player PPAPI Notifier = & gt; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_pepper.exe [1453624 2020-01-21] (Adobe Inc. - & gt; Adobe)
Task: {642C58FA-D44A-45B4-855C-BBF74C21069B} - System32\Tasks\Opera scheduled Autoupdate 1597335709 = & gt; C:\Users\pc\AppData\Local\Programs\Opera\launcher.exe [1529880 2020-08-11] (Opera Software AS - & gt; Opera Software)
Task: {727C8EEA-F806-48E7-B6E4-2B3ECD105218} - System32\Tasks\Overwolf Updater Task = & gt; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2478936 2020-08-10] (Overwolf Ltd - & gt; Overwolf LTD)
Task: {84A26315-D2ED-4D2E-B97D-2E77237F3EFA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification = & gt; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\MpCmdRun.exe [516776 2020-08-05] (Microsoft Windows Publisher - & gt; Microsoft Corporation)
Task: {904AFE6D-4DCF-439D-BD3C-A0A40530CB60} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} = & gt; C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation - & gt; NVIDIA Corporation)
Task: {918C3528-A104-41C9-8BFF-1DF2CAC12B19} - System32\Tasks\Antivirus Emergency Update = & gt; C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3858056 2020-07-30] (AVG Technologies USA, LLC - & gt; AVG Technologies CZ, s.r.o.)
Task: {9615C6BA-A5C4-4091-88AC-C2570CDD9A26} - System32\Tasks\Opera GX scheduled Autoupdate 1589901264 = & gt; C:\Users\pc\AppData\Local\Programs\Opera GX\launcher.exe [1459224 2020-07-23] (Opera Software AS - & gt; Opera Software)
Task: {9935AB9E-81EC-4E68-97C1-0B156E42EFC8} - System32\Tasks\Opera scheduled assistant Autoupdate 1597335713 = & gt; C:\Users\pc\AppData\Local\Programs\Opera\launcher.exe [1529880 2020-08-11] (Opera Software AS - & gt; Opera Software)
Task: {A7CCED08-4280-4C16-A563-930DEAC62E12} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup = & gt; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\MpCmdRun.exe [516776 2020-08-05] (Microsoft Windows Publisher - & gt; Microsoft Corporation)
Task: {AD2647CA-6916-4814-B940-9E17BBCBBCDE} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} = & gt; C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation - & gt; NVIDIA Corporation)
Task: {B691FE18-6876-4781-87E4-2B8EEAC81D02} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} = & gt; C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation - & gt; NVIDIA Corporation)
Task: {BD89D543-88CB-4DDD-95A3-2A927949AF45} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} = & gt; C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation - & gt; NVIDIA Corporation)
Task: {D0D4EC8B-4B2C-4582-A78C-1EC404503E17} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1329284337-975840654-1324334793-1001 = & gt; C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-07-17] (Microsoft Windows - & gt; )
Task: {D2FCC2CC-BAE8-4461-8A4E-C177599E488B} - System32\Tasks\CCleanerSkipUAC = & gt; C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd - & gt; Piriform Ltd)
Task: {D4C24701-2270-4BA3-BB2A-0158398A5089} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} = & gt; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation - & gt; NVIDIA Corporation)
Task: {DA59BAC7-BFDD-47B6-8989-FCE15D246B05} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan = & gt; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\MpCmdRun.exe [516776 2020-08-05] (Microsoft Windows Publisher - & gt; Microsoft Corporation)
Task: {DCCCCECC-969C-4419-AA38-50BC8E902D3C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} = & gt; C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation - & gt; NVIDIA Corporation)
Task: {FAE1176E-8F5D-4839-BA7E-B46D67DDF01C} - System32\Tasks\AVG\Overseer = & gt; C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1692296 2020-03-05] (AVG Technologies USA, LLC - & gt; AVG Technologies)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job = & gt; C:\WINDOWS\explorer.exe

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{069b1202-6c35-41d9-9522-d62d07f9cbd3}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-1329284337-975840654-1324334793-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nav-pl.com/