No i niestety zaproszenia dalej są rozsyłane przez FB bez wiedzy właściciela konta. Właściciel nawet nie należy do tej grupy... Ma ktoś jakiś pomysł co dalej? Załączam dzisiejsze skany z FRST. Pozdro!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-11-2020
Ran by Jacek (administrator) on ASUS (ASUSTeK Computer INC. ET2311I) (15-11-2020 19:02:13)
Running from C:\Users\Jacek\Desktop\FRST
Loaded Profiles: UpdatusUser & Jacek
Platform: Windows 8.1 (Update) (X64) Language: Angielski (Stany Zjednoczone)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Users\Jacek\AppData\Roaming\HD FILMY\engine\torreador.exe
(ASUS Cloud Corporation - & gt; ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe
(ASUS Cloud Corporation) [File not signed] C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
(ASUSTeK Computer Inc. - & gt; ) [File not signed] C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(ASUSTeK Computer Inc. - & gt; ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Key Suite\AsKeySuite.exe
(ASUSTeK Computer Inc. - & gt; ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK Computer Inc. - & gt; ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(Broadcom Corporation - & gt; Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation - & gt; Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation - & gt; Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Electronic Arts, Inc. - & gt; Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(ESET, spol. s r.o. - & gt; ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. - & gt; ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC - & gt; Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe & lt; 7 & gt;
(HD FILMY) [File not signed] C:\Users\Jacek\AppData\Roaming\HD FILMY\hdfilmy.exe
(Intel Corporation - Intel® Management Engine Firmware - & gt; Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology - & gt; Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology - & gt; Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - Software and Firmware Products - & gt; Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation - Software and Firmware Products - & gt; Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products - & gt; Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - Software and Firmware Products - & gt; Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - Software and Firmware Products - & gt; Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Ivaylo Beltchev - & gt; IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation - & gt; Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation - & gt; Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation - & gt; Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation - & gt; Microsoft Corporation) C:\Users\Jacek\AppData\Local\Microsoft\Teams\current\Teams.exe & lt; 9 & gt;
(Microsoft Corporation - & gt; Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows - & gt; Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows - & gt; Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Windows - & gt; Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft) [File not signed] C:\Program Files (x86)\ASUS\ASWMEnt Preloader\AswmEntPreloadService.exe
(NVIDIA Corporation - & gt; NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation - & gt; NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation - & gt; NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation - & gt; NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe & lt; 2 & gt;
(NVIDIA Corporation - & gt; NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation - & gt; NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe & lt; 2 & gt;
(philandro Software GmbH - & gt; philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe & lt; 4 & gt;
(Realtek Semiconductor Corp - & gt; Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp - & gt; Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve - & gt; Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve - & gt; Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe & lt; 7 & gt;
(Valve - & gt; Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] = & gt; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-08-04] (Intel Corporation - Intel® Rapid Storage Technology - & gt; Intel Corporation)
HKLM\...\Run: [RTHDVCPL] = & gt; C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor Corp - & gt; Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] = & gt; C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1360600 2013-10-29] (Realtek Semiconductor Corp - & gt; Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] = & gt; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-28] (NVIDIA Corporation - & gt; NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] = & gt; C:\Program Files\Classic Shell\ClassicStartMenu.exe [164080 2015-06-27] (Ivaylo Beltchev - & gt; IvoSoft) [File not signed]
HKLM\...\Run: [egui] = & gt; C:\Program Files\ESET\ESET Security\ecmds.exe [180448 2019-08-21] (ESET, spol. s r.o. - & gt; ESET)
HKLM\...\Run: [WindowsDefender] = & gt; " %ProgramFiles%\Windows Defender\MSASCuiL.exe "
HKLM-x32\...\Run: [ASUSPRP] = & gt; C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2015-01-08] (ASUSTeK Computer Inc. - & gt; ASUSTek Computer Inc.) [File not signed]
HKLM-x32\...\Run: [WebStorage] = & gt; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-20] (ASUS Cloud Corporation - & gt; )
HKLM-x32\...\Run: [IMSS] = & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-08-09] (Intel Corporation - Software and Firmware Products - & gt; Intel Corporation)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] = & gt; C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [1673728 2012-03-27] (iSkySoft) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] = & gt; C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-125950272-1510134539-1061023451-1002\...\Run: [HD FILMY] = & gt; C:\Users\Jacek\AppData\Roaming\HD FILMY\hdfilmy.exe [1534464 2016-08-12] (HD FILMY) [File not signed]
HKU\S-1-5-21-125950272-1510134539-1061023451-1002\...\Run: [Steam] = & gt; C:\Program Files (x86)\Steam\steam.exe [3424032 2020-10-29] (Valve - & gt; Valve Corporation)
HKU\S-1-5-21-125950272-1510134539-1061023451-1002\...\Run: [Skype for Desktop] = & gt; C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [83523944 2019-08-23] (Skype Software Sarl - & gt; Skype Technologies S.A.)
HKU\S-1-5-21-125950272-1510134539-1061023451-1002\...\Run: [EADM] = & gt; C:\Program Files (x86)\Origin\Origin.exe [3145504 2020-10-26] (Electronic Arts, Inc. - & gt; Electronic Arts)
HKU\S-1-5-21-125950272-1510134539-1061023451-1002\...\Run: [com.squirrel.Teams.Teams] = & gt; C:\Users\Jacek\AppData\Local\Microsoft\Teams\Update.exe [2452664 2020-11-02] (Microsoft 3rd Party Application Component - & gt; Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] - & gt; C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-09] (Google LLC - & gt; Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] - & gt; " C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe " --configure-user-settings --verbose-logging --system-level --multi-install --chrome
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] - & gt; C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2013-08-20] (Broadcom Corporation - & gt; Broadcom Corporation.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll = & gt; C:\Windows\system32\nvinitx.dll [170360 2017-04-01] (NVIDIA Corporation PE Sign v2016 - & gt; NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll = & gt; C:\Windows\SysWOW64\nvinit.dll [148016 2017-04-01] (NVIDIA Corporation PE Sign v2016 - & gt; NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-11-13]
ShortcutTarget: AnyDesk.lnk - & gt; C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH - & gt; philandro Software GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-02-07]
ShortcutTarget: Bluetooth.lnk - & gt; C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation - & gt; Broadcom Corporation.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3EA185F5-85D3-407D-9086-C4106F6C8F76} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground = & gt; C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [930448 2014-06-03] (ASUSTeK Computer Inc. - & gt; ) [File not signed]
Task: {465646CE-0A23-43AD-BEF6-5DDEA53E4826} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task = & gt; {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {5736B9BE-05E8-443F-83F9-2D3FE0612238} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification = & gt; C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation - & gt; Microsoft Corporation)
Task: {575AC1E9-1330-4C35-A4D4-79374B4566B9} - System32\Tasks\ASUS\ASUS Update Checker = & gt; C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [922576 2016-07-15] (ASUSTeK Computer Inc. - & gt; )
Task: {8E6A664E-3645-431E-B274-E81482404F6E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan = & gt; C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation - & gt; Microsoft Corporation)
Task: {97B60C6E-12F0-4506-9C15-2BA97E51F243} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB = & gt; C:\Program Files\Mozilla Firefox\default-browser-agent.exe [667856 2020-11-04] (Mozilla Corporation - & gt; Mozilla Foundation)
Task: {996AE0C3-32A6-4BBF-A2D2-3F6400C0ED0B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup = & gt; C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation - & gt; Microsoft Corporation)
Task: {AB90468E-3DE8-46A2-9F2F-FDE3D27B5D4E} - System32\Tasks\ASUS\Power_Manager_background = & gt; C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe [216344 2014-09-13] (ASUSTeK Computer Inc. - & gt; ASUSTeK)
Task: {DFF59562-D688-4ACE-A2F3-DFFB3362D759} - System32\Tasks\ASUS\ASUS Updater = & gt; C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [940496 2016-07-15] (ASUSTeK Computer Inc. - & gt; )
Task: {F428B11C-5544-462D-A580-C6702AC2C7A1} - System32\Tasks\ASUS\ASUS Key Suite Helper = & gt; C:\Program Files (x86)\ASUS\ASUS Key Suite\AsKeySuite.exe [2178872 2014-08-15] (ASUSTeK Computer Inc. - & gt; ASUSTeK Computer Inc.)
Task: {F8F0B145-5811-4E96-9011-31DC2A0F258D} - System32\Tasks\ASUS\ASUS Manager HotKey Service = & gt; C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [225592 2014-03-19] (ASUSTeK Computer Inc. - & gt; ASUSTeK Computer Inc.)
Task: {F96C3286-5D2E-48AB-8757-B01ADCD4B0AD} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow = & gt; C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [21784 2013-08-24] (ASUSTeK Computer Inc. - & gt; )
Task: {FAA9E39E-062B-4858-B47A-7B7E2EB298DE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance = & gt; C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation - & gt; Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{33E6ED49-40CF-40DA-8DEE-0ABD5448DA2F}: [DhcpNameServer] 127.0.0.1
Tcpip\..\Interfaces\{8D7724D1-A911-4A94-9AFA-FBF65E55828A}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF DefaultProfile: qae4waah.default
FF ProfilePath: C:\Users\Jacek\AppData\Roaming\Mozilla\Firefox\Profiles\qae4waah.default [2020-11-15]
FF Notifications: Mozilla\Firefox\Profiles\qae4waah.default - & gt; hxxps://www.qpony.pl
FF Extension: (WP Strona Startowa) - C:\Users\Jacek\AppData\Roaming\Mozilla\Firefox\Profiles\qae4waah.default\Extensions\{84ef59fb-249c-4c82-9323-8d4ad1e9054a}.xpi [2020-10-11]
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_238.dll [2019-08-14] (Adobe Inc. - & gt; )
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation - & gt; Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_238.dll [2019-08-14] (Adobe Inc. - & gt; )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf - & gt; C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] (Foxit Corporation - & gt; )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf - & gt; C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] (Foxit Corporation - & gt; )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - & gt; C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Software Incorporated - & gt; Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - & gt; C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Software Incorporated - & gt; Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp - & gt; C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Software Incorporated - & gt; Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf - & gt; C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Software Incorporated - & gt; Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel® Identity Protection Technology Software - & gt; Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel® Identity Protection Technology Software - & gt; Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation - & gt; Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - & gt; C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation - & gt; Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - & gt; C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation - & gt; Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - & gt; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation PE Sign v2016 - & gt; NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming - & gt; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation PE Sign v2016 - & gt; NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc - & gt; Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc - & gt; Google LLC)
Chrome:
=======
CHR Profile: C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default [2020-11-15]
CHR Notifications: Default - & gt; hxxps://6obcy.org; hxxps://player.pl; hxxps://poczta.interia.pl; hxxps://teams.microsoft.com; hxxps://www.netflix.com
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-14]
CHR Extension: (Chrome Media Router) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-14]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-14] (Adobe Inc. - & gt; Adobe)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3670480 2020-11-13] (philandro Software GmbH - & gt; philandro Software GmbH)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R2 AswmEntAgentPreloader; C:\Program Files (x86)\ASUS\ASWMEnt Preloader\AswmEntPreloadService.exe [20992 2014-10-15] (Microsoft) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2428848 2019-08-21] (ESET, spol. s r.o. - & gt; ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2428848 2019-08-21] (ESET, spol. s r.o. - & gt; ESET)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-01-06] (Intel Corporation - Business Client Platform Division - & gt; Intel Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2522424 2020-10-26] (Electronic Arts, Inc. - & gt; Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3476288 2020-10-26] (Electronic Arts, Inc. - & gt; Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation - & gt; Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation - & gt; Microsoft Corporation)
R2 NvTelemetryContainer; " C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe " -s NvTelemetryContainer -f " C:\ProgramData\NVIDIA\NvTelemetryContainer.log " -l 3 -d " C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin "
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] (ASUSTeK Computer Inc. - & gt; )
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] (ASUSTeK Computer Inc. - & gt; )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] (ASUSTeK Computer Inc. - & gt; )
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [149144 2019-08-21] (ESET, spol. s r.o. - & gt; ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15800 2019-08-21] (Microsoft Windows Early Launch Anti-malware Publisher - & gt; ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [189232 2019-08-21] (ESET, spol. s r.o. - & gt; ESET)
R3 enecir; C:\Windows\system32\DRIVERS\enecir.sys [71168 2013-05-09] (Microsoft Windows Hardware Compatibility Publisher - & gt; ENE TECHNOLOGY INC.)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [113336 2019-08-21] (ESET, spol. s r.o. - & gt; ESET)
R3 MpKsl5864d6d6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A1B9E5C6-5C7E-4743-BE7F-74B028A3E4FC}\MpKslDrv.sys [47336 2020-11-15] (Microsoft Windows - & gt; Microsoft Corporation)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [27136 2017-10-10] (OpenVPN Technologies, Inc. - & gt; The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher - & gt; Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows - & gt; Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows - & gt; Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-13 19:50 - 2020-11-15 19:02 - 000000000 ____D C:\FRST
2020-11-13 19:49 - 2020-11-15 19:02 - 000000000 ____D C:\Users\Jacek\Desktop\FRST
2020-11-13 18:59 - 2020-11-15 18:59 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2020-11-13 18:59 - 2020-11-13 19:46 - 000000000 ____D C:\ProgramData\AnyDesk
2020-11-13 18:59 - 2020-11-13 18:59 - 000001907 _____ C:\Users\Public\Desktop\AnyDesk.lnk
2020-11-13 18:59 - 2020-11-13 18:59 - 000001907 _____ C:\ProgramData\Desktop\AnyDesk.lnk
2020-11-13 18:59 - 2020-11-13 18:59 - 000000000 ____D C:\Users\Jacek\AppData\Roaming\AnyDesk
2020-11-13 18:59 - 2020-11-13 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2020-11-13 18:58 - 2020-11-13 18:58 - 003670480 _____ (philandro Software GmbH) C:\Users\Jacek\Downloads\AnyDesk (2).exe
2020-11-13 18:57 - 2020-11-13 18:58 - 003670480 _____ (philandro Software GmbH) C:\Users\Jacek\Downloads\AnyDesk.exe
2020-11-13 18:57 - 2020-11-13 18:58 - 003670480 _____ (philandro Software GmbH) C:\Users\Jacek\Downloads\AnyDesk (1).exe
2020-11-12 11:53 - 2020-11-12 11:53 - 001320399 _____ C:\Users\Jacek\Downloads\SKSERO - BI20111216340.pdf
2020-11-12 11:53 - 2020-11-12 11:53 - 001320399 _____ C:\Users\Jacek\Downloads\SKSERO - BI20111216340 (2).pdf
2020-11-12 11:53 - 2020-11-12 11:53 - 001320399 _____ C:\Users\Jacek\Downloads\SKSERO - BI20111216340 (1).pdf
2020-11-10 17:15 - 2020-11-10 17:15 - 001320748 _____ C:\Users\Jacek\Downloads\SKSERO - BI20111020380 (2).pdf
2020-11-10 17:02 - 2020-11-10 17:02 - 001320748 _____ C:\Users\Jacek\Downloads\SKSERO - BI20111020380.pdf
2020-11-10 17:02 - 2020-11-10 17:02 - 001320748 _____ C:\Users\Jacek\Downloads\SKSERO - BI20111020380 (1).pdf
2020-11-08 19:22 - 2020-11-08 19:23 - 114273560 _____ (Microsoft Corporation) C:\Users\Jacek\Downloads\Teams_windows_x64(1).exe
2020-11-07 14:48 - 2020-11-07 14:48 - 000950658 _____ C:\Users\Jacek\Downloads\raport-bezpieczenstwo-dzieci-korzystajacych-z-internetu.pdf
2020-11-07 14:48 - 2020-11-07 14:48 - 000950658 _____ C:\Users\Jacek\Downloads\raport-bezpieczenstwo-dzieci-korzystajacych-z-internetu (1).pdf
2020-11-06 21:13 - 2020-11-06 21:13 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-11-04 16:46 - 2020-11-15 15:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-02 16:16 - 2020-11-02 16:16 - 000038612 _____ C:\Users\Jacek\Downloads\Pasek_20201102.zip
2020-11-02 14:02 - 2020-11-02 14:02 - 000000000 ____D C:\Users\Jacek\AppData\Roaming\Teams
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-15 16:42 - 2015-07-08 07:55 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{D9D00418-E520-471F-9E17-67D7A34FA424}
2020-11-15 15:08 - 2017-02-17 18:39 - 000000000 ____D C:\Users\Jacek\AppData\LocalLow\Mozilla
2020-11-15 14:07 - 2015-07-08 08:25 - 000000000 ____D C:\Users\Jacek\AppData\Local\ClassicShell
2020-11-15 12:35 - 2020-03-11 14:45 - 000000000 ____D C:\ProgramData\Origin
2020-11-15 12:31 - 2018-01-06 10:53 - 000000000 ____D C:\Program Files (x86)\Steam
2020-11-15 12:30 - 2020-03-11 14:45 - 000000000 ____D C:\Users\Jacek\AppData\Local\Origin
2020-11-15 11:32 - 2015-02-07 03:58 - 000000000 ____D C:\ProgramData\NVIDIA
2020-11-15 11:21 - 2015-07-08 08:17 - 000800792 _____ C:\Windows\system32\perfh015.dat
2020-11-15 11:21 - 2015-07-08 08:17 - 000161058 _____ C:\Windows\system32\perfc015.dat
2020-11-15 11:21 - 2014-03-18 11:03 - 001820920 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-15 11:21 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf
2020-11-15 11:15 - 2015-02-07 03:58 - 000000000 ____D C:\Users\UpdatusUser
2020-11-15 11:15 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-14 22:07 - 2019-08-21 21:47 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-125950272-1510134539-1061023451-1002
2020-11-14 20:23 - 2015-07-09 10:37 - 003235840 ___SH C:\Users\Jacek\Desktop\Thumbs.db
2020-11-14 20:22 - 2016-04-11 16:55 - 000000008 __RSH C:\ProgramData\ntuser.pol
2020-11-14 20:21 - 2017-10-31 13:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-14 20:16 - 2015-01-08 07:11 - 000000000 ____D C:\Windows\system32\Tasks\ASUS
2020-11-14 20:16 - 2013-08-22 16:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-11-14 20:16 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2020-11-13 10:02 - 2015-07-10 18:05 - 000000000 ____D C:\Windows\system32\MRT
2020-11-13 09:58 - 2015-07-10 18:05 - 133736600 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-11-06 21:13 - 2017-10-31 13:38 - 000000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-02 14:02 - 2020-04-15 14:26 - 000002341 _____ C:\Users\Jacek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-11-02 14:02 - 2020-04-15 14:26 - 000002333 _____ C:\Users\Jacek\Desktop\Microsoft Teams.lnk
2020-10-29 23:06 - 2017-02-13 14:08 - 000795000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-10-29 20:37 - 2020-03-11 14:47 - 000000000 ____D C:\Program Files (x86)\Origin
2020-10-27 14:08 - 2019-12-22 08:43 - 000000000 ____D C:\Users\Jacek\AppData\Local\CrashDumps
2020-10-22 14:51 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness
2020-10-18 18:01 - 2019-02-05 13:52 - 000000000 ____D C:\ProgramData\Mozilla
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2020-11-05 17:04
==================== End of FRST.txt ========================