Spowolniały komputer, dziwne kopie plików oznaczone ~S. Podejrzewam, że ktoś mnie obserwuje. Jestem totalnym laikiem. Ściągnełam Farbar, zrobiłam skanowanie, zamieszczam to co uzyskałam. Gdyby mógł ktoś powiedzieć co jest grane, ja z tego nic nie rozumiem.
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 15-11-2020
Uruchomiony przez Natalia (administrator) NEYTI1111 (LENOVO HuronRiver Platform) (16-11-2020 09:50:37)
Uruchomiony z C:\Users\Natalia\Downloads
Załadowane profile: UpdatusUser & Natalia
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Domyślna przeglądarka: Chrome
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesy (filtrowane) =================
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
(Adobe Inc. - & gt; Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AlcorMicro, Corp. - & gt; Alcor) C:\Windows\WebCam\S6000\S6000Mnt.exe
(Broadcom Corporation - & gt; Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Broadcom Corporation - & gt; Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation - & gt; Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Broadcom Corporation - & gt; Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Brother Industries, Ltd. - & gt; Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd. - & gt; Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
(Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(Brother Industries, Ltd.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(CyberLink - & gt; CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(EGIS TECHNOLOGY INC. - & gt; Egis Technology Inc.) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(EGIS TECHNOLOGY INC. - & gt; Egis Technology Inc.) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(EGIS TECHNOLOGY INC. - & gt; Egis Technology Inc.) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(EGIS TECHNOLOGY INC. - & gt; Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(EGIS TECHNOLOGY INC. - & gt; Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(EGIS TECHNOLOGY INC. - & gt; Egis Technology Inc.) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(EGIS TECHNOLOGY INC. - & gt; Egis Technology Inc.) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(Google LLC - & gt; Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe & lt; 22 & gt;
(HUAWEI Technologies Co., Ltd. - & gt; ) C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(HUAWEI Technologies Co., Ltd. - & gt; Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation - & gt; Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - & gt; Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation - & gt; Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - & gt; Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - & gt; Intel Corporation) C:\Windows\System32\igfxtray.exe
(Lenovo (Beijing) Limited - & gt; Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo (Beijing) Limited - & gt; Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Malwarebytes Corporation - & gt; Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc - & gt; Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc - & gt; Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc - & gt; Malwarebytes) C:\Users\Natalia\Downloads\AdwCleaner.exe
(Microsoft Corporation - & gt; Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation - & gt; Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation - & gt; Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation - & gt; Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation - & gt; Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Windows - & gt; Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows - & gt; Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows - & gt; Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Windows - & gt; Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation - & gt; NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(NVIDIA Corporation - & gt; NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation - & gt; NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe & lt; 2 & gt;
(Oracle America, Inc. - & gt; Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. - & gt; Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp - & gt; Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated - & gt; Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated - & gt; Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Rejestr (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
HKLM\...\Run: [RtHDVCpl] = & gt; C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor Corp - & gt; Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] = & gt; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated - & gt; Synaptics Incorporated)
HKLM\...\Run: [Energy Management] = & gt; C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-08-05] (Lenovo (Beijing) Limited - & gt; Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] = & gt; C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-08-05] (Lenovo (Beijing) Limited - & gt; Lenovo(beijing) Limited)
HKLM-x32\...\Run: [S6000Mnt] = & gt; C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
HKLM-x32\...\Run: [EgisTecPMMUpdate] = & gt; C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (EGIS TECHNOLOGY INC. - & gt; Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] = & gt; C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (EGIS TECHNOLOGY INC. - & gt; Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] = & gt; C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-14] (EGIS TECHNOLOGY INC. - & gt; Egis Technology Inc.)
HKLM-x32\...\Run: [PLTSR] = & gt; C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (EGIS TECHNOLOGY INC. - & gt; Egis Technology Inc.)
HKLM-x32\...\Run: [YouCam Mirage] = & gt; C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink - & gt; CyberLink)
HKLM-x32\...\Run: [YouCam Tray] = & gt; C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink - & gt; CyberLink Corp.) [Brak podpisu cyfrowego]
HKLM-x32\...\Run: [UpdateP2GShortCut] = & gt; C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink - & gt; CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] = & gt; C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink - & gt; CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] = & gt; C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc. - & gt; Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] = & gt; C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. - & gt; Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] = & gt; C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2892800 2017-07-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego]
HKLM-x32\...\Run: [BrHelp] = & gt; C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) [Brak podpisu cyfrowego]
HKLM-x32\...\Run: [I17D] = & gt; C:\windows\twain_32\Brimi17d\Common\TwDsUiLaunch.exe [77312 2017-08-07] (Microsoft Windows Hardware Compatibility Publisher - & gt; )
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] = & gt; C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581440 2017-04-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego]
HKLM-x32\...\Run: [SunJavaUpdateSched] = & gt; C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. - & gt; Oracle Corporation)
HKU\S-1-5-21-362259997-2857700698-2424902284-1000\...\Run: [FactoryTest] = & gt; C:\Windows\Test.bat
HKU\S-1-5-21-362259997-2857700698-2424902284-1000\...\Run: [Power2GoExpress] = & gt; NA
HKU\S-1-5-21-362259997-2857700698-2424902284-1001\...\Run: [swg] = & gt; C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-05] (Google Inc - & gt; Google Inc.)
HKU\S-1-5-21-362259997-2857700698-2424902284-1001\...\Run: [McAfeeSafeConnect] = & gt; C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-362259997-2857700698-2424902284-1001\...\MountPoints2: {0d687566-110e-11e2-a3e1-90004efc77af} - E:\AutoRun.exe
HKU\S-1-5-21-362259997-2857700698-2424902284-1001\...\MountPoints2: {0eea3acd-505b-11e2-acdc-90004efc77af} - E:\AutoRun.exe
HKU\S-1-5-21-362259997-2857700698-2424902284-1001\...\MountPoints2: {8ec2d03f-1089-11e2-ac57-90004efc77af} - E:\AutoRun.exe
HKU\S-1-5-21-362259997-2857700698-2424902284-1001\...\MountPoints2: {8ec2d05c-1089-11e2-ac57-90004efc77af} - E:\AutoRun.exe
HKLM\...\Print\Monitors\pdfcmon: C:\windows\system32\pdfcmon.dll [115200 2016-10-19] (pdfforge GmbH) [Brak podpisu cyfrowego]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] - & gt; C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] - & gt; C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-15] (Google LLC - & gt; Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] - & gt; C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] - & gt; " C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe " --configure-user-settings --verbose-logging --system-level --multi-install --chrome
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] - & gt; C:\Program Files\Lenovo\Bluetooth Software\\BtwCP.dll [2011-02-15] (Broadcom Corporation - & gt; Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] - & gt; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation - & gt; Microsoft Corp.)
HKLM\Software\...\Authentication\Credential Providers: [{FFB77878-56C5-489a-85E4-A466D2F276B2}] - & gt; C:\Program Files (x86)\EgisTec BioExcess\x64\EgisCredentialProvider.dll [2010-12-14] (EGIS TECHNOLOGY INC. - & gt; Egis Technology Inc.)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-08-05]
ShortcutTarget: Bluetooth.lnk - & gt; C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation - & gt; Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-11-19]
ShortcutTarget: Microsoft Office.lnk - & gt; C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) [Brak podpisu cyfrowego]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia & lt; ==== UWAGA
==================== Zaplanowane zadania (filtrowane) ============
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
Task: {2C47808E-FFF2-43A4-8DDC-60431CE34146} - System32\Tasks\{F1EC9F75-A266-494B-9AF4-8D68DE7D359A} = & gt; C:\Program Files (x86)\EA GAMES\The Sims 2\TSBin\Sims2.exe [15204977 2005-02-25] (Maxis, a division of Electronic Arts Inc.) [Brak podpisu cyfrowego]
Task: {3520C647-1F4B-4FDF-A6E3-90A1CB69B40A} - System32\Tasks\MirageAgent = & gt; C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink - & gt; CyberLink)
Task: {3FDA89EE-C902-4A28-B6F7-B90A017A880C} - System32\Tasks\Adobe Flash Player NPAPI Notifier = & gt; C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_453_Plugin.exe [1502776 2020-11-10] (Adobe Inc. - & gt; Adobe)
Task: {6373DBCC-2F69-4325-A8B1-BD7E68BDDBDE} - System32\Tasks\{7B21F430-B9B2-4765-B81F-F6BF83C35E6B} = & gt; C:\Program Files (x86)\EA GAMES\The Sims 2\TSBin\Sims2.exe [15204977 2005-02-25] (Maxis, a division of Electronic Arts Inc.) [Brak podpisu cyfrowego]
Task: {7653C0F8-7AF4-4CE0-AA2E-E3A415C92BB7} - System32\Tasks\GoogleUpdateTaskMachineCore = & gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc - & gt; Google Inc.)
Task: {78EC834E-A976-4F84-A5EA-92E38CD5ACE6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task = & gt; {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {83C5C1A6-F186-4429-B5D1-B7189AA80BAB} - System32\Tasks\Apple\AppleSoftwareUpdate = & gt; C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. - & gt; Apple Inc.)
Task: {90C0A60B-1EC9-44FF-B6DD-16FE7EF59363} - System32\Tasks\Adobe Acrobat Update Task = & gt; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. - & gt; Adobe Inc.)
Task: {D2F55733-9215-4491-8046-9E2065857374} - System32\Tasks\GoogleUpdateTaskMachineUA = & gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc - & gt; Google Inc.)
Task: {FD5FDDA3-3F24-4765-80DD-539DD46C79E8} - System32\Tasks\Adobe Flash Player Updater = & gt; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-10] (Adobe Inc. - & gt; Adobe)
Task: {FED0E5AC-11FC-49A0-A743-42323E50E730} - System32\Tasks\{B4A9DA92-2519-4AE4-901D-A017A4596187} = & gt; C:\windows\system32\pcalua.exe -a " C:\Program Files\AVAST Software\Avast\aswRunDll.exe " -c " C:\Program Files\AVAST Software\Avast\Setup\setiface.dll " RunSetup
(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)
==================== Internet (filtrowane) ====================
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation - & gt; Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation - & gt; Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation - & gt; Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation - & gt; Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{268D441C-3951-468C-B7A6-9D88DF09CC77}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{34E12AE8-9795-431A-98EE-75FBC472E3B7}: [NameServer] 213.158.199.1 213.158.199.5
Tcpip\..\Interfaces\{9623F6A6-3999-4291-A560-763A8FF52F5C}: [NameServer] 213.158.199.1 213.158.199.5
Tcpip\..\Interfaces\{9623F6A6-3999-4291-A560-763A8FF52F5C}: [DhcpNameServer] 213.158.199.1 213.158.199.5
Tcpip\..\Interfaces\{9F6A8744-EAB8-40C5-A5AF-76AAD3276F91}: [NameServer] 213.158.199.1 213.158.199.5
Tcpip\..\Interfaces\{9F6A8744-EAB8-40C5-A5AF-76AAD3276F91}: [DhcpNameServer] 213.158.199.1 213.158.199.5
Tcpip\..\Interfaces\{FBABC00A-CBEC-4760-86A2-167E6CBC2324}: [DhcpNameServer] 192.168.8.1 192.168.8.1
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: ( Online Accounts Extension ) - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-08-05] [Przestarzałe] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon = & gt; nie znaleziono
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll [2020-11-10] (Adobe Inc. - & gt; )
FF Plugin: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation - & gt; Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll [2020-11-10] (Adobe Inc. - & gt; )
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 - & gt; C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-12-25] (Oracle America, Inc. - & gt; Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 - & gt; C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-12-25] (Oracle America, Inc. - & gt; Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - & gt; c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation - & gt; Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - & gt; C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation - & gt; Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - & gt; C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation - & gt; Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - & gt; C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation - & gt; Microsoft Corporation)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-10-22] (Adobe Inc. - & gt; Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Default [2020-11-16]
CHR StartupUrls: Default - & gt; " hxxps://www.google.pl/ "
CHR DefaultSearchURL: Default - & gt; hxxps://pl.search.yahoo.com/search?fr=mcafee_uninternational & type=C211PL1045D20151116 & p={searchTerms}
CHR DefaultSearchKeyword: Default - & gt; mcafee
CHR Extension: (Adobe Acrobat) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-29]
CHR Extension: (Avast SafePrice | Porównania, promocje, kupony) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-11-15]
CHR Extension: (vshare plugin) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2013-09-29]
CHR Extension: (Skype) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-02-04]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-12]
CHR Extension: (Chrome Media Router) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx [2011-08-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-18]
==================== Usługi (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. - & gt; Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-10] (Adobe Inc. - & gt; Adobe)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [298496 2017-07-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation - & gt; Broadcom Corporation.)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (EGIS TECHNOLOGY INC. - & gt; Egis Technology Inc.)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] (HUAWEI Technologies Co., Ltd. - & gt; )
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2012-10-07] (HUAWEI Technologies Co., Ltd. - & gt; )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation - & gt; Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows - & gt; Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation - & gt; Microsoft Corp.)
===================== Sterowniki (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
S3 aftap0901; C:\windows\System32\DRIVERS\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc - & gt; The OpenVPN Project)
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [44640 2014-02-03] (AVAST Software a.s. - & gt; The OpenVPN Project)
R3 athr; C:\windows\System32\DRIVERS\athrx.sys [2673664 2010-11-24] (Microsoft Windows Hardware Compatibility Publisher - & gt; Atheros Communications, Inc.)
R0 BMLoad; C:\windows\System32\drivers\BMLoad.sys [16512 2012-10-07] (Bytemobile Inc. - & gt; Bytemobile, Inc.) [Brak podpisu cyfrowego]
R3 clwvd; C:\windows\System32\DRIVERS\clwvd.sys [31088 2010-12-24] (CyberLink - & gt; CyberLink Corporation)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153312 2020-11-15] (Malwarebytes Corporation - & gt; Malwarebytes)
S3 ew_hwusbdev; C:\windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2012-10-07] (Microsoft Windows Hardware Compatibility Publisher - & gt; Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\windows\System32\DRIVERS\ew_usbenumfilter.sys [13952 2012-10-07] (Microsoft Windows Hardware Compatibility Publisher - & gt; Huawei Technologies Co., Ltd.)
S3 huawei_cdcacm; C:\windows\System32\DRIVERS\ew_jucdcacm.sys [98816 2012-10-07] (Microsoft Windows Hardware Compatibility Publisher - & gt; Huawei Technologies Co., Ltd.)
R3 huawei_enumerator; C:\windows\System32\DRIVERS\ew_jubusenum.sys [86016 2012-10-07] (Microsoft Windows Hardware Compatibility Publisher - & gt; Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\windows\System32\DRIVERS\ew_juextctrl.sys [28672 2012-10-07] (Microsoft Windows Hardware Compatibility Publisher - & gt; Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-10-07] (Microsoft Windows Hardware Compatibility Publisher - & gt; Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [199768 2020-11-15] (Malwarebytes Corporation - & gt; Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [224408 2020-11-15] (Malwarebytes Corporation - & gt; Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [73584 2020-11-16] (Malwarebytes Corporation - & gt; Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [275232 2020-11-16] (Malwarebytes Corporation - & gt; Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [106344 2020-11-15] (Malwarebytes Corporation - & gt; Malwarebytes)
R3 S6000KNT; C:\windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (AlcorMicro, Corp. - & gt; Windows (R) Win 7 DDK provider)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2012-10-07] (Bytemobile Inc. - & gt; Bytemobile, Inc.) [Brak podpisu cyfrowego]
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [121840 2009-07-21] (CyberLink - & gt; CyberLink)
U3 BcmSqlStartupSvc; Brak ImagePath
U2 CLKMSVC10_3A60B698; Brak ImagePath
U2 CLKMSVC10_C3B3B687; Brak ImagePath
U2 DriverService; Brak ImagePath
U2 IAStorDataMgrSvc; Brak ImagePath
U2 iATAgentService; Brak ImagePath
U2 idealife Update Service; Brak ImagePath
U3 IGRS; Brak ImagePath
U2 IviRegMgr; Brak ImagePath
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
S3 mfeavfk02; \Device\mfeavfk02.sys [X]
U2 Oasis2Service; Brak ImagePath
U2 PCCarerService; Brak ImagePath
U2 ReadyComm.DirectRouter; Brak ImagePath
U2 RichVideo; Brak ImagePath
U2 RtLedService; Brak ImagePath
U2 SeaPort; Brak ImagePath
U2 SoftwareService; Brak ImagePath
U3 SQLWriter; Brak ImagePath
U2 Stereo Service; Brak ImagePath
==================== NetSvcs (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
==================== Jeden miesiąc (utworzone) ===================
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2020-11-16 09:50 - 2020-11-16 09:52 - 000026725 _____ C:\Users\Natalia\Downloads\FRST.txt
2020-11-16 09:50 - 2020-11-16 09:51 - 000000000 ____D C:\FRST
2020-11-16 09:49 - 2020-11-16 09:49 - 002294784 _____ (Farbar) C:\Users\Natalia\Downloads\FRST64 (1).exe
2020-11-16 09:48 - 2020-11-16 09:48 - 002294784 _____ (Farbar) C:\Users\Natalia\Downloads\FRST64.exe
2020-11-16 09:32 - 2020-11-16 09:32 - 002294784 _____ (Farbar) C:\Users\Natalia\Downloads\Niepotwierdzony 86218.crdownload
2020-11-16 09:23 - 2020-11-16 09:24 - 008447152 _____ (Malwarebytes) C:\Users\Natalia\Downloads\AdwCleaner.exe
2020-11-16 09:16 - 2020-11-16 09:17 - 002040904 _____ (Malwarebytes) C:\Users\Natalia\Downloads\Niepotwierdzony 935507.crdownload
2020-11-15 23:26 - 2020-11-16 08:24 - 000073584 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2020-11-15 23:25 - 2020-11-15 23:25 - 000224408 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2020-11-15 23:25 - 2020-11-15 23:25 - 000106344 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2020-11-15 23:24 - 2020-11-16 08:24 - 000275232 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2020-11-15 22:41 - 2020-11-15 22:41 - 000199768 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2020-11-15 21:01 - 2020-11-15 21:01 - 000000000 ____D C:\Users\Natalia\AppData\Local\mbam
2020-11-15 20:59 - 2020-11-15 20:59 - 000000000 ____D C:\Users\Natalia\AppData\Local\mbamtray
2020-11-15 20:58 - 2020-11-15 22:40 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2020-11-15 20:58 - 2020-11-15 20:58 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-15 20:58 - 2020-11-15 20:58 - 000001827 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-11-15 20:58 - 2020-11-15 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-11-15 20:58 - 2020-11-15 20:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-11-15 20:58 - 2020-11-15 20:58 - 000000000 ____D C:\Program Files\Malwarebytes
2020-11-15 20:42 - 2020-11-15 20:51 - 064333800 _____ (Malwarebytes ) C:\Users\Natalia\Downloads\mb3-setup-1878.1878-3.8.3.2965.exe
2020-11-15 20:38 - 2020-11-15 21:56 - 006514664 _____ C:\Users\Natalia\Downloads\Niepotwierdzony 51474.crdownload
2020-11-15 19:19 - 2020-11-15 19:19 - 000000000 ___HD C:\$AV_ASW
2020-11-10 14:27 - 2020-11-10 14:28 - 004641848 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2020-11-05 11:00 - 2020-11-05 11:00 - 000290687 _____ C:\Users\Natalia\Downloads\KONSPEKT-kalkulacja.pdf
2020-10-30 11:56 - 2020-10-30 11:56 - 000086036 _____ C:\Users\Natalia\Downloads\Paski GLAZIK Natalia 20201030_075342.pdf
2020-10-27 20:36 - 2020-10-27 20:36 - 000044568 _____ () C:\windows\system32\Drivers\staport.sys
==================== Jeden miesiąc (zmodyfikowane) ==================
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2020-11-16 09:44 - 2018-07-31 20:11 - 000000000 ____D C:\Users\Natalia\AppData\Local\AVAST Software
2020-11-16 09:44 - 2012-01-18 12:22 - 000000000 ____D C:\ProgramData\AVAST Software
2020-11-16 09:44 - 2009-07-14 04:20 - 000000000 ____D C:\windows\system32\NDF
2020-11-16 09:36 - 2009-07-14 05:45 - 000028928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-11-16 09:36 - 2009-07-14 05:45 - 000028928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-11-16 08:26 - 2011-08-05 23:30 - 000741140 _____ C:\windows\system32\perfh015.dat
2020-11-16 08:26 - 2011-08-05 23:30 - 000156424 _____ C:\windows\system32\perfc015.dat
2020-11-16 08:26 - 2009-07-14 06:13 - 001672206 _____ C:\windows\system32\PerfStringBackup.INI
2020-11-16 08:26 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf
2020-11-16 08:23 - 2012-03-21 22:23 - 000000000 ____D C:\Users\Natalia\AppData\Local\CrashDumps
2020-11-16 08:22 - 2011-08-05 16:35 - 000232471 _____ C:\windows\system32\fastboot.set
2020-11-16 08:21 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-11-15 22:32 - 2011-10-07 06:25 - 000000000 ____D C:\Users\Natalia\AppData\Roaming\SoftGrid Client
2020-11-15 22:03 - 2015-06-20 17:25 - 000000000 ____D C:\Users\Natalia\AppData\Local\ShdUpdate
2020-11-15 22:03 - 2013-11-12 19:31 - 000000000 ____D C:\Users\Natalia\AppData\Local\VNT
2020-11-15 22:03 - 2013-04-11 10:07 - 000000000 ____D C:\Users\Natalia\AppData\Roaming\BabSolution
2020-11-15 22:03 - 2011-12-04 10:45 - 000000000 ___RD C:\Users\Natalia\Desktop\programy
2020-11-15 21:57 - 2013-06-30 15:47 - 000000000 ____D C:\ProgramData\APN
2020-11-15 19:34 - 2015-04-06 14:13 - 000000000 ____D C:\Users\Natalia\Desktop\zdjęcia
2020-11-15 19:04 - 2020-03-31 20:10 - 000000000 ____D C:\Users\Natalia\Desktop\Wojtek
2020-11-15 18:15 - 2011-08-05 16:32 - 000002190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-10 14:28 - 2018-03-14 08:02 - 000004568 _____ C:\windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-11-10 14:28 - 2014-06-11 17:39 - 000004412 _____ C:\windows\system32\Tasks\Adobe Flash Player Updater
2020-11-10 14:28 - 2013-03-02 20:14 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
2020-11-10 14:28 - 2013-03-02 20:14 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-11-10 14:28 - 2013-03-02 20:14 - 000000000 ____D C:\windows\system32\Macromed
2020-11-10 14:28 - 2011-10-07 07:31 - 000000000 ____D C:\windows\SysWOW64\Macromed
2020-11-06 11:17 - 2011-08-05 15:56 - 000000000 ____D C:\Users\UpdatusUser
2020-11-06 11:13 - 2009-07-14 06:08 - 000032608 _____ C:\windows\Tasks\SCHEDLGU.TXT
2020-11-04 14:24 - 2018-04-10 07:49 - 000002019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-10-17 15:01 - 2011-08-05 16:31 - 000003482 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-17 15:01 - 2011-08-05 16:31 - 000003354 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
==================== Pliki w katalogu głównym wybranych folderów ========
2012-05-21 15:39 - 2014-12-02 20:59 - 000007597 _____ () C:\Users\Natalia\AppData\Local\Resmon.ResmonCfg
2011-12-19 19:26 - 2011-12-19 19:26 - 000017408 _____ () C:\Users\Natalia\AppData\Local\WebpageIcons.db
==================== SigCheck ============================
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
LastRegBack: 2020-10-29 10:30
==================== Koniec FRST.txt ========================