Procesor: Intel(R) Celeron(R) CPU N3060 @ 1.60GHz z takim procesorem nie spodziewaj sie cudow.
Odinstaluj:
Booking
ByteFence Anti-Malware
Chromium
McAfee LiveSafe
McAfee WebAdvisor
Wykonaj Fixlist.txt dla FRST:
CloseProcesses:
2020-02-04 20:28 - 2020-02-04 20:28 - 001743360 ____T (bookingDesktopApp.) [Brak podpisu cyfrowego] C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\bookingDesktopApppdate.dll
2020-01-17 15:31 - 2020-01-17 15:31 - 000412160 _____ (Byte Technologies LLC) [Brak podpisu cyfrowego] C:\Program Files\ByteFence\ByteFenceGUI.dll
2017-11-16 14:11 - 2017-11-16 14:11 - 000310784 _____ (GitHub Community) [Brak podpisu cyfrowego] C:\Program Files\ByteFence\Microsoft.Win32.TaskScheduler.dll
Hosts:
(bookingDesktopApp.) [Brak podpisu cyfrowego] C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe
(Byte Technologies LLC -> Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
(Byte Technologies LLC -> Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
(Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\rodzice\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
HKU\S-1-5-21-1596660734-280981596-685492954-1001\...\Run: [Chromium] => "c:\users\rodzice\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-1596660734-280981596-685492954-1001\...\Run: [GoogleChromeAutoLaunch_C6854B384C3C34B409C41B7DA1076DDA] => "C:\Users\rodzice\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-1596660734-280981596-685492954-1001\...\MountPoints2: {f6942060-13b7-11e7-83d8-806e6f6e6963} - "E:\PicasaCD.exe"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
Task: {6A0E7862-53E7-42A1-BAD8-ACD684A2863B} - System32\Tasks\bookingDesktopAppUpdateTaskMachineCore => C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2020-02-04] (bookingDesktopApp.) [Brak podpisu cyfrowego]
Task: {792466FA-316E-4132-977C-2F26CD3FA314} - System32\Tasks\bookingDesktopAppUpdateTaskMachineUA => C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2020-02-04] (bookingDesktopApp.) [Brak podpisu cyfrowego]
Task: {84BD4A56-6968-4500-B2D8-852E7F0E3996} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [3938632 2020-01-17] (Byte Technologies LLC -> Byte Technologies LLC) <==== UWAGA
Task: {C2E5DF05-4F20-4DE4-AB00-13C3DB6B0182} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
Task: {CFB85DBD-54D7-46AB-8FF4-820D44BEF96E} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432 2015-09-11] (CyberLink Corp. -> CyberLink Corp.)
Task: {E5FC6C82-64C8-4762-B0FD-E036E2BF9645} - System32\Tasks\App Explorer => C:\Users\rodzice\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7470248 2020-01-07] (SweetLabs Inc. -> SweetLabs, Inc) <==== UWAGA
Tcpip\Parameters: [DhcpNameServer] 89.231.1.206 217.172.224.160
Tcpip\..\Interfaces\{2a3a2acc-6b6f-4c62-8c66-75c50493b133}: [DhcpNameServer] 89.231.1.206 217.172.224.160
Tcpip\..\Interfaces\{39a72f5f-f23d-4a09-83a9-eff28bdf1d6e}: [DhcpNameServer] 150.208.1.2
HKU\S-1-5-21-1596660734-280981596-685492954-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nav-pl.com/
HKU\S-1-5-21-1596660734-280981596-685492954-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1596660734-280981596-685492954-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-1596660734-280981596-685492954-1001 -> DefaultScope {D362695B-93A6-45CE-B241-AB65C617B22F} URL = hxxp://www.nav-pl.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1596660734-280981596-685492954-1001 -> {C5AFB052-BB60-4E54-8104-BC5F6CF2203F} URL =
SearchScopes: HKU\S-1-5-21-1596660734-280981596-685492954-1001 -> {D362695B-93A6-45CE-B241-AB65C617B22F} URL = hxxp://www.nav-pl.com/search?q={searchTerms}
Edge HomeButtonPage: HKU\S-1-5-21-1596660734-280981596-685492954-1001 -> hxxp://www.nav-pl.com/
CHR HomePage: Default -> hxxp://www.nav-pl.com/
CHR StartupUrls: Default -> "hxxp://www.nav-pl.com/"
CHR DefaultSearchURL: Default -> hxxp://www.nav-pl.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> szukaj
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
S2 bookingdesktopapp; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2020-02-04] (bookingDesktopApp.) [Brak podpisu cyfrowego]
S3 bookingdesktopappm; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2020-02-04] (bookingDesktopApp.) [Brak podpisu cyfrowego]
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [160072 2020-01-17] (Byte Technologies LLC -> Byte Technologies LLC) <==== UWAGA
R2 rtop; c:\program files\bytefence\rtop\bin\rtop_svc.exe [297288 2020-02-12] (Byte Technologies LLC -> Byte Technologies LLC.) <==== UWAGA
2020-02-12 16:37 - 2020-02-12 16:37 - 000000000 ____D C:\ProgramData\ByteFence
2020-02-04 23:39 - 2020-02-04 23:39 - 000001303 _____ C:\Users\rodzice\Desktop\Kontynuuj instalację Microsoft Word 2013.lnk
2020-02-04 20:34 - 2020-02-14 19:28 - 000002552 _____ C:\WINDOWS\system32\Tasks\ByteFence
2020-02-04 20:28 - 2020-02-14 19:28 - 000003476 _____ C:\WINDOWS\system32\Tasks\bookingDesktopAppUpdateTaskMachineUA
2020-02-04 20:28 - 2020-02-14 19:28 - 000003252 _____ C:\WINDOWS\system32\Tasks\bookingDesktopAppUpdateTaskMachineCore
2020-02-04 20:28 - 2020-02-04 20:28 - 000003271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.lnk
2020-02-04 20:28 - 2020-02-04 20:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
2020-02-04 20:28 - 2020-02-04 20:28 - 000000000 ____D C:\Program Files (x86)\bookingDesktopApp
2020-02-04 20:27 - 2020-02-04 20:28 - 000000000 ____D C:\Program Files (x86)\Booking
2020-02-04 20:26 - 2020-02-24 20:14 - 000000000 ____D C:\Program Files\ByteFence
2020-02-04 20:16 - 2020-02-04 20:16 - 000002351 _____ C:\Users\rodzice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2020-02-04 20:15 - 2020-02-05 15:50 - 000000000 ____D C:\WINDOWS\system32\Tasks\gokolehe
2020-02-04 20:15 - 2020-02-05 15:50 - 000000000 ____D C:\Users\rodzice\AppData\Roaming\Kaciloca
2020-02-04 20:15 - 2020-02-04 20:16 - 000000000 ____D C:\Users\rodzice\AppData\Local\chromium
2020-02-04 20:14 - 2020-02-04 20:17 - 000000000 ____D C:\Users\rodzice\AppData\Local\{D1D2E78E-F57A-8B36-98E2-AEDEBC8A5246}
2020-02-04 20:14 - 2020-02-04 20:15 - 000000000 ____D C:\ProgramData\{D7F2EBCE-FFDA-93B6-A782-BB9E4F6A6346}
2020-02-04 20:14 - 2020-02-04 20:14 - 000001368 _____ C:\Users\rodzice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk
2020-02-04 20:13 - 2020-02-04 20:17 - 000000000 ____D C:\ProgramData\caqdd
2020-02-04 20:11 - 2020-02-04 20:12 - 003210896 ____N ( ) C:\Users\rodzice\Downloads\microsoft-word-2013-ks_2126272969.exe
Zrob tez skan przy pomocy
https://www.bleepingcomputer.com/download/adwcleaner/ oraz
https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ i usun to co wykryja.
