Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 17-08-2023 01 Uruchomiony przez Jolanta (administrator) DAWID (Hewlett-Packard HP 250 G3 Notebook PC) (19-08-2023 18:13:11) Uruchomiony z C:\Users\Jolanta\Downloads\FRST64.exe Załadowane profile: Jolanta Platforma: Microsoft Windows 10 Home Wersja 22H2 19045.3324 (X64) Język: Polski (Polska) Domyślna przeglądarka: FF Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2> (C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <25> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5> (explorer.exe ->) (Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (services.exe ->) (Hewlett-Packard Company) [Brak podpisu cyfrowego] C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe (services.exe ->) (Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (services.exe ->) (Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (services.exe ->) (Prolific Technology Inc.) [Brak podpisu cyfrowego] C:\Windows\SysWOW64\IoctlSvc.exe (services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-03] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-02] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507144 2014-09-02] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG -> Nero AG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [748624 2023-06-14] (Oracle America, Inc. -> Oracle Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Ograniczenia <==== UWAGA HKU\S-1-5-21-1073146852-1210339853-4174349104-1001\...\Run: [WebcamMaxAutoRun] => C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] () [Brak podpisu cyfrowego] HKU\S-1-5-21-1073146852-1210339853-4174349104-1001\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG -> Nero AG) HKU\S-1-5-21-1073146852-1210339853-4174349104-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-14] (Disc Soft Ltd -> Disc Soft Ltd) HKU\S-1-5-21-1073146852-1210339853-4174349104-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [41584544 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) HKU\S-1-5-21-1073146852-1210339853-4174349104-1001\...\Run: [MicrosoftEdgeAutoLaunch_915514095E4776E53BB9AE36C3158D37] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4088272 2023-08-10] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1073146852-1210339853-4174349104-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe -os-restarted --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb (dane wartości zawierają 86 znaków więcej). [686496 2023-08-09] (Mozilla Corporation -> Mozilla Corporation) HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [100352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [423936 2014-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard) HKLM\...\Print\Monitors\PCL hpz3llhn: C:\WINDOWS\system32\hpz3llhn.dll [36352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company) HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\116.0.5845.96\Installer\chrmstp.exe [2023-08-17] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install Startup: C:\Users\Jolanta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk [2016-09-04] ShortcutTarget: Facebook Games Arcade (BETA).lnk -> C:\Users\Jolanta\AppData\Local\Facebook\Games\FacebookGames.exe (Facebook, Inc. -> ) GroupPolicy: Ograniczenia ? <==== UWAGA Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA ==================== Zaplanowane zadania (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {457D5D10-9077-4B00-8024-A811F0864D09} - System32\Tasks\{E39D7443-6197-431A-8268-67E085E409E5} => C:\Program Files (x86)\Skype\Phone\Skype.exe (Brak pliku) Task: {E03AAFFC-B88A-4922-A983-8354F4FA0B72} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (Brak pliku) Task: {9C3CB1D7-13B9-42EC-9CB0-2B4D8B4463B7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-08-01] (Avast Software s.r.o. -> Avast Software) Task: {A28FE97A-7B04-49A5-8E7F-C2B9B5751A49} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /c (Brak pliku) Task: {28F5062D-567B-44D9-B18C-7CD690685D35} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /ua /installsource scheduler (Brak pliku) Task: {CFDEE19B-C344-4FEC-B2B8-E471493FAF06} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {C5C79ADC-6A02-46BC-BF4F-F6E7FD9BF0A2} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "496e4115-1349-4c24-98c4-aa74dc64107a" --version "6.15.10623" --silent Task: {222E2541-BB27-4CBD-843C-327E81AF8436} - System32\Tasks\CCleanerSkipUAC - Jolanta => C:\Program Files\CCleaner\CCleaner.exe [34687904 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {D45A94E2-63FD-4982-9EDA-473B79884198} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-10] (Google Inc -> Google Inc.) Task: {48F72910-B93D-4595-9EBD-2C5A11FDB86C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-10] (Google Inc -> Google Inc.) Task: {3E841286-BBBE-4F88-876C-5D04148BCCB1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [544568 2014-08-01] (Hewlett-Packard Company -> Hewlett-Packard Company) Task: {6EB07673-86D7-4CE7-B3BB-09BEAE333C47} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [544568 2014-08-01] (Hewlett-Packard Company -> Hewlett-Packard Company) Task: {3A3AEB31-1199-4217-9A27-881DA37180F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [630584 2014-05-12] (Hewlett-Packard Company -> Hewlett-Packard Company) Task: {892984DC-F209-4050-BF76-75EBFDA02B0C} - System32\Tasks\HPCustParticipation HP DeskJet 3700 series => C:\Program Files\HP\HP DeskJet 3700 series\Bin\HPCustPartic.exe [6438536 2016-12-19] (Hewlett Packard -> HP Inc.) Task: {30CE4DE9-27B2-4EF0-B51B-09888D14EA8A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656848 2023-08-04] (Microsoft Corporation -> Microsoft Corporation) Task: {93C2BBAE-AEEF-4B64-883C-993A3A906BED} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656848 2023-08-04] (Microsoft Corporation -> Microsoft Corporation) Task: {39D981E3-28BE-4894-B8DD-9A53CD1AAFAC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124568 2023-08-10] (Microsoft Corporation -> Microsoft Corporation) Task: {3C4E8DC7-8927-4ECA-910C-13DD0A864652} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124568 2023-08-10] (Microsoft Corporation -> Microsoft Corporation) Task: {A16EDF49-93D0-415C-AE55-9EB26BB4DEF6} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc Task: {A16EDF49-93D0-415C-AE55-9EB26BB4DEF6} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun Task: {A16EDF49-93D0-415C-AE55-9EB26BB4DEF6} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {0E406D3B-2346-4A5C-AEFE-3E48A9E8B8EA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {4A903C4A-1EF8-4D3D-A486-417AA1A5C323} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-11] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BC13172A-F734-4F7A-97D5-23F27263AA6C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-11] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {238E4E5A-8EFD-4C29-A92F-FE0B37FBA2D0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-11] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {38BB1BE1-5166-4622-8B14-4947EE99D8CD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-11] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe join (Brak pliku) Task: {1175D8FB-51A4-43A8-B191-3B2EB52855DC} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [686496 2023-08-09] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {A8E3908A-A78C-4320-989A-6847F266A8AD} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-09] (Mozilla Corporation -> Mozilla Foundation) Task: {773FFF53-B0F6-4511-AAA8-FB7CA47AE99C} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [6501872 2015-10-10] (Nero AG -> Nero AG) Task: {28198C80-FE6C-4334-B270-82FD54047A17} - System32\Tasks\SafeZone scheduled Autoupdate 1466896503 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0) (Brak pliku) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{acebf3a2-cfd6-4cb9-a8b5-d719af8760b5}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{FAA5DAB3-F30B-4265-B2D7-527FBB255146}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge Extension: (Brak nazwy) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nie znaleziono] Edge Extension: (Brak nazwy) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nie znaleziono] Edge Extension: (Brak nazwy) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nie znaleziono] Edge Extension: (Brak nazwy) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nie znaleziono] Edge DefaultProfile: Default Edge Profile: C:\Users\Jolanta\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-19] Edge Extension: (Edge relevant text changes) - C:\Users\Jolanta\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-15] FireFox: ======== FF DefaultProfile: fyijhxp8.default-1462296165741 FF ProfilePath: C:\Users\Jolanta\AppData\Roaming\Mozilla\Firefox\Profiles\fyijhxp8.default-1462296165741 [2023-08-19] FF Homepage: Mozilla\Firefox\Profiles\fyijhxp8.default-1462296165741 -> hxxps://www.google.pl/ FF NewTab: Mozilla\Firefox\Profiles\fyijhxp8.default-1462296165741 -> about:newtab FF Notifications: Mozilla\Firefox\Profiles\fyijhxp8.default-1462296165741 -> hxxps://www.telemagazyn.pl FF Extension: (Youtube to MP3 Plugin) - C:\Users\Jolanta\AppData\Roaming\Mozilla\Firefox\Profiles\fyijhxp8.default-1462296165741\Extensions\flv2mp3@hotger.com.xpi [2018-03-31] FF Extension: (S3.Translator) - C:\Users\Jolanta\AppData\Roaming\Mozilla\Firefox\Profiles\fyijhxp8.default-1462296165741\Extensions\s3google@translator.xpi [2018-10-16] FF Extension: (Avast SafePrice | Porównania, promocje, kupony) - C:\Users\Jolanta\AppData\Roaming\Mozilla\Firefox\Profiles\fyijhxp8.default-1462296165741\Extensions\sp@avast.com.xpi [2019-04-21] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json] FF Extension: (Google Translator for Firefox) - C:\Users\Jolanta\AppData\Roaming\Mozilla\Firefox\Profiles\fyijhxp8.default-1462296165741\Extensions\translator@zoli.bod.xpi [2020-03-09] FF Extension: (Avast Online Security & Privacy) - C:\Users\Jolanta\AppData\Roaming\Mozilla\Firefox\Profiles\fyijhxp8.default-1462296165741\Extensions\wrc@avast.com.xpi [2023-03-11] FF Extension: (Adblock Plus - darmowy adblocker) - C:\Users\Jolanta\AppData\Roaming\Mozilla\Firefox\Profiles\fyijhxp8.default-1462296165741\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-03-26] FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) [Brak podpisu cyfrowego] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.381.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-06-14] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.381.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-06-14] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-03] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default [2023-08-19] CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.pkobp.pl CHR Extension: (Dokumenty Google offline) - C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-22] CHR Extension: (TinEye Reverse Image Search) - C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2023-03-07] CHR Extension: (Webcam Toy) - C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2018-09-10] CHR Extension: (Skype) - C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2022-05-14] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-10] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [98208 2009-11-18] (Andrea Electronics -> Andrea Electronics Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11878368 2023-08-04] (Microsoft Corporation -> Microsoft Corporation) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd -> Disc Soft Ltd) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-01] (Hewlett-Packard Company) [Brak podpisu cyfrowego] R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-08-09] (HP Inc. -> HP Inc.) R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [509192 2014-09-02] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG -> Nero AG) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG -> Nero AG) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Brak podpisu cyfrowego] R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe [3104488 2023-08-11] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe [133576 2023-08-11] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [303616 2019-10-07] () [Brak podpisu cyfrowego] R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-11-30] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-11-30] (Disc Soft Ltd -> Disc Soft Ltd) S2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [35328 2019-10-07] () [Brak podpisu cyfrowego] R3 MpKslc112483f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9331C26D-4A49-4762-98E6-3E9D716ABF83}\MpKslDrv.sys [222464 2023-08-19] (Microsoft Windows -> Microsoft Corporation) S3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (MEDIATEK INC. -> Ralink Technology, Corp.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55704 2023-08-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [572656 2023-08-11] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [104688 2023-08-11] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2023-08-19 18:13 - 2023-08-19 18:17 - 000026949 _____ C:\Users\Jolanta\Downloads\FRST.txt 2023-08-19 18:11 - 2023-08-19 18:15 - 000000000 ____D C:\FRST 2023-08-19 18:05 - 2023-08-19 18:05 - 002385408 _____ (Farbar) C:\Users\Jolanta\Downloads\FRST64.exe 2023-08-15 16:36 - 2023-08-15 16:41 - 000000000 ____D C:\Users\Jolanta\Desktop\Fakturka 2023-08-12 19:34 - 2023-08-12 19:34 - 000002440 _____ C:\Users\Jolanta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-08-11 16:19 - 2023-08-11 16:19 - 000000000 ___HD C:\$WinREAgent 2023-08-11 10:45 - 2023-08-11 10:45 - 000000000 ____D C:\Users\Jolanta\Downloads\Archiwum 2014-09-09 2023-08-11 10:44 - 2023-08-15 15:49 - 000000000 ____D C:\Users\Jolanta\Downloads\Fakturka 2023-08-11 10:42 - 2023-08-11 10:42 - 002890198 _____ C:\Users\Jolanta\Downloads\Fakturka.zip 2023-08-11 10:42 - 2023-08-11 10:42 - 000304471 _____ C:\Users\Jolanta\Downloads\Archiwum 2014-09-09.rar 2023-08-11 10:41 - 2023-08-11 10:42 - 002288010 _____ C:\Users\Jolanta\Downloads\Fakturka.rar 2023-08-09 09:59 - 2023-08-11 17:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2023-08-05 16:21 - 2023-08-05 16:21 - 000000000 ____D C:\Users\Jolanta\Desktop\Logo firmowe 2023-08-04 12:27 - 2023-08-04 12:27 - 000171452 _____ C:\Users\Jolanta\AppData\Local\recently-used.xbel 2023-08-03 10:58 - 2023-08-03 10:58 - 000000000 ____D C:\Users\Jolanta\AppData\Roaming\Sun 2023-08-03 10:57 - 2023-08-03 10:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2023-08-03 10:57 - 2023-08-03 10:57 - 000000000 ____D C:\Program Files (x86)\Java 2023-08-03 10:57 - 2023-06-14 14:22 - 000170624 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2023-07-25 11:18 - 2023-07-25 11:21 - 000000000 ____D C:\Users\Jolanta\Desktop\Zdjęcia OLX - przyczepy do lodów 2023-07-25 09:33 - 2023-07-25 11:17 - 000000000 ____D C:\Users\Jolanta\Desktop\Zdjęcia OLX - przyczepy gastronomiczne 2023-07-22 15:32 - 2023-08-05 16:21 - 000000000 ____D C:\Users\Jolanta\Desktop\Logo przykłady 2023-07-22 15:11 - 2023-08-05 15:59 - 000000000 ____D C:\Users\Jolanta\Desktop\Galeria - strona ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2023-08-19 18:07 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-08-19 17:27 - 2021-12-22 18:30 - 000000000 ____D C:\WINDOWS\SystemTemp 2023-08-19 17:27 - 2015-09-16 17:54 - 000000000 ____D C:\Program Files (x86)\Google 2023-08-19 17:20 - 2020-08-02 22:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-08-19 09:50 - 2020-08-02 23:01 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2023-08-19 08:46 - 2017-12-14 12:00 - 000000000 ____D C:\Program Files\CCleaner 2023-08-19 08:44 - 2015-09-16 17:37 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2023-08-19 08:44 - 2015-09-16 17:37 - 000000000 __SHD C:\Users\Jolanta\IntelGraphicsProfiles 2023-08-19 08:41 - 2020-08-02 23:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-08-19 08:41 - 2020-08-02 22:18 - 000008192 ___SH C:\DumpStack.log.tmp 2023-08-19 08:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState 2023-08-19 08:41 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2023-08-19 08:34 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-08-18 16:10 - 2019-07-12 20:35 - 000001427 _____ C:\Users\Jolanta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2023-08-18 16:10 - 2019-07-12 20:35 - 000001321 _____ C:\Users\Jolanta\Desktop\ESET Online Scanner.lnk 2023-08-18 14:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2023-08-18 10:19 - 2023-05-06 10:55 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job 2023-08-18 09:06 - 2022-02-10 18:11 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-08-18 08:06 - 2023-05-06 10:55 - 000003476 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting 2023-08-17 19:52 - 2020-08-02 22:39 - 001922934 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-08-17 19:52 - 2019-12-07 17:08 - 000824438 _____ C:\WINDOWS\system32\perfh015.dat 2023-08-17 19:52 - 2019-12-07 17:08 - 000171420 _____ C:\WINDOWS\system32\perfc015.dat 2023-08-17 19:52 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2023-08-17 18:36 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-08-17 07:31 - 2018-09-10 22:08 - 000002314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-08-13 14:25 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-08-12 19:34 - 2021-12-11 20:11 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1073146852-1210339853-4174349104-1001 2023-08-12 10:30 - 2020-06-09 02:58 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-08-12 10:30 - 2020-06-09 02:58 - 000002293 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-08-11 17:43 - 2020-08-02 22:18 - 000463384 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2023-08-11 17:41 - 2015-11-06 23:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-08-11 17:38 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2023-08-11 17:38 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2023-08-11 17:38 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2023-08-11 17:38 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup 2023-08-11 17:38 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2023-08-11 17:38 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser 2023-08-11 17:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2023-08-11 17:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat 2023-08-11 17:03 - 2020-08-02 22:24 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2023-08-11 15:58 - 2015-10-05 12:48 - 000000000 ____D C:\WINDOWS\system32\MRT 2023-08-11 15:39 - 2015-10-05 12:48 - 175983240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2023-08-11 10:46 - 2018-07-19 21:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2023-08-11 10:43 - 2023-01-19 20:39 - 000000000 ____D C:\Users\Jolanta\Desktop\Oferty przyczep 2023-08-10 19:41 - 2015-10-28 22:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2023-08-10 18:33 - 2019-04-22 17:52 - 000000000 ____D C:\Users\Jolanta\Downloads\Dokumenty i faktury 2023-08-10 10:46 - 2018-10-05 21:32 - 000000000 ____D C:\Users\Jolanta\Desktop\Umowy 2023-08-09 17:00 - 2015-11-06 23:12 - 000001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-08-09 16:43 - 2020-10-29 09:07 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP 2023-08-09 10:42 - 2021-05-13 20:54 - 000000000 ____D C:\Program Files\HPPrintScanDoctor 2023-08-05 16:20 - 2018-09-25 07:28 - 000000000 ____D C:\Users\Jolanta\Downloads\Nowy folder 2023-08-05 16:18 - 2023-05-29 16:04 - 000000000 ____D C:\Users\Jolanta\Desktop\Zdjęcie z telefonu 2023-08-05 16:15 - 2023-07-11 12:33 - 000000000 ____D C:\Users\Jolanta\Downloads\załączniki 2023-08-05 16:01 - 2023-05-29 16:15 - 000000000 ____D C:\Users\Jolanta\Desktop\Pliki strona 2023-08-05 15:58 - 2021-05-30 17:26 - 000000000 ____D C:\Users\Jolanta\Desktop\Projekty technologiczne i rysunki 2023-08-04 12:28 - 2018-07-23 20:42 - 000000000 ____D C:\Users\Jolanta\.gimp-2.8 2023-08-04 12:27 - 2018-07-23 20:53 - 000000000 ____D C:\Users\Jolanta\AppData\Local\gtk-2.0 2023-08-03 10:54 - 2023-06-02 09:30 - 000000000 ____D C:\Users\Jolanta\Desktop\Strona 2023-08-03 09:22 - 2020-08-02 23:01 - 000003864 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2023-08-03 09:22 - 2020-08-02 23:01 - 000003740 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2023-07-27 16:41 - 2018-08-16 21:12 - 000918960 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe ==================== Pliki w katalogu głównym wybranych folderów ======== 2016-02-22 20:01 - 2016-02-22 20:01 - 000000043 _____ () C:\Users\Jolanta\AppData\Roaming\WB.CFG 2016-08-14 00:21 - 2018-01-13 22:07 - 000010240 _____ () C:\Users\Jolanta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2023-08-04 12:27 - 2023-08-04 12:27 - 000171452 _____ () C:\Users\Jolanta\AppData\Local\recently-used.xbel 2016-07-02 21:48 - 2016-07-02 21:48 - 000000017 _____ () C:\Users\Jolanta\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) ==================== Koniec FRST.txt ========================