Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 02-08.2024 Uruchomiony przez Monika (administrator) DESKTOP-NSFS6LG (LENOVO 80EW) (08-08-2024 13:27:36) Uruchomiony z C:\Users\Monika\Desktop\FRST64.exe Załadowane profile: Monika Platforma: Microsoft Windows 10 Pro Wersja 22H2 19045.4291 (X64) Język: Polski (Polska) Domyślna przeglądarka: "C:\Users\Monika\AppData\Local\Programs\Opera\opera.exe" -noautoupdate -- "%1" Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (C:\Program Files\Elantech\ETDService.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (C:\Users\Monika\AppData\Local\Programs\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Monika\AppData\Local\Programs\Opera\112.0.5197.39\opera_crashreporter.exe (explorer.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Monika\AppData\Local\Programs\Opera\opera.exe <19> (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3> (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe <3> (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe (svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Monika\AppData\Local\Microsoft\OneDrive\24.141.0714.0003\FileCoAuth.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2406.13.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4585_none_7e06e2187c9234e2\TiWorker.exe (valWbioSyncSvc.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5062384 2015-08-30] (Realtek Semiconductor Corp -> Realtek semiconductor) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-08-27] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1408752 2015-08-27] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1408752 2015-08-27] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1408752 2015-08-27] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKU\S-1-5-21-2266948882-3023043429-4253720648-1001\...\Run: [Opera Stable] => C:\Users\Monika\AppData\Local\Programs\Opera\opera.exe [1592224 2024-07-25] (Opera Norway AS -> Opera Software) ==================== Zaplanowane zadania (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {2CDFA944-EE03-4B5A-86C7-1EAD99D5314C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1558984 2024-06-25] (Adobe Inc. -> Adobe Inc.) Task: {8FF944FB-6792-46CA-B772-EDE5C5506717} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BA0964B6-7137-405B-AE3D-8A0EC5B0D526} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C2203F9E-9D0F-450C-889C-9A32E278ACD3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7A6D7FD3-483D-43B9-A4FD-B1E46D67BFF0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C7317812-40D8-4E98-BA2C-FD017FCC1786} - System32\Tasks\Opera scheduled Autoupdate 1690367397 => C:\Users\Monika\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5770656 2024-07-25] (Opera Norway AS -> Opera Software) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 Tcpip\..\Interfaces\{bf29cc3f-998f-4aa3-9ab6-ac96b61e47fa}: [DhcpNameServer] 192.168.8.1 Tcpip\..\Interfaces\{bf29cc3f-998f-4aa3-9ab6-ac96b61e47fa}\E4544534944595D2136423544464: [DhcpNameServer] 192.168.200.1 Tcpip\..\Interfaces\{ddd0b056-2193-4b7d-bfb2-d3cfb23c7215}: [DhcpNameServer] 192.168.200.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Monika\AppData\Local\Microsoft\Edge\User Data\Default [2024-07-14] Edge Extension: (Dokumenty Google offline) - C:\Users\Monika\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-20] Edge Extension: (Edge relevant text changes) - C:\Users\Monika\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-31] FireFox: ======== FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-07-23] (Adobe Inc. -> Adobe Systems Inc.) Opera: ======= OPR DefaultProfile: Default ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-06-25] (Adobe Inc. -> Adobe Inc.) R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe [1377416 2024-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-04-24] (Microsoft Windows Publisher -> Microsoft Corporation) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) R2 valWbioSyncSvc; C:\Windows\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe [3236728 2024-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe [133688 2024-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Brak podpisu cyfrowego] R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-09-23] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) R1 SMIDriverGen; C:\Windows\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated) R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21968 2024-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [602520 2024-08-04] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2024-08-04] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2024-08-08 13:20 - 2024-08-08 13:27 - 000000000 ____D C:\FRST 2024-08-08 13:20 - 2024-08-08 13:20 - 002144359 _____ C:\Users\Monika\Downloads\FRST64.exe.opdownload 2024-08-08 13:19 - 2024-08-08 13:28 - 000000000 ____D C:\Users\Monika\Desktop\MB domowy laptop 2024-08-08 13:17 - 2024-08-08 13:20 - 002397184 _____ (Farbar) C:\Users\Monika\Desktop\FRST64.exe 2024-08-08 13:16 - 2024-08-08 13:17 - 000000000 ____D C:\AdwCleaner 2024-08-08 13:10 - 2024-08-08 13:12 - 008790880 _____ (Malwarebytes) C:\Users\Monika\Desktop\adwcleaner.exe 2024-08-08 13:05 - 2024-08-08 13:05 - 000000000 ___HD C:\$WinREAgent 2024-08-04 17:52 - 2024-08-04 17:52 - 000635015 _____ C:\Users\Monika\Downloads\Love_-Theoretically-Ali-Hazelwood.epub 2024-08-04 17:51 - 2024-08-04 17:51 - 001351693 _____ C:\Users\Monika\Downloads\Love, Theoretically - Ali Hazelwood.pdf 2024-08-04 17:45 - 2024-08-04 17:45 - 000672425 _____ C:\Users\Monika\Downloads\To_-co-chcemy-zostawić-za-sobą-Lucy-Score.epub 2024-08-04 17:39 - 2024-08-04 17:39 - 003780483 _____ C:\Users\Monika\Downloads\To, co chcemy zostawić za sobą - Lucy Score.pdf 2024-08-04 17:33 - 2024-08-04 17:34 - 001029562 _____ C:\Users\Monika\Downloads\Lucy Score - W obronie tego, co moje.epub ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2024-08-08 13:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness 2024-08-08 13:25 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF 2024-08-08 13:24 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2024-08-08 13:23 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp 2024-08-08 13:04 - 2023-07-26 11:42 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2024-08-08 13:04 - 2023-07-26 11:42 - 000000000 __SHD C:\Users\Monika\IntelGraphicsProfiles 2024-08-04 17:54 - 2023-07-26 11:33 - 000000000 ____D C:\Users\Monika 2024-08-04 17:48 - 2023-07-26 11:40 - 000000000 ____D C:\Windows\system32\MRT 2024-08-04 17:45 - 2023-10-18 12:48 - 000000000 ____D C:\Program Files\RUXIM 2024-08-04 17:45 - 2023-07-26 11:40 - 194135240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2024-08-04 17:41 - 2023-07-26 11:29 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-08-04 17:39 - 2023-07-26 11:29 - 000000000 ____D C:\Windows\system32\Drivers\wd 2024-08-04 17:38 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat 2024-08-04 17:36 - 2023-10-25 11:58 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2024-08-04 17:36 - 2023-10-25 11:58 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2024-08-04 17:36 - 2023-10-25 11:58 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk 2024-08-04 17:34 - 2023-07-26 11:33 - 000000000 ____D C:\Users\Monika\AppData\Local\Packages 2024-08-04 17:32 - 2023-07-26 11:38 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2266948882-3023043429-4253720648-1001 2024-08-04 17:32 - 2023-07-26 11:37 - 000003382 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2266948882-3023043429-4253720648-1001 2024-08-04 17:32 - 2023-07-26 11:33 - 000002430 _____ C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2024-08-04 17:31 - 2023-10-25 11:51 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER 2024-08-04 17:30 - 2024-02-28 18:54 - 000001393 _____ C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk 2024-08-04 17:30 - 2023-07-26 12:30 - 000004316 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1690367397 2024-08-04 17:29 - 2023-07-26 11:29 - 000003566 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-08-04 17:29 - 2023-07-26 11:29 - 000003442 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2024-08-04 17:29 - 2023-07-26 11:29 - 000000000 ____D C:\Windows\system32\SleepStudy