Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 3-07-2019 Uruchomiony przez mrvit (administrator) DESKTOP-KEG25DS (ASUS All Series) (04-07-2019 18:53:28) Uruchomiony z C:\Users\mrvit\OneDrive\Pulpit Załadowane profile: mrvit (Dostępne profile: mrvit) Platform: Windows 10 Home Wersja 1803 17134.523 (X64) Język: Polski (Polska) Domyślna przeglądarka: Edge Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) () [Brak podpisu cyfrowego] C:\Users\mrvit\AppData\Roaming\NoxSrv\NoxSrv.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0341662.inf_amd64_6a03bbaf8486839e\B341390\atieclxx.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0341662.inf_amd64_6a03bbaf8486839e\B341390\atiesrxx.exe (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\74.0.3729.56\remoting_host.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\74.0.3729.56\remoting_host.exe (ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Shanghai Microvirt Software Technology Co., Ltd. -> ) C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe (Sony Mobile Communications AB -> Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe (Sony Mobile Communications AB -> Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe (Sony Mobile Communications AB -> Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe (Sony Mobile Communications AB -> Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe (Sony) [Brak podpisu cyfrowego] C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279432 2018-11-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [RazerCortex] => "C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe" -autorun HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-115981727-767816172-525159574-1001\...\Run: [uTorrent] => C:\Users\mrvit\AppData\Roaming\uTorrent\uTorrent.exe [1818352 2019-06-16] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-115981727-767816172-525159574-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [731240 2018-10-19] (AVB Disc Soft, SIA -> Disc Soft Ltd) HKU\S-1-5-21-115981727-767816172-525159574-1001\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent HKU\S-1-5-21-115981727-767816172-525159574-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3114256 2019-06-28] (Electronic Arts, Inc. -> Electronic Arts) HKU\S-1-5-21-115981727-767816172-525159574-1001\...\Run: [ProductAuthenticationService] => C:\Users\mrvit\AppData\Roaming\ProductAuthenticationService\pas.exe [1004072 2019-05-17] (ResolveDevOps Limited -> ResolveDevOps Limited) HKU\S-1-5-21-115981727-767816172-525159574-1001\...\Run: [SteamServerBrowser] => C:\Program Files (x86)\SteamServerBrowser\SteamServerBrowser.exe [172488 2019-02-09] (Crossgate Consulting Limited -> ) HKU\S-1-5-21-115981727-767816172-525159574-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2347872 2018-12-12] (Sony Mobile Communications AB -> Sony) HKU\S-1-5-21-115981727-767816172-525159574-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [7415880 2018-12-20] (GOG Sp. z o.o. -> GOG.com) HKU\S-1-5-21-115981727-767816172-525159574-1001\...\Run: [NoxDaemon] => C:\Users\mrvit\AppData\Roaming\NoxSrv\NoxSrv.exe [111616 2019-06-12] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\system32\ficvdec_x64.dll [652288 2013-05-28] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [Brak podpisu cyfrowego] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-21] (Google Inc -> Google Inc.) Startup: C:\Users\mrvit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-03-07] ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {0D6202CA-8254-4059-9C71-50296CE90668} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe Task: {1433C0CD-B9BA-476D-B8F9-FA22DDB01493} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [470960 2019-01-24] (Microsoft Corporation -> Microsoft Corporation) Task: {271FF06F-87A7-48D9-932D-9EFCAFB1D41C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [470960 2019-01-24] (Microsoft Corporation -> Microsoft Corporation) Task: {3541CB50-F9D3-4909-8DB7-BBFBA0BA7677} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe) Task: {4746CB98-1A71-4568-A975-CE8E824A0BF7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [152104 2019-07-01] (Microsoft Corporation -> Microsoft Corporation) Task: {5923C3AE-202F-4D4C-A675-8D0B7586BBC1} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) Task: {6B832C34-773C-4ACE-82D3-105F28096A26} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation) Task: {6F1B979B-CB16-4B5D-AD32-B953BDE686B3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-11] (Adobe Inc. -> Adobe) Task: {74852947-BF35-452E-8BCA-F111A1A1284A} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe Task: {7F0E1FCF-17F1-433F-8793-5AEE1687757E} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe Task: {83443F0D-9B29-47D2-9FA2-32E7C2C76255} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [152104 2019-07-01] (Microsoft Corporation -> Microsoft Corporation) Task: {ADC1C9C8-17AC-4C13-93C5-49BFEC4D500B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [470960 2019-01-24] (Microsoft Corporation -> Microsoft Corporation) Task: {B7D64271-9AFF-45B1-9613-826D410F5549} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-05] (AVAST Software s.r.o. -> AVAST Software) Task: {BFFC875B-69C0-46E8-BC90-B4DBBD4E493B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2208400 2019-07-01] (Microsoft Corporation -> Microsoft Corporation) Task: {CC827558-D457-45CD-B3DD-5451E7537636} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {D8978144-AA2B-4B3F-817E-C687796D3395} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-115981727-767816172-525159574-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [615160 2019-06-05] (Mega Limited -> Mega Limited) Task: {E16E391E-93C6-4200-9644-F300B5C7D92E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation) Task: {E4AA50CE-2BFB-404F-AD5D-759020BE1D20} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2208400 2019-07-01] (Microsoft Corporation -> Microsoft Corporation) Task: {EE45BCB7-81AD-4F5D-BAD7-6F27BA5FAADF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [470960 2019-01-24] (Microsoft Corporation -> Microsoft Corporation) Task: {FDE10BE3-5436-4E7A-8525-34A69A0FA5BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {FF6C93E4-477C-431C-ABF4-A5D30C8F347C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\BlueStacksHelper" /ENABLE Task: {FF6C93E4-477C-431C-ABF4-A5D30C8F347C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE Task: {FF6C93E4-477C-431C-ABF4-A5D30C8F347C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE Task: {FF6C93E4-477C-431C-ABF4-A5D30C8F347C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-115981727-767816172-525159574-1001" /ENABLE Task: {FF6C93E4-477C-431C-ABF4-A5D30C8F347C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 2796787680" /ENABLE Task: {FF6C93E4-477C-431C-ABF4-A5D30C8F347C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{E96743A2-FE1B-49F9-AD10-458548F1F794}" /ENABLE Task: {FF6C93E4-477C-431C-ABF4-A5D30C8F347C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{1d4fa830-2139-4597-be95-1b61a6b48023}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-06-25] (Oracle America, Inc. -> Oracle Corporation) BHO: Brak nazwy -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Brak pliku BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-06-25] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-06-25] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Brak nazwy -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Brak pliku BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-06-25] (Oracle America, Inc. -> Oracle Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-15] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-15] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-15] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-15] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: sb8yuccz.default FF ProfilePath: C:\Users\mrvit\AppData\Roaming\Mozilla\Firefox\Profiles\sb8yuccz.default [2019-07-04] FF NewTabOverride: Mozilla\Firefox\Profiles\sb8yuccz.default -> Enabled: extension@tabliss.io FF Extension: (Grammarly for Firefox) - C:\Users\mrvit\AppData\Roaming\Mozilla\Firefox\Profiles\sb8yuccz.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2019-06-15] FF Extension: (Final Battle at Midway) - C:\Users\mrvit\AppData\Roaming\Mozilla\Firefox\Profiles\sb8yuccz.default\Extensions\{c3890f12-5670-41b6-ad44-cf9af26ddecc}.xpi [2019-05-14] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> ) FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-06-25] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-06-25] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> ) FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-06-25] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-06-25] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-21] (Google Inc -> Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-21] (Google Inc -> Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\mrvit\AppData\Local\Google\Chrome\User Data\Default [2019-07-04] CHR Extension: (Theme Creator) - C:\Users\mrvit\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2019-01-29] CHR Extension: (Dokumenty) - C:\Users\mrvit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-29] CHR Extension: (Video Downloader professional) - C:\Users\mrvit\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2019-04-11] CHR Extension: (Pulpit zdalny Chrome) - C:\Users\mrvit\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-06-20] CHR Extension: (Grammarly for Chrome) - C:\Users\mrvit\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-07-04] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\mrvit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-29] CHR Extension: (Chrome Media Router) - C:\Users\mrvit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-29] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ACTION_SVC; C:\Program Files (x86)\Mirillis\Action!\action_svc.exe [16064 2014-10-26] (Mirillis -> ) R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0341662.inf_amd64_6a03bbaf8486839e\B341390\atiesrxx.exe [509048 2019-06-12] (Advanced Micro Devices, Inc. -> AMD) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] (ASUSTeK Computer Inc. -> ) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-05-05] (BattlEye Innovations e.K. -> ) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\74.0.3729.56\remoting_host.exe [73200 2019-04-01] (Google LLC -> Google Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11413600 2019-06-26] (Microsoft Corporation -> Microsoft Corporation) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3729512 2018-10-19] (AVB Disc Soft, SIA -> Disc Soft Ltd) S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [707144 2018-12-20] (GOG Sp. z o.o. -> GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2018-12-20] (GOG Sp. z o.o. -> GOG.com) R2 ICEsoundService; C:\WINDOWS\system32\ICEsoundService64.exe [799656 2018-11-24] (ICEpower a/s -> ICEpower) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 MEmuSVC; C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe [85304 2019-02-20] (Shanghai Microvirt Software Technology Co., Ltd. -> ) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2329392 2019-06-28] (Electronic Arts, Inc. -> Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3203888 2019-06-28] (Electronic Arts, Inc. -> Electronic Arts) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe [105064 2018-06-14] (Wondershare Technology Co.,Ltd -> Wondershare) R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2191360 2018-12-12] (Sony) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-04-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0341662.inf_amd64_6a03bbaf8486839e\B341390\atikmdag.sys [52889208 2019-06-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0341662.inf_amd64_6a03bbaf8486839e\B341390\atikmpag.sys [590968 2019-06-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) S3 AmUStor; C:\Windows\system32\drivers\AmUStor.SYS [90560 2018-06-06] (Alcorlink Corp. -> Alcorlink Corp.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] (ASUSTeK Computer Inc. -> ) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [107400 2018-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [303712 2018-12-13] (Bluestack Systems, Inc. -> Bluestack System Inc. ) S3 dot4; C:\Windows\System32\drivers\Dot4.sys [151968 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider) S3 dot4usb; C:\Windows\System32\drivers\dot4usb.sys [49056 2012-10-19] (Hewlett-Packard Company -> Microsoft Corporation) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-02-16] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-02-16] (Disc Soft Ltd -> Disc Soft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) S3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31816 2018-07-25] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-07-04] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-07-04] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [72864 2019-07-04] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-07-04] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [114040 2019-07-04] (Malwarebytes Corporation -> Malwarebytes) R1 MEmuDrv; C:\Windows\system32\DRIVERS\MEmuDrv.sys [319448 2019-04-15] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1141744 2019-06-12] (Realtek Semiconductor Corp. -> Realtek ) R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [9275336 2019-06-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) S3 RtlWlanu_OldIC; C:\Windows\System32\drivers\rtwlanu_oldIC.sys [3814400 2018-04-12] (Microsoft Windows -> Realtek Semiconductor Corporation ) R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Bruce James -> Scarlet.Crush Productions) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46488 2019-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 wdm_usb; C:\Windows\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-24] (Microsoft Windows -> Microsoft Corporation) R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2019-06-12] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation) S1 b97a8e250798b3fb; \??\C:\Windows\system32\drivers\b97a8e250798b3fb.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-07-04 18:41 - 2019-07-04 18:44 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2019-07-04 18:41 - 2019-07-04 18:41 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-07-04 18:41 - 2019-07-04 18:41 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2019-07-04 18:41 - 2019-07-04 18:41 - 000114040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2019-07-04 18:41 - 2019-07-04 18:41 - 000072864 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2019-07-04 18:39 - 2019-07-04 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-07-04 18:39 - 2019-07-04 18:39 - 000000000 ____D C:\Program Files\Malwarebytes 2019-07-04 18:39 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys 2019-07-04 18:39 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-07-04 18:08 - 2019-07-04 18:12 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2019-07-04 17:08 - 2019-07-04 17:08 - 000003176 _____ C:\Windows\System32\Tasks\AdwCleaner_onReboot 2019-07-04 15:51 - 2019-07-04 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2019-07-04 15:51 - 2019-07-04 15:51 - 000000000 ____D C:\Program Files (x86)\7-Zip 2019-07-02 22:48 - 2019-07-02 23:01 - 000219136 _____ C:\Users\mrvit\Downloads\Tay Money Trappers Delight Official Lyrics Meaning Verified.mp4.sfk 2019-07-02 22:44 - 2019-07-02 22:45 - 017807667 _____ C:\Users\mrvit\Downloads\Tay Money Trappers Delight Official Lyrics Meaning Verified.mp4 2019-07-02 22:27 - 2019-07-02 22:35 - 000342032 _____ C:\Users\mrvit\Downloads\Tay Money Trappers Delight Official Lyrics & Meaning Verified.mp3.sfk 2019-07-02 22:27 - 2019-07-02 22:35 - 000203752 _____ C:\Users\mrvit\Downloads\TAY MONEY TRAPPERS DELIGHT' (OFFICIAL INSTRUMENTAL) (BEST REMAKE) Re Prod By gloryboy.nate.mp3.sfk 2019-07-02 19:24 - 2019-07-02 19:25 - 011204626 _____ C:\Users\mrvit\Downloads\bentley-continental-gt.zip 2019-07-02 15:56 - 2019-07-03 14:33 - 000000000 ____D C:\Users\mrvit\AppData\LocalLow\uTorrent 2019-07-02 13:15 - 2019-07-02 13:15 - 003543225 _____ C:\Users\mrvit\Downloads\WinRAR 5.31 FINAL Incl. Crack.rar 2019-07-01 20:58 - 2019-07-01 21:00 - 003770426 _____ C:\Users\mrvit\Downloads\16b0c6-Gears-v4.6.6-Release.zip 2019-07-01 18:20 - 2019-07-01 18:23 - 060999050 _____ C:\Users\mrvit\Downloads\jeep-cherokee.zip 2019-07-01 18:16 - 2019-07-01 18:18 - 007553162 _____ C:\Users\mrvit\Downloads\noble-m600.zip 2019-07-01 18:13 - 2019-07-01 18:17 - 006300248 _____ C:\Users\mrvit\Downloads\buick-riviera.zip 2019-07-01 18:12 - 2019-07-01 18:17 - 007859917 _____ C:\Users\mrvit\Downloads\etk-w-series.zip 2019-07-01 18:11 - 2019-07-01 18:16 - 011276747 _____ C:\Users\mrvit\Downloads\bruckell-legran-coupe-convertible.zip 2019-07-01 18:10 - 2019-07-01 18:10 - 001181130 _____ C:\Users\mrvit\Downloads\burnside-special-rusty.zip 2019-07-01 18:07 - 2019-07-01 18:09 - 016695814 _____ C:\Users\mrvit\Downloads\cadillac-cts-v.zip 2019-07-01 18:06 - 2019-07-01 18:06 - 001982728 _____ C:\Users\mrvit\Downloads\cadillac-de-ville-1984.zip 2019-07-01 18:05 - 2019-07-01 18:06 - 007760496 _____ C:\Users\mrvit\Downloads\Chevrolet Bel Air Coupe 1957.zip 2019-07-01 00:04 - 2019-07-01 00:05 - 002280469 _____ C:\Users\mrvit\Downloads\32560-cadillac-cts-v.zip 2019-06-30 16:37 - 2019-06-30 16:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-06-30 16:37 - 2019-06-30 16:37 - 000000000 ____D C:\Program Files (x86)\VID_0e8f&PID_0003 2019-06-27 11:02 - 2019-06-27 11:02 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled 2019-06-25 23:41 - 2019-06-25 23:41 - 000002002 _____ C:\Users\mrvit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MC Modinstaller.LNK 2019-06-25 14:41 - 2019-06-25 14:40 - 000110968 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll 2019-06-24 13:07 - 2019-07-03 16:36 - 000000000 ____D C:\Users\mrvit\OneDrive\Documents\BeamNG.drive 2019-06-21 14:33 - 2019-07-04 15:09 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-06-20 22:01 - 2019-07-04 18:09 - 000000000 ____D C:\Users\mrvit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome 2019-06-20 17:54 - 2019-06-20 17:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX 2019-06-20 17:54 - 2009-10-24 21:15 - 001332224 _____ (AD © 2009) C:\Windows\SysWOW64\SYNSOEMU.DLL 2019-06-19 14:06 - 2019-06-19 14:06 - 000000000 ____D C:\Program Files\UNP 2019-06-15 15:44 - 2019-06-15 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam 2019-06-15 15:44 - 2019-06-15 15:44 - 000000000 ____D C:\Program Files (x86)\Bandicam 2019-06-12 14:03 - 2019-06-12 14:03 - 009275336 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys 2019-06-12 14:03 - 2019-06-12 14:03 - 000049568 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\system32\rtlCoInst.dll 2019-06-12 14:03 - 2019-06-12 14:03 - 000044742 _____ C:\Windows\system32\rtlCoInst.dat 2019-06-12 14:01 - 2019-06-12 14:03 - 000000000 ____D C:\Windows\LastGood.Tmp 2019-06-12 14:00 - 2019-06-12 14:00 - 001587832 _____ (AMD) C:\Windows\system32\coinst_18.50.dll 2019-06-12 14:00 - 2019-06-12 14:00 - 001210488 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll 2019-06-12 14:00 - 2019-06-12 14:00 - 000177568 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2019-06-12 14:00 - 2019-06-12 14:00 - 000154016 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2019-06-12 14:00 - 2019-06-12 14:00 - 000125488 _____ C:\Windows\system32\kapp_ci.sbin 2019-06-12 14:00 - 2019-06-12 14:00 - 000121168 _____ C:\Windows\system32\kapp_si.sbin 2019-06-12 14:00 - 2019-06-12 14:00 - 000019416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll 2019-06-12 14:00 - 2019-06-12 14:00 - 000019416 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll 2019-06-12 13:37 - 2019-07-03 19:49 - 000000000 ____D C:\Program Files (x86)\IObit 2019-06-12 13:37 - 2019-06-12 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 6 2019-06-12 13:28 - 2019-06-19 12:17 - 000000000 ____D C:\Program Files (x86)\Driver Support 2019-06-12 13:07 - 2019-07-04 18:39 - 000000000 ____D C:\Users\mrvit\AppData\Local\NoxSrv 2019-06-12 13:07 - 2019-07-04 13:40 - 000000000 ____D C:\Users\mrvit\AppData\Local\NoxPopup 2019-06-12 00:44 - 2019-06-14 22:36 - 000000295 _____ C:\Users\mrvit\d4ac4633ebd6440fa397b84f1bc94a3c.7z 2019-06-12 00:09 - 2019-06-14 22:32 - 000000000 ____D C:\Users\mrvit\vmlogs 2019-06-12 00:09 - 2019-06-14 22:32 - 000000000 ____D C:\Users\mrvit\.BigNox 2019-06-12 00:09 - 2019-06-12 00:09 - 000000066 _____ C:\Users\mrvit\inittk.ini 2019-06-12 00:09 - 2019-06-12 00:09 - 000000053 _____ C:\Users\mrvit\useruid.ini 2019-06-12 00:09 - 2019-06-12 00:09 - 000000045 _____ C:\Users\mrvit\nuuid.ini 2019-06-12 00:09 - 2019-06-12 00:09 - 000000041 _____ C:\Users\mrvit\inst.ini 2019-06-12 00:09 - 2019-06-12 00:09 - 000000000 ____D C:\Users\mrvit\Nox_share 2019-06-12 00:09 - 2019-06-12 00:09 - 000000000 ____D C:\Users\mrvit\AppData\Roaming\NoxSrv 2019-06-12 00:09 - 2019-06-12 00:09 - 000000000 ____D C:\Users\mrvit\AppData\Roaming\Microsoft\Windows\Start Menu\Nox 2019-06-12 00:09 - 2019-06-12 00:09 - 000000000 ____D C:\Program Files (x86)\Bignox 2019-06-12 00:08 - 2019-06-14 22:36 - 000000000 ____D C:\Users\mrvit\AppData\Local\Nox 2019-06-12 00:08 - 2019-06-12 00:08 - 000000000 ____D C:\Program Files (x86)\Nox 2019-06-11 20:27 - 2019-06-12 14:10 - 000000000 ____D C:\Users\mrvit\.MemuHyperv 2019-06-11 20:27 - 2019-06-11 20:27 - 000000000 ____D C:\Users\mrvit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEmu 2019-06-11 20:27 - 2019-04-15 02:33 - 000319448 _____ (Maiwei Corporation) C:\Windows\system32\Drivers\MEmuDrv.sys 2019-06-11 20:26 - 2019-06-11 20:27 - 000000000 ____D C:\Users\mrvit\AppData\Local\Microvirt 2019-06-11 20:26 - 2019-06-11 20:27 - 000000000 ____D C:\Program Files (x86)\Microvirt 2019-06-11 19:58 - 2019-06-11 19:58 - 000000000 ____D C:\Users\mrvit\AppData\Roaming\Intel Corporation 2019-06-11 19:11 - 2019-06-11 19:11 - 000000000 ____D C:\Users\mrvit\AppData\Local\Caphyon 2019-06-11 19:11 - 2019-06-11 19:11 - 000000000 ____D C:\Program Files (x86)\Intel Corporation 2019-06-07 16:21 - 2019-06-07 16:21 - 000001304 _____ C:\Users\mrvit\AppData\Roaming\Microsoft\Windows\Start Menu\OpenIV.lnk ==================== Jeden miesiąc (zmodyfikowane) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-07-04 18:53 - 2019-02-06 15:52 - 000000000 ____D C:\FRST 2019-07-04 18:45 - 2018-11-24 06:15 - 001763504 _____ C:\Windows\system32\PerfStringBackup.INI 2019-07-04 18:45 - 2018-11-24 03:24 - 000782334 _____ C:\Windows\system32\perfh015.dat 2019-07-04 18:45 - 2018-11-24 03:24 - 000151496 _____ C:\Windows\system32\perfc015.dat 2019-07-04 18:45 - 2018-11-24 03:14 - 000000000 ____D C:\Windows\INF 2019-07-04 18:43 - 2018-11-24 03:16 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-07-04 18:40 - 2019-01-02 23:29 - 000000000 ____D C:\ProgramData\Origin 2019-07-04 18:40 - 2018-12-12 15:02 - 000000000 ____D C:\ProgramData\Package Cache 2019-07-04 18:39 - 2019-03-01 21:58 - 000000000 ____D C:\ProgramData\boost_interprocess 2019-07-04 18:39 - 2018-11-30 16:35 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-07-04 18:39 - 2018-11-24 06:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-07-04 18:39 - 2018-11-24 03:16 - 000000000 ___HD C:\Windows\ELAMBKUP 2019-07-04 18:38 - 2018-11-24 06:04 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2019-07-04 18:38 - 2018-11-24 03:05 - 000262144 _____ C:\Windows\system32\config\BBI 2019-07-04 18:03 - 2019-01-28 20:10 - 000000000 ____D C:\Windows\pss 2019-07-04 18:01 - 2018-11-24 12:58 - 000000000 ____D C:\Users\mrvit 2019-07-04 17:12 - 2018-11-24 06:00 - 000000000 ____D C:\Windows\system32\SleepStudy 2019-07-04 16:38 - 2018-12-13 21:15 - 000000000 ____D C:\Program Files\WinRAR 2019-07-04 15:01 - 2019-03-13 21:06 - 000000000 ____D C:\Users\mrvit\AppData\LocalLow\Mozilla 2019-07-04 14:52 - 2018-12-07 12:23 - 000000000 ____D C:\Program Files\rempl 2019-07-03 23:02 - 2018-11-24 03:16 - 000000000 ____D C:\Windows\LiveKernelReports 2019-07-03 22:49 - 2019-01-20 19:55 - 000000000 ____D C:\Users\mrvit\AppData\Local\ElevatedDiagnostics 2019-07-03 22:16 - 2018-11-30 16:01 - 000004220 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E96743A2-FE1B-49F9-AD10-458548F1F794} 2019-07-03 19:49 - 2018-11-24 18:29 - 000000000 ____D C:\Users\mrvit\AppData\Roaming\IObit 2019-07-03 19:49 - 2018-11-24 18:29 - 000000000 ____D C:\ProgramData\IObit 2019-07-03 19:38 - 2018-11-24 13:05 - 000000000 ____D C:\Users\mrvit\AppData\Local\D3DSCache 2019-07-03 19:33 - 2018-12-11 17:12 - 000000000 ____D C:\Program Files (x86)\Steam 2019-07-03 18:29 - 2019-01-28 21:34 - 000000000 ____D C:\Users\mrvit\AppData\Local\CrashDumps 2019-07-03 15:44 - 2018-11-24 03:16 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2019-07-03 15:41 - 2019-04-09 23:47 - 000000000 ____D C:\Users\mrvit\AppData\Roaming\obs-studio 2019-07-03 14:33 - 2018-12-14 22:51 - 000000000 ____D C:\Users\mrvit\AppData\Roaming\uTorrent 2019-07-03 14:31 - 2019-03-22 14:43 - 000000000 ____D C:\Users\mrvit\AppData\Local\BitTorrentHelper 2019-07-02 23:39 - 2019-02-05 22:42 - 000000000 ____D C:\Sony VEGAS Films 2019-07-02 19:03 - 2019-03-25 15:38 - 000000000 ____D C:\Program Files (x86)\The Sims 4 StrangerVille 2019-07-02 17:41 - 2018-12-29 19:22 - 000000000 ____D C:\Users\mrvit\AppData\Roaming\.minecraft 2019-07-02 17:36 - 2019-01-13 00:25 - 000000000 ____D C:\Users\mrvit\AppData\Roaming\.tlauncher 2019-07-02 16:43 - 2018-12-18 16:19 - 000000000 ____D C:\Users\mrvit\AppData\LocalLow\Red Dot Games 2019-07-01 18:32 - 2018-12-11 16:58 - 000000000 ____D C:\Program Files\Microsoft Office 2019-06-29 13:52 - 2019-02-08 21:19 - 000000000 ____D C:\Users\mrvit\AppData\Roaming\Origin 2019-06-28 18:02 - 2019-02-08 21:31 - 000000000 ____D C:\Program Files (x86)\Origin 2019-06-26 13:08 - 2018-11-24 03:16 - 000000000 ____D C:\Windows\system32\NDF 2019-06-26 12:57 - 2018-11-24 03:16 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-06-25 14:41 - 2019-01-13 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2019-06-25 14:41 - 2019-01-13 00:33 - 000000000 ____D C:\Program Files (x86)\Java 2019-06-25 14:40 - 2019-01-13 00:50 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2019-06-25 14:40 - 2019-01-13 00:49 - 000000000 ____D C:\Program Files\Java 2019-06-25 14:40 - 2019-01-13 00:33 - 000099192 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2019-06-24 12:59 - 2019-03-07 01:12 - 000000000 ____D C:\Users\mrvit\OneDrive\Documents\MEGAsync Downloads 2019-06-23 22:31 - 2019-05-01 16:57 - 000000000 ____D C:\Users\mrvit\AppData\Local\GameAnalytics 2019-06-21 18:24 - 2019-02-08 21:39 - 000000000 ____D C:\Program Files (x86)\Origin Games 2019-06-21 18:23 - 2019-03-01 23:18 - 000000000 ____D C:\Users\mrvit\AppData\Local\babl-0.1 2019-06-21 18:20 - 2019-03-01 23:33 - 000000000 ____D C:\Users\mrvit\AppData\Local\gtk-2.0 2019-06-21 18:15 - 2019-04-15 13:51 - 000000000 ____D C:\Users\mrvit\.dbus-keyrings 2019-06-20 22:05 - 2019-02-04 17:02 - 000000000 ____D C:\ProgramData\Google 2019-06-20 22:05 - 2018-11-24 13:08 - 000000000 ____D C:\Program Files (x86)\Google 2019-06-20 21:00 - 2018-12-13 21:14 - 000000000 ____D C:\Users\mrvit\OneDrive\Documents\Bandicam 2019-06-20 18:35 - 2019-03-05 22:10 - 000000000 ____D C:\Users\mrvit\OneDrive\Documents\Image-Line 2019-06-18 09:40 - 2018-11-24 13:07 - 000000000 ___RD C:\Users\mrvit\OneDrive 2019-06-18 09:40 - 2018-11-24 12:58 - 000002409 _____ C:\Users\mrvit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-06-15 15:44 - 2018-12-13 21:13 - 000000000 ____D C:\Program Files (x86)\BandiMPEG1 2019-06-15 15:01 - 2018-11-24 13:04 - 000000000 ____D C:\Users\mrvit\AppData\Local\Packages 2019-06-15 15:01 - 2018-11-24 03:16 - 000000000 ____D C:\Windows\AppReadiness 2019-06-14 22:33 - 2019-01-28 22:58 - 000000000 ____D C:\Users\mrvit\.android 2019-06-12 14:02 - 2018-07-25 16:40 - 001141744 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys 2019-06-12 14:00 - 2018-08-17 11:54 - 003739552 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap 2019-06-12 14:00 - 2018-08-17 11:54 - 003437632 _____ C:\Windows\system32\atiumd6a.cap 2019-06-12 14:00 - 2018-08-17 11:54 - 003367328 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 001664120 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 001210488 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000922528 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000907232 _____ C:\Windows\SysWOW64\atiapfxx.blb 2019-06-12 14:00 - 2018-08-17 11:54 - 000907232 _____ C:\Windows\system32\atiapfxx.blb 2019-06-12 14:00 - 2018-08-17 11:54 - 000759416 _____ (AMD) C:\Windows\system32\atieclxx.exe 2019-06-12 14:00 - 2018-08-17 11:54 - 000752544 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000571000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000552864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000546880 _____ C:\Windows\system32\amdmiracast.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000492664 _____ C:\Windows\system32\dgtrayicon.exe 2019-06-12 14:00 - 2018-08-17 11:54 - 000481912 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000480400 _____ C:\Windows\system32\GameManager64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000474016 _____ C:\Windows\system32\amdgfxinfo64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000468088 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000439928 _____ C:\Windows\system32\atieah64.exe 2019-06-12 14:00 - 2018-08-17 11:54 - 000382880 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000382584 _____ C:\Windows\SysWOW64\GameManager32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000382368 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000353400 _____ C:\Windows\SysWOW64\atieah32.exe 2019-06-12 14:00 - 2018-08-17 11:54 - 000341112 _____ C:\Windows\system32\clinfo.exe 2019-06-12 14:00 - 2018-08-17 11:54 - 000240248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000211576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000190096 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000183928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000177744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000167208 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000162936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000158840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000156608 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000152184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000137848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000135800 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000133960 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000127760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000127760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000125048 _____ (AMD) C:\Windows\system32\atimuixx.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000123512 _____ C:\Windows\system32\atidxx64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000119712 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000118872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000106880 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000106856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000106104 _____ C:\Windows\SysWOW64\atidxx32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000104864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000069752 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000046224 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll 2019-06-12 14:00 - 2018-08-17 11:54 - 000043128 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll 2019-06-12 13:38 - 2018-11-24 18:29 - 000000000 ____D C:\ProgramData\ProductData 2019-06-12 00:09 - 2018-11-24 03:16 - 000000000 ____D C:\Windows\Registration 2019-06-11 15:40 - 2019-06-01 00:30 - 000004646 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2019-06-11 15:40 - 2019-06-01 00:30 - 000004480 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2019-06-11 15:40 - 2018-11-24 03:16 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2019-06-11 15:40 - 2018-11-24 03:16 - 000000000 ____D C:\Windows\system32\Macromed 2019-06-09 21:36 - 2018-12-14 15:55 - 000000000 ____D C:\Program Files\Rockstar Games 2019-06-09 21:36 - 2018-12-14 15:55 - 000000000 ____D C:\Program Files (x86)\Rockstar Games 2019-06-07 16:21 - 2018-12-14 17:14 - 000000000 ____D C:\Users\mrvit\AppData\Local\New Technology Studio 2019-06-05 11:36 - 2019-03-07 01:10 - 000000000 ____D C:\ProgramData\MEGAsync ==================== SigCheck =============================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) ==================== Koniec FRST.txt ============================