Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2021 Ran by 100pki (ATTENTION: The user is not administrator) on DESKTOP-618BR9T (14-06-2021 21:30:30) Running from C:\Users\100pki\Downloads Loaded Profiles: Maciej & 100pki Platform: Windows 10 Pro Version 20H2 19042.1052 (X64) Language: English (United Kingdom) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avid Technology, Inc. -> Avid Technology, Inc.) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe (Avid Technology, Inc. -> Avid Technology, Inc.) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe (Focusrite Audio Engineering, Ltd.) [File not signed] C:\Program Files\FocusriteUSB\Focusrite Notifier.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <76> (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxAccounts.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe (Spotify AB -> Spotify Ltd) C:\Users\100pki\AppData\Roaming\Spotify\Spotify.exe <6> (WhatsApp, Inc -> WhatsApp) C:\Users\100pki\AppData\Local\WhatsApp\app-2.2121.7\WhatsApp.exe <7> Failed to access process -> atkexComSvc.exe Failed to access process -> ControlServer.exe Failed to access process -> csrss.exe Failed to access process -> csrss.exe Failed to access process -> dasHost.exe Failed to access process -> dllhost.exe Failed to access process -> dwm.exe Failed to access process -> fontdrvhost.exe Failed to access process -> fontdrvhost.exe Failed to access process -> GoogleCrashHandler.exe Failed to access process -> GoogleCrashHandler64.exe Failed to access process -> Hub.exe Failed to access process -> LDSvc.exe Failed to access process -> lsass.exe Failed to access process -> MBAMService.exe Failed to access process -> mDNSResponder.exe Failed to access process -> MMERefresh.exe Failed to access process -> MoUsoCoreWorker.exe Failed to access process -> MsMpEng.exe Failed to access process -> NisSrv.exe Failed to access process -> nvcontainer.exe Failed to access process -> NVDisplay.Container.exe Failed to access process -> NVDisplay.Container.exe Failed to access process -> OfficeClickToRun.exe Failed to access process -> OriginWebHelperService.exe Failed to access process -> QMEmulatorService.exe Failed to access process -> RtkAudUService64.exe Failed to access process -> SearchFilterHost.exe Failed to access process -> SearchIndexer.exe Failed to access process -> SearchProtocolHost.exe Failed to access process -> SecurityHealthService.exe Failed to access process -> services.exe Failed to access process -> SgrmBroker.exe Failed to access process -> smss.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> TransportClient.exe Failed to access process -> wininit.exe Failed to access process -> winlogon.exe Failed to access process -> WmiPrvSE.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [838432 2019-03-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Focusrite Notifier] => C:\Program Files\FocusriteUSB\Focusrite Notifier.exe [3949568 2019-08-02] (Focusrite Audio Engineering, Ltd.) [File not signed] HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [117760 2020-01-02] (Avid Technology, Inc.) [File not signed] HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" HKU\S-1-5-21-545209257-3661697882-1589067416-1004\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2106232 2021-06-14] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-545209257-3661697882-1589067416-1004\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3144824 2021-05-20] (Electronic Arts, Inc. -> Electronic Arts) HKU\S-1-5-21-545209257-3661697882-1589067416-1004\...\Run: [Spotify] => C:\Users\100pki\AppData\Roaming\Spotify\Spotify.exe [24049800 2021-06-14] (Spotify AB -> Spotify Ltd) <==== ATTENTION HKU\S-1-5-21-545209257-3661697882-1589067416-1004\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33698888 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-545209257-3661697882-1589067416-1004\...\MountPoints2: {57f858c6-aac9-11eb-bceb-a85e4551884f} - "F:\Startme.exe" HKU\S-1-5-21-545209257-3661697882-1589067416-1004\...\MountPoints2: {bacc4feb-aa9e-11eb-bcea-a85e4551884f} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-545209257-3661697882-1589067416-1004\...\MountPoints2: {d57d2e7a-bbc6-11eb-bcef-a85e4551884f} - "D:\HiSuiteDownLoader.exe" HKLM\...\Windows x64\Print Processors\Canon iP100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD8F.DLL [28160 2013-07-08] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.77\Installer\chrmstp.exe [2021-06-02] (Google LLC -> Google LLC) Startup: C:\Users\100pki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 6.4.lnk [2021-04-21] ShortcutTarget: LibreOffice 6.4.lnk -> C:\Program Files\LibreOffice\program\quickstart.exe (The Document Foundation -> The Document Foundation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Application Manager.lnk [2020-01-02] ShortcutTarget: Avid Application Manager.lnk -> C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe (Avid Technology, Inc. -> Avid Technology, Inc.) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1f3306af-9075-4247-9256-fbfaa0d6c32f}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{6f1c2904-0c05-4024-830d-aeb8271d34eb}: [DhcpNameServer] 109.197.188.55 91.189.218.147 Tcpip\..\Interfaces\{8b503452-4de4-4786-8a1c-c3609dc7b0f7}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f41a92b3-726e-416f-bbce-3ed61f85f9cf}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\100pki\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-14] FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-06-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-06-13] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR DefaultProfile: Profile 2 CHR Profile: C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Default [2021-06-14] CHR Extension: (Prezentacje) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-20] CHR Extension: (Safe Torrent Scanner) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2021-06-13] CHR Extension: (Dokumenty) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-20] CHR Extension: (Dysk Google) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-20] CHR Extension: (YouTube) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-20] CHR Extension: (Arkusze) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-20] CHR Extension: (Dokumenty Google offline) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-14] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-20] CHR Extension: (Gmail) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-20] CHR Extension: (Chrome Media Router) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-02] CHR Profile: C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-06-14] CHR Profile: C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-06-14] CHR HomePage: Profile 1 -> hxxp://www.google.pl/ CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/" CHR Extension: (Prezentacje) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-16] CHR Extension: (BetterTTV) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2021-05-25] CHR Extension: (Dokumenty) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-16] CHR Extension: (Dysk Google) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-16] CHR Extension: (WOT: Web of Trust, oceny reputacji witryn) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2021-06-10] CHR Extension: (YouTube) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-16] CHR Extension: (Adblock Plus - darmowy adblocker) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-05-21] CHR Extension: (Arkusze) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-16] CHR Extension: (Dokumenty Google offline) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-16] CHR Extension: (Ghostery – Bloker reklam chroniący prywatność) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2021-05-21] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-16] CHR Extension: (Gmail) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-16] CHR Extension: (Chrome Media Router) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-08] CHR Profile: C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-06-14] CHR Extension: (Prezentacje) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-25] CHR Extension: (Safe Torrent Scanner) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2021-06-14] CHR Extension: (Just Black) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2021-06-04] CHR Extension: (Dokumenty) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-25] CHR Extension: (Dysk Google) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-25] CHR Extension: (WOT: Web of Trust, oceny reputacji witryn) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2021-05-25] CHR Extension: (YouTube) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-25] CHR Extension: (Adblock Plus - darmowy adblocker) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-05-25] CHR Extension: (Arkusze) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-25] CHR Extension: (Dokumenty Google offline) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-25] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-25] CHR Extension: (Gmail) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-25] CHR Extension: (Chrome Media Router) - C:\Users\100pki\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-04] CHR Profile: C:\Users\100pki\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-14] CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.36\atkexComSvc.exe [437672 2019-04-01] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) R2 AvidHubService; C:\Program Files\Avid\Cloud Client Services\Hub.exe [2299208 2017-11-09] (Avid Technology, Inc. -> Avid Technology, Inc.) R2 AvidTransportClient; C:\Program Files\Avid\Cloud Client Services\TransportClient.exe [7067464 2017-11-09] (Avid Technology, Inc. -> Avid Technology, Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-06-03] (Microsoft Corporation -> Microsoft Corporation) R2 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [117760 2020-01-02] (Avid Technology, Inc.) [File not signed] S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe [197632 2020-01-02] (Avid Technology, Inc.) [File not signed] S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\21.083.0425.0003\FileSyncHelper.exe [3657064 2021-06-14] (Microsoft Corporation -> Microsoft Corporation) R2 Focusrite Control Server; C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe [1520128 2019-10-03] (Focusrite Audio Engineering Ltd.) [File not signed] S2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [1976880 2019-04-01] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) R3 lmhosts; C:\WINDOWS\System32\svchost.exe [57360 2021-04-22] (Microsoft Windows Publisher -> Microsoft Corporation) R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-04-22] (Microsoft Windows Publisher -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-06-14] (Malwarebytes Inc -> Malwarebytes) R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [57360 2021-04-22] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-04-22] (Microsoft Windows Publisher -> Microsoft Corporation) R2 nsi; C:\WINDOWS\system32\svchost.exe [57360 2021-04-22] (Microsoft Windows Publisher -> Microsoft Corporation) R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-04-22] (Microsoft Windows Publisher -> Microsoft Corporation) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\21.083.0425.0003\OneDriveUpdaterService.exe [4257640 2021-06-14] (Microsoft Corporation -> Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2547344 2021-05-20] (Electronic Arts, Inc. -> Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3487384 2021-05-20] (Electronic Arts, Inc. -> Electronic Arts) R2 QMEmulatorService; C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [201720 2021-03-03] (Tencent Technology(Shenzhen) Company Limited -> Tencent) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-09] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_fd6b823f03746fed\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_fd6b823f03746fed\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [34240 2019-04-01] (ASUSTeK Computer Inc. -> ) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 EneIo; C:\Windows\system32\drivers\ene.sys [16320 2018-03-20] (Ptolemy Tech Co., Ltd -> ) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-28] (Malwarebytes Inc -> Malwarebytes) R3 FocusritePCIeSwRoot; C:\WINDOWS\System32\drivers\FocusritePCIeSwRoot.sys [97480 2016-11-16] (Focusrite Audio Engineering Ltd. -> Focusrite Audio Engineering Ltd.) R3 FocusriteUSBSwRoot; C:\WINDOWS\System32\drivers\FocusriteUSBSwRoot.sys [101512 2019-08-02] (WDKTestCert builds,131886954661028733 -> Focusrite Audio Engineering Ltd.) R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [19392 2018-04-23] (ASUSTeK Computer Inc. -> ) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-06-14] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-06-14] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-06-14] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-09] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-06-14] (Malwarebytes Inc -> Malwarebytes) R3 MSIO; C:\Program Files\Patriot\Aac_Patriot Viper RGB\msio64.sys [25616 2018-02-12] (MICSYS Technology Co., Ltd. -> ) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [812208 2021-04-18] (Tencent Technology(Shenzhen) Company Limited -> TENCENT) S3 UniSafe; C:\Windows\system32\drivers\UniSafe.sys [581912 2021-04-30] (Tencent Technology(Shenzhen) Company Limited -> TENCENT) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-06-14 21:30 - 2021-06-14 21:30 - 000026362 _____ C:\Users\100pki\Downloads\FRST.txt 2021-06-14 21:30 - 2021-06-14 21:30 - 000000000 ____D C:\Users\100pki\Downloads\FRST-OlderVersion 2021-06-14 21:29 - 2021-06-14 21:30 - 002300416 _____ (Farbar) C:\Users\100pki\Downloads\FRST64.exe 2021-06-14 21:29 - 2021-06-14 21:30 - 000000000 ____D C:\FRST 2021-06-14 21:24 - 2021-06-14 21:24 - 000008173 _____ C:\Users\100pki\Desktop\123.txt 2021-06-14 17:12 - 2021-06-14 17:12 - 000000000 _____ C:\Users\100pki\Desktop\New Text Document.txt 2021-06-14 15:26 - 2021-06-14 15:26 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-06-14 15:26 - 2021-06-14 15:26 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-06-14 15:26 - 2021-06-14 15:26 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-06-14 15:26 - 2021-06-14 15:26 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-06-14 15:23 - 2021-06-14 15:23 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2021-06-14 00:17 - 2021-06-14 00:17 - 000320301 _____ C:\Users\100pki\Downloads\Świadek anonimowy_0.pptx 2021-06-14 00:17 - 2021-06-14 00:17 - 000320301 _____ C:\Users\100pki\Downloads\Świadek anonimowy_0 (1).pptx 2021-06-14 00:02 - 2021-06-14 00:02 - 000095225 _____ C:\Users\100pki\Downloads\skanwezpatkowski.pdf 2021-06-13 23:26 - 2021-06-13 23:26 - 000000000 ___SD C:\Users\100pki\Documents\Moje źródła danych 2021-06-13 22:44 - 2021-06-13 22:44 - 000000000 ____D C:\Users\100pki\Documents\Niestandardowe szablony pakietu Office 2021-06-13 22:32 - 2021-06-13 22:32 - 000000000 ___RD C:\Users\Default\OneDrive 2021-06-13 22:31 - 2021-06-14 15:23 - 000002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-06-13 22:31 - 2021-06-14 15:23 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive 2021-06-13 22:31 - 2021-06-13 22:31 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2021-06-13 22:29 - 2021-06-13 22:29 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2021-06-13 22:29 - 2021-06-13 22:29 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2021-06-13 22:29 - 2021-06-13 22:29 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2021-06-13 22:29 - 2021-06-13 22:29 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk 2021-06-13 22:29 - 2021-06-13 22:29 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2021-06-13 22:29 - 2021-06-13 22:29 - 000002405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2021-06-13 22:29 - 2021-06-13 22:29 - 000002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2021-06-13 22:29 - 2021-06-13 22:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Narzędzia pakietu Microsoft Office 2021-06-13 22:22 - 2021-06-13 22:29 - 000000000 ____D C:\Program Files\Microsoft Office 2021-06-13 22:22 - 2021-06-13 22:22 - 000000000 ____D C:\Program Files\Microsoft Office 15 2021-06-13 20:50 - 2021-06-13 20:50 - 000001859 _____ C:\Users\100pki\Documents\Tabela lista nr 3 Maciej Kryżar0.odb 2021-06-13 20:46 - 2021-06-13 20:46 - 000025216 _____ C:\Users\100pki\Desktop\Tabela lista nr 3 Maciej Kryżar.odt 2021-06-13 20:28 - 2021-06-13 20:28 - 000238130 _____ C:\Users\100pki\Downloads\Lista 3 - Korespondencja seryjna.pdf 2021-06-13 20:23 - 2021-06-13 20:23 - 000025124 _____ C:\Users\100pki\Desktop\Lista nr 2 Maciej Kryżar.odt 2021-06-12 14:28 - 2021-06-12 14:28 - 000485595 _____ C:\Users\100pki\Desktop\gagavid3.mp4 2021-06-12 14:17 - 2021-06-12 14:17 - 001768464 _____ C:\Users\100pki\Desktop\gagavid2.mp4 2021-06-12 14:08 - 2021-06-12 14:08 - 003437233 _____ C:\Users\100pki\Desktop\gagavid.mp4 2021-06-11 15:33 - 2021-06-11 15:33 - 000108032 _____ C:\Users\100pki\Downloads\lista_exel (3).xls 2021-06-11 15:33 - 2021-06-11 15:33 - 000108032 _____ C:\Users\100pki\Desktop\lista_exel (3).xls 2021-06-10 18:37 - 2021-06-11 16:14 - 000041531 _____ C:\Users\100pki\Desktop\Lista nr 5 Maciej Kryżar.ods 2021-06-10 17:55 - 2021-06-10 17:55 - 000071168 _____ C:\Users\100pki\Downloads\lista_exel (2).xls 2021-06-10 17:55 - 2021-06-10 17:55 - 000071168 _____ C:\Users\100pki\Desktop\lista_exel (2).xls 2021-06-09 23:40 - 2021-06-09 23:40 - 000254633 _____ C:\Users\100pki\Downloads\Zawody-prawnicze-odpowiedzi-na-pytania.pdf 2021-06-09 23:40 - 2021-06-09 23:40 - 000254633 _____ C:\Users\100pki\Desktop\Zawody-prawnicze-odpowiedzi-na-pytania.pdf 2021-06-09 18:26 - 2021-06-09 18:26 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-06-09 18:26 - 2021-06-09 18:26 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-06-09 18:26 - 2021-06-09 18:26 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-06-09 18:26 - 2021-06-09 18:26 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2021-06-09 18:26 - 2021-06-09 18:26 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-06-09 18:26 - 2021-06-09 18:26 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-06-09 18:26 - 2021-06-09 18:26 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-06-09 18:26 - 2021-06-09 18:26 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-06-09 18:26 - 2021-06-09 18:26 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-06-09 18:26 - 2021-06-09 18:26 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-06-09 18:26 - 2021-06-09 18:26 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-06-09 18:26 - 2021-06-09 18:26 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-06-09 18:26 - 2021-06-09 18:26 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-06-09 18:26 - 2021-06-09 18:26 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-06-09 18:26 - 2021-06-09 18:26 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-06-09 18:26 - 2021-06-09 18:26 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-06-09 18:26 - 2021-06-09 18:26 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-06-09 18:26 - 2021-06-09 18:26 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-06-09 17:16 - 2021-06-09 23:39 - 000032516 _____ C:\Users\100pki\Desktop\Zawody prawnicze odpowiedzi na pytania.odt 2021-06-08 15:33 - 2021-06-08 15:32 - 119854407 _____ C:\Users\100pki\Desktop\Prawo Konstytucyjne 27.02.2021wykład.mp4 2021-06-08 15:32 - 2021-06-08 15:32 - 119854407 _____ C:\Users\100pki\Downloads\Prawo Konstytucyjne 27.02.2021wykład.mp4 2021-06-08 15:31 - 2021-06-08 15:29 - 136053200 _____ C:\Users\100pki\Desktop\Prawo Konstytucyjne wykłąd 29.05.2021.mp4 2021-06-08 15:28 - 2021-06-08 15:29 - 136053200 _____ C:\Users\100pki\Downloads\Prawo Konstytucyjne wykłąd 29.05.2021.mp4 2021-06-08 13:43 - 2021-06-08 13:43 - 000463703 _____ C:\Users\100pki\Desktop\oświadczenie US skan.pdf 2021-06-08 12:40 - 2021-06-08 12:47 - 000014220 _____ C:\Users\100pki\Downloads\us oświdczenie.odt 2021-06-07 23:11 - 2021-06-07 23:11 - 000000000 ____D C:\Users\100pki\AppData\Roaming\Macromedia 2021-06-07 23:10 - 2021-06-07 23:10 - 000000222 _____ C:\Users\100pki\Desktop\The Binding of Isaac.url 2021-06-07 23:10 - 2021-06-07 23:10 - 000000222 _____ C:\Users\100pki\Desktop\Stellaris.url 2021-06-05 20:49 - 2021-06-05 20:49 - 000000000 ____D C:\Users\100pki\AppData\Local\PaceAP 2021-06-05 20:49 - 2021-06-05 20:49 - 000000000 ____D C:\Users\100pki\AppData\Local\PACE 2021-06-02 14:56 - 2021-06-02 14:56 - 003963192 _____ (Don HO don.h@free.fr) C:\Users\100pki\Downloads\npp.7.9.5.Installer.exe 2021-06-02 14:56 - 2021-06-02 14:56 - 000001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk 2021-06-02 14:56 - 2021-06-02 14:56 - 000001088 _____ C:\Users\Public\Desktop\Notepad++.lnk 2021-06-02 14:56 - 2021-06-02 14:56 - 000000000 ____D C:\Program Files (x86)\Notepad++ 2021-06-01 15:18 - 2021-06-01 15:18 - 000071168 _____ C:\Users\100pki\Downloads\lista_exel.xls 2021-06-01 15:18 - 2021-06-01 15:18 - 000071168 _____ C:\Users\100pki\Downloads\lista_exel (1).xls 2021-05-29 08:21 - 2021-05-29 08:20 - 000295936 _____ C:\Users\100pki\Desktop\Szkolenie dotyczące bezpiecznych i higienicznych warunków kształcenia 2020 2021 (1).pps 2021-05-29 08:20 - 2021-05-29 08:20 - 000297984 _____ C:\Users\100pki\Downloads\Szkolenie dotyczące bezpiecznych i higienicznych warunków kształcenia 2020 2021.pps 2021-05-29 08:20 - 2021-05-29 08:20 - 000297984 _____ C:\Users\100pki\Downloads\Szkolenie dotyczące bezpiecznych i higienicznych warunków kształcenia 2020 2021 (1).pps 2021-05-28 17:21 - 2021-05-28 17:21 - 000160762 _____ C:\Users\100pki\Downloads\Ewidencja zwrotów dla kasy fiskalnej.pdf 2021-05-28 17:21 - 2021-05-28 17:21 - 000022688 _____ C:\Users\100pki\Downloads\Wzór protokołu zwrotu towarów.pdf 2021-05-27 16:47 - 2021-05-27 16:47 - 000009559 _____ C:\Users\100pki\Downloads\Ewidencja Sprzedaży Bezrachunkowej 01,2021.xlsx 2021-05-26 19:00 - 2021-05-26 19:00 - 000060655 _____ C:\Users\100pki\Downloads\pko_trans_details_20210526_190001.pdf 2021-05-26 17:10 - 2021-05-26 17:10 - 000000000 _____ C:\Users\100pki\Desktop\Cennik.txt 2021-05-25 15:40 - 2021-05-25 15:40 - 000040117 _____ C:\Users\100pki\Downloads\2021, marzec.pdf 2021-05-25 15:39 - 2021-05-25 15:39 - 000058945 _____ C:\Users\100pki\Downloads\2021, styczeń.pdf 2021-05-25 15:39 - 2021-05-25 15:39 - 000043567 _____ C:\Users\100pki\Downloads\2021, luty.pdf 2021-05-25 15:37 - 2021-05-25 15:37 - 000047667 _____ C:\Users\100pki\Downloads\2020, grudzień.pdf 2021-05-25 15:36 - 2021-05-25 15:36 - 000067947 _____ C:\Users\100pki\Downloads\2020, listopad.pdf 2021-05-25 15:29 - 2021-05-25 15:45 - 000002484 _____ C:\Users\100pki\Desktop\Jan (Janas) - Chrome.lnk 2021-05-24 22:10 - 2021-05-24 22:10 - 000000000 ____D C:\Users\100pki\AppData\Local\Apple Computer 2021-05-23 23:31 - 2021-05-23 23:31 - 000314376 _____ C:\Users\100pki\Downloads\Maciej Kryżar Ustrój organów praca zaliczeniowa (1).pdf 2021-05-23 23:31 - 2021-05-23 23:31 - 000314376 _____ C:\Users\100pki\Desktop\Maciej Kryżar Ustrój organów praca zaliczeniowa (1).pdf 2021-05-23 23:30 - 2021-05-23 23:30 - 000280910 _____ C:\Users\100pki\Downloads\Maciej Kryżar Ustrój organów praca zaliczeniowa.pdf 2021-05-23 21:15 - 2021-05-23 21:15 - 000218245 _____ C:\Users\100pki\Downloads\Dokument3 (5).pdf 2021-05-23 21:14 - 2021-05-23 21:14 - 000188682 _____ C:\Users\100pki\Downloads\Dokument3 (4).pdf 2021-05-22 20:30 - 2021-06-02 00:11 - 000000000 ____D C:\Users\100pki\AppData\Local\osu! 2021-05-22 20:30 - 2021-05-22 20:30 - 000001020 _____ C:\Users\100pki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk 2021-05-22 20:30 - 2021-05-22 20:30 - 000001012 _____ C:\Users\100pki\Desktop\osu!.lnk 2021-05-21 17:37 - 2021-05-21 17:37 - 000000000 ____D C:\Games 2021-05-18 21:50 - 2021-05-18 21:50 - 000430912 _____ C:\Users\100pki\Downloads\Problematyka klasyfikacji zaburzeń afektywnych (1).pdf 2021-05-18 21:36 - 2021-05-18 21:36 - 000526213 _____ C:\Users\100pki\Downloads\Problematyka klasyfikacji zaburzeń afektywnych.pdf 2021-05-18 21:15 - 2021-05-18 21:15 - 000430773 _____ C:\Users\100pki\Downloads\Dokument3 (3).pdf 2021-05-18 21:14 - 2021-05-18 21:14 - 000430528 _____ C:\Users\100pki\Downloads\Dokument3 (2).pdf 2021-05-18 21:12 - 2021-05-18 21:12 - 000430828 _____ C:\Users\100pki\Downloads\Dokument3 (1).pdf 2021-05-18 21:11 - 2021-05-18 21:11 - 000430574 _____ C:\Users\100pki\Downloads\Dokument3.pdf 2021-05-16 13:02 - 2021-06-14 15:28 - 000000000 ____D C:\Users\100pki\AppData\Roaming\discord 2021-05-16 13:02 - 2021-06-14 15:28 - 000000000 ____D C:\Users\100pki\AppData\Local\Discord 2021-05-16 13:02 - 2021-05-26 15:36 - 000002232 _____ C:\Users\100pki\Desktop\Discord.lnk 2021-05-16 13:02 - 2021-05-16 13:02 - 070939752 _____ (Discord Inc.) C:\Users\100pki\Downloads\DiscordSetup.exe 2021-05-16 13:02 - 2021-05-16 13:02 - 000000000 ____D C:\Users\100pki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2021-05-16 13:00 - 2021-05-21 17:03 - 000002484 _____ C:\Users\100pki\Desktop\Night (Janek) - Chrome.lnk 2021-05-16 13:00 - 2021-05-16 13:00 - 000002440 _____ C:\Users\100pki\Desktop\Maciek - Chrome.lnk ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-06-14 21:30 - 2021-04-20 19:35 - 000000000 ____D C:\Users\100pki\AppData\Roaming\WhatsApp 2021-06-14 21:30 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-06-14 20:28 - 2021-04-21 23:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-06-14 20:21 - 2021-04-24 20:48 - 000000000 ____D C:\Users\100pki\AppData\Roaming\Spotify 2021-06-14 19:05 - 2021-04-28 16:06 - 000000000 ____D C:\Program Files\CCleaner 2021-06-14 15:37 - 2021-04-24 20:49 - 000000000 ____D C:\Users\100pki\AppData\Local\Spotify 2021-06-14 15:28 - 2021-04-20 19:05 - 000000000 ____D C:\Program Files (x86)\Battle.net 2021-06-14 15:26 - 2021-04-28 16:08 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-06-14 15:26 - 2021-04-28 16:08 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-06-14 15:25 - 2021-04-24 21:33 - 000000000 ____D C:\Program Files (x86)\Steam 2021-06-14 15:25 - 2021-04-21 17:23 - 000000000 ____D C:\Users\100pki\AppData\Local\CrashDumps 2021-06-14 15:24 - 2021-04-20 19:06 - 000000000 ____D C:\Users\100pki\AppData\Local\Battle.net 2021-06-14 15:23 - 2021-04-20 18:59 - 000000000 ___RD C:\Users\100pki\OneDrive 2021-06-14 15:23 - 2020-01-02 12:55 - 000000000 ____D C:\ProgramData\NVIDIA 2021-06-14 00:17 - 2021-04-20 18:58 - 000000000 ____D C:\Users\100pki\AppData\Local\Packages 2021-06-13 22:31 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-06-13 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-06-13 22:29 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2021-06-13 22:27 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-06-13 19:03 - 2020-06-15 23:48 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-06-13 19:03 - 2020-06-15 23:48 - 000002286 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-06-12 20:51 - 2020-01-02 13:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-06-12 14:08 - 2021-04-20 19:26 - 000000000 ___RD C:\Users\100pki\Desktop\work bitch 2021-06-12 14:05 - 2021-04-20 19:35 - 000000000 ____D C:\Users\100pki\AppData\Local\WhatsApp 2021-06-12 14:05 - 2021-04-20 19:35 - 000000000 ____D C:\Users\100pki\AppData\Local\SquirrelTemp 2021-06-10 01:08 - 2021-04-22 00:52 - 000788504 _____ C:\WINDOWS\system32\perfh015.dat 2021-06-10 01:08 - 2021-04-22 00:52 - 000156208 _____ C:\WINDOWS\system32\perfc015.dat 2021-06-10 01:08 - 2021-04-21 23:11 - 001767980 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-06-10 01:02 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-06-10 01:01 - 2021-04-21 23:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-06-10 01:01 - 2021-04-21 23:03 - 000497304 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-06-10 01:01 - 2021-04-21 23:02 - 000008192 ___SH C:\DumpStack.log.tmp 2021-06-10 01:00 - 2019-12-07 16:49 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-06-10 01:00 - 2019-12-07 16:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB 2021-06-10 01:00 - 2019-12-07 16:45 - 000000000 ____D C:\WINDOWS\en-GB 2021-06-10 01:00 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-06-10 01:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-06-10 01:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-06-10 01:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-06-10 01:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-06-10 01:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-06-10 01:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-06-10 01:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-06-10 01:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-06-10 01:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-06-10 01:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-06-10 01:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-06-09 21:10 - 2021-04-28 16:08 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-06-09 18:28 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-06-09 18:22 - 2020-01-02 12:48 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-06-09 18:21 - 2020-01-02 12:48 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-06-08 23:08 - 2021-04-21 23:03 - 000000000 ____D C:\Users\100pki 2021-06-02 19:31 - 2020-06-15 21:51 - 000000000 ____D C:\Program Files (x86)\Origin 2021-06-02 19:31 - 2020-06-15 21:47 - 000000000 ____D C:\ProgramData\Origin 2021-06-02 13:47 - 2020-01-02 20:29 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-06-02 13:47 - 2020-01-02 20:29 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-06-02 13:46 - 2021-04-20 19:13 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-05-30 17:35 - 2021-04-20 18:59 - 000000000 ____D C:\Users\100pki\AppData\Local\PlaceholderTileLogoFolder 2021-05-27 21:16 - 2021-05-06 22:32 - 000000719 _____ C:\Users\100pki\Desktop\orders.txt 2021-05-26 18:36 - 2021-04-20 18:59 - 000000000 ____D C:\Users\100pki\AppData\Local\D3DSCache 2021-05-25 07:48 - 2021-04-20 19:13 - 000725304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll 2021-05-25 07:48 - 2021-04-20 19:13 - 000470328 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll 2021-05-21 01:14 - 2020-06-15 21:52 - 000000000 ____D C:\Program Files (x86)\Origin Games 2021-05-18 23:54 - 2021-05-02 22:20 - 000000000 ____D C:\Users\100pki\Downloads\SCP - Containment Breach v1.3.11 2021-05-16 23:17 - 2020-06-17 00:57 - 000001443 _____ C:\Users\Public\Desktop\The Sims 4.lnk 2021-05-16 22:49 - 2020-06-17 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4 2021-05-16 22:49 - 2020-01-02 12:55 - 000000000 ____D C:\ProgramData\Package Cache ==================== FLock ============================== 2021-06-13 22:31 C:\Config.Msi 2021-04-27 23:32 C:\DumpStack.log 2019-12-07 11:14 C:\PerfLogs 2021-06-10 15:51 C:\WINDOWS\system32\config 2019-12-07 11:31 C:\WINDOWS\system32\Configuration 2019-12-07 11:14 C:\WINDOWS\system32\DriverState 2019-12-07 16:46 C:\WINDOWS\system32\FxsTmp 2019-12-07 11:14 C:\WINDOWS\system32\ias 2021-04-22 01:02 C:\WINDOWS\system32\MsDtc 2019-12-07 11:14 C:\WINDOWS\system32\networklist 2021-06-14 20:28 C:\WINDOWS\system32\SleepStudy 2021-06-14 21:28 C:\WINDOWS\system32\sru 2021-06-14 15:23 C:\WINDOWS\system32\Tasks 2021-04-22 01:02 C:\WINDOWS\system32\Tasks_Migrated 2021-05-12 23:55 C:\WINDOWS\system32\WDI 2021-06-13 22:27 C:\Program Files\WindowsApps 2021-04-21 23:07 C:\WINDOWS\diagerr.xml 2021-04-21 23:07 C:\WINDOWS\diagwrn.xml 2021-05-08 11:36 C:\WINDOWS\LiveKernelReports 2021-05-02 00:06 C:\WINDOWS\MEMORY.DMP 2021-05-02 00:06 C:\WINDOWS\Minidump 2019-12-07 11:14 C:\WINDOWS\ModemLogs 2021-06-14 21:30 C:\WINDOWS\Prefetch 2021-04-21 23:03 C:\WINDOWS\ServiceState 2021-06-14 21:24 C:\WINDOWS\Temp 2019-12-07 11:31 C:\WINDOWS\SysWOW64\config 2019-12-07 11:31 C:\WINDOWS\SysWOW64\Configuration 2019-12-07 16:46 C:\WINDOWS\SysWOW64\FxsTmp 2019-12-07 11:14 C:\WINDOWS\SysWOW64\Msdtc 2019-12-07 11:14 C:\WINDOWS\SysWOW64\networklist 2019-12-07 11:14 C:\WINDOWS\SysWOW64\sru 2019-12-07 11:31 C:\WINDOWS\SysWOW64\Tasks 2019-12-07 11:14 C:\WINDOWS\system32\Drivers\DriverData 2021-04-28 16:06 C:\Users\Maciej 2021-04-21 23:07 C:\ProgramData\Packages 2019-12-07 16:49 C:\ProgramData\WindowsHolographicDevices ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened. Access is denied. ==================== End of FRST.txt ========================