Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 11-05-2022 Uruchomiony przez Artur (administrator) DESKTOP-IMJL480 (LENOVO 90DA00BHPB) (15-05-2022 11:53:17) Uruchomiony z C:\FRST\FRST64 Załadowane profile: Artur Platform: Microsoft Windows 10 Home Wersja 21H1 19043.1645 (X64) Język: Polski (Polska) Domyślna przeglądarka: FF Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (C:\Program Files\IObit Malware Fighter\IMF.exe ->) (IObit CO., LTD -> IObit) C:\Program Files\IObit Malware Fighter\IMFCore.exe (C:\Program Files\IObit Malware Fighter\IMF.exe ->) (IObit CO., LTD -> IObit) C:\Program Files\IObit Malware Fighter\IMFTips.exe (C:\Program Files\IObit Malware Fighter\IMFSrv.exe ->) (IObit CO., LTD -> IObit) C:\Program Files\IObit Malware Fighter\IMFSrvWsc.exe (C:\Windows\jmesoft\Service.exe ->) () [Brak podpisu cyfrowego] C:\Windows\jmesoft\JME_LOAD.exe (explorer.exe ->) () [Brak podpisu cyfrowego] C:\Users\artur\Desktop\Programy\Gopher.exe (services.exe ->) () [Brak podpisu cyfrowego] C:\Windows\jmesoft\Service.exe (services.exe ->) (Cybereason) [Brak podpisu cyfrowego] C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe (services.exe ->) (Intel Corporation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe (services.exe ->) (Intel(R) Online Connect Access -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe (services.exe ->) (Intel(R) Online Connect Access -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe (services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_fc9ac11e55f51133\RstMwService.exe (services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files\IObit Malware Fighter\IMFSrv.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvleig.inf_amd64_7155597ac7927b1b\Display.NvContainer\NVDisplay.Container.exe <2> (svchost.exe ->) (Cybereason) [Brak podpisu cyfrowego] C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe (svchost.exe ->) (IObit) [Brak podpisu cyfrowego] C:\Program Files\IObit Malware Fighter\IMF.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBar.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM-x32\...\Run: [jmekey] => C:\Windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] () [Brak podpisu cyfrowego] HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit Malware Fighter\IMF.exe [6843904 2022-04-19] (IObit) [Brak podpisu cyfrowego] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707768 2022-03-10] (Oracle America, Inc. -> Oracle Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-2561776743-2069909383-181985334-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKLM\...\Windows x64\Print Processors\Canon MG2400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBW.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Windows x64\Print Processors\LogMeIn Print Processor: C:\Windows\System32\spool\prtprocs\x64\LMIproc.dll [60416 2016-01-29] (LogMeIn, Inc. -> LogMeIn, Inc.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2400 series: C:\Windows\system32\CNMLMBW.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2400 series XPS: C:\Windows\system32\CNMXLMBW.DLL [393728 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\LM_LMAD1P: LMAD1PLANG.DLL HKLM\...\Print\Monitors\LogMeIn Printer Port Monitor: C:\Windows\system32\LMIport.dll [35328 2016-01-29] (LogMeIn, Inc. -> LogMeIn, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2017-06-08] (LogMeIn, Inc. -> LogMeIn, Inc.) GroupPolicy: Ograniczenia ? <==== UWAGA Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {05FBAF61-17BA-4E8A-A1B5-22B5DA38C248} - System32\Tasks\MSIAfterburner => C:\Program Files\MSI Afterburner\MSIAfterburner.exe /s (Brak pliku) Task: {09C73266-DEBA-4EF2-8796-59F542F31800} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138680 2022-04-06] (Microsoft Corporation -> Microsoft Corporation) Task: {0CB472F9-271B-4220-A95F-C2245E768C58} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138680 2022-04-06] (Microsoft Corporation -> Microsoft Corporation) Task: {120364C5-9FC5-49FF-AD52-6F32583A1C63} - \Lenovo\ImController\Lenovo iM Controller Monitor -> Brak pliku <==== UWAGA Task: {12C5F7A3-906D-42A4-81D1-911EBC2A3505} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.) Task: {1A85C2F1-FFF6-4889-8751-76B32186E359} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.) Task: {1BFBE3AE-574D-49BB-A40D-E13A890BB4C5} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [61336 2022-04-06] (Microsoft Corporation -> Microsoft Corporation) Task: {1DC5F3C3-124C-4D56-A5FD-31EFDFC48F94} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {2C803326-14DA-48C7-A847-780DD6CD5FBE} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-09-29] (Intel(R) Software Asset Manager -> Intel Corporation) Task: {2FC817C7-9200-40E5-AAC5-283C818B4B17} - \Lenovo\ImController\TimeBasedEvents\02d3d49a-48e1-4fe9-b2ad-41553698c3c8 -> Brak pliku <==== UWAGA Task: {373979B9-4981-44BD-9CD4-5A81237A50A4} - System32\Tasks\Opera scheduled Autoupdate 1603030055 => C:\Users\artur\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Brak pliku) Task: {583A16C6-EDDE-4E0B-8220-BCE1D75EC55E} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [1065984 2017-11-20] (Cybereason) [Brak podpisu cyfrowego] Task: {614C7115-1238-489A-A4FF-8B7DFBA1E328} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.) Task: {6A547354-8DC0-40E2-A95B-26D294390E36} - \Lenovo\ImController\TimeBasedEvents\ec0a5ff0-290a-4a21-a091-85c2c845484f -> Brak pliku <==== UWAGA Task: {6C1CD9D4-8F34-4693-84B4-DC55DFDE672F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-06] (Microsoft Corporation -> Microsoft Corporation) Task: {6E96B26B-B35A-402C-AAD8-876CDC4C21DA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-11-02] (Nvidia Corporation -> NVIDIA Corporation) Task: {84504143-DAF6-4CB5-985D-D31BA7D1BE30} - System32\Tasks\CCleanerSkipUAC - Artur => C:\Program Files\CCleaner\CCleaner.exe [36820992 2022-05-12] (Piriform Software Ltd) [Brak podpisu cyfrowego] Task: {8B1EDD85-FEC3-44F3-B90B-433AF972CD45} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.) Task: {8F58024A-B3EA-4D6F-B446-64906637110C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK Task: {97CA6D9F-8FD3-4D21-84B4-2599440C5E9C} - System32\Tasks\IMF_SkipUAC_Artur => C:\Program Files\IObit Malware Fighter\IMF.exe [6843904 2022-04-19] (IObit) [Brak podpisu cyfrowego] Task: {A91148A5-5A63-4438-B2B9-E49414E7CAED} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {AD48203F-A78A-44A4-B9EC-404735D52222} - \Lenovo\ImController\TimeBasedEvents\3a5accd0-640a-44bf-a949-7823bb8f2f07 -> Brak pliku <==== UWAGA Task: {B123DBFB-5981-45EE-926F-83A4479CD75E} - System32\Tasks\Driver Booster SkipUAC (Artur) => C:\Program Files\IObit\Driver Booster\9.3.0\DriverBooster.exe [8662600 2022-04-19] (IObit CO., LTD -> IObit) Task: {B4CE091C-DA2C-44A3-B3BA-4DC6051A0DE9} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService Task: {BD4F2F38-0271-4DDF-8D3E-BB0EE737CC36} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-11-02] (Nvidia Corporation -> NVIDIA Corporation) Task: {C890970D-0A23-47D9-806C-90145676F7E5} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [1065984 2017-11-20] (Cybereason) [Brak podpisu cyfrowego] Task: {CA571AB3-BFE2-474D-AF25-8252E9D11ECB} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-09-29] (Intel(R) Software Asset Manager -> Intel Corporation) Task: {CB4DCEE0-1036-4B84-B033-C6B862515516} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) Task: {CB69A072-546E-450C-AE0B-6A92E960E13A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-06] (Microsoft Corporation -> Microsoft Corporation) Task: {DFD5B7D1-7D4A-4479-86C1-5C6D20C3F31E} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> Brak pliku <==== UWAGA Task: {E53080EE-76F5-4C95-9F24-902C7D4CC218} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe (Brak pliku) Task: {E641BDF9-9116-49C5-82E7-946F5A067E02} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> Brak pliku <==== UWAGA Task: {F53121B7-8864-464F-B791-965442926E77} - \Lenovo\ImController\TimeBasedEvents\1472d226-c4b0-463e-889c-b6b552c460f7 -> Brak pliku <==== UWAGA Task: {FE264334-CF37-4437-BBF8-6B52E322D09E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-07-06] (LENOVO -> Lenovo) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2: <==== UWAGA (Ograniczenia - Zones) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 31.11.173.2 89.228.4.126 Tcpip\..\Interfaces\{0a1b9405-ca63-4159-b775-279dac3e2415}: [DhcpNameServer] 31.11.173.2 89.228.4.126 Tcpip\..\Interfaces\{61986461-adc7-46a4-9547-85ea402de043}: [DhcpNameServer] 31.11.173.2 89.228.4.126 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA Edge: ======= DownloadDir: C:\Users\artur\Downloads Edge Extension: (Brak nazwy) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nie znaleziono] Edge Extension: (Brak nazwy) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nie znaleziono] Edge Extension: (Brak nazwy) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nie znaleziono] Edge Extension: (Brak nazwy) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nie znaleziono] Edge DefaultProfile: Default Edge Profile: C:\Users\artur\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-15] Edge StartupUrls: Default -> "hxxp://google.pl/" Edge Extension: (Vod Panel) - C:\Users\artur\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ffdpmjengmnmkhgoidfgpmfacdpcfhhk [2022-04-24] Edge Extension: (EditThisCookie) - C:\Users\artur\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2022-05-01] FireFox: ======== FF DefaultProfile: hkpdnodi.default-1555771013490 FF ProfilePath: C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release [2022-05-15] FF user.js: detected! => C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release\user.js [2020-11-29] FF Homepage: Mozilla\Firefox\Profiles\z1nn2h7u.default-release -> hxxps://www.google.pl/ FF NewTab: Mozilla\Firefox\Profiles\z1nn2h7u.default-release -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-24 11:09:39&bName= FF Notifications: Mozilla\Firefox\Profiles\z1nn2h7u.default-release -> hxxps://mail.google.com FF Extension: (Hoxx VPN Proxy) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release\Extensions\@hoxx-vpn.xpi [2022-05-06] FF Extension: (Enhancer for YouTube™) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2022-04-03] FF Extension: (Ghostery – Bloker reklam chroniący prywatność) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release\Extensions\firefox@ghostery.com.xpi [2022-05-04] FF Extension: (Tampermonkey) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release\Extensions\firefox@tampermonkey.net.xpi [2022-05-12] FF Extension: (Polski Language Pack) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release\Extensions\langpack-pl@firefox.mozilla.org.xpi [2022-05-15] FF Extension: (IDM Integration Module) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2022-05-12] FF Extension: (Polish Spellchecker Dictionary) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release\Extensions\pl@dictionaries.addons.mozilla.org.xpi [2022-02-18] FF Extension: (Polska Ciasteczkowa Zgoda) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release\Extensions\PolishCookieConsentExt@polishannoyancefilters.netlify.com.xpi [2022-02-13] FF Extension: (Google Translator for Firefox) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release\Extensions\translator@zoli.bod.xpi [2020-09-13] FF Extension: (uBlock Origin) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release\Extensions\uBlock0@raymondhill.net.xpi [2022-04-09] FF Extension: (Imagus) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release\Extensions\{00000f2a-7cde-4f20-83ed-434fcb420d71}.xpi [2020-04-13] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx] FF Extension: (LegiaWWA) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release\Extensions\{3cd5afc9-57c7-48c1-9062-183aef451960}.xpi [2019-07-11] FF Extension: (Video DownloadHelper) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\z1nn2h7u.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-07-06] FF ProfilePath: C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490 [2022-05-15] FF user.js: detected! => C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\user.js [2020-11-29] FF Homepage: Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490 -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-24 11:09:39&bName= FF NewTab: Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490 -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-24 11:09:39&bName= FF Extension: (Facebook Container) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\Extensions\@contain-facebook.xpi [2019-07-08] FF Extension: (Hoxx VPN Proxy) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\Extensions\@hoxx-vpn.xpi [2019-06-10] FF Extension: (Enhancer for YouTube™) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2019-07-11] FF Extension: (ETP Search Volume Study) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-06-27] FF Extension: (Ghostery – Bloker reklam chroniący prywatność) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\Extensions\firefox@ghostery.com.xpi [2019-05-10] FF Extension: (Polska Ciasteczkowa Zgoda) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\Extensions\PolishCookieConsentExt@polishannoyancefilters.netlify.com.xpi [2019-07-10] FF Extension: (Google Translator for Firefox) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\Extensions\translator@zoli.bod.xpi [2019-04-20] FF Extension: (uBlock Origin) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\Extensions\uBlock0@raymondhill.net.xpi [2019-07-10] FF Extension: (Imagus) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\Extensions\{00000f2a-7cde-4f20-83ed-434fcb420d71}.xpi [2019-05-12] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx] FF Extension: (LegiaWWA) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\Extensions\{3cd5afc9-57c7-48c1-9062-183aef451960}.xpi [2019-05-14] FF Extension: (Antyslajd) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\Extensions\{46dcd82e-3708-4f33-b55c-5d281ccca044}.xpi [2019-07-11] FF Extension: (Poland Flag) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\Extensions\{d25d946e-4565-4b64-8151-c1eed9f7ac4a}.xpi [2019-07-11] FF Extension: (Nano Defender) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\Extensions\{f9cacf2e-cafc-4f0f-b6ad-8e1a01b4b4d0}.xpi [2019-07-07] [UpdateUrl:hxxps://raw.githubusercontent.com/LiCybora/NanoDefenderFirefox/master/Extension%20Compiler/updates.json] FF Extension: (Nano Defender) - C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\hkpdnodi.default-1555771013490\Extensions\{fcf60470-b210-4c17-969e-9ae01491071e}.xpi [2019-07-11] FF ProfilePath: C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\lvgvmc6u.user [2021-06-15] FF user.js: detected! => C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\lvgvmc6u.user\user.js [2020-11-29] FF Homepage: Mozilla\Firefox\Profiles\lvgvmc6u.user -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-24 11:09:39&bName= FF NewTab: Mozilla\Firefox\Profiles\lvgvmc6u.user -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-24 11:09:39&bName= FF ProfilePath: C:\Users\artur\AppData\Roaming\Mozilla\Firefox\Profiles\5pw5b42m.default-release-1 [2022-05-15] FF Plugin: @java.com/DTPlugin,version=11.331.2 -> C:\Program Files\Java\jre1.8.0_331\bin\dtplugin\npDeployJava1.dll [2022-05-07] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.331.2 -> C:\Program Files\Java\jre1.8.0_331\bin\plugin2\npjp2.dll [2022-05-07] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-06] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.9.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin HKU\S-1-5-21-2561776743-2069909383-181985334-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\artur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.) S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8906088 2021-06-07] (BattlEye Innovations e.K. -> ) S4 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-04-06] (Microsoft Corporation -> Microsoft Corporation) R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13824 2017-11-20] (Cybereason) [Brak podpisu cyfrowego] S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2020-12-26] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S4 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2022-01-31] (Epic Games Inc. -> Epic Games, Inc.) R3 EPMVssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{397EA068-69E2-4F9D-A53F-26DC2B62A47D} [21312 2020-10-17] (Microsoft Windows -> Microsoft Corporation) R2 IMFservice; C:\Program Files\IObit Malware Fighter\IMFSrv.exe [2484104 2022-05-15] (IObit CO., LTD -> IObit) S4 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [25824 2016-10-04] (Intel(R) Online Connect -> Intel Corporation) S4 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [22752 2016-10-04] (Intel(R) Online Connect -> Intel Corporation) S4 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-09-29] (Intel(R) Software Asset Manager -> Intel Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Brak podpisu cyfrowego] R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-05] (Intel(R) Online Connect Access -> Intel(R) Corporation) R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-05] (Intel(R) Online Connect Access -> Intel(R) Corporation) S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Brak podpisu cyfrowego] R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [Brak podpisu cyfrowego] S4 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe [28928 2022-01-20] (Lenovo -> Lenovo Group Ltd.) S4 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2015-09-23] (Huawei Technologies Co.,Ltd. -> ) S4 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1631360 2020-12-10] (Rockstar Games, Inc. -> Rockstar Games) S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvleig.inf_amd64_7155597ac7927b1b\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvleig.inf_amd64_7155597ac7927b1b\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AlpsHidSmb; C:\WINDOWS\system32\DRIVERS\ApSmbDrv.sys [120208 2020-03-12] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96616 2020-05-28] (Bitdefender SRL -> BitDefender) R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-05] (Bluestack Systems, Inc -> Bluestack System Inc.) R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG) S3 epmdkdrv; C:\WINDOWS\system32\epmdkdrv.sys [36280 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> ) R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider) R0 EUDCPEPM; C:\WINDOWS\System32\drivers\EUDCPEPM.sys [76344 2020-12-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) R1 EUEDKEPM; C:\WINDOWS\system32\drivers\EUEDKEPM.sys [33712 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) S3 FairplayKD; C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [104512 2021-08-11] (Hans Roes -> Multi Theft Auto) R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [181824 2020-06-12] (GENESYS LOGIC, INC. -> Genesys Logic) R3 HidHide; C:\WINDOWS\System32\drivers\HidHide.sys [60960 2021-08-05] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.) R3 Imf8HpRegFilter; C:\Program Files\IObit Malware Fighter\drivers\win10_amd64\ImfHpRegFilter.sys [41848 2019-12-17] (IObit Information Technology -> IObit) R1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [42360 2019-07-30] (IObit Information Technology -> IObit) R3 IMFDownProtect; C:\Program Files\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [40920 2021-07-29] (IObit CO., LTD -> IObit) R3 IMFEFSFileControl; C:\Program Files\IObit Malware Fighter\drivers\win10_amd64\IMFEFSFileControl.sys [40824 2019-08-13] (IObit Information Technology -> IObit) R3 IMFForceDelete; C:\Program Files\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [34192 2019-06-11] (IObit Information Technology -> IObit) R3 ImfHpFileFilter; C:\Program Files\IObit Malware Fighter\drivers\win10_amd64\ImfHpFileFilter.sys [45432 2019-12-17] (IObit Information Technology -> IObit) R3 ImfObCallback; C:\Program Files\IObit Malware Fighter\drivers\win10_amd64\ImfObCallback.sys [33984 2020-03-12] (IObit Information Technology -> IObit) R3 ImfRealScanner; C:\Program Files\IObit Malware Fighter\drivers\win10_amd64\ImfRealScanner.sys [53232 2021-10-21] (IObit CO., LTD -> IObit) R3 ImfRegistryFilter; C:\Program Files\IObit Malware Fighter\drivers\win10_amd64\ImfRegistryFilter.sys [42360 2019-12-17] (IObit Information Technology -> IObit) R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [62984 2019-08-21] (Intel Corporation -> Intel Corporation) R2 LMIInfo; C:\WINDOWS\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc. -> LogMeIn, Inc.) R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.) S1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel(R) Technology Access -> Intel Corporation) R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2018-06-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG) R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation) R2 WiseProcessMonitor; C:\WINDOWS\System32\DRIVERS\WiseProcessMonitor.sys [38984 2018-11-05] (Beijing Lang Xingda Network Technology Co., Ltd -> WiseCleaner.com) S3 xhunter1; C:\WINDOWS\xhunter1.sys [36832 2017-04-05] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-02-13] (Zemana Ltd. -> Zemana Ltd.) S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X] S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2022-05-15 10:04 - 2022-05-15 10:04 - 000002151 _____ C:\Users\artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-05-15 10:03 - 2022-05-15 10:03 - 000001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-05-15 10:03 - 2022-05-15 10:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2022-05-15 10:03 - 2022-05-15 10:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2022-05-15 10:02 - 2022-05-15 11:51 - 000000000 ____D C:\Program Files\Mozilla Firefox 2022-05-15 09:56 - 2022-05-15 09:56 - 000000000 __SHD C:\Users\artur\Desktop\0K, this directory is for Ransomware detection (just leave it here) 2022-05-15 09:56 - 2022-05-15 09:56 - 000000000 ___HD C:\Users\artur\Documents\Zdscans38 2022-05-15 09:56 - 2022-05-15 09:56 - 000000000 ___HD C:\Users\artur\Documents\3Bdocuments137 2022-05-15 09:55 - 2022-05-15 09:55 - 000000000 ___HD C:\Users\ug0xuww 2022-05-15 09:55 - 2022-05-15 09:55 - 000000000 ___HD C:\Users\Aifihcr 2022-05-15 09:55 - 2022-05-15 09:55 - 000000000 ____D C:\Zcache58 2022-05-15 09:55 - 2022-05-15 09:55 - 000000000 ____D C:\.akstores64 2022-05-15 09:54 - 2022-05-15 11:55 - 000083878 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2022-05-15 09:35 - 2022-05-15 09:35 - 000336544 _____ (Mozilla) C:\Users\artur\Downloads\Firefox Installer.exe 2022-05-15 09:31 - 2022-05-15 09:40 - 000000000 ____D C:\Program Files\CCleaner 2022-05-15 09:31 - 2022-05-15 09:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2022-05-15 09:17 - 2022-05-15 09:27 - 000000000 ____D C:\Program Files\Revo Uninstaller Pro 2022-05-15 09:17 - 2022-05-15 09:17 - 000000000 ____D C:\Users\artur\AppData\Local\VS Revo Group 2022-05-15 09:17 - 2022-05-15 09:17 - 000000000 ____D C:\ProgramData\VS Revo Group 2022-05-15 09:17 - 2021-11-17 13:50 - 000038400 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys 2022-05-14 07:13 - 2022-05-14 07:13 - 000000000 ___HD C:\$WinREAgent 2022-05-12 17:03 - 2022-05-12 17:03 - 000000000 ____D C:\Users\artur\AppData\LocalLow\Skirmish Mode Games 2022-05-12 16:14 - 2022-05-12 16:14 - 000000000 ____D C:\Users\artur\AppData\LocalLow\MijuGames 2022-05-09 14:26 - 2022-05-09 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Silent Age [GOG.com] 2022-05-09 07:51 - 2022-05-09 07:51 - 000104231 _____ C:\Users\artur\Documents\Certyfikat A1 Busuu.pdf 2022-05-07 10:27 - 2022-05-07 10:28 - 000000000 ____D C:\Users\artur\AppData\Roaming\Riverbond 2022-05-07 10:09 - 2022-05-07 10:09 - 000192736 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2022-05-07 10:05 - 2022-05-07 10:05 - 005729880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2022-05-07 10:05 - 2022-05-07 10:05 - 001905928 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2022-05-07 10:05 - 2022-05-07 10:05 - 001905928 _____ C:\WINDOWS\system32\vulkaninfo.exe 2022-05-07 10:05 - 2022-05-07 10:05 - 001478408 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2022-05-07 10:05 - 2022-05-07 10:05 - 001478408 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2022-05-07 10:05 - 2022-05-07 10:05 - 001467968 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2022-05-07 10:05 - 2022-05-07 10:05 - 001432328 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2022-05-07 10:05 - 2022-05-07 10:05 - 001432328 _____ C:\WINDOWS\system32\vulkan-1.dll 2022-05-07 10:05 - 2022-05-07 10:05 - 001209408 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2022-05-07 10:05 - 2022-05-07 10:05 - 001145592 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2022-05-07 10:05 - 2022-05-07 10:05 - 001145592 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2022-05-07 10:05 - 2022-05-07 10:05 - 000725592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 007618608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 006963912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 006465192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 006226632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 005100744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 002932960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 002120904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 001603160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 001530456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 001177288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 000852048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe 2022-05-07 10:04 - 2022-05-07 10:04 - 000730336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 000712408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe 2022-05-07 10:04 - 2022-05-07 10:04 - 000586456 _____ C:\WINDOWS\system32\nvofapi64.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 000581856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 000461400 _____ C:\WINDOWS\SysWOW64\nvofapi.dll 2022-05-07 10:04 - 2022-05-07 10:04 - 000457928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe 2022-05-07 10:04 - 2022-05-07 10:04 - 000089337 _____ C:\WINDOWS\system32\nvinfo.pb 2022-05-02 06:02 - 2022-05-02 06:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nefarius Software Solutions e.U 2022-05-02 06:02 - 2022-05-02 06:02 - 000000000 ____D C:\Program Files\Nefarius Software Solutions e.U 2022-05-02 05:49 - 2022-05-07 17:20 - 000000000 ____D C:\Program Files\DS4Windows 2022-05-02 05:30 - 2022-05-02 05:30 - 000000000 ____D C:\Program Files\Nefarius Software Solutions 2022-04-25 09:09 - 2022-04-25 09:11 - 000000000 ____D C:\ProgramData\FreeGrabApp 2022-04-24 11:44 - 2022-04-24 11:44 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk 2022-04-24 11:44 - 2022-04-24 11:44 - 000000000 ____D C:\Program Files\PCHealthCheck 2022-04-24 09:05 - 2022-04-24 09:05 - 000000000 ____D C:\Program Files (x86)\IObit 2022-04-24 09:03 - 2022-04-24 09:03 - 000002884 _____ C:\WINDOWS\system32\Tasks\IMF_SkipUAC_Artur 2022-04-24 09:03 - 2022-04-24 09:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter Pro 2022-04-24 09:03 - 2019-07-30 03:02 - 000042360 _____ (IObit) C:\WINDOWS\system32\Drivers\IMFCameraProtect.sys 2022-04-24 09:02 - 2022-05-15 10:17 - 000000000 ____D C:\Program Files\IObit Malware Fighter 2022-04-21 08:25 - 2022-04-21 08:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 9 2022-04-15 10:18 - 2022-04-15 10:18 - 001163096 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys 2022-04-15 10:18 - 2022-04-15 10:18 - 000404384 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\AdminService.exe 2022-04-15 10:18 - 2022-04-15 10:18 - 000134832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2022-04-15 10:18 - 2022-04-15 10:18 - 000104744 _____ (Qualcomm) C:\WINDOWS\system32\Drivers\btfilter.sys 2022-04-15 10:18 - 2022-04-15 10:18 - 000069236 _____ C:\WINDOWS\system32\Drivers\AthrBT_TF_0x00000302.dfu 2022-04-15 10:18 - 2022-04-15 10:18 - 000069220 _____ C:\WINDOWS\system32\Drivers\AthrBT_0x00000302.dfu 2022-04-15 10:18 - 2022-04-15 10:18 - 000053632 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\Drivers\ETDSMBus.sys 2022-04-15 10:18 - 2022-04-15 10:18 - 000047792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll 2022-04-15 10:18 - 2022-04-15 10:18 - 000002027 _____ C:\WINDOWS\system32\Drivers\ramps_TF_0x00000302_48_NFA435_10dbm.dfu ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2022-05-15 11:54 - 2022-02-20 11:31 - 000000000 ____D C:\FRST 2022-05-15 11:52 - 2016-09-28 16:30 - 000000000 ___RD C:\Users\artur\Desktop\Programy 2022-05-15 11:51 - 2016-11-19 09:12 - 000000000 ____D C:\Users\artur\AppData\LocalLow\Mozilla 2022-05-15 11:50 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-05-15 11:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\registration 2022-05-15 10:04 - 2022-02-09 10:07 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2022-05-15 09:55 - 2017-04-21 16:01 - 000000000 ____D C:\ProgramData\NVIDIA 2022-05-15 09:54 - 2021-10-23 20:50 - 000008192 ___SH C:\DumpStack.log.tmp 2022-05-15 09:54 - 2021-06-12 11:42 - 000021520 _____ C:\WINDOWS\system32\wpbbin.exe 2022-05-15 09:54 - 2020-10-09 02:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-05-15 09:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState 2022-05-15 09:53 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2022-05-15 09:42 - 2017-05-21 20:26 - 000000000 ____D C:\Program Files\Steam 2022-05-15 09:41 - 2021-10-27 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2022-05-15 09:41 - 2021-10-27 15:44 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2022-05-15 09:31 - 2022-03-06 16:24 - 000002904 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Artur 2022-05-15 09:16 - 2021-04-16 11:11 - 000000000 ____D C:\Users\artur\AppData\Roaming\qBittorrent 2022-05-15 08:23 - 2020-10-09 01:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-05-14 14:04 - 2018-09-24 13:48 - 000000064 _____ C:\Users\artur\Documents\Rozmiary butów.txt 2022-05-14 09:25 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-05-14 09:24 - 2020-02-05 21:59 - 000000000 ____D C:\Users\artur\AppData\Roaming\Messenger 2022-05-14 09:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2022-05-14 07:51 - 2016-09-27 20:28 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-05-14 07:47 - 2016-09-27 20:28 - 145501456 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-05-14 07:23 - 2016-02-23 11:16 - 000000000 ____D C:\ProgramData\Package Cache 2022-05-14 07:22 - 2021-06-07 14:27 - 000000000 ____D C:\Program Files\dotnet 2022-05-12 17:38 - 2019-02-26 23:02 - 000000000 ____D C:\Users\artur\AppData\Roaming\Wise Game Booster 2022-05-12 16:17 - 2016-09-27 19:44 - 000000000 ____D C:\Gry 2022-05-12 16:16 - 2016-09-28 16:30 - 000000000 ___RD C:\Users\artur\Desktop\Gry dla 1 2022-05-10 20:37 - 2018-07-23 18:23 - 000001196 _____ C:\Users\artur\Documents\Seriale.txt 2022-05-10 20:26 - 2018-06-27 15:04 - 000000000 ____D C:\Users\artur\AppData\Roaming\vlc 2022-05-10 08:26 - 2020-10-09 02:09 - 000003566 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-05-10 08:26 - 2020-10-09 02:09 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2022-05-09 14:46 - 2021-06-10 23:48 - 000002796 _____ C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Artur) 2022-05-09 14:29 - 2017-12-26 12:12 - 000000000 ____D C:\ProgramData\ProductData 2022-05-09 14:28 - 2019-01-25 15:30 - 000000000 ____D C:\Users\artur\AppData\Local\ElevatedDiagnostics 2022-05-09 10:26 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2022-05-09 08:25 - 2017-12-26 23:48 - 000000000 ____D C:\ProgramData\Codemasters 2022-05-09 08:25 - 2016-10-02 13:33 - 000000000 ____D C:\Users\artur\Documents\My Games 2022-05-09 08:23 - 2018-12-15 19:36 - 000000000 ___RD C:\Users\artur\Desktop\Gry 2+ 2022-05-07 17:48 - 2022-01-20 11:45 - 000000126 _____ C:\Users\artur\Documents\Canal+ online - kody.txt 2022-05-07 17:41 - 2020-05-18 11:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-05-07 17:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-05-07 17:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-05-07 16:24 - 2017-09-02 19:09 - 000000000 ____D C:\Users\artur\Documents\TrackMania 2022-05-07 15:49 - 2017-09-02 19:09 - 000000000 ____D C:\ProgramData\TrackMania 2022-05-07 11:52 - 2020-10-09 01:52 - 001767980 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-05-07 11:52 - 2019-12-07 17:08 - 000784334 _____ C:\WINDOWS\system32\perfh015.dat 2022-05-07 11:52 - 2019-12-07 17:08 - 000152230 _____ C:\WINDOWS\system32\perfc015.dat 2022-05-07 10:46 - 2019-02-18 17:25 - 000007604 _____ C:\Users\artur\AppData\Local\Resmon.ResmonCfg 2022-05-07 10:09 - 2021-01-11 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2022-05-07 10:09 - 2017-06-17 10:38 - 000000000 ____D C:\Program Files\Java 2022-05-02 20:06 - 2021-07-11 15:25 - 000000000 ____D C:\Users\artur\AppData\Local\PoliceStoriesRelease 2022-05-02 06:05 - 2016-10-02 13:33 - 000000000 ____D C:\Users\artur\AppData\Local\CrashDumps 2022-04-25 09:09 - 2021-09-17 10:11 - 000000000 ____D C:\Users\artur\AppData\Local\cache 2022-04-21 08:25 - 2021-06-10 23:48 - 000000000 ____D C:\Program Files\IObit 2022-04-21 08:24 - 2020-02-22 19:13 - 000000000 ____D C:\ProgramData\IObit 2022-04-21 08:24 - 2017-12-26 12:12 - 000000000 ____D C:\Users\artur\AppData\Roaming\IObit 2022-04-15 16:02 - 2021-09-03 06:43 - 000000000 ____D C:\Users\artur\AppData\Roaming\FLT ==================== Pliki w katalogu głównym wybranych folderów ======== 2020-09-26 08:22 - 2020-09-26 08:22 - 000000252 _____ () C:\ProgramData\fontcacheev1.dat 2019-01-30 20:15 - 2019-01-30 20:18 - 000001213 _____ () C:\Users\artur\AppData\Roaming\downloads.json 2020-04-27 11:23 - 2020-04-27 11:24 - 000000040 _____ () C:\Users\artur\AppData\Roaming\~SiMPLEX.ini 2020-09-25 14:30 - 2020-09-25 14:52 - 000000081 _____ () C:\Users\artur\AppData\Local\.bidstack.fault 2019-01-19 22:27 - 2019-01-30 18:33 - 000004608 _____ () C:\Users\artur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-02-25 12:39 - 2017-04-30 15:48 - 000000034 _____ () C:\Users\artur\AppData\Local\origins.ini 2020-10-11 23:25 - 2020-10-11 23:25 - 000000879 _____ () C:\Users\artur\AppData\Local\recently-used.xbel 2019-02-18 17:25 - 2022-05-07 10:46 - 000007604 _____ () C:\Users\artur\AppData\Local\Resmon.ResmonCfg ==================== FCheck ================================ (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2021-06-11] <==== UWAGA (zerobajtowy plik/folder) ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) ==================== Koniec FRST.txt ========================