Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2020 02 Ran by Sadek (administrator) on DESKTOP-PUJJ82L (MSI MS-7977) (03-02-2020 17:51:29) Running from C:\Users\Sadek\AppData\Local\Microsoft\Windows\INetCache\IE\4TUCHXTI Loaded Profiles: Sadek (Available Profiles: Sadek) Platform: Windows 10 Home Version 1903 18362.592 (X64) Language: Angielski (Stany Zjednoczone) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (AmbiBox) [File not signed] C:\Program Files (x86)\AmbiBox\AmbiBox.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2001.1001.4.0_x64__8wekyb3d8bbwe\app\XboxAppServices.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_1.37.23001.0_x64__8wekyb3d8bbwe\GamingServices.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_1.37.23001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12001.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-20] (Logitech Inc -> Logitech Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [183088 2019-12-12] (ESET, spol. s r.o. -> ESET) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9268672 2018-02-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-2141465037-1651259671-2921580955-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-2141465037-1651259671-2921580955-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-2141465037-1651259671-2921580955-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-2141465037-1651259671-2921580955-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3288016 2019-12-16] (Valve -> Valve Corporation) HKU\S-1-5-21-2141465037-1651259671-2921580955-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36098448 2020-01-31] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-2141465037-1651259671-2921580955-1001\...\Run: [AceStream] => C:\Users\Sadek\AppData\Roaming\ACEStream\engine\ace_engine.exe [27960 2018-08-30] (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies) HKU\S-1-5-21-2141465037-1651259671-2921580955-1001\...\Run: [AmbiBox] => C:\Program Files (x86)\AmbiBox\AmbiBox.exe [1428480 2015-02-19] (AmbiBox) [File not signed] HKU\S-1-5-21-2141465037-1651259671-2921580955-1001\...\MountPoints2: {4178a1e1-3bbe-11ea-9cda-d8cb8a9ab77b} - "E:\HiSuiteDownLoader.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC) GroupPolicy: Restriction ? <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0690633C-965C-4207-844F-E41348170A62} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [562544 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {11DE7B79-1004-4916-8EDE-178904B7B0C0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {2CB10264-AC6A-4DF6-AE6E-ABBB142ED181} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3560304 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2DECD7D3-70CD-4080-801B-1E3BAC3B3B83} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {51996B05-44D2-4C88-8F7D-52F5897C918B} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5740E442-5EA2-46BF-ADBE-D96C296F5895} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-31] (Google Inc -> Google Inc.) Task: {62C40998-7B19-4DDC-B6B3-BD5BB336055B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {7662A9EC-325A-488D-AC57-E33BA5EB7368} - System32\Tasks\{1B5F737E-8ECD-4173-AE62-18DBD32B33B2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall Task: {7C7F835C-61DB-4218-9C24-20BAB75CA627} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {80F5FF4A-0A04-4F62-A6BA-D4372B0A01FC} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8862683A-0A57-4582-A628-1BFD2F3A95ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems) Task: {8E3D83F6-763F-4D50-95E5-2EE8C6F376E4} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A9E36BE3-F1A3-4D59-9485-100AA5E0077B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C0D27D6E-9E74-4C5D-81F3-14FDD7381663} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [1003888 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D7ADAA7C-156C-4DD2-A8F8-B397C59DDE3F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {DCA0DDED-080C-447E-98FC-20A0550FFCE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-31] (Google Inc -> Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-2141465037-1651259671-2921580955-1001] => Proxy is enabled. ProxyServer: [S-1-5-21-2141465037-1651259671-2921580955-1001] => 95.215.52.150:8080 Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{21615420-ad57-4ab9-89a2-01a3dfa1b155}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{2b3a1b4d-8bc3-46ea-853b-261319c28c7a}: [DhcpNameServer] 172.20.10.1 ManualProxies: 195.215.52.150:8080 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-3149fcd9 HKU\S-1-5-21-2141465037-1651259671-2921580955-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nxtad_17_31¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyCtB0EtAtByB0BtD0A0D0AyCzyyD0EtAtN0D0Tzu0StBtDtAzytN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StC0C0FtByEzy0FzytGtA0CtBzytGyCtBtB0BtGtAzy0FyBtG0EtAtBtBtBtDtDzytAzy0A0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0DtAtCyE0C0E0BtG0C0E0AtAtGyE0EyE0AtG0AtDtCtBtG0A0BtAyCyDtBtCtBtDyDyBtA2QtN0A0LzuyE%26cr%3D1102236487%26a%3Dwbf_nxtad_17_31%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nxtad_17_31¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyCtB0EtAtByB0BtD0A0D0AyCzyyD0EtAtN0D0Tzu0StBtDtAzytN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StC0C0FtByEzy0FzytGtA0CtBzytGyCtBtB0BtGtAzy0FyBtG0EtAtBtBtBtDtDzytAzy0A0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0DtAtCyE0C0E0BtG0C0E0AtAtGyE0EyE0AtG0AtDtCtBtG0A0BtAyCyDtBtCtBtDyDyBtA2QtN0A0LzuyE%26cr%3D1102236487%26a%3Dwbf_nxtad_17_31%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-2141465037-1651259671-2921580955-1001 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15 SearchScopes: HKU\S-1-5-21-2141465037-1651259671-2921580955-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 SearchScopes: HKU\S-1-5-21-2141465037-1651259671-2921580955-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15 BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF HKU\S-1-5-21-2141465037-1651259671-2921580955-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Sadek\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi FF Extension: (Ace Script) - C:\Users\Sadek\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-11-26] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2141465037-1651259671-2921580955-1001: @acestream.net/acestreamplugin,version=3.1.28 -> C:\Users\Sadek\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies) Chrome: ======= CHR Profile: C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default [2020-02-03] CHR HomePage: Default -> hxxp://google.co.uk/ CHR StartupUrls: Default -> "hxxps://www.google.co.uk/" CHR Extension: (Prezentacje) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (Duolingo dla Chrome) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2017-07-31] CHR Extension: (Przelewy24) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiicmmpkicnndkhlnnloilpgncbpkbjj [2019-11-26] CHR Extension: (Dokumenty) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Dysk Google) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16] CHR Extension: (YouTube) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-31] CHR Extension: (uBlock Origin) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-01-04] CHR Extension: (Play HLS M3u8) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckblfoghkjhaclegefojbgllenffajdc [2019-03-05] CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2017-07-31] CHR Extension: (Adobe Acrobat) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-01-26] CHR Extension: (Arkusze) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (Pulpit zdalny Chrome) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-07-18] CHR Extension: (Dokumenty Google offline) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-11] CHR Extension: (Imagus) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2019-07-06] CHR Extension: (Save to Facebook) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2019-06-27] CHR Extension: (UltraWide Video) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lngfncacljheahfpahadgipefkbagpdl [2017-07-31] CHR Extension: (Sprawdzanie poczty Google) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-07-31] CHR Extension: (Ace Script) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2018-12-13] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03] CHR Extension: (Gmail) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\Sadek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-16] CHR HKLM\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] CHR HKU\S-1-5-21-2141465037-1651259671-2921580955-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] CHR HKU\S-1-5-21-2141465037-1651259671-2921580955-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] CHR HKU\S-1-5-21-2141465037-1651259671-2921580955-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] CHR HKU\S-1-5-21-2141465037-1651259671-2921580955-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] CHR HKLM-x32\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-04-24] (BattlEye Innovations e.K. -> ) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803952 2019-09-18] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2245488 2019-12-12] (ESET, spol. s r.o. -> ESET) R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2245488 2019-12-12] (ESET, spol. s r.o. -> ESET) R2 GamingServices; C:\Program Files\WindowsApps\Microsoft.GamingServices_1.37.23001.0_x64__8wekyb3d8bbwe\GamingServices.exe [21432 2020-01-29] (Microsoft Corporation -> Microsoft Corporation) R2 GamingServicesNet; C:\Program Files\WindowsApps\Microsoft.GamingServices_1.37.23001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe [21432 2020-01-29] (Microsoft Corporation -> Microsoft Corporation) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-20] (Logitech Inc -> Logitech Inc.) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2505008 2020-01-29] (Electronic Arts, Inc. -> Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3427640 2020-01-29] (Electronic Arts, Inc. -> Electronic Arts) S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [474256 2019-11-05] (Rockstar Games, Inc. -> Rockstar Games) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [69024 2019-05-29] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [136040 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [149944 2019-10-26] (ESET, spol. s r.o. -> ESET) R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [103264 2019-10-26] (ESET, spol. s r.o. -> ESET) S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15800 2019-05-28] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET) R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [189512 2019-10-26] (ESET, spol. s r.o. -> ESET) R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50712 2019-10-26] (ESET, spol. s r.o. -> ESET) R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [79744 2019-12-12] (ESET, spol. s r.o. -> ESET) R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [116696 2019-12-12] (ESET, spol. s r.o. -> ESET) R3 gameflt; C:\WINDOWS\System32\DriverStore\FileRepository\gameflt.inf_amd64_1b1c9965dc1c6f0f\gameflt.sys [71000 2019-12-12] (Microsoft Windows -> Microsoft Corporation) S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1089440 2017-12-21] (Shanghai Yitu Information Technology Co.,Ltd. -> e2eSoft) R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2019-03-19] (Microsoft Windows -> Qualcomm Atheros, Inc.) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech) S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2017-10-20] (Logitech Inc -> Logitech Inc.) S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2017-10-20] (Logitech Inc -> Logitech Inc.) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-20] (Logitech Inc -> Logitech Inc.) R3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (Windows Central Build Account - X -> MediaTek Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_db678424d2641c3d\nvlddmkm.sys [22094728 2019-10-04] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation) R3 Xvdd; C:\WINDOWS\System32\DriverStore\FileRepository\xvdd.inf_amd64_3865f7cd0ca0fb7c\xvdd.sys [485720 2020-01-29] (Microsoft Windows -> Microsoft Corporation) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-09-26] (Zemana Ltd. -> Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-02-03 17:51 - 2020-02-03 17:51 - 000000000 ____D C:\FRST 2020-02-03 16:47 - 2020-02-03 16:55 - 000000000 ____D C:\Users\Sadek\AppData\Roaming\flashpoint-launcher 2020-01-28 13:34 - 2020-01-28 13:34 - 001702257 _____ C:\Users\Sadek\Desktop\L;;LLJIKKJKLLKLPLP[.html 2020-01-28 13:34 - 2020-01-28 13:34 - 000000000 ___DC C:\Users\Sadek\Desktop\L;;LLJIKKJKLLKLPLP[_files 2020-01-22 19:32 - 2020-01-22 19:32 - 000000932 _____ C:\Users\Public\Desktop\The Witcher 3 Wild Hunt.lnk 2020-01-22 19:32 - 2020-01-22 19:32 - 000000932 _____ C:\ProgramData\Desktop\The Witcher 3 Wild Hunt.lnk 2020-01-22 19:32 - 2020-01-22 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 3 Wild Hunt 2020-01-18 21:06 - 2020-01-18 21:10 - 609291656 _____ (Macrovision Corporation) C:\Users\Sadek\Downloads\TWEE_Polish_language_pack.exe 2020-01-18 21:02 - 2020-02-02 16:18 - 000000000 ___DC C:\Users\Sadek\Documents\The Witcher 3 2020-01-18 18:12 - 2020-01-18 18:26 - 000000000 ____D C:\WINDOWS\SysWOW64\directx 2020-01-18 12:18 - 2020-01-19 13:44 - 000000000 ____D C:\Users\Sadek\AppData\Local\BitTorrentHelper 2020-01-18 12:18 - 2020-01-18 12:18 - 000000941 ____C C:\Users\Sadek\Desktop\µTorrent.lnk 2020-01-18 12:18 - 2020-01-18 12:18 - 000000921 ____C C:\Users\Sadek\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2020-01-18 12:16 - 2020-01-18 12:16 - 004648480 _____ (BitTorrent Inc.) C:\Users\Sadek\Downloads\uTorrent (1).exe 2020-01-18 12:05 - 2020-01-18 12:06 - 020242168 _____ (BitTorrent, Inc.) C:\Users\Sadek\Downloads\utweb_installer.exe 2020-01-15 21:04 - 2020-01-15 21:04 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2020-01-15 21:04 - 2020-01-15 21:04 - 008012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 007016448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 006520480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 005913600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2020-01-15 21:04 - 2020-01-15 21:04 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2020-01-15 21:04 - 2020-01-15 21:04 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2020-01-15 21:04 - 2020-01-15 21:04 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 002473976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 001985928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2020-01-15 21:04 - 2020-01-15 21:04 - 001330952 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 001106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2020-01-15 21:04 - 2020-01-15 21:04 - 001051664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 001020032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2020-01-15 21:04 - 2020-01-15 21:04 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000678712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2020-01-15 21:04 - 2020-01-15 21:04 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2020-01-15 21:04 - 2020-01-15 21:04 - 000542496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000432256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2020-01-15 21:04 - 2020-01-15 21:04 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2020-01-15 21:04 - 2020-01-15 21:04 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000363840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2020-01-15 21:04 - 2020-01-15 21:04 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2020-01-15 21:04 - 2020-01-15 21:04 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2020-01-15 21:04 - 2020-01-15 21:04 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe 2020-01-15 21:04 - 2020-01-15 21:04 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000162696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2020-01-15 21:04 - 2020-01-15 21:04 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000127520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2020-01-15 21:04 - 2020-01-15 21:04 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll 2020-01-15 21:04 - 2020-01-15 21:04 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll 2020-01-15 20:59 - 2020-01-15 20:59 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2020-01-15 20:59 - 2020-01-15 20:59 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2020-01-12 12:26 - 2020-01-12 12:26 - 000418806 _____ C:\Users\Sadek\Downloads\8Thu (1).pdf 2020-01-09 10:20 - 2019-09-26 04:44 - 000166760 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2020-01-08 10:33 - 2019-09-26 04:43 - 000136040 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-02-03 17:52 - 2019-08-03 21:51 - 000050215 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2020-02-03 17:47 - 2019-06-14 20:31 - 001773514 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-02-03 17:47 - 2019-06-14 19:57 - 000792224 _____ C:\WINDOWS\system32\perfh015.dat 2020-02-03 17:47 - 2019-06-14 19:57 - 000157872 _____ C:\WINDOWS\system32\perfc015.dat 2020-02-03 17:47 - 2019-03-19 04:50 - 000000000 ____D C:\WINDOWS\INF 2020-02-03 17:40 - 2017-08-26 07:44 - 000000000 ____D C:\ProgramData\NVIDIA 2020-02-03 17:39 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-02-03 17:38 - 2019-06-14 20:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-02-03 17:38 - 2019-03-19 04:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2020-02-03 17:38 - 2018-09-05 05:08 - 000000000 ____D C:\Program Files (x86)\Hidden Capture 2020-02-03 17:38 - 2017-08-06 09:39 - 000000000 ___DC C:\Users\Sadek\AppData\Roaming\AIMP 2020-02-03 17:36 - 2017-10-02 18:55 - 000000000 ____D C:\Program Files (x86)\ProxyGate 2020-02-03 17:14 - 2017-07-31 20:02 - 000000000 ___DC C:\Users\Sadek\AppData\Roaming\Origin 2020-02-03 17:14 - 2017-07-31 19:57 - 000000000 ___DC C:\Users\Sadek\AppData\Local\Origin 2020-02-03 17:14 - 2017-07-31 19:57 - 000000000 ____D C:\ProgramData\Origin 2020-02-03 17:09 - 2017-08-01 19:12 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.2.1 Final 2020-02-03 17:09 - 2017-08-01 19:06 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.2.2 Final 2020-02-03 16:36 - 2019-06-14 20:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-02-03 12:40 - 2019-03-19 04:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-02-03 12:40 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-02-02 15:20 - 2019-09-26 17:52 - 000000000 ____D C:\Program Files (x86)\Origin Games 2020-02-01 17:47 - 2017-07-31 20:02 - 000000000 ____D C:\Program Files (x86)\Origin 2020-02-01 10:54 - 2017-12-16 18:58 - 000000000 ___DC C:\Users\Sadek\AppData\Local\PlaceholderTileLogoFolder 2020-02-01 02:31 - 2017-10-28 11:55 - 000000000 ___DC C:\Users\Sadek\AppData\Local\Packages 2020-01-31 21:16 - 2018-08-06 17:08 - 000000000 ___DC C:\Users\Sadek\AppData\Roaming\vlc 2020-01-29 14:13 - 2019-12-13 23:50 - 000052152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll 2020-01-29 14:13 - 2019-10-12 14:06 - 000031672 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe 2020-01-29 14:13 - 2019-09-15 16:46 - 001336248 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll 2020-01-29 14:13 - 2019-09-15 16:46 - 000149432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll 2020-01-29 14:13 - 2019-09-15 16:46 - 000087992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll 2020-01-26 21:44 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2020-01-26 16:28 - 2020-01-03 15:49 - 000559372 ____C C:\Users\Sadek\Desktop\CV Jaroslaw Sadowski.pdf 2020-01-25 20:27 - 2017-09-30 22:28 - 000000000 ___DC C:\Users\Sadek\AppData\Local\Spotify 2020-01-25 20:10 - 2017-09-30 22:28 - 000000000 ___DC C:\Users\Sadek\AppData\Roaming\Spotify 2020-01-22 22:45 - 2019-06-14 20:06 - 000000000 ____D C:\Users\Sadek 2020-01-22 21:08 - 2019-09-26 18:37 - 000001224 _____ C:\Users\Public\Desktop\FIFA 20.lnk 2020-01-22 21:08 - 2019-09-26 18:37 - 000001224 _____ C:\ProgramData\Desktop\FIFA 20.lnk 2020-01-22 20:16 - 2017-07-31 18:58 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-01-21 18:49 - 2019-12-15 19:26 - 000000000 ___DC C:\Users\Sadek\Desktop\Do albumu 2020-01-19 22:10 - 2019-05-26 08:33 - 000000000 ___DC C:\Users\Sadek\AppData\LocalLow\uTorrent 2020-01-19 22:10 - 2017-08-10 20:32 - 000000000 ___DC C:\Users\Sadek\AppData\Roaming\uTorrent 2020-01-18 12:31 - 2018-01-14 09:11 - 000000000 ____D C:\Program Files (x86)\Steam 2020-01-18 10:16 - 2017-07-31 19:19 - 000000000 ___DC C:\Users\Sadek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2020-01-16 10:13 - 2019-06-14 20:24 - 000276696 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-01-16 00:08 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\system32\UNP 2020-01-16 00:08 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SystemResources 2020-01-16 00:08 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2020-01-16 00:08 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2020-01-15 21:08 - 2017-08-02 17:31 - 000000000 ____D C:\WINDOWS\system32\MRT 2020-01-15 21:06 - 2019-03-19 04:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-01-15 21:06 - 2017-08-02 17:31 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2020-01-11 20:52 - 2019-01-02 21:06 - 000000000 ___DC C:\Users\Sadek\AppData\Local\EpicGamesLauncher ==================== Files in the root of some directories ======== 2017-08-16 20:11 - 2017-09-05 18:53 - 000000245 ____C () C:\Users\Sadek\AppData\Roaming\WB.CFG ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================