Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 18-03-2023 Uruchomiony przez Krzysztof (administrator) KRZYSAGATKA (Micro-Star International Co., Ltd MS-7B86) (19-03-2023 03:26:10) Uruchomiony z C:\Users\Krzysztof\Downloads Załadowane profile: Krzysztof Platform: Microsoft Windows 10 Pro Wersja 22H2 19045.2604 (X64) Język: Polski (Polska) Domyślna przeglądarka: Opera Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (A-Volute SAS -> A-Volute) C:\Users\Krzysztof\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (C:\Users\Krzysztof\AppData\Local\Programs\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Krzysztof\AppData\Local\Programs\Opera\96.0.4693.50\opera_crashreporter.exe (DriverStore\FileRepository\u0388646.inf_amd64_cec79a959dad0433\B388577\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0388646.inf_amd64_cec79a959dad0433\B388577\atieclxx.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Opera Norway AS -> Opera Software) C:\Users\Krzysztof\AppData\Local\Programs\Opera\opera.exe <36> (services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe (services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0388646.inf_amd64_cec79a959dad0433\B388577\atiesrxx.exe (services.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicService.exe (services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2> (services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\gamingservices.exe (services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.3-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.3-0\NisSrv.exe (services.exe ->) (Tenorshare Co,Ltd) [Brak podpisu cyfrowego] C:\Users\Krzysztof\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM-x32\...\Run: [VirtualCloneDrive] => D:\VirtualCloneDrive\VCDDaemon.exe [105280 2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG) HKLM-x32\...\Run: [Launch 0 FwCustom] => C:\Program files\RX85 RGB driver\RX85 RGB.exe [3215360 2017-08-18] (0) [Brak podpisu cyfrowego] HKU\S-1-5-21-367471416-2701778136-2344420234-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\Krzysztof\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software) HKU\S-1-5-21-367471416-2701778136-2344420234-1001\...\Run: [GalaxyClient] => [X] HKU\S-1-5-21-367471416-2701778136-2344420234-1001\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13725536 2021-07-17] (GOG Sp. z o.o. -> GOG.com) HKU\S-1-5-21-367471416-2701778136-2344420234-1001\...\Run: [utweb] => C:\Users\Krzysztof\AppData\Roaming\uTorrent Web\utweb.exe [6418944 2023-02-13] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-367471416-2701778136-2344420234-1001\...\Run: [Wargaming.net Game Center] => D:\Wargaming.net\GameCenter\wgc.exe [2176176 2023-01-29] (Wargaming.net Limited -> Wargaming.net) HKU\S-1-5-21-367471416-2701778136-2344420234-1001\...\Run: [Opera Browser Assistant] => C:\Users\Krzysztof\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4140448 2023-03-08] (Opera Norway AS -> Opera Software) HKU\S-1-5-21-367471416-2701778136-2344420234-1001\...\Winlogon: [Shell] explorer.exe, <==== UWAGA HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {114F86E1-F8D1-4901-9D77-F74598212E5C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2295192 2023-02-01] (Avast Software s.r.o. -> Avast Software) Task: {262C7583-96E1-4F92-86CD-83967659AD07} - System32\Tasks\Opera GX scheduled Autoupdate 1581895553 => C:\Users\Krzysztof\AppData\Local\Programs\Opera GX\launcher.exe [2571208 2023-03-01] (Opera Norway AS -> Opera Software) Task: {2D23D2D6-C34D-45E7-8755-2E8D1975D966} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.3-0\MpCmdRun.exe [1645864 2023-03-18] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {300F1101-34DC-462A-8D56-E4325B729F6E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.3-0\MpCmdRun.exe [1645864 2023-03-18] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {331752D7-480A-4CC3-BBB6-AB473B099947} - System32\Tasks\dying => powershell -ExecutionPolicy Bypass -WindowStyle Hidden -NoExit -Command [System.Reflection.Assembly]::Load((Get-ItemProperty HKCU:\Software\dying\).dying).EntryPoint.Invoke($Null,$Null) <==== UWAGA Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe [45056 2013-08-22] (Microsoft Corporation) [Brak podpisu cyfrowego] Task: {3B6CF455-D05C-4F13-81BF-88AB51C02F9F} - System32\Tasks\Opera scheduled Autoupdate 1576165004 => C:\Users\Krzysztof\AppData\Local\Programs\Opera\launcher.exe [2701216 2023-03-08] (Opera Norway AS -> Opera Software) Task: {3C8C4D26-E1CF-4162-840D-440F99081024} - System32\Tasks\e-pity2019a_kwiecien => C:\Program Files (x86)\e-file\e-pity\Assets\signxml.exe [35328 2023-02-24] (e-file sp. z o.o. sp. k.) [Brak podpisu cyfrowego] Task: {448A0C18-6072-4C45-8959-08357F4493BA} - System32\Tasks\Opera scheduled assistant Autoupdate 1582737326 => C:\Users\Krzysztof\AppData\Local\Programs\Opera\launcher.exe [2701216 2023-03-08] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Krzysztof\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {5926305B-CFD0-4194-BBD2-6206808BFA84} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {A58300D5-F054-4813-B296-0C8A978EE7E1} - System32\Tasks\e-pity2019_styczen => C:\Program Files (x86)\e-file\e-pity\Assets\signxml.exe [35328 2023-02-24] (e-file sp. z o.o. sp. k.) [Brak podpisu cyfrowego] Task: {C1FDD627-3B9A-4A97-A56D-B58277951F9E} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1615889821 => C:\Users\Krzysztof\AppData\Local\Programs\Opera GX\launcher.exe [2571208 2023-03-01] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Krzysztof\AppData\Local\Programs\Opera GX\assistant" $(Arg0) Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {D41909DC-373D-4CCE-BEC9-48E6D7EFBD9B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.3-0\MpCmdRun.exe [1645864 2023-03-18] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {E034F503-5A9E-4DE3-9C6C-DCEE2CCA4AF3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.3-0\MpCmdRun.exe [1645864 2023-03-18] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F9EE207F-36C0-45C6-9401-2A3F545E2364} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 62.21.99.94 62.21.99.95 Tcpip\..\Interfaces\{9F1C569D-369F-4111-9B30-34BEDDD5A420}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{9F1C569D-369F-4111-9B30-34BEDDD5A420}: [DhcpNameServer] 62.21.99.94 62.21.99.95 Edge: ======= Edge Extension: (Brak nazwy) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nie znaleziono] Edge Extension: (Brak nazwy) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nie znaleziono] Edge Extension: (Brak nazwy) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nie znaleziono] Edge Extension: (Brak nazwy) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nie znaleziono] Edge DefaultProfile: Default Edge Profile: C:\Users\Krzysztof\AppData\Local\Microsoft\Edge\User Data\Default [2023-03-19] Edge Extension: (Outlook) - C:\Users\Krzysztof\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-11-12] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Krzysztof\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-03-03] Edge Extension: (Word) - C:\Users\Krzysztof\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-11-12] Edge Extension: (Excel) - C:\Users\Krzysztof\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-11-12] Edge Extension: (PowerPoint) - C:\Users\Krzysztof\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-11-12] Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn] Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn] Chrome: ======= CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] Opera: ======= OPR Profile: C:\Users\Krzysztof\AppData\Roaming\Opera Software\Opera Stable [2023-03-19] OPR Notifications: Opera Stable -> hxxps://ebok.pgnig.pl; hxxps://gazetka-24.pl; hxxps://inpost.pl; hxxps://kresy.pl; hxxps://lubimyczytac.pl; hxxps://rankomat.pl; hxxps://tradingshenzhen.com; hxxps://universe-inside-you.com; hxxps://wiadomosci.wp.pl; hxxps://www.antyradio.pl; hxxps://www.czesciauto24.pl; hxxps://www.elamigos-games.com; hxxps://www.facebook.com; hxxps://www.filmweb.pl; hxxps://www.gazetkowo.pl; hxxps://www.geekbuying.com; hxxps://www.inea.pl; hxxps://www.iparts.pl; hxxps://www.magnapolonia.org; hxxps://www.otomoto.pl; hxxps://www.philips.pl; hxxps://www.spidersweb.pl; hxxps://www.totalcasino.pl OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={searchTerms}&sourceid=opera&ie={inputEncoding}&oe={outputEncoding} OPR DefaultSearchKeyword: Opera Stable -> g OPR Extension: (Rich Hints Agent) - C:\Users\Krzysztof\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-03-09] OPR Extension: (Opera Wallet) - C:\Users\Krzysztof\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-03-18] OPR Extension: (Amazon Assistant Promotion) - C:\Users\Krzysztof\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-13] StartMenuInternet: (HKU\S-1-5-21-367471416-2701778136-2344420234-1001) Opera GXStable - "C:\Users\Krzysztof\AppData\Local\Programs\Opera GX\Launcher.exe" ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AntiCheatExpert Service; C:\Program Files\AntiCheatExpert\SGuard\x64\SGuardSvc64.exe [2700648 2022-01-05] (HIGH MORALE DEVELOPMENTS LIMITED -> ) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9712432 2022-10-03] (BattlEye Innovations e.K. -> ) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-05-01] (EasyAntiCheat Oy -> Epic Games, Inc) S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2023-01-14] (EasyAntiCheat Oy -> Epic Games, Inc.) S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1955680 2021-07-17] (GOG Sp. z o.o. -> GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832 2021-07-17] (GOG Sp. z o.o. -> GOG.com) R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1888424 2021-10-08] (A-Volute SAS -> Nahimic) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2572096 2023-03-13] (Electronic Arts, Inc. -> Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3491144 2023-03-13] (Electronic Arts, Inc. -> Electronic Arts) S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2718048 2022-10-03] (Rockstar Games, Inc. -> Rockstar Games) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2023-02-16] (Microsoft Windows Publisher -> Microsoft Corporation) R2 TenorshareWinAdService; C:\Users\Krzysztof\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService.exe [40448 2017-11-28] (Tenorshare Co,Ltd) [Brak podpisu cyfrowego] R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.3-0\NisSrv.exe [3224328 2023-03-18] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.3-0\MsMpEng.exe [133592 2023-03-18] (Microsoft Windows Publisher -> Microsoft Corporation) S3 mracsvc; C:\Windows\System32\mracsvc.exe [X] S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X] ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ACE-BASE; C:\WINDOWS\system32\drivers\ACE-BASE.sys [1868832 2022-05-15] (HIGH MORALE DEVELOPMENTS LIMITED -> ANTICHEATEXPERT.COM) S3 ACE-GAME; C:\WINDOWS\system32\drivers\ACE-GAME.sys [772656 2022-05-15] (HIGH MORALE DEVELOPMENTS LIMITED -> ANTICHEATEXPERT.COM) R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [36248 2022-10-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0388646.inf_amd64_cec79a959dad0433\B388577\amdkmdag.sys [99809672 2023-02-21] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [59920 2022-05-31] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) S3 atvi-brynhildr; C:\ProgramData\Battle.net_components\brynhildr_odin2\brynhildr.sys [2188544 2022-11-16] (Activision Publishing Inc -> Activision Blizzard, Inc.) S3 atvi-geirdriful; C:\ProgramData\Battle.net_components\geirdrifulfore\geirdriful.sys [1965320 2022-04-26] (Activision Publishing Inc -> Activision Blizzard, Inc.) S3 atvi-randgrid; C:\ProgramData\Battle.net_components\randgridauks\randgrid.sys [2513192 2022-11-17] (Activision Publishing Inc -> Activision Blizzard, Inc.) R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.) R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG) S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv1.sys [19767024 2020-09-13] (Mail.Ru LLC -> LLC Mail.Ru) R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85616 2021-08-13] (A-Volute -> Windows (R) Win 7 DDK provider) S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [57768 2023-02-11] (Windscribe Limited -> The OpenVPN Project) R3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49624 2023-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [495912 2023-03-18] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99624 2023-03-18] (Microsoft Windows -> Microsoft Corporation) S3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2023-02-11] (Windscribe Limited -> WireGuard LLC) S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-02-11] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) S3 xhunter1; C:\WINDOWS\xhunter1.sys [1431256 2023-01-07] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Trzy miesiące (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2023-03-19 03:26 - 2023-03-19 03:26 - 000019478 _____ C:\Users\Krzysztof\Downloads\FRST.txt 2023-03-19 03:24 - 2023-03-19 03:24 - 002378752 _____ (Farbar) C:\Users\Krzysztof\Downloads\farbar-recovery-scan-tool-frst-26-01-2022.exe 2023-03-19 03:24 - 2023-03-19 03:24 - 001424136 _____ () C:\Users\Krzysztof\Desktop\farbar-recovery-scan-tool-frst-26-01-2022-ks_v2.323.428.06.4.exe 2023-03-19 03:24 - 2023-03-19 03:24 - 000000000 ____D C:\Users\Krzysztof\Downloads\FRST-OlderVersion 2023-03-19 03:08 - 2023-03-19 03:08 - 000000000 ____D C:\Users\Krzysztof\AppData\LocalLow\AMD 2023-03-18 23:58 - 2023-03-18 23:58 - 000000000 ____D C:\ProgramData\UrbanVPN 2023-03-18 23:48 - 2023-03-18 23:48 - 000223746 _____ C:\Users\Public\Desktop\mbst-clean-results.txt 2023-03-18 23:43 - 2023-03-18 23:43 - 005426543 _____ C:\Users\Public\Desktop\mbst-grab-results.zip 2023-03-18 23:42 - 2023-03-19 03:26 - 000000000 ____D C:\FRST 2023-03-18 23:39 - 2023-03-18 23:39 - 013471344 _____ C:\Users\Krzysztof\Desktop\mb-support-1.8.7.918.exe 2023-03-18 23:29 - 2023-03-08 21:46 - 001547656 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2023-03-18 23:29 - 2023-03-08 21:46 - 001547656 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll 2023-03-18 23:29 - 2023-03-08 21:38 - 004359096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdadlx64.dll 2023-03-18 23:29 - 2023-03-08 21:38 - 004165512 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdadlx32.dll 2023-03-18 17:16 - 2023-03-18 17:16 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2023-03-18 17:16 - 2023-03-18 17:16 - 000000000 ____D C:\Program Files (x86)\Microsoft GameInput 2023-03-18 17:14 - 2023-03-18 17:14 - 000000000 ___HD C:\$WinREAgent 2023-03-04 03:10 - 2023-03-04 03:43 - 000000000 ____D C:\Users\Krzysztof\AppData\Roaming\RiseOfIndustry 2023-03-04 03:10 - 2023-03-04 03:10 - 000000000 ____D C:\Users\Krzysztof\AppData\LocalLow\Dapper Penguin Studios 2023-03-03 15:26 - 2023-03-03 15:26 - 000000000 ____D C:\Program Files\Malwarebytes 2023-03-03 15:24 - 2023-03-03 15:24 - 002580896 _____ (Malwarebytes) C:\Users\Krzysztof\Desktop\MBSetup.exe 2023-02-26 18:41 - 2023-02-26 18:41 - 000001197 _____ C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-pity 2022 - program, pity roczne, e-deklaracje.lnk 2023-02-26 18:41 - 2023-02-26 18:41 - 000001167 _____ C:\Users\Krzysztof\Desktop\e-pity 2022 - program, pity roczne, e-deklaracje.lnk 2023-02-25 15:20 - 2023-03-07 01:34 - 000000000 ____D C:\ProgramData\Hogwarts Legacy 2023-02-25 15:20 - 2023-02-25 15:20 - 000000000 ____D C:\Users\Krzysztof\AppData\Local\Hogwarts Legacy 2023-02-25 07:16 - 2023-02-21 18:01 - 002248072 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2023-02-25 07:16 - 2023-02-21 18:01 - 002248072 _____ C:\WINDOWS\system32\vulkaninfo.exe 2023-02-25 07:16 - 2023-02-21 18:01 - 001654664 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2023-02-25 07:16 - 2023-02-21 18:01 - 001654664 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2023-02-25 07:16 - 2023-02-21 18:01 - 001472984 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 001472984 _____ C:\WINDOWS\system32\vulkan-1.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 001196368 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 001196368 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 000801112 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 000678280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 000606040 _____ C:\WINDOWS\system32\GameManager64.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 000547720 _____ C:\WINDOWS\system32\libsmi_guest.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 000542048 _____ C:\WINDOWS\system32\dgtrayicon.exe 2023-02-25 07:16 - 2023-02-21 18:01 - 000541016 _____ C:\WINDOWS\system32\libsmi_host.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 000502104 _____ C:\WINDOWS\system32\EEURestart.exe 2023-02-25 07:16 - 2023-02-21 18:01 - 000459608 _____ C:\WINDOWS\SysWOW64\GameManager32.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 000360792 _____ C:\WINDOWS\system32\clinfo.exe 2023-02-25 07:16 - 2023-02-21 18:01 - 000206168 _____ C:\WINDOWS\system32\mantle64.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 000185736 _____ C:\WINDOWS\system32\mantleaxl64.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 000163208 _____ C:\WINDOWS\SysWOW64\mantle32.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 000147336 _____ C:\WINDOWS\SysWOW64\mantleaxl32.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 000051080 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll 2023-02-25 07:16 - 2023-02-21 18:01 - 000047960 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll 2023-02-25 07:16 - 2023-02-21 18:00 - 000183728 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2023-02-25 07:16 - 2023-02-21 18:00 - 000146864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2023-02-25 07:16 - 2023-02-21 17:59 - 000947032 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2023-02-25 07:16 - 2023-02-21 17:59 - 000535384 _____ C:\WINDOWS\system32\atieah64.exe 2023-02-25 07:16 - 2023-02-21 17:59 - 000472928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2023-02-25 07:16 - 2023-02-21 17:59 - 000404320 _____ C:\WINDOWS\SysWOW64\atieah32.exe 2023-02-25 07:16 - 2023-02-21 17:59 - 000266072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2023-02-25 07:16 - 2023-02-21 17:59 - 000226648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2023-02-25 07:16 - 2023-02-21 17:59 - 000210104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2023-02-25 07:16 - 2023-02-21 17:59 - 000195928 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2023-02-25 07:16 - 2023-02-21 17:59 - 000173000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2023-02-25 07:16 - 2023-02-21 17:59 - 000144216 _____ C:\WINDOWS\system32\atidxx64.dll 2023-02-25 07:16 - 2023-02-21 17:59 - 000118112 _____ C:\WINDOWS\SysWOW64\atidxx32.dll 2023-02-25 07:16 - 2023-02-21 17:59 - 000074632 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll 2023-02-25 07:16 - 2023-02-21 17:58 - 100645256 _____ C:\WINDOWS\system32\amd_comgr.dll 2023-02-25 07:16 - 2023-02-21 17:58 - 084666288 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll 2023-02-25 07:16 - 2023-02-21 17:58 - 000524208 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2023-02-25 07:16 - 2023-02-21 17:58 - 000389552 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2023-02-25 07:16 - 2023-02-21 17:58 - 000142216 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll 2023-02-25 07:16 - 2023-02-21 17:58 - 000118152 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll 2023-02-25 07:16 - 2023-02-21 17:57 - 000138120 _____ C:\WINDOWS\system32\amdxc64.dll 2023-02-25 07:16 - 2023-02-21 17:57 - 000113536 _____ C:\WINDOWS\SysWOW64\amdxc32.dll 2023-02-25 07:16 - 2023-02-21 17:54 - 007200168 _____ C:\WINDOWS\system32\amdsmi.exe 2023-02-25 07:16 - 2023-02-21 17:54 - 002266504 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdsasrv64.dll 2023-02-25 07:16 - 2023-02-21 17:54 - 001320328 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdsacli64.dll 2023-02-25 07:16 - 2023-02-21 17:54 - 001048920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdsacli32.dll 2023-02-25 07:16 - 2023-02-21 17:53 - 001725552 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll 2023-02-25 07:16 - 2023-02-21 17:53 - 000942984 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll 2023-02-25 07:16 - 2023-02-21 17:53 - 000770952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll 2023-02-25 07:16 - 2023-02-21 17:53 - 000470920 _____ C:\WINDOWS\system32\amdlogum.exe 2023-02-25 07:16 - 2023-02-21 17:53 - 000167008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2023-02-25 07:16 - 2023-02-21 17:53 - 000136496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2023-02-25 07:16 - 2023-02-21 17:52 - 001399976 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll 2023-02-25 07:16 - 2023-02-21 17:52 - 000187432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll 2023-02-25 07:16 - 2023-02-21 17:50 - 016175448 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll 2023-02-25 07:16 - 2023-02-21 17:50 - 000568200 _____ C:\WINDOWS\system32\amdgfxinfo64.dll 2023-02-25 07:16 - 2023-02-21 17:50 - 000567712 _____ C:\WINDOWS\system32\amdmiracast.dll 2023-02-25 07:16 - 2023-02-21 17:50 - 000431960 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll 2023-02-25 07:16 - 2023-02-21 17:50 - 000167008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2023-02-25 07:16 - 2023-02-21 17:50 - 000136448 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2023-02-25 07:16 - 2023-02-21 17:49 - 000176968 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2023-02-25 07:16 - 2023-02-21 17:49 - 000151072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2023-02-25 07:16 - 2023-02-21 17:18 - 094812032 _____ C:\WINDOWS\system32\amdxc64.so 2023-02-16 01:31 - 2023-02-16 01:31 - 000000202 _____ C:\Users\Krzysztof\Desktop\Dziedzictwo Hogwartu.url 2023-02-11 16:49 - 2023-02-11 16:49 - 000000000 ____D C:\Users\Krzysztof\UrbanVPN 2023-02-11 16:48 - 2023-02-11 16:48 - 000000000 ____D C:\Users\Krzysztof\AppData\Local\AdvinstAnalytics 2023-02-11 16:24 - 2023-02-11 16:24 - 000000000 ____D C:\Users\Krzysztof\AppData\Local\Windscribe 2023-02-11 16:23 - 2023-02-11 16:23 - 000057768 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapwindscribe0901.sys 2023-02-11 16:23 - 2023-02-11 16:23 - 000047544 _____ (WireGuard LLC) C:\WINDOWS\system32\Drivers\windtun420.sys 2023-02-03 23:33 - 2023-02-03 23:33 - 000001008 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2023-02-03 23:33 - 2023-02-03 23:33 - 000000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk 2023-02-03 23:33 - 2023-02-03 23:33 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client 2023-01-22 19:12 - 2023-01-22 19:12 - 000027056 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_489449552379792.dll 2023-01-17 00:06 - 2023-03-18 17:10 - 000002286 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-01-14 03:22 - 2023-01-14 03:26 - 000000000 ____D C:\Users\Krzysztof\AppData\Roaming\EldenRing 2023-01-14 03:22 - 2023-01-14 03:22 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS 2023-01-14 00:43 - 2023-01-14 00:43 - 000000203 _____ C:\Users\Krzysztof\Desktop\ELDEN RING.url 2023-01-07 22:16 - 2023-01-07 22:16 - 001431256 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys 2023-01-07 22:15 - 2023-01-07 22:15 - 000000000 ____D C:\Users\Krzysztof\AppData\Local\Overprime 2023-01-07 17:43 - 2023-01-07 17:43 - 000000000 ____D C:\Users\Krzysztof\AppData\Local\ATI 2023-01-07 11:52 - 2023-03-19 02:40 - 000000000 ____D C:\Users\Krzysztof\AppData\Local\AMD 2023-01-07 11:52 - 2023-01-07 11:53 - 000000000 ____D C:\ProgramData\AMD 2023-01-07 11:51 - 2023-03-19 03:14 - 000000000 ____D C:\Program Files\AMD 2023-01-07 11:49 - 2023-03-08 21:46 - 002028424 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2023-01-07 11:49 - 2023-02-21 17:52 - 000231792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll 2023-01-07 11:49 - 2022-12-07 14:33 - 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin 2023-01-07 11:49 - 2022-12-07 14:33 - 000138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin 2023-01-07 11:49 - 2022-12-07 14:33 - 000128048 _____ C:\WINDOWS\system32\kapp_ci.sbin 2023-01-07 11:49 - 2022-12-07 14:33 - 000121168 _____ C:\WINDOWS\system32\kapp_si.sbin 2023-01-07 11:49 - 2022-10-14 14:21 - 000611256 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdfendrsr.exe 2023-01-07 11:49 - 2022-10-14 14:21 - 000177048 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdfendr.sys 2023-01-07 11:49 - 2022-10-14 14:21 - 000036248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdfendrmgr.sys 2023-01-07 11:49 - 2022-05-31 18:49 - 000059920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdxe.sys 2022-12-30 13:58 - 2022-12-30 13:58 - 004404792 _____ (AMD ) C:\Users\Krzysztof\Desktop\AMD PVT Setup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MzM2MzIzOCwiaWF0IjoxNjcyNDA1MDg0LCJleHAiOjE2NzI0MDY4ODR9.aHXna_DxQ0T-D2-KVpRDFsghCJjN-LVRqSu7Rr7LFKw.exe 2022-12-30 13:58 - 2022-12-30 13:58 - 000001110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Product Verification Tool.lnk 2022-12-30 13:58 - 2022-12-30 13:58 - 000001098 _____ C:\Users\Public\Desktop\AMD Product Verification Tool.lnk 2022-12-30 13:58 - 2022-12-30 13:58 - 000000000 ____D C:\Program Files\AMDProduct Verification Tool 2022-12-30 13:58 - 2016-01-28 14:22 - 000504320 _____ (Newtonsoft) C:\WINDOWS\system32\Newtonsoft.Json.dll 2022-12-29 01:44 - 2022-12-29 01:44 - 000000000 ____D C:\Users\Krzysztof\AppData\Roaming\CPY_SAVES 2022-12-26 00:14 - 2022-12-26 00:14 - 000002181 _____ C:\Users\Krzysztof\Desktop\Misty Continent Przeklęta Wyspa.lnk ==================== Trzy miesiące (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2023-03-19 03:19 - 2020-06-22 19:40 - 001767984 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-03-19 03:19 - 2019-12-07 16:09 - 000784340 _____ C:\WINDOWS\system32\perfh015.dat 2023-03-19 03:19 - 2019-12-07 16:09 - 000152236 _____ C:\WINDOWS\system32\perfc015.dat 2023-03-19 03:19 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2023-03-19 03:14 - 2020-06-22 19:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-03-19 03:14 - 2020-06-22 19:35 - 000008192 ___SH C:\DumpStack.log.tmp 2023-03-19 03:14 - 2020-05-23 06:26 - 000000000 ____D C:\Users\Krzysztof\AppData\Roaming\uTorrent Web 2023-03-19 03:14 - 2020-05-23 06:26 - 000000000 ____D C:\Users\Krzysztof\AppData\Local\BitTorrentHelper 2023-03-19 03:14 - 2019-12-12 18:43 - 000000000 ____D C:\Users\Krzysztof\AppData\Local\CrashDumps 2023-03-19 03:14 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-03-19 03:13 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2023-03-19 03:01 - 2019-12-12 16:02 - 000000000 ____D C:\Users\Krzysztof\AppData\Local\Packages 2023-03-19 03:01 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-03-19 02:57 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-03-19 02:34 - 2020-06-22 19:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-03-19 00:37 - 2019-12-17 01:25 - 000000000 ____D C:\ProgramData\Origin 2023-03-19 00:36 - 2021-01-27 17:03 - 000000000 ____D C:\Program Files (x86)\Origin 2023-03-19 00:07 - 2022-12-10 22:47 - 000000000 ____D C:\Users\Krzysztof\AppData\Local\AMD_Common 2023-03-19 00:00 - 2022-03-02 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware 2023-03-19 00:00 - 2022-03-02 22:12 - 000000000 ____D C:\ProgramData\GridinSoft 2023-03-19 00:00 - 2021-01-24 13:07 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2023-03-18 23:59 - 2019-12-12 16:07 - 000000000 ___RD C:\Users\Krzysztof\OneDrive 2023-03-18 23:58 - 2021-12-21 17:46 - 000000000 ____D C:\WINDOWS\SystemTemp 2023-03-18 23:46 - 2020-06-22 19:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2023-03-18 23:32 - 2021-12-01 23:17 - 000000000 ____D C:\AMD 2023-03-18 17:36 - 2019-12-14 03:03 - 000000000 ____D C:\WINDOWS\system32\MRT 2023-03-18 17:35 - 2019-12-14 03:03 - 153620824 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2023-03-18 17:35 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-03-18 17:16 - 2022-10-25 19:50 - 000079352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe 2023-03-18 17:16 - 2022-10-25 19:50 - 000062928 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe 2023-03-18 17:16 - 2021-11-23 07:49 - 000165328 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll 2023-03-18 17:16 - 2020-06-22 20:40 - 002786768 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll 2023-03-18 17:16 - 2020-06-22 20:40 - 000476624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll 2023-03-18 17:16 - 2020-06-22 20:40 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll 2023-03-18 17:16 - 2020-06-22 20:40 - 000202192 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll 2023-03-18 17:16 - 2020-06-22 20:40 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll 2023-03-18 17:11 - 2019-12-12 16:36 - 000001518 _____ C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk 2023-03-18 17:10 - 2022-03-12 03:56 - 000001940 _____ C:\Users\Krzysztof\Desktop\uTorrent Web.lnk 2023-03-18 17:10 - 2022-03-12 03:56 - 000001926 _____ C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk 2023-03-18 17:10 - 2020-11-12 16:36 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-03-08 00:34 - 2020-02-21 00:38 - 000000000 ____D C:\SteamLibrary 2023-03-08 00:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2023-03-07 23:00 - 2020-11-12 16:36 - 000003566 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-03-07 23:00 - 2020-11-12 16:36 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-03-06 23:37 - 2020-02-17 00:25 - 000001553 _____ C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera GX.lnk 2023-03-05 10:39 - 2021-08-11 19:00 - 000000000 ____D C:\Users\Krzysztof\AppData\LocalLow\Mozilla 2023-03-03 15:27 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2023-03-03 15:06 - 2020-07-26 23:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.1 2023-03-03 15:06 - 2019-12-17 01:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar 2023-02-26 18:41 - 2021-02-21 23:29 - 000000000 ____D C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-file [ID] 2023-02-26 18:41 - 2020-02-20 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-pity 2023-02-26 04:39 - 2020-06-22 20:40 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameInputRedist.dll 2023-02-26 03:39 - 2020-06-22 19:35 - 000268200 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2023-02-26 03:38 - 2019-12-07 16:12 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2023-02-26 03:38 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2023-02-26 03:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2023-02-26 03:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources 2023-02-26 03:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup 2023-02-26 03:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2023-02-26 03:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\DDFs 2023-02-26 03:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2023-02-26 03:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2023-02-26 03:11 - 2020-06-22 20:40 - 000242168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GameInputRedist.dll 2023-02-25 15:20 - 2020-06-25 17:30 - 000000000 ____D C:\Users\Krzysztof\AppData\Local\D3DSCache ==================== Pliki w katalogu głównym wybranych folderów ======== 2021-12-18 19:42 - 2022-02-12 16:51 - 000074342 _____ () C:\Users\Krzysztof\AppData\Local\PlariumPlay.log 2021-12-01 23:22 - 2021-12-01 23:22 - 000000017 _____ () C:\Users\Krzysztof\AppData\Local\resmon.resmoncfg ==================== SigCheckExt ========================= 2013-08-22 12:45 - 2013-08-22 12:45 - 000003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-fibers-l2-1-1.dll 2013-08-22 12:42 - 2013-08-22 12:42 - 000002560 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-psm-appnotify-l1-1-0.dll 2013-08-22 12:43 - 2013-08-22 12:43 - 000004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-devices-config-l1-1-1.dll 2013-08-22 12:42 - 2013-08-22 12:42 - 000003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-mm-misc-l1-1-1.dll 2013-08-22 12:42 - 2013-08-22 12:42 - 000003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-rtcore-ntuser-winevent-l1-1-0.dll 2013-08-22 12:42 - 2013-08-22 12:42 - 000004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-security-cryptoapi-l1-1-0.dll 2013-08-22 02:40 - 2013-08-22 06:23 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoWorkplace.exe 2014-11-21 06:00 - 2014-11-21 06:00 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoWorkplaceN.dll 2014-11-21 05:59 - 2014-11-21 05:59 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe 2014-11-21 06:00 - 2014-11-21 06:00 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfp.exe 2014-11-21 06:00 - 2014-11-21 06:00 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DfpCommon.dll 2013-08-22 12:42 - 2013-08-22 12:42 - 000003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-msa-ui-l1-1-0.dll 2013-08-22 12:42 - 2013-08-22 12:42 - 000004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-ntuser-misc-l1-2-0.dll 2013-08-22 12:42 - 2013-08-22 12:42 - 000003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-rtcore-ntuser-dpi-l1-1-0.dll 2020-06-22 20:40 - 2023-03-18 17:16 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll 2014-11-21 09:09 - 2014-11-21 09:09 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lockscreencn.dll 2022-12-30 13:58 - 2016-01-28 14:22 - 000504320 _____ (Newtonsoft) C:\WINDOWS\system32\Newtonsoft.Json.dll 2014-11-21 08:33 - 2014-11-21 08:33 - 000733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2019-12-13 22:30 - 2015-07-22 15:19 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll 2014-11-21 05:59 - 2014-11-21 05:59 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2019-12-13 22:28 - 2018-03-10 18:43 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll 2013-08-22 05:17 - 2013-08-22 05:17 - 000003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-fibers-l2-1-1.dll 2013-08-22 05:14 - 2013-08-22 05:14 - 000002560 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-psm-appnotify-l1-1-0.dll 2013-08-22 05:14 - 2013-08-22 05:14 - 000004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-devices-config-l1-1-1.dll 2013-08-22 05:14 - 2013-08-22 05:14 - 000003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-mm-misc-l1-1-1.dll 2013-08-22 05:14 - 2013-08-22 05:14 - 000003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-rtcore-ntuser-winevent-l1-1-0.dll 2013-08-22 05:14 - 2013-08-22 05:14 - 000004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-security-cryptoapi-l1-1-0.dll 2014-11-21 05:59 - 2014-11-21 05:59 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe 2020-02-23 14:02 - 2020-02-23 14:02 - 000144896 _____ (Elaborate Bytes AG) C:\WINDOWS\SysWOW64\ElbyVCD.dll 2013-08-22 05:14 - 2013-08-22 05:14 - 000003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-msa-ui-l1-1-0.dll 2013-08-22 05:14 - 2013-08-22 05:13 - 000004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-ntuser-misc-l1-2-0.dll 2013-08-22 05:14 - 2013-08-22 05:13 - 000003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-rtcore-ntuser-dpi-l1-1-0.dll 2014-11-21 05:59 - 2014-11-21 05:59 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2023-03-19 03:24 - 2023-03-19 03:24 - 002378752 _____ (Farbar) C:\Users\Krzysztof\Downloads\farbar-recovery-scan-tool-frst-26-01-2022.exe 2020-12-05 22:44 - 2020-12-05 22:44 - 007323689 _____ ( ) C:\Users\Krzysztof\Downloads\WinRAR 5.50 PL FULL (zarejestrowany).exe ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) ==================== BCD ================================ Firmware Boot Manager --------------------- identifier {fwbootmgr} displayorder {bootmgr} {9145f6ac-1ced-11ea-93ba-c254d8f2c0ca} timeout 1 Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume2 path \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI description Windows Boot Manager locale pl-PL inherit {globalsettings} default {current} resumeobject {69bdfe06-b4bf-11ea-a23c-88a3f2137d39} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Firmware Application (101fffff) ------------------------------- identifier {9145f6ac-1ced-11ea-93ba-c254d8f2c0ca} description Hard Drive Windows Boot Loader ------------------- identifier {current} device partition=C: path \WINDOWS\system32\winload.efi description Windows 10 locale pl-PL inherit {bootloadersettings} recoverysequence {69bdfe08-b4bf-11ea-a23c-88a3f2137d39} displaymessageoverride Recovery recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {69bdfe06-b4bf-11ea-a23c-88a3f2137d39} nx OptIn bootmenupolicy Standard Windows Boot Loader ------------------- identifier {69bdfe08-b4bf-11ea-a23c-88a3f2137d39} device ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{69bdfe09-b4bf-11ea-a23c-88a3f2137d39} path \windows\system32\winload.efi description Windows Recovery Environment locale pl-PL inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{69bdfe09-b4bf-11ea-a23c-88a3f2137d39} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Resume from Hibernate --------------------- identifier {69bdfe06-b4bf-11ea-a23c-88a3f2137d39} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale pl-PL inherit {resumeloadersettings} recoverysequence {69bdfe08-b4bf-11ea-a23c-88a3f2137d39} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\memtest.efi description Diagnostyka pami©ci systemu Windows locale pl-PL inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems No Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {69bdfe09-b4bf-11ea-a23c-88a3f2137d39} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume5 ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== Koniec FRST.txt ========================