Elektroda.pl
Elektroda.pl
X
Elektroda.pl
Advanced Search

Search our partners

Find the latest content on electronic components. Datasheets.com
Datasheets
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

PC - Witam, podłapałem chyba jakiegoś malware

xxSashaxx 26 Jul 2019 18:07 552 6
Lock | New topic
  • #1
    xxSashaxx
    Level 5  
    Wszystko się zaczęło od tego, że na klawiaturze nie działał mi klawisz z albo sam się wciskał wielokrotnie. Wydaje mi się, że musiałem coś podłapać i coś mnie szpieguje. Przeskanowałem komputer Malwarebytes, avastem i wyszły mi jakieś zagrożenia w tym coś z bitcoinem. Wszystko to pousuwałem jednak gdy próbuję coś ściągnąć np. ze steama albo z przeglądarki to spada mi transfer albo w ogóle się nie pobiera tak jakby coś mi go kradło. Za wszelką pomoc z góry dzięki. Raczej wolałbym uniknąć formatu w miarę możliwości.
  • #2
    User removed account
    Level 1  
  • #3
    xxSashaxx
    Level 5  
    A powinienem tam coś ocenzurować ?
    FSRT
    Spoiler:
    can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
    Ran by Sasha (administrator) on SASHA-PC (26-07-2019 18:23:56)
    Running from C:\Users\Sasha\Downloads
    Loaded Profiles: Sasha (Available Profiles: Sasha)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1")
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-f...utorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Animation Labs) [File not signed] C:\Program Files (x86)\Animation Labs\vorpX\vorpService.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler64.exe
    (Byte Technologies LLC -> Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
    (Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    (Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    (Electronic Arts, Inc. -> Electronic Arts) D:\Origin\OriginWebHelperService.exe
    (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
    (GRISOFT LTD -> GRISOFT s.r.o.) C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
    (McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
    (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
    (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
    (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
    (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
    (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
    (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
    (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    (Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    (Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    (Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    (Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    (Valve -> Valve Corporation) D:\Steam\Steam.exe
    (VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
    (VIA) [File not signed] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA) [File not signed]
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (Canon Inc. -> CANON INC.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
    HKLM-x32\...\Run: [!AVG Anti-Spyware] => C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [6731312 2007-06-11] (GRISOFT LTD -> GRISOFT s.r.o.)
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\Run: [EADM] => "D:\Origin\Origin.exe" -AutoStart
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\Run: [Steam] => D:\Steam\steam.exe [3210016 2019-07-17] (Valve -> Valve Corporation)
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\Run: [Flvto Youtube Downloader] => C:\Users\Sasha\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.Redesign.exe [947712 2019-07-09] (Flvto.biz) [File not signed]
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\Run: [btweb] => C:\Users\Sasha\AppData\Roaming\BitTorrent Web\btweb.exe [5428440 2019-07-02] (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\Run: [BitTorrent] => C:\Users\Sasha\AppData\Roaming\BitTorrent\BitTorrent.exe [2083824 2019-07-11] (BitTorrent Inc -> BitTorrent Inc.)
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53646904 2019-07-18] (Skype Software Sarl -> Skype Technologies S.A.)
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\Run: [AvastBrowserAutoLaunch_5D4914FAEF81A5366E7420161AA52F1E] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\MountPoints2: {0c687901-a06e-11e8-bf03-3085a9461eb8} - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\MountPoints2: {170975ef-e31e-11e8-9c59-3085a9461eb8} - E:\autorun.exe
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\MountPoints2: {170975f3-e31e-11e8-9c59-3085a9461eb8} - E:\autorun.exe
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\MountPoints2: {65683768-390f-11e9-b475-3085a9461eb8} - E:\Setup.exe
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\MountPoints2: {873e65dd-349a-11e9-8438-3085a9461eb8} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\MountPoints2: {960c7633-4658-11e9-b7cd-3085a9461eb8} - E:\HiSuiteDownLoader.exe
    HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
    HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
    HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
    HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\75.1.1528.101\Installer\chrmstp.exe [2019-07-26] (AVAST Software s.r.o. -> AVAST Software)
    HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01F5A2B5-99C9-4C2F-8CFB-31CE163185B8} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-07-26] (AVAST Software s.r.o. -> AVAST Software)
    Task: {038A279A-F1FA-434A-A52A-B22F4DA76395} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {203C6A7E-31C9-4742-BD75-CE9523304F16} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {20DD6341-2E1A-432F-A157-84A3806F11FE} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [3916104 2019-07-02] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
    Task: {25B2D174-13DC-46BA-8902-846A6886DBB5} - System32\Tasks\WiperSoft Startup => c:\program files\WiperSoft\WiperSoft.exe [4972144 2019-07-24] (Wiper Software, UAB -> Wiper Software, UAB)
    Task: {3562F1CD-7A09-4D91-9006-92D8CEB8CCE0} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
    Task: {36CE60EE-F1CF-4DC3-92FC-E19A2569BB9E} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-07-26] (AVAST Software s.r.o. -> AVAST Software)
    Task: {3A48F80D-1A4A-4320-8FE2-91138183581F} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
    Task: {3BA09746-5660-40AC-A5D4-0BCF2B86876F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-10] (Google Inc -> Google Inc.)
    Task: {3DC7FB9D-F7AC-4B85-A54E-95D8225DD924} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {463E5120-1D32-455D-BF50-6DFAA71097AB} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {51D02D4D-B3B2-4B3B-95D4-DC159DE8A598} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {570D4296-8ABB-4E5C-8977-8BCDFE198A22} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {688358EC-E093-45EF-812A-72A1A62D1B6E} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1722880 2019-06-08] () [File not signed]
    Task: {8ACB3C04-31E8-4236-AB7A-61C6816BFF93} - System32\Tasks\Opera scheduled Autoupdate 1551861257 => C:\Users\Sasha\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-07-11] (Opera Software AS -> Opera Software)
    Task: {A201B633-B648-49D7-9F88-258E74DA091B} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {AE0A7893-745C-415E-957B-30E9CA5CD68C} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {BEC49FBD-F7FC-4F77-A73A-92F3CD7D2A91} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {FC6513BA-B6CE-41EB-8127-AE08263B0BC1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {FE316BF4-F231-45F2-B70B-E1EBD7E9AD83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-10] (Google Inc -> Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{B594E1F1-456F-44BD-A129-67CF236753C2}: [DhcpNameServer] 62.179.1.62 62.179.1.63
    Tcpip\..\Interfaces\{F0273EC0-D528-4C0E-AAF7-D327F9076172}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web-pl.com/
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2114438058-1069013670-705640317-1000 -> DefaultScope {876D08C6-111E-495B-B204-37FE7C037398} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2114438058-1069013670-705640317-1000 -> {876D08C6-111E-495B-B204-37FE7C037398} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-03-06] (Oracle America, Inc. -> Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
    BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-07-25] (McAfee, LLC -> McAfee, Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-06] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-07-25] (McAfee, LLC -> McAfee, Inc.)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

    FireFox:
    ========
    FF DefaultProfile: xtzr1fq1.default
    FF ProfilePath: C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\xtzr1fq1.default [2019-07-26]
    FF user.js: detected! => C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\xtzr1fq1.default\user.js [2019-07-09]
    FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\xtzr1fq1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-20]
    FF HKLM\...\Firefox\Extensions: [{90ca575e-4c80-47b5-8a3b-ad862f38a292}] - C:\Program Files (x86)\SafeMyWeb\ff\safe_my_web-1.0.1-fx.xpi
    FF Extension: (Safe my Web) - C:\Program Files (x86)\SafeMyWeb\ff\safe_my_web-1.0.1-fx.xpi [2019-06-05]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
    FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-07-25]
    FF HKLM-x32\...\Firefox\Extensions: [{90ca575e-4c80-47b5-8a3b-ad862f38a292}] - C:\Program Files (x86)\SafeMyWeb\ff\safe_my_web-1.0.1-fx.xpi
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-24] (Adobe Inc. -> )
    FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-06] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-06] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-24] (Adobe Inc. -> )
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed]
    FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.web-pl.com/
    CHR StartupUrls: Default -> "hxxp://www.web-pl.com/"
    CHR DefaultSearchURL: Default -> hxxp://www.web-pl.com/search?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> szukaj
    CHR Profile: C:\Users\Sasha\AppData\Local\Google\Chrome\User Data\Default [2019-07-24]
    CHR Extension: (Prezentacje) - C:\Users\Sasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-10]
    CHR Extension: (Dokumenty) - C:\Users\Sasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-10]
    CHR Extension: (Dysk Google) - C:\Users\Sasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-10]
    CHR Extension: (YouTube) - C:\Users\Sasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-10]
    CHR Extension: (Arkusze) - C:\Users\Sasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-10]
    CHR Extension: (Dokumenty Google offline) - C:\Users\Sasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-10]
    CHR Extension: (AdBlock) - C:\Users\Sasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-07-09]
    CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Sasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-10]
    CHR Extension: (Gmail) - C:\Users\Sasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-15]
    CHR Extension: (Chrome Media Router) - C:\Users\Sasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-17]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

    Opera:
    =======
    OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Sasha\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2019-04-30]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
    HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)

    S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-07-26] (AVAST Software s.r.o. -> AVAST Software)
    S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-07-26] (AVAST Software s.r.o. -> AVAST Software)
    S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\75.1.1528.101\elevation_service.exe [978720 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
    R2 AVG Anti-Spyware Guard; C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe [312880 2007-05-30] (GRISOFT LTD -> GRISOFT s.r.o.)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8577760 2019-03-31] (BattlEye Innovations e.K. -> )
    R2 ByteFenceService; c:\program files\bytefence\ByteFenceService.exe [157512 2019-07-02] (Byte Technologies LLC -> Byte Technologies LLC)
    S3 cfbackd; C:\Program Files (x86)\CleverFiles\Disk Drill\cfbackd.w32.exe [211520 2014-08-31] (508 Software, LLC -> CleverFiles)
    R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40016 2019-07-01] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [610472 2018-10-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899264 2019-07-25] (McAfee, LLC -> McAfee, Inc.)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
    R2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3171144 2019-01-23] (Electronic Arts, Inc. -> Electronic Arts)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2018-08-19] (Even Balance, Inc. -> )
    R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-07-25] (Razer USA Ltd. -> Razer Inc.)
    R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-07-25] (Razer USA Ltd. -> Razer Inc.)
    R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2018-04-06] (Razer USA Ltd. -> Razer Inc)
    R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [284400 2018-08-21] (Razer USA Ltd. -> )
    R2 rtop; c:\program files\bytefence\rtop\bin\rtop_svc.exe [297288 2019-07-25] (Byte Technologies LLC -> Byte Technologies LLC.)
    R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [534400 2018-07-28] (Razer USA Ltd. -> Razer Inc.)
    R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies Inc. -> VIA Technologies, Inc.)
    R2 vorpX Service; C:\Program Files (x86)\Animation Labs\vorpX\vorpService.exe [76800 2019-03-21] (Animation Labs) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
    R2 WirelessKB850NotificationService; C:\Windows\system32\WirelessKB850NotificationService.exe [174256 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
    S3 Origin Client Service; "D:\Origin\OriginClientService.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
    R1 AVG Anti-Spyware Driver; C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys [12024 2007-05-30] (GRISOFT LTD -> )
    R1 AvgAsC64; C:\Windows\System32\DRIVERS\AvgAsC64.sys [14072 2007-05-30] (GRISOFT LTD -> GRISOFT, s.r.o.)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
    R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [54152 2019-07-01] (CHENGDU YIWO Tech Development Co., Ltd. -> )
    R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-07-26] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-07-26] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-07-26] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-07-26] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [106344 2019-07-26] (Malwarebytes Corporation -> Malwarebytes)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-13] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
    R3 RzCommon; C:\Windows\System32\DRIVERS\RzCommon.sys [46056 2018-04-15] (Razer USA Ltd. -> Razer Inc)
    R3 RzDev_005c; C:\Windows\System32\DRIVERS\RzDev_005c.sys [49648 2018-04-22] (Razer USA Ltd. -> Razer Inc)
    R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
    R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [2182768 2011-11-11] (VIA Technologies Inc. -> VIA Technologies, Inc.)
    U3 aswbdisk; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-07-26 18:23 - 2019-07-26 18:29 - 000031230 _____ C:\Users\Sasha\Downloads\FRST.txt
    2019-07-26 18:23 - 2019-07-26 18:23 - 000000000 ____D C:\FRST
    2019-07-26 18:22 - 2019-07-26 18:23 - 002095104 _____ (Farbar) C:\Users\Sasha\Downloads\FRST64.exe
    2019-07-26 18:21 - 2019-07-26 18:22 - 001934082 _____ (Farbar) C:\Users\Sasha\Downloads\Farbar_Recovery_Scan_Tool_x64.exe
    2019-07-26 17:34 - 2019-07-26 17:34 - 000003150 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
    2019-07-26 17:34 - 2019-07-26 17:34 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
    2019-07-26 17:33 - 2019-07-26 17:33 - 000003732 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
    2019-07-26 17:33 - 2019-07-26 17:33 - 000003370 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
    2019-07-26 17:33 - 2019-07-26 17:33 - 000003242 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
    2019-07-26 17:33 - 2019-07-26 17:33 - 000000000 ____D C:\Users\Sasha\AppData\Local\AVAST Software
    2019-07-26 17:33 - 2019-07-26 17:33 - 000000000 ____D C:\Program Files (x86)\AVAST Software
    2019-07-26 17:32 - 2019-07-26 17:32 - 000000000 ____D C:\Users\Sasha\AppData\Roaming\AVAST Software
    2019-07-26 17:31 - 2019-07-26 17:31 - 000387896 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6338212e5f55fe5a.tmp
    2019-07-26 17:31 - 2019-07-26 17:30 - 000477288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcc738e0593032e5e.tmp
    2019-07-26 17:31 - 2019-07-26 17:30 - 000363400 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2019-07-26 17:31 - 2019-07-26 17:30 - 000279336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd506ec94240d14be.tmp
    2019-07-26 17:31 - 2019-07-26 17:30 - 000225816 _____ (AVAST Software) C:\Windows\system32\Drivers\asw900bdbe3d06a11f8.tmp
    2019-07-26 17:31 - 2019-07-26 17:30 - 000169112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb3286d7d527677d6.tmp
    2019-07-26 17:31 - 2019-07-26 17:30 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6b53e77db8b1aadf.tmp
    2019-07-26 17:31 - 2019-07-26 17:30 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc735e1aba7d141f0.tmp
    2019-07-26 17:31 - 2019-07-26 17:30 - 000042504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe93a1bfcf1203372.tmp
    2019-07-26 17:30 - 2019-07-26 17:29 - 001030992 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2fb0397e049e9c20.tmp
    2019-07-26 17:30 - 2019-07-26 17:29 - 000263224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd01d40604fd60dc5.tmp
    2019-07-26 17:30 - 2019-07-26 17:29 - 000209256 _____ (AVAST Software) C:\Windows\system32\Drivers\asw15736ede21c67a04.tmp
    2019-07-26 17:30 - 2019-07-26 17:29 - 000206056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswad6006a606c69fb8.tmp
    2019-07-26 17:30 - 2019-07-26 17:29 - 000061688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswec61153d6d44bf4b.tmp
    2019-07-26 17:30 - 2019-07-26 17:29 - 000037320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcbc253e79a5a4dff.tmp
    2019-07-26 17:28 - 2019-07-26 17:28 - 000000000 ____D C:\Program Files\AVAST Software
    2019-07-26 17:27 - 2019-07-26 17:27 - 000228544 _____ (AVAST Software) C:\Users\Sasha\Downloads\avast_free_antivirus_setup_online.exe
    2019-07-26 17:27 - 2019-07-26 17:27 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2019-07-26 17:26 - 2019-07-26 17:26 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2019-07-26 17:26 - 2019-07-26 17:26 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2019-07-26 17:26 - 2019-07-26 17:26 - 000106344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2019-07-26 17:25 - 2019-07-26 17:25 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2019-07-26 00:38 - 2019-07-26 00:38 - 000003933 _____ C:\Users\Sasha\AppData\Local\recently-used.xbel
    2019-07-25 22:52 - 2019-07-25 22:52 - 012236394 _____ C:\Users\Sasha\Desktop\retusz.xcf
    2019-07-25 21:01 - 2019-07-26 00:53 - 000000000 ____D C:\Users\Sasha\AppData\Local\babl-0.1
    2019-07-25 21:01 - 2019-07-26 00:38 - 000000000 ____D C:\Users\Sasha\AppData\Local\gtk-2.0
    2019-07-25 21:01 - 2019-07-25 21:01 - 000000000 ____D C:\Users\Sasha\AppData\Roaming\GIMP
    2019-07-25 21:01 - 2019-07-25 21:01 - 000000000 ____D C:\Users\Sasha\AppData\Local\GIMP
    2019-07-25 21:01 - 2019-07-25 21:01 - 000000000 ____D C:\Users\Sasha\AppData\Local\gegl-0.4
    2019-07-25 21:01 - 2019-07-25 21:01 - 000000000 ____D C:\Users\Sasha\.cache
    2019-07-25 21:00 - 2019-07-25 21:00 - 000003195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.lnk
    2019-07-25 21:00 - 2019-07-25 21:00 - 000000901 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.12.lnk
    2019-07-25 20:59 - 2019-07-25 21:00 - 000000000 ____D C:\Program Files\GIMP 2
    2019-07-25 20:59 - 2019-07-25 21:00 - 000000000 ____D C:\Program Files (x86)\Booking
    2019-07-25 20:59 - 2019-07-25 20:59 - 234076816 _____ (The GIMP Team ) C:\Users\Sasha\Downloads\gimp-2-10-12.exe
    2019-07-25 20:59 - 2019-07-25 20:59 - 000003344 _____ C:\Windows\System32\Tasks\ByteFence
    2019-07-25 20:59 - 2019-07-25 20:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
    2019-07-25 20:58 - 2019-07-26 00:38 - 000000000 ____D C:\Program Files\ByteFence
    2019-07-25 20:58 - 2019-07-25 20:58 - 000000000 ____D C:\ProgramData\McAfee
    2019-07-25 20:58 - 2019-07-25 20:58 - 000000000 ____D C:\Program Files\McAfee
    2019-07-25 20:40 - 2019-07-25 22:50 - 000000000 ____D C:\Users\Sasha\Desktop\Zdjęcia2
    2019-07-24 23:56 - 2019-07-24 23:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-07-24 23:55 - 2019-07-24 23:55 - 064731688 _____ (Malwarebytes ) C:\Users\Sasha\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11698.exe
    2019-07-24 23:55 - 2019-07-24 23:55 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-07-24 23:55 - 2019-07-24 23:55 - 000000000 ____D C:\Program Files\Malwarebytes
    2019-07-24 23:55 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
    2019-07-24 23:54 - 2019-07-24 23:54 - 000003288 _____ C:\Windows\System32\Tasks\WiperSoft Startup
    2019-07-24 23:54 - 2019-07-24 23:54 - 000000000 ____D C:\Users\Sasha\AppData\Roaming\WiperSoft
    2019-07-24 23:54 - 2019-07-24 23:54 - 000000000 ____D C:\Program Files\WiperSoft
    2019-07-24 23:53 - 2019-07-24 23:53 - 002427504 _____ (Wiper Software, UAB) C:\Users\Sasha\Downloads\WiperSoft-installer.exe
    2019-07-24 23:44 - 2019-07-24 23:44 - 012413440 _____ C:\Users\Sasha\Downloads\AVG_Anti-Spyware7.5.1.43_www.INSTALKI.pl.exe
    2019-07-24 23:44 - 2019-07-24 23:44 - 000000000 ____D C:\Users\Sasha\AppData\Roaming\Grisoft
    2019-07-24 23:44 - 2019-07-24 23:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Anti-Spyware 7.5
    2019-07-24 23:44 - 2019-07-24 23:44 - 000000000 ____D C:\ProgramData\Grisoft
    2019-07-24 23:44 - 2019-07-24 23:44 - 000000000 ____D C:\Program Files (x86)\Grisoft
    2019-07-24 23:44 - 2007-05-30 15:10 - 000014072 _____ (GRISOFT, s.r.o.) C:\Windows\system32\Drivers\AvgAsC64.sys
    2019-07-24 21:18 - 2019-07-24 21:18 - 009488661 _____ C:\Users\Sasha\Downloads\epdf.pub_hope-and-help-for-your-nerves.pdf
    2019-07-24 21:18 - 2019-07-24 21:18 - 001511774 _____ C:\Users\Sasha\Downloads\epdf.pub_hope-and-help-for-your-nerves.djvu
    2019-07-24 20:37 - 2019-07-24 20:37 - 000108466 _____ C:\Users\Sasha\Downloads\Kompletna samopomoc dla Twoich nerwów. Naucz się relaksować i znów cieszyć życiem przezwyciężając st Claire Weekes.pdf
    2019-07-24 20:36 - 2019-07-24 20:36 - 000007876 _____ C:\Users\Sasha\Downloads\kompletna samopomoc dla twoich nerwow claire weekes pdf.pdf
    2019-07-24 19:27 - 2019-07-24 19:27 - 000000000 ____D C:\Users\Sasha\AppData\Roaming\Google
    2019-07-24 19:18 - 2019-07-24 19:18 - 063242024 _____ (Skype Technologies S.A.) C:\Users\Sasha\Downloads\Skype-8.50.0.38.exe
    2019-07-24 19:18 - 2019-07-24 19:18 - 000000000 ____D C:\Users\Sasha\AppData\Roaming\Skype
    2019-07-24 19:18 - 2019-07-24 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2019-07-20 19:59 - 2019-07-23 00:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
    2019-07-20 19:53 - 2019-07-20 19:53 - 008364965 _____ (Black Tree Gaming ) C:\Users\Sasha\Downloads\NMM Community Edition-4-0-70-5-1557993552.exe
    2019-07-20 03:46 - 2019-07-21 00:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2019-07-17 20:49 - 2019-07-17 20:49 - 000000829 _____ C:\Users\Sasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
    2019-07-17 20:49 - 2019-07-17 20:49 - 000000000 ____D C:\Users\Sasha\Desktop\Tor Browser
    2019-07-17 20:48 - 2019-07-17 20:48 - 057365624 _____ C:\Users\Sasha\Downloads\torbrowser-install-win64-8.5.4_en-US.exe
    2019-07-17 16:26 - 2019-07-17 16:26 - 000000000 ____D C:\Users\Sasha\Downloads\BL2 - PC Profile Editor
    2019-07-17 16:14 - 2019-07-17 16:14 - 000000000 ____D C:\Users\Sasha\Downloads\BL2 Save Edit GIB
    2019-07-15 23:19 - 2019-07-15 23:19 - 000000000 ____D C:\Users\Sasha\AppData\Roaming\EasyAntiCheat
    2019-07-14 16:29 - 2019-07-14 16:29 - 000000000 ____D C:\Users\Sasha\AppData\Local\WeMod
    2019-07-13 20:26 - 2019-07-13 20:26 - 000000000 ____D C:\Users\Sasha\.AdvertisingPopup
    2019-07-13 20:25 - 2019-07-13 20:25 - 000000000 ____D C:\ProgramData\SystemAcCrux
    2019-07-13 20:25 - 2019-07-13 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 11.5
    2019-07-13 20:25 - 2019-07-01 16:11 - 000344456 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
    2019-07-13 20:25 - 2019-07-01 16:11 - 000074120 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
    2019-07-13 20:25 - 2019-07-01 16:11 - 000054152 _____ C:\Windows\system32\Drivers\EUBKMON.sys
    2019-07-13 20:25 - 2019-07-01 16:11 - 000023432 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
    2019-07-13 20:24 - 2019-07-13 20:24 - 000000000 ____D C:\Program Files (x86)\EaseUS
    2019-07-13 20:24 - 2019-07-01 16:09 - 000026192 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe
    2019-07-13 19:54 - 2019-07-13 20:36 - 000000000 ____D C:\Users\Sasha\AppData\Local\DiskDrill
    2019-07-13 19:54 - 2019-07-13 19:54 - 000000000 ____D C:\Users\Sasha\AppData\Roaming\Cleverfiles Software
    2019-07-13 19:54 - 2019-07-13 19:54 - 000000000 ____D C:\Users\Sasha\AppData\Local\CrashRpt
    2019-07-13 19:54 - 2019-07-13 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cleverfiles Disk Drill
    2019-07-13 19:54 - 2019-07-13 19:54 - 000000000 ____D C:\Program Files (x86)\CleverFiles
    2019-07-13 19:49 - 2019-07-13 19:49 - 000000000 ____D C:\Users\Sasha\AppData\Roaming\DarkSoulsIII
    2019-07-13 19:38 - 2019-07-13 20:30 - 000000000 ____D C:\Program Files\Recuva
    2019-07-13 19:38 - 2019-07-13 19:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
    2019-07-13 18:59 - 2019-07-13 18:59 - 000000000 ____D C:\Users\Sasha\AppData\Local\FromSoftware
    2019-07-13 16:22 - 2019-07-15 12:29 - 000000000 ____D C:\Users\Sasha\Downloads\Auto Hipnoza
    2019-07-13 16:22 - 2019-07-13 16:22 - 000000000 ____D C:\Users\Sasha\Downloads\Ms Word
    2019-07-11 21:16 - 2019-07-11 21:16 - 000000851 _____ C:\Users\Sasha\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
    2019-07-11 18:52 - 2019-07-11 18:52 - 000286720 _____ C:\Users\Sasha\Documents\Baza danych1.accdb
    2019-07-11 18:44 - 2019-07-11 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2019-07-11 18:43 - 2019-07-11 18:43 - 000000000 ____D C:\Windows\PCHEALTH
    2019-07-11 18:43 - 2019-07-11 18:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Works
    2019-07-11 18:43 - 2019-07-11 18:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
    2019-07-11 18:41 - 2019-07-11 18:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2019-07-11 18:41 - 2019-07-11 18:41 - 000000000 ____D C:\Users\Sasha\AppData\Local\Microsoft Help
    2019-07-11 18:41 - 2019-07-11 18:41 - 000000000 ____D C:\Program Files\Microsoft Office
    2019-07-11 18:41 - 2019-07-11 18:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
    2019-07-10 23:43 - 2019-07-25 00:02 - 000000000 ____D C:\Program Files\Cheat Engine 6.8.3
    2019-07-10 23:43 - 2019-07-10 23:43 - 000000000 ____D C:\Users\Sasha\Documents\My Cheat Tables
    2019-07-10 23:43 - 2019-07-10 23:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.8.3
    2019-07-10 23:02 - 2019-07-10 23:05 - 000000000 ____D C:\Users\Sasha\AppData\Local\BLCMM
    2019-07-09 15:56 - 2019-07-04 21:06 - 033430288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2019-07-09 15:56 - 2019-07-04 21:06 - 018086720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2019-07-09 15:56 - 2019-07-04 21:06 - 004374392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2019-07-09 15:56 - 2019-07-04 18:10 - 001007008 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
    2019-07-09 15:56 - 2019-07-04 18:10 - 001007008 _____ C:\Windows\system32\vulkan-1.dll
    2019-07-09 15:56 - 2019-07-04 18:10 - 000870088 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
    2019-07-09 15:56 - 2019-07-04 18:10 - 000870088 _____ C:\Windows\SysWOW64\vulkan-1.dll
    2019-07-09 15:56 - 2019-07-04 18:10 - 000551408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2019-07-09 15:56 - 2019-07-04 18:10 - 000456688 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2019-07-09 15:56 - 2019-07-04 18:10 - 000286408 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
    2019-07-09 15:56 - 2019-07-04 18:10 - 000286408 _____ C:\Windows\system32\vulkaninfo.exe
    2019-07-09 15:56 - 2019-07-04 18:10 - 000260296 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
    2019-07-09 15:56 - 2019-07-04 18:10 - 000260296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
    2019-07-09 15:56 - 2019-07-04 18:09 - 070432128 _____ (NVIDIA Corp.) C:\Windows\system32\nvoptix.dll
    2019-07-09 15:56 - 2019-07-04 18:09 - 040913848 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2019-07-09 15:56 - 2019-07-04 18:09 - 035345096 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl64.dll
    2019-07-09 15:56 - 2019-07-04 18:09 - 030394056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2019-07-09 15:56 - 2019-07-04 18:09 - 029843144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl32.dll
    2019-07-09 15:56 - 2019-07-04 18:09 - 024276056 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtum64.dll
    2019-07-09 15:56 - 2019-07-04 18:09 - 011059336 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
    2019-07-09 15:56 - 2019-07-04 18:09 - 009492464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
    2019-07-09 15:56 - 2019-07-04 18:09 - 000428416 _____ C:\Windows\system32\nvofapi64.dll
    2019-07-09 15:56 - 2019-07-04 18:09 - 000424352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2019-07-09 15:56 - 2019-07-04 18:09 - 000377216 _____ C:\Windows\SysWOW64\nvofapi.dll
    2019-07-09 15:56 - 2019-07-04 18:09 - 000171208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2019-07-09 15:56 - 2019-07-04 18:09 - 000149248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 040412360 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 021505408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2019-07-09 15:56 - 2019-07-04 18:08 - 020186312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 017463496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 005034880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 004492488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 002039496 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 001722056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6443136.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 001540808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 001469696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 001467832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6443136.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 001162168 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 001134008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 000912072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 000631496 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 000543104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 000521928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 000470400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 000189184 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2019-07-09 15:56 - 2019-07-04 18:08 - 000167624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2019-07-09 15:56 - 2019-07-04 18:07 - 035270016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2019-07-09 15:56 - 2019-07-04 18:07 - 000525184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcbl64.dll
    2019-07-09 15:56 - 2019-07-03 19:20 - 000228608 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2019-07-09 15:56 - 2019-07-03 19:20 - 000046848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2019-07-09 15:56 - 2019-07-03 16:18 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
    2019-07-09 15:56 - 2019-07-03 16:18 - 000000669 _____ C:\Windows\system32\nv-vk64.json
    2019-07-09 14:13 - 2019-07-09 14:13 - 000000000 ____D C:\Program Files (x86)\SafeMyWeb
    2019-07-09 14:08 - 2019-07-09 14:08 - 000000000 ____D C:\Users\Sasha\AppData\Local\Flvto.biz
    2019-07-09 14:07 - 2019-07-09 14:07 - 000002239 _____ C:\Users\Sasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader.lnk
    2019-07-09 14:07 - 2019-07-09 14:07 - 000000000 ____D C:\Users\Sasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader
    2019-07-08 18:58 - 2019-07-08 18:58 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-07-08 18:58 - 2019-07-08 18:58 - 000003940 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-07-08 18:58 - 2019-07-08 18:58 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-07-08 18:58 - 2019-07-08 18:58 - 000003790 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-07-08 18:58 - 2019-07-08 18:58 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-07-08 18:58 - 2019-07-08 18:58 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-07-08 18:58 - 2019-07-08 18:58 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-07-08 18:58 - 2019-07-08 18:58 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-07-08 18:58 - 2019-07-08 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2019-07-08 18:58 - 2019-06-18 11:59 - 002785776 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2019-07-08 18:58 - 2019-06-18 11:59 - 002164080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2019-07-08 18:58 - 2019-06-18 11:59 - 001316664 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
    2019-07-08 18:58 - 2019-06-13 06:37 - 000179184 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2019-07-08 18:58 - 2019-06-13 06:37 - 000154608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2019-07-08 18:57 - 2019-07-08 18:57 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-07-08 18:57 - 2019-07-08 18:57 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-07-08 18:57 - 2019-04-17 10:42 - 000069840 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2019-07-08 18:57 - 2019-04-17 07:44 - 000075600 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
    2019-07-06 13:14 - 2019-07-06 13:15 - 000000000 ____D C:\Fraps
    2019-07-06 13:14 - 2019-07-06 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
    2019-07-03 22:59 - 2019-07-03 22:59 - 000000000 ____D C:\Users\Sasha\AppData\Local\BorderlandsHexMultitool
    2019-07-02 19:00 - 2019-07-02 19:00 - 000000000 ____D C:\Users\Sasha\Desktop\SaveData
    2019-07-02 01:21 - 2019-07-11 18:43 - 000000000 ____D C:\Windows\ShellNew
    2019-07-02 01:21 - 2019-07-02 01:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
    2019-07-02 01:21 - 2019-07-02 01:21 - 000000000 ____D C:\Program Files\AutoHotkey

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-07-26 18:29 - 2009-07-14 07:45 - 000016880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2019-07-26 18:29 - 2009-07-14 07:45 - 000016880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2019-07-26 18:10 - 2019-04-07 22:00 - 000000000 ____D C:\Users\Sasha\Desktop\Gry
    2019-07-26 18:10 - 2018-10-04 01:35 - 000000000 ____D C:\Users\Sasha\Desktop\Programy
    2019-07-26 17:30 - 2018-11-20 16:15 - 000000000 ____D C:\ProgramData\AVAST Software
    2019-07-26 17:07 - 2009-07-14 08:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2019-07-26 17:07 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
    2019-07-26 15:32 - 2019-01-17 17:12 - 000000000 ____D C:\Users\Sasha\AppData\LocalLow\Mozilla
    2019-07-26 12:25 - 2018-08-10 11:23 - 000000000 ____D C:\ProgramData\NVIDIA
    2019-07-25 21:01 - 2018-08-10 09:50 - 000000000 ____D C:\Users\Sasha
    2019-07-25 17:15 - 2019-03-31 07:15 - 000000000 ____D C:\Users\Sasha\AppData\Roaming\BitTorrent Web
    2019-07-25 17:15 - 2018-11-04 04:46 - 000000000 ____D C:\Users\Sasha\AppData\Roaming\BitTorrent
    2019-07-25 17:14 - 2018-08-15 19:26 - 000052697 _____ C:\Users\Sasha\AppData\Roaming\downloads.json
    2019-07-25 17:12 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-07-25 12:58 - 2019-02-12 19:08 - 000000000 ____D C:\Users\Sasha\Desktop\Zdjęcia
    2019-07-24 15:36 - 2019-03-10 15:46 - 000000000 ____D C:\Users\Sasha\Downloads\CV
    2019-07-23 22:33 - 2018-08-25 19:26 - 000000000 ____D C:\Users\Sasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2019-07-23 00:29 - 2018-08-11 11:55 - 000000000 ____D C:\Users\Sasha\Documents\My Games
    2019-07-21 00:23 - 2019-01-17 17:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-07-16 02:43 - 2018-08-10 11:09 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-07-14 16:31 - 2018-08-11 02:56 - 000773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2019-07-14 15:58 - 2019-04-19 03:30 - 000000000 ____D C:\Users\Sasha\Documents\YouTubeDownloads
    2019-07-14 03:31 - 2019-03-06 11:34 - 000004054 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1551861257
    2019-07-12 15:57 - 2019-02-12 17:26 - 000000000 ____D C:\ProgramData\CanonIJPLM
    2019-07-12 02:12 - 2009-07-14 07:45 - 000421416 _____ C:\Windows\system32\FNTCACHE.DAT
    2019-07-11 22:10 - 2018-08-10 11:08 - 000112216 _____ C:\Users\Sasha\AppData\Local\GDIPFONTCACHEV1.DAT
    2019-07-11 21:15 - 2019-03-31 07:15 - 000001838 _____ C:\Users\Sasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
    2019-07-11 18:43 - 2009-07-14 08:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2019-07-11 18:42 - 2009-07-14 06:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2019-07-11 18:41 - 2009-07-14 05:34 - 000000478 _____ C:\Windows\win.ini
    2019-07-09 23:05 - 2010-11-21 06:27 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2019-07-09 18:03 - 2018-08-10 11:11 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2019-07-09 16:03 - 2019-03-10 15:06 - 000000000 ____D C:\Users\Sasha\AppData\Local\Flvto Youtube Downloader
    2019-07-09 16:03 - 2018-08-15 19:25 - 000000000 ____D C:\Users\Sasha\AppData\Roaming\FlvtoConverter
    2019-07-09 15:59 - 2018-08-25 14:49 - 000000000 ____D C:\temp
    2019-07-09 15:58 - 2018-09-25 17:19 - 000000000 ____D C:\Users\Sasha\AppData\Local\NVIDIA
    2019-07-09 15:58 - 2018-08-10 11:22 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2019-07-09 15:58 - 2018-08-10 11:17 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2019-07-08 23:32 - 2018-08-11 02:23 - 000000000 ____D C:\Users\Sasha\AppData\Local\NVIDIA Corporation
    2019-07-08 21:08 - 2018-10-02 23:26 - 000000000 ____D C:\ProgramData\ipla
    2019-07-08 21:08 - 2018-09-07 22:27 - 000000000 ____D C:\ProgramData\Abelssoft
    2019-07-04 21:07 - 2018-08-10 11:18 - 038753216 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2019-07-04 21:06 - 2018-08-10 11:18 - 021656872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2019-07-04 21:06 - 2018-08-10 11:18 - 004932560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2019-07-04 18:09 - 2018-08-10 11:18 - 000509528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2019-07-04 00:45 - 2018-08-11 03:03 - 000000000 ____D C:\Users\Sasha\AppData\Local\CrashDumps
    2019-07-03 19:20 - 2018-08-10 11:18 - 001682368 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
    2019-07-03 16:18 - 2018-08-10 11:18 - 000049315 _____ C:\Windows\system32\nvinfo.pb
    2019-07-03 12:10 - 2018-08-10 11:23 - 005435376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2019-07-03 12:10 - 2018-08-10 11:23 - 002637168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2019-07-03 12:10 - 2018-08-10 11:23 - 001767464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2019-07-03 12:10 - 2018-08-10 11:23 - 000651248 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
    2019-07-03 12:10 - 2018-08-10 11:23 - 000450416 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2019-07-03 12:10 - 2018-08-10 11:23 - 000124784 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2019-07-03 12:10 - 2018-08-10 11:23 - 000082984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
    2019-07-03 12:09 - 2018-08-10 11:23 - 008628422 _____ C:\Windows\system32\nvcoproc.bin
    2019-06-26 08:40 - 2019-06-25 18:13 - 000000000 ____D C:\Users\Sasha\Downloads\Muzyka

    ==================== Files in the root of some directories ================

    2018-08-15 19:26 - 2019-07-25 17:14 - 000052697 _____ () C:\Users\Sasha\AppData\Roaming\downloads.json
    2018-08-11 03:16 - 2018-08-11 03:16 - 001065984 _____ () C:\Users\Sasha\AppData\Local\file__0.localstorage
    2019-07-26 00:38 - 2019-07-26 00:38 - 000003933 _____ () C:\Users\Sasha\AppData\Local\recently-used.xbel
    2018-08-11 02:52 - 2018-08-11 03:25 - 000007602 _____ () C:\Users\Sasha\AppData\Local\Resmon.ResmonCfg

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\User32.dll
    [2018-08-11 04:10] - [2018-11-02 03:37] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

    C:\Windows\SysWOW64\User32.dll
    [2018-08-11 04:10] - [2018-11-02 03:37] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE


    LastRegBack: 2019-07-22 11:02
    ==================== End of FRST.txt ============================
    Attachments:
  • Helpful post
    #4
    RADU23
    Moderator of Computers service
    Jeszcze log Addition.txt by się przydał.

    Otwórz notatnik i wklej zawartość:
    Quote:
    CloseProcesses:
    CreateRestorePoint:
    (Byte Technologies LLC -> Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
    (Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    (Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\MountPoints2: {0c687901-a06e-11e8-bf03-3085a9461eb8} - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\MountPoints2: {170975ef-e31e-11e8-9c59-3085a9461eb8} - E:\autorun.exe
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\MountPoints2: {170975f3-e31e-11e8-9c59-3085a9461eb8} - E:\autorun.exe
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\MountPoints2: {65683768-390f-11e9-b475-3085a9461eb8} - E:\Setup.exe
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\MountPoints2: {873e65dd-349a-11e9-8438-3085a9461eb8} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-2114438058-1069013670-705640317-1000\...\MountPoints2: {960c7633-4658-11e9-b7cd-3085a9461eb8} - E:\HiSuiteDownLoader.exe
    Task: {20DD6341-2E1A-432F-A157-84A3806F11FE} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [3916104 2019-07-02] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
    Tcpip\..\Interfaces\{B594E1F1-456F-44BD-A129-67CF236753C2}: [DhcpNameServer] 62.179.1.62 62.179.1.63
    Tcpip\..\Interfaces\{F0273EC0-D528-4C0E-AAF7-D327F9076172}: [DhcpNameServer] 192.168.0.1
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2114438058-1069013670-705640317-1000 -> DefaultScope {876D08C6-111E-495B-B204-37FE7C037398} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2114438058-1069013670-705640317-1000 -> {876D08C6-111E-495B-B204-37FE7C037398} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
    HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)
    R2 ByteFenceService; c:\program files\bytefence\ByteFenceService.exe [157512 2019-07-02] (Byte Technologies LLC -> Byte Technologies LLC)
    R2 rtop; c:\program files\bytefence\rtop\bin\rtop_svc.exe [297288 2019-07-25] (Byte Technologies LLC -> Byte Technologies LLC.)
    S3 Origin Client Service; "D:\Origin\OriginClientService.exe" [X]
    U3 aswbdisk; no ImagePath
    2019-07-25 20:59 - 2019-07-25 20:59 - 000003344 _____ C:\Windows\System32\Tasks\ByteFence
    2019-07-25 20:59 - 2019-07-25 20:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
    2019-07-25 20:58 - 2019-07-26 00:38 - 000000000 ____D C:\Program Files\ByteFence
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.
  • #6
    User removed account
    Level 1  
  • Helpful post
    #7
    RADU23
    Moderator of Computers service
    Odinstaluj:
    - ByteFence Anti-Malware

    Do powyższego fixlist dodaj jeszcze:
    Quote:
    ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 5.4.3.1 - Byte Technologies LLC) <==== ATTENTION
    WarThunder (HKLM-x32\...\WarThunder) (Version: - ) <==== ATTENTION
    ShellExecuteHooks-x32: No Name - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - -> No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    2017-11-16 16:11 - 2017-11-16 16:11 - 000310784 _____ (GitHub Community) [File not signed] c:\program files\bytefence\Microsoft.Win32.TaskScheduler.dll
    AlternateDataStreams: C:\Users\Sasha\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
    AlternateDataStreams: C:\Users\Sasha\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    FirewallRules: [{62025424-B570-428B-913B-063542F4F131}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [{7C7008AB-028E-43BA-8581-C7AF2F375967}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [{9E3BE083-C070-492E-A97D-05F49BE8F4F2}] => (Allow) D:\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe No File
    FirewallRules: [{22867594-FC81-4232-847A-F388D7B3CBC7}] => (Allow) D:\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe No File
    FirewallRules: [TCP Query User{86FD43D7-1309-493B-83B9-1D5D528BE0A3}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
    FirewallRules: [UDP Query User{F73AFAC6-8EEB-4177-A38A-6A055D75B0A8}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
    FirewallRules: [TCP Query User{AA180EE7-0E83-4544-A9E8-7E26DE64A2AF}D:\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\steam\steamapps\common\planetside 2\planetside2_x64.exe No File
    FirewallRules: [UDP Query User{46F8A3C8-8BF7-4DC1-9F34-57B31DA14507}D:\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\steam\steamapps\common\planetside 2\planetside2_x64.exe No File
    FirewallRules: [{31B2EABB-0440-46AE-B45C-01F8BFFCFDC3}] => (Allow) D:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe No File
    FirewallRules: [{BB6577E8-F388-4743-9E9F-330EF017BAE2}] => (Allow) D:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe No File
    FirewallRules: [TCP Query User{9D932901-AA8A-4E48-BB6C-D50BD6F75AF4}D:\steam\steamapps\common\absolver\absolver\binaries\win64\absolver-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\absolver\absolver\binaries\win64\absolver-win64-shipping.exe No File
    FirewallRules: [UDP Query User{AB53C9DC-9FB7-4AA6-890F-9027AB368BBB}D:\steam\steamapps\common\absolver\absolver\binaries\win64\absolver-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\absolver\absolver\binaries\win64\absolver-win64-shipping.exe No File
    FirewallRules: [{E6DAB42F-7F64-4D73-89A8-35DAE3B95E3E}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe No File
    FirewallRules: [{BAD9F084-FF66-4B43-BBCA-4F3A15CDE4B3}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe No File
    FirewallRules: [{E65AB7F0-EFA7-4D19-BA52-EB58CE64344B}] => (Allow) D:\Origin Games\Battlefield 1\Battlefield 4\BFLauncher.exe No File
    FirewallRules: [{DA221B38-2381-45B4-8906-26BAF72ECB02}] => (Allow) D:\Origin Games\Battlefield 1\Battlefield 4\BFLauncher.exe No File
    FirewallRules: [{C543E0D7-B423-41AF-8774-E31F4AA3B393}] => (Allow) D:\Origin Games\Battlefield 1\Battlefield 4\BFLauncher_x86.exe No File
    FirewallRules: [{24177F78-F99C-4594-A8B4-BEE66DE5B21D}] => (Allow) D:\Origin Games\Battlefield 1\Battlefield 4\BFLauncher_x86.exe No File
    FirewallRules: [TCP Query User{2FD01ECC-463D-4880-A1D3-B2FCD3089FEC}D:\origin games\battlefield 1\bfh\bfh.exe] => (Allow) D:\origin games\battlefield 1\bfh\bfh.exe No File
    FirewallRules: [UDP Query User{85C9CA2C-5850-406C-8315-8C72CED671F5}D:\origin games\battlefield 1\bfh\bfh.exe] => (Allow) D:\origin games\battlefield 1\bfh\bfh.exe No File
    FirewallRules: [TCP Query User{11641C65-E50E-49B2-BFDF-365EC69C5ED9}D:\origin games\battlefield 1\battlefield 4\bf4.exe] => (Allow) D:\origin games\battlefield 1\battlefield 4\bf4.exe No File
    FirewallRules: [UDP Query User{C2406286-0EB4-4BA3-8BF8-A4B329D583C8}D:\origin games\battlefield 1\battlefield 4\bf4.exe] => (Allow) D:\origin games\battlefield 1\battlefield 4\bf4.exe No File
    FirewallRules: [{A2B190AF-169C-4FCF-8499-254E38E1DB30}] => (Allow) D:\Origin Games\Battlefield 1\Mass Effect Andromeda\MassEffectAndromedaTrial.exe No File
    FirewallRules: [{A4D82EEB-D1EB-440D-A751-CBE7DBA08563}] => (Allow) D:\Origin Games\Battlefield 1\Mass Effect Andromeda\MassEffectAndromedaTrial.exe No File
    FirewallRules: [{73014EF2-83A5-46CB-A23D-533DF7955546}] => (Allow) D:\Origin Games\Battlefield 1\Mass Effect Andromeda\MassEffectAndromeda.exe No File
    FirewallRules: [{79189790-430A-4501-87B9-CB5EAC972253}] => (Allow) D:\Origin Games\Battlefield 1\Mass Effect Andromeda\MassEffectAndromeda.exe No File
    FirewallRules: [TCP Query User{939C31E9-0E0F-4685-A912-609B084B2E0A}D:\steam\steamapps\common\for honor\forhonor.exe] => (Allow) D:\steam\steamapps\common\for honor\forhonor.exe No File
    FirewallRules: [UDP Query User{89307F71-1AD0-4EE0-A713-C132B4B7ACE3}D:\steam\steamapps\common\for honor\forhonor.exe] => (Allow) D:\steam\steamapps\common\for honor\forhonor.exe No File
    FirewallRules: [{20B30A17-E521-479C-8AE6-8B63090500DC}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe No File
    FirewallRules: [{73EDF74B-EF42-4DE4-B570-7724BBFCA4DC}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe No File
    FirewallRules: [{9E47985C-09BF-42A6-B4D5-3A73ABA75455}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe No File
    FirewallRules: [{3BA8F9AD-C88C-420A-B64B-F681C1DBF0C1}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe No File
    FirewallRules: [{9FFC796B-6A02-450D-9FF0-3FE911319D6C}] => (Allow) D:\Origin Games\Mass Effect Andromeda\MassEffectAndromedaTrial.exe No File
    FirewallRules: [{3BBE8977-CD0C-4B2A-85F3-4189A75C1A0A}] => (Allow) D:\Origin Games\Mass Effect Andromeda\MassEffectAndromedaTrial.exe No File
    FirewallRules: [{26DAFABA-78AB-4D51-9CEC-97BBF00EBB75}] => (Allow) D:\Origin Games\Mass Effect Andromeda\MassEffectAndromeda.exe No File
    FirewallRules: [{BD0C6894-A000-43FC-A9F8-4B70BE220116}] => (Allow) D:\Origin Games\Mass Effect Andromeda\MassEffectAndromeda.exe No File
    FirewallRules: [{977504B0-5762-441B-9D05-449A650253A4}] => (Allow) D:\Final Fantasy 14\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe No File
    FirewallRules: [{08634168-CE8B-4451-94C5-B9139CE9E3FC}] => (Allow) D:\Final Fantasy 14\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe No File
    FirewallRules: [{60A95B9C-6CB1-4777-BF7C-9E22EFFEB5B4}] => (Allow) D:\Final Fantasy 14\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe No File
    FirewallRules: [{2E2C34BE-F25D-4F37-9DFC-769F6AD2B436}] => (Allow) D:\Final Fantasy 14\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe No File
    FirewallRules: [{7BA61A34-72AC-4DDB-8AA9-8021BBF9427B}] => (Allow) D:\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe No File
    FirewallRules: [{A25F4F03-CD3F-4AEA-A938-70ED134659EB}] => (Allow) D:\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe No File
    FirewallRules: [{F759A135-7683-4956-A96F-ED2FAE77E14B}] => (Allow) D:\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe No File
    FirewallRules: [{A1B1D8CD-E5B6-4270-9A7A-D947AFAA4AD1}] => (Allow) D:\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe No File
    FirewallRules: [{18387B66-4CDC-4B55-A022-95451A643D95}] => (Allow) D:\Steam\steamapps\common\Baldur's Gate II Enhanced Edition\Baldur.exe No File
    FirewallRules: [{2138BD0F-7872-4248-92AE-4C57BF047C50}] => (Allow) D:\Steam\steamapps\common\Baldur's Gate II Enhanced Edition\Baldur.exe No File
    FirewallRules: [{AE8B7289-16D8-4E43-B36B-8503EE7E3FB5}] => (Allow) D:\Steam\steamapps\common\Icewind Dale Enhanced Edition\icewind.exe No File
    FirewallRules: [{380B61DC-3C2B-4F6D-AC18-32DA629BBABC}] => (Allow) D:\Steam\steamapps\common\Icewind Dale Enhanced Edition\icewind.exe No File
    FirewallRules: [{2BAF55A1-908D-41CB-B639-BAA09ED6F5C4}] => (Allow) D:\Steam\steamapps\common\Fallout 2\Fallout2Launcher.exe No File
    FirewallRules: [{6CBA0C10-8C90-4788-9D67-69A99FB5E0D9}] => (Allow) D:\Steam\steamapps\common\Fallout 2\Fallout2Launcher.exe No File
    FirewallRules: [{FD0F5123-987B-4920-B712-422BB708758F}] => (Allow) D:\Steam\steamapps\common\Project P\Torment.exe No File
    FirewallRules: [{CF4AA6A4-A5BD-4186-802E-41333E72D35A}] => (Allow) D:\Steam\steamapps\common\Project P\Torment.exe No File
    FirewallRules: [{B641B18E-B947-498D-8402-2EF86BB80736}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe No File
    FirewallRules: [{728031B0-2684-4911-A55A-1E357CE30155}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe No File
    FirewallRules: [{FBC9DD67-F218-4D1D-B225-6A0D83943FFA}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe No File
    FirewallRules: [{81EE35AF-480D-49AF-80AE-2485759DF6E8}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe No File
    FirewallRules: [{E5091A37-2C9E-4292-AB9D-D4EDE392AEBD}] => (Allow) D:\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe No File
    FirewallRules: [{D1018FB9-B4DD-43DA-9225-A9F51AF84DDE}] => (Allow) D:\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe No File
    FirewallRules: [{2ADBCBF7-3123-4BF2-BF90-F2EB707178F7}] => (Allow) D:\Steam\steamapps\common\Resident Evil 5\Launcher.exe No File
    FirewallRules: [{4876B5C2-8C80-4907-8E33-974EDF5C5536}] => (Allow) D:\Steam\steamapps\common\Resident Evil 5\Launcher.exe No File
    FirewallRules: [{17DCD7C0-CD69-4696-ABA7-0B0C901E7553}] => (Allow) D:\Steam\steamapps\common\DOOM\DOOMx64.exe No File
    FirewallRules: [{C8F1A583-0CBF-4683-9FD0-E366C4208EC4}] => (Allow) D:\Steam\steamapps\common\DOOM\DOOMx64.exe No File
    FirewallRules: [TCP Query User{7E58FAD7-F5A8-41D6-ADC8-8034B37160B3}D:\steam\steamapps\common\resident evil 5\re5dx9.exe] => (Allow) D:\steam\steamapps\common\resident evil 5\re5dx9.exe No File
    FirewallRules: [UDP Query User{2AC8ABDE-80E6-4EE9-9E9E-E2D1B1855305}D:\steam\steamapps\common\resident evil 5\re5dx9.exe] => (Allow) D:\steam\steamapps\common\resident evil 5\re5dx9.exe No File
    FirewallRules: [{DC860620-8BA8-4C0C-A33C-19DDC4F7486C}] => (Allow) D:\Steam\steamapps\common\Manhunt\manhunt.exe No File
    FirewallRules: [{2BA06F30-1711-4DA7-B6CD-6D35B90B6163}] => (Allow) D:\Steam\steamapps\common\Manhunt\manhunt.exe No File
    FirewallRules: [{79F8F6E7-0154-40F7-A3A0-DE6746BC9D17}] => (Allow) D:\Steam\steamapps\common\SS1EE\sshock.exe No File
    FirewallRules: [{BA2B0F0E-849A-4CC7-ACD9-8C117BFE2AF2}] => (Allow) D:\Steam\steamapps\common\SS1EE\sshock.exe No File
    FirewallRules: [{BB94F308-38B6-47CB-B87C-AF36B8ECA473}] => (Allow) D:\Steam\steamapps\common\POSTAL Redux\PostalREDUX.exe No File
    FirewallRules: [{34D1A205-4898-44F2-8DCC-27E69F36D87B}] => (Allow) D:\Steam\steamapps\common\POSTAL Redux\PostalREDUX.exe No File
    FirewallRules: [{7B48A6E5-11B4-41EB-B42F-D74229E73312}] => (Allow) D:\Steam\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe No File
    FirewallRules: [{BB42EA01-F83A-45D1-B08C-D2CF14F49370}] => (Allow) D:\Steam\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe No File
    FirewallRules: [{7AFBC975-E906-4B41-B7FA-4EF27F919FD3}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe No File
    FirewallRules: [{7AE2DEAD-790E-45FF-AB66-0631434D1B3F}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe No File
    FirewallRules: [{B5A345C4-7AF2-4244-A650-A711369A71C7}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe No File
    FirewallRules: [{6BCB44B4-F736-4D33-B1C0-0DBD7F158DFC}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe No File
    FirewallRules: [{B8A3D87A-DCBF-45F7-9019-553C4C991EC0}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe No File
    FirewallRules: [{7FA3AC4E-67B3-4550-ACD1-03E3FDCFAE82}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe No File
    FirewallRules: [{C9B014F8-ACD9-47D8-8852-3CC3A1EEC3ED}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe No File
    FirewallRules: [{8DBD1247-5DBA-4A0E-A37E-C66A13F3EE5E}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe No File
    FirewallRules: [TCP Query User{EF012BAC-B70C-4B1C-8127-8DCABD735FE2}D:\steam\steamapps\common\hellblade senua's sacrifice - vr\hellbladegame\binaries\win64\hellbladegamevr-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\hellblade senua's sacrifice - vr\hellbladegame\binaries\win64\hellbladegamevr-win64-shipping.exe No File
    FirewallRules: [UDP Query User{5CFC5B5C-8425-471F-8A70-7642FA0CAC11}D:\steam\steamapps\common\hellblade senua's sacrifice - vr\hellbladegame\binaries\win64\hellbladegamevr-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\hellblade senua's sacrifice - vr\hellbladegame\binaries\win64\hellbladegamevr-win64-shipping.exe No File
    FirewallRules: [{34E32431-ABE6-40E8-8DEE-9536E89D745A}] => (Allow) D:\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe No File
    FirewallRules: [{BA2CA5FC-0086-444E-BE92-690BF18FC25E}] => (Allow) D:\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe No File
    FirewallRules: [{5F9992D1-1308-474F-8EB2-5F16C8600FAA}] => (Allow) D:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe No File
    FirewallRules: [{F2EC3AEB-F862-4213-A5F0-61ECB2C3748B}] => (Allow) D:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe No File
Lock | New topic