API tools faq
paste
Advertisement
carolinak

FRST.txt

carolinak
Jun 18th, 2018
2,388
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.93 KB | None | 0 0
raw download clone embed print report
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
  2. Ran by Karola (administrator) on KAROLA-PC (18-06-2018 21:18:28)
  3. Running from C:\Users\Karola\Desktop\sciagane
  4. Loaded Profiles: Karola (Available Profiles: Karola)
  5. Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone)
  6. Internet Explorer Version 11 (Default browser: Chrome)
  7. Boot Mode: Normal
  8. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  9.  
  10. ==================== Processes (Whitelisted) =================
  11.  
  12. (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
  13.  
  14. (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  15. (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
  16. (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
  17. (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
  18. (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
  19. () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
  20. (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
  21. (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
  22. (Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
  23. (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
  24. (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
  25. (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
  26. (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
  27. (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
  28. (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
  29. (SafeIP) C:\Program Files (x86)\SafeIP\SafeIPS.exe
  30. (Intel Corporation) C:\Windows\System32\igfxEM.exe
  31. (Intel Corporation) C:\Windows\System32\igfxHK.exe
  32. (Google Inc.) C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
  33. (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
  34. (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
  35. (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
  36. (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
  37. (Farbar) C:\Users\Karola\Desktop\sciagane\FRST64 (1).exe
  38.  
  39. ==================== Registry (Whitelisted) ===========================
  40.  
  41. (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
  42.  
  43. HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
  44. HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
  45. HKLM\...\Run: [egui] => c:\Program Files\ESET\ESET NOD32 Antivirus\ecmds.exe [178496 2018-04-21] (ESET)
  46. HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
  47. HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456328 2017-06-07] (Power Software Ltd)
  48. HKU\S-1-5-21-559423208-2678498331-2271372539-1000\...\Run: [GmailNotifierPro] => C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe [2828096 2014-08-12] (IntelliBreeze Software)
  49. HKU\S-1-5-21-559423208-2678498331-2271372539-1000\...\Run: [Google Update] => C:\Users\Karola\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-17] (Google Inc.)
  50. HKU\S-1-5-21-559423208-2678498331-2271372539-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
  51. HKU\S-1-5-18\...\Run: [] => [X]
  52. HKU\S-1-5-18\...\Run: [Paltalk] => "C:\Program Files (x86)\Paltalk\Paltalk.exe" minimized
  53.  
  54. ==================== Internet (Whitelisted) ====================
  55.  
  56. (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
  57.  
  58. Winsock: Catalog9 01 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
  59. Winsock: Catalog9 02 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
  60. Winsock: Catalog9 03 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
  61. Winsock: Catalog9 04 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
  62. Winsock: Catalog9 15 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
  63. Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
  64. Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
  65. Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
  66. Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
  67. Winsock: Catalog9-x64 15 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
  68. Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
  69. Tcpip\..\Interfaces\{38CED0E0-EE39-4EF0-8DB9-C41FDA0030BA}: [DhcpNameServer] 8.8.8.8
  70. Tcpip\..\Interfaces\{92981694-12E2-4DAC-B56A-25A4F0475331}: [DhcpNameServer] 95.211.101.197 95.211.101.198
  71. Tcpip\..\Interfaces\{EBEDF5CA-4DDD-4543-A194-7D95423F249D}: [DhcpNameServer] 185.232.23.177 185.232.23.179
  72.  
  73. Internet Explorer:
  74. ==================
  75. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
  76. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
  77. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
  78. HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
  79. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  80. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
  81. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
  82. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  83. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
  84. HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  85. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
  86. HKU\S-1-5-21-559423208-2678498331-2271372539-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=avantsearch6
  87. SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  88. SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  89. SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!