Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-10-2017 01
- Ran by bgrze (administrator) on GRZELU-KOMPUTER (24-10-2017 16:56:48)
- Running from C:\Users\bgrze\Desktop\wind fix
- Loaded Profiles: bgrze (Available Profiles: bgrze)
- Platform: Windows 10 Pro Version 1703 15063.608 (X64) Language: Angielski (Stany Zjednoczone)
- Internet Explorer Version 11 (Default browser: Chrome)
- Boot Mode: Normal
- Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\61.0.3163.20\remoting_host.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
- (Cisco Systems, Inc.) C:\Program Files\Immunet\6.0.6\sfc.exe
- () C:\Windows\SysWOW64\PnkBstrA.exe
- (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
- (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\61.0.3163.20\remoting_host.exe
- (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
- () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
- (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
- (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
- (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
- (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
- () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Flux Software LLC) C:\Users\bgrze\AppData\Local\FluxSoftware\Flux\flux.exe
- (Immunet) C:\Program Files\Immunet\6.0.6\iptray.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Razer USA Ltd) C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
- (Microsoft Corporation) C:\Windows\System32\wscript.exe
- (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
- ==================== Registry (Whitelisted) ===========================
- (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
- HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
- HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2016-01-21] (Realtek Semiconductor)
- HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
- HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
- HKLM\...\Run: [AdAwareTray] => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe [4461016 2017-02-21] ()
- HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Immunet\6.0.6\iptray.exe [3842752 2017-10-19] (Immunet)
- HKLM-x32\...\Run: [Razer Imperator Driver] => C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [980504 2012-12-21] (Razer USA Ltd)
- HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programy\Hamachi\hamachi-2-ui.exe [6153128 2017-05-22] (LogMeIn Inc.)
- HKU\S-1-5-21-966451903-2946700475-3315859100-1001\...\Run: [f.lux] => C:\Users\bgrze\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
- HKU\S-1-5-21-966451903-2946700475-3315859100-1001\...\Run: [Steam] => D:\Steam\steam.exe [3101984 2017-10-17] (Valve Corporation)
- HKU\S-1-5-21-966451903-2946700475-3315859100-1001\...\Run: [Discord] => C:\Users\bgrze\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
- HKU\S-1-5-21-966451903-2946700475-3315859100-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
- HKU\S-1-5-21-966451903-2946700475-3315859100-1001\...\Run: [GalaxyClient] => D:\Gry\GOG Galaxy\GalaxyClient.exe [5161536 2017-09-18] (GOG.com)
- HKU\S-1-5-21-966451903-2946700475-3315859100-1001\...\Run: [MiPhoneManager] => C:\Users\bgrze\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [157624 2016-03-11] ()
- SSODL: EldosMountNotificator-cbfs6 - {29719B01-1E78-4989-A847-FE24ECE23992} - C:\WINDOWS\system32\cbfsMntNtf6.dll (/n software, Inc.)
- SSODL-x32: EldosMountNotificator-cbfs6 - {29719B01-1E78-4989-A847-FE24ECE23992} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.)
- Startup: C:\Users\bgrze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-08-11] ()
- Startup: C:\Users\bgrze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-10-16]
- ShortcutTarget: Twitch.lnk -> C:\Users\bgrze\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
- ==================== Internet (Whitelisted) ====================
- (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
- Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
- Tcpip\..\Interfaces\{66ca0cb9-9100-4cca-915e-b272476f6cb2}: [DhcpNameServer] 192.168.1.1
- Internet Explorer:
- ==================
- HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
- HKU\S-1-5-21-966451903-2946700475-3315859100-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
- FireFox:
- ========
- FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
- FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
- FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
- FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
- FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-08] (NVIDIA Corporation)
- FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-08] (NVIDIA Corporation)
- FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
- FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
- FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
- FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
- FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
- Chrome:
- =======
- CHR HomePage: Default -> hxxp://www.google.com/
- CHR StartupUrls: Default -> "hxxp://www.google.pl/","hxxps://www.google.pl/maps/mm"
- CHR Profile: C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default [2017-10-24]
- CHR Extension: (Prezentacje) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
- CHR Extension: (Dokumenty) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
- CHR Extension: (Dysk Google) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-21]
- CHR Extension: (Video AdBlock for Chrome) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2016-01-22]
- CHR Extension: (YouTube) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-21]
- CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2017-10-20]
- CHR Extension: (Google Search) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-21]
- CHR Extension: (CasinoRPG - Poker, Slots, Tycoon, MMORPG) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfadcimibgpdemlpghdofndlapaiciel [2016-04-27]
- CHR Extension: (Tampermonkey) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-25]
- CHR Extension: (Arkusze) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
- CHR Extension: (Pulpit zdalny Chrome) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-10-15]
- CHR Extension: (Dokumenty Google offline) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
- CHR Extension: (AdBlock) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-19]
- CHR Extension: (Battlestar Galactica Online) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb [2017-03-06]
- CHR Extension: (Until AM Web App) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2016-01-21]
- CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
- CHR Extension: (Gmail) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-21]
- CHR Extension: (Chrome Media Router) - C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
- CHR Profile: C:\Users\bgrze\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-11]
- CHR HKU\S-1-5-21-966451903-2946700475-3315859100-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
- CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
- ==================== Services (Whitelisted) ====================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- S4 adawareantivirusservice; C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareService.exe [585784 2017-02-21] ()
- R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\61.0.3163.20\remoting_host.exe [71512 2017-07-31] (Google Inc.)
- S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
- S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-06-16] (EasyAntiCheat Ltd)
- S3 GalaxyClientService; D:\Gry\GOG Galaxy\GalaxyClientService.exe [532544 2017-09-18] (GOG.com)
- S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8242752 2017-09-18] (GOG.com)
- S4 Hamachi2Svc; D:\Programy\Hamachi\x64\hamachi-2.exe [3760040 2017-05-22] (LogMeIn Inc.)
- S4 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5615280 2016-06-08] (Hola Networks Ltd.) [File not signed] <==== ATTENTION
- R2 ImmunetProtect_6.0.6; C:\Program Files\Immunet\6.0.6\sfc.exe [1226968 2017-10-19] (Cisco Systems, Inc.)
- S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
- R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
- S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
- R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-08] (NVIDIA Corporation)
- R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-11] (NVIDIA Corporation)
- S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-10-09] (Electronic Arts)
- R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002720 2017-10-09] (Electronic Arts)
- R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2017-06-24] ()
- S3 scan; C:\Program Files\Immunet\tetra\scan.dll [627688 2017-10-19] (Bitdefender)
- S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
- S4 VMAuthdService; D:\VMware\vmware-authd.exe [99816 2017-03-21] (VMware, Inc.)
- S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
- S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
- S4 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
- ===================== Drivers (Whitelisted) ======================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- S3 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-11-23] (BitDefender)
- S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-11-23] (BitDefender)
- R1 bdfwfpf; C:\Program Files\adaware\adaware antivirus\AdAwareProxyEngine\1.0.0.8\bdfwfpf.sys [127312 2016-06-16] (BitDefender LLC)
- R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.)
- R3 DroidCam; C:\WINDOWS\system32\DRIVERS\droidcam.sys [33592 2017-05-09] (Dev47Apps)
- R3 DroidCamVideo; C:\WINDOWS\system32\DRIVERS\droidcamvideo.sys [230712 2017-05-09] (Windows (R) Win 7 DDK provider)
- R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-02-03] (Disc Soft Ltd)
- R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-02-03] (Disc Soft Ltd)
- S3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [178384 2017-02-08] (BitDefender LLC)
- R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
- R0 ignis; C:\WINDOWS\System32\drivers\ignis.sys [300840 2016-08-15] (Bitdefender)
- R2 ImmunetNetworkMonitorDriver; C:\WINDOWS\System32\Drivers\ImmunetNetworkMonitor.sys [119608 2017-10-19] (Cisco Systems, Inc.)
- R1 ImmunetProtectDriver; C:\WINDOWS\System32\Drivers\immunetprotect.sys [111936 2017-10-19] (Cisco Systems, Inc.)
- R1 ImmunetSelfProtectDriver; C:\WINDOWS\System32\Drivers\immunetselfprotect.sys [76096 2017-10-19] (Cisco Systems, Inc.)
- R3 imperator2; C:\WINDOWS\System32\drivers\imperator2.sys [11776 2012-12-10] (Razer USA Ltd)
- R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2d81f3535ced17c6\nvlddmkm.sys [14461344 2017-06-09] (NVIDIA Corporation)
- S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
- R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
- R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-11] (NVIDIA Corporation)
- R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
- R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
- S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
- S3 sparkocam; C:\WINDOWS\system32\DRIVERS\sparkocam.sys [37200 2016-09-01] (Sparkosoft)
- S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2017-10-19] (BitDefender S.R.L.)
- R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
- R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [18624 2016-09-21] (/n software, Inc.)
- R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
- S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
- S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
- S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
- S1 XQHDrv; C:\WINDOWS\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
- S1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
- S1 jcodphda; \??\C:\WINDOWS\system32\drivers\jcodphda.sys [X]
- ==================== NetSvcs (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ==================== One Month Created files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2017-10-24 16:56 - 2017-10-24 16:56 - 000000000 ____D C:\FRST
- 2017-10-24 16:55 - 2017-10-24 16:55 - 000019289 _____ C:\Users\bgrze\Desktop\MBRCheck_10.24.17_16.55.22.txt
- 2017-10-24 16:52 - 2017-10-24 16:52 - 000000000 ____D C:\rsit
- 2017-10-24 16:52 - 2017-10-24 16:52 - 000000000 ____D C:\Program Files\trend micro
- 2017-10-24 16:48 - 2017-10-24 16:56 - 000000000 ____D C:\Users\bgrze\Desktop\wind fix
- 2017-10-24 16:39 - 2017-10-24 16:39 - 000140132 _____ C:\Users\bgrze\Desktop\fax00085622.pdf
- 2017-10-21 00:46 - 2017-10-21 00:46 - 000000108 ____H C:\Users\bgrze\Desktop\.~lock.Relic sheet 2.0- Electric Boogaloo.ods#
- 2017-10-21 00:45 - 2017-10-21 00:45 - 000027170 _____ C:\Users\bgrze\Desktop\Relic sheet 2.0- Electric Boogaloo.ods
- 2017-10-19 16:39 - 2017-10-19 16:39 - 000022981 _____ C:\Users\bgrze\Desktop\document1.pdf
- 2017-10-16 16:27 - 2017-10-19 22:44 - 000000000 ____D C:\Users\bgrze\AppData\Roaming\Twitch
- 2017-10-16 16:27 - 2017-10-16 16:27 - 000001089 _____ C:\Users\bgrze\Desktop\Twitch.lnk
- 2017-10-16 16:27 - 2017-10-16 16:27 - 000001075 _____ C:\Users\bgrze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
- 2017-10-16 15:22 - 2017-10-17 00:29 - 000000000 ____D C:\Users\bgrze\AppData\Local\Deployment
- 2017-10-13 13:28 - 2017-10-13 13:28 - 000179422 _____ C:\Users\bgrze\Desktop\Neuss_Goldach_131017.pdf
- 2017-10-11 18:52 - 2017-10-11 18:52 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
- 2017-10-11 18:21 - 2017-10-11 18:21 - 000075992 _____ C:\Users\bgrze\Documents\cc_20171011_182123.reg
- 2017-10-11 18:17 - 2017-10-11 18:17 - 009809688 _____ (Piriform Ltd) C:\Users\bgrze\Desktop\ccsetup535.exe
- 2017-10-10 18:50 - 2017-10-10 18:50 - 000400178 _____ C:\Users\bgrze\Desktop\827155438773.pdf
- 2017-10-03 21:50 - 2017-10-19 22:12 - 000094528 _____ (Company) C:\WINDOWS\system32\Drivers\CiscoAMPHeurDriver.sys
- 2017-10-03 21:50 - 2017-10-19 22:12 - 000057664 _____ C:\WINDOWS\system32\Drivers\CiscoAMPCEFWDriver.sys
- 2017-10-03 18:57 - 2017-10-03 18:57 - 015756368 _____ (TeamViewer GmbH) C:\Users\bgrze\Desktop\TeamViewer_Setup (1).exe
- 2017-10-01 21:11 - 2017-10-01 21:11 - 000000000 ____D C:\Users\bgrze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
- 2017-10-01 19:36 - 2017-10-01 19:36 - 000025799 _____ C:\Users\bgrze\Desktop\Zlecenie_dla_przewoznika__10351_CE_ZL_09_2017__2017_09_29.pdf
- 2017-09-28 08:29 - 2017-09-28 08:29 - 000038406 _____ C:\Users\bgrze\Documents\exori.mcr
- 2017-09-28 00:08 - 2017-09-28 00:08 - 000000000 ____D C:\Users\bgrze\AppData\Roaming\Macro Recorder
- 2017-09-28 00:08 - 2017-09-28 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacroRecorderLite
- 2017-09-28 00:08 - 2010-06-16 16:14 - 000044032 _____ (Jitbit Software) C:\WINDOWS\SysWOW64\SystemHookCore.dll
- 2017-09-28 00:08 - 2005-04-15 17:58 - 001351392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx
- 2017-09-27 22:07 - 2017-09-27 22:07 - 000001208 _____ C:\Users\bgrze\Desktop\Tibia Auto.lnk
- 2017-09-25 19:03 - 2017-09-25 19:03 - 000308335 _____ C:\Users\bgrze\Desktop\tmp_09.11._Transportauftrag - Langenhagen nach Thiested MTD.PDF
- ==================== One Month Modified files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2017-10-24 16:58 - 2016-01-21 02:25 - 000000000 ____D C:\Program Files\Immunet
- 2017-10-24 16:57 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
- 2017-10-24 16:41 - 2017-09-23 02:49 - 001259512 _____ C:\WINDOWS\system32\perfh015.dat
- 2017-10-24 16:41 - 2017-09-23 02:49 - 000294100 _____ C:\WINDOWS\system32\perfc015.dat
- 2017-10-24 16:41 - 2017-09-22 17:09 - 002723318 _____ C:\WINDOWS\system32\PerfStringBackup.INI
- 2017-10-24 16:36 - 2017-09-22 16:59 - 000000000 ____D C:\ProgramData\NVIDIA
- 2017-10-24 16:35 - 2017-09-22 17:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
- 2017-10-24 16:35 - 2017-09-22 17:00 - 000000000 ____D C:\Users\bgrze
- 2017-10-24 16:32 - 2016-01-21 10:52 - 000000000 ____D C:\Users\bgrze\AppData\Local\Battle.net
- 2017-10-24 16:25 - 2016-04-12 21:14 - 000000000 ____D C:\Users\bgrze\AppData\Local\Adobe
- 2017-10-24 16:18 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
- 2017-10-24 16:18 - 2017-03-18 13:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
- 2017-10-24 00:30 - 2016-01-21 02:09 - 000000000 ____D C:\Users\bgrze\AppData\Roaming\TS3Client
- 2017-10-24 00:05 - 2017-03-04 10:28 - 000001658 _____ C:\Users\bgrze\Desktop\a.txt
- 2017-10-23 19:41 - 2017-09-22 17:04 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
- 2017-10-23 19:41 - 2017-09-22 17:04 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
- 2017-10-23 19:41 - 2017-09-22 16:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
- 2017-10-23 19:41 - 2017-09-22 16:59 - 000000000 ____D C:\Program Files\NVIDIA Corporation
- 2017-10-23 19:41 - 2017-09-22 16:59 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
- 2017-10-23 19:40 - 2017-09-22 17:04 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
- 2017-10-23 19:40 - 2017-09-22 17:04 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
- 2017-10-23 19:40 - 2017-09-22 17:04 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
- 2017-10-23 19:40 - 2017-09-22 17:04 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
- 2017-10-23 19:40 - 2017-09-22 17:04 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
- 2017-10-23 19:40 - 2017-09-22 17:04 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
- 2017-10-22 20:02 - 2017-09-22 16:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
- 2017-10-22 12:53 - 2017-09-22 17:04 - 000004748 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
- 2017-10-22 12:53 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
- 2017-10-22 12:53 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
- 2017-10-21 14:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
- 2017-10-20 16:58 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
- 2017-10-19 22:31 - 2016-01-21 09:24 - 000000000 ____D C:\Users\bgrze\AppData\Local\ElevatedDiagnostics
- 2017-10-19 22:11 - 2017-02-08 14:52 - 000485512 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\Trufos.sys
- 2017-10-19 22:11 - 2016-10-09 01:17 - 000071096 _____ (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\ImmunetUtilDriver.sys
- 2017-10-19 22:11 - 2016-01-21 02:27 - 000000000 ____D C:\ProgramData\Immunet
- 2017-10-19 22:11 - 2016-01-21 02:25 - 000119608 _____ (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\ImmunetNetworkMonitor.sys
- 2017-10-19 22:11 - 2016-01-21 02:25 - 000111936 _____ (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\immunetprotect.sys
- 2017-10-19 22:11 - 2016-01-21 02:25 - 000076096 _____ (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\immunetselfprotect.sys
- 2017-10-16 15:30 - 2016-01-22 21:43 - 000000000 ____D C:\Users\bgrze\AppData\Roaming\uTorrent
- 2017-10-15 22:15 - 2017-06-11 10:37 - 000000000 ____D C:\Program Files (x86)\Origin
- 2017-10-13 02:21 - 2017-03-18 23:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
- 2017-10-13 02:21 - 2017-03-18 23:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
- 2017-10-11 18:53 - 2016-01-21 19:17 - 000000000 ____D C:\WINDOWS\system32\MRT
- 2017-10-11 18:52 - 2016-01-21 19:17 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
- 2017-10-11 18:20 - 2017-09-17 22:00 - 000000000 ___DC C:\WINDOWS\Panther
- 2017-10-11 18:20 - 2017-03-31 20:37 - 000000000 ____D C:\Users\bgrze\AppData\Roaming\MPC-HC
- 2017-10-11 18:20 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
- 2017-10-11 18:20 - 2016-02-03 16:24 - 000000000 ____D C:\Users\bgrze\AppData\Roaming\DAEMON Tools Lite
- 2017-10-11 18:20 - 2016-01-21 04:06 - 000000000 ____D C:\Users\bgrze\AppData\Local\CrashDumps
- 2017-10-11 18:18 - 2016-10-29 01:39 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
- 2017-10-11 03:05 - 2017-07-23 21:23 - 000186304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
- 2017-10-11 03:05 - 2017-07-23 21:23 - 000152512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
- 2017-10-11 03:05 - 2017-07-23 21:23 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
- 2017-10-11 03:05 - 2017-07-23 21:23 - 000050624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
- 2017-10-11 03:05 - 2017-06-11 11:36 - 001796032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
- 2017-10-11 03:05 - 2017-06-11 11:36 - 001577920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
- 2017-10-11 03:05 - 2017-06-11 11:36 - 000918976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
- 2017-10-11 01:26 - 2017-06-11 11:33 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
- 2017-10-07 14:21 - 2016-01-23 11:57 - 000000000 ____D C:\Users\bgrze\Documents\The Witcher 3
- 2017-10-03 21:50 - 2016-10-09 01:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immunet
- 2017-10-01 21:11 - 2016-09-27 23:16 - 000002278 _____ C:\Users\bgrze\Desktop\Discord.lnk
- 2017-10-01 21:11 - 2016-09-27 23:16 - 000000000 ____D C:\Users\bgrze\AppData\Roaming\discord
- 2017-10-01 21:10 - 2016-09-27 23:16 - 000000000 ____D C:\Users\bgrze\AppData\Local\Discord
- 2017-09-30 16:54 - 2016-12-31 19:04 - 000000000 ____D C:\Users\bgrze\AppData\Local\NFS Underground 2
- 2017-09-28 08:29 - 2017-09-22 16:58 - 000260640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
- 2017-09-26 20:48 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache
- 2017-09-26 18:13 - 2017-05-31 00:16 - 000002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
- 2017-09-26 18:13 - 2017-05-31 00:16 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
- ==================== Files in the root of some directories =======
- 2016-01-21 10:40 - 2017-05-12 17:49 - 000007600 _____ () C:\Users\bgrze\AppData\Local\Resmon.ResmonCfg
- 2017-09-22 16:59 - 2017-09-22 16:59 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
- 2017-05-09 19:50 - 2017-05-16 17:20 - 000000035 _____ () C:\ProgramData\droidcam-settings
- ==================== Bamital & volsnap ======================
- (There is no automatic fix for files that do not pass verification.)
- C:\WINDOWS\system32\winlogon.exe => File is digitally signed
- C:\WINDOWS\system32\wininit.exe => File is digitally signed
- C:\WINDOWS\explorer.exe => File is digitally signed
- C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
- C:\WINDOWS\system32\svchost.exe => File is digitally signed
- C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
- C:\WINDOWS\system32\services.exe => File is digitally signed
- C:\WINDOWS\system32\User32.dll => File is digitally signed
- C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
- C:\WINDOWS\system32\userinit.exe => File is digitally signed
- C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
- C:\WINDOWS\system32\rpcss.dll => File is digitally signed
- C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
- C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
- C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
- LastRegBack: 2017-10-20 17:26
- ==================== End of FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement