API tools faq
paste
Advertisement
carolinak

FRST.txt

carolinak
Jun 18th, 2018
125
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.72 KB | None | 0 0
raw download clone embed print report
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
  2. Ran by Karola (administrator) on KAROLA-PC (18-06-2018 21:18:28)
  3. Running from C:\Users\Karola\Desktop\sciagane
  4. Loaded Profiles: Karola (Available Profiles: Karola)
  5. Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone)
  6. Internet Explorer Version 11 (Default browser: Chrome)
  7. Boot Mode: Normal
  8. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  9.  
  10. ==================== Processes (Whitelisted) =================
  11.  
  12. (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
  13.  
  14. (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  15. (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
  16. (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
  17. (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
  18. (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
  19. () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
  20. (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
  21. (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
  22. (Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
  23. (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
  24. (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
  25. (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
  26. (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
  27. (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
  28. (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
  29. (SafeIP) C:\Program Files (x86)\SafeIP\SafeIPS.exe
  30. (Intel Corporation) C:\Windows\System32\igfxEM.exe
  31. (Intel Corporation) C:\Windows\System32\igfxHK.exe
  32. (Google Inc.) C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
  33. (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
  34. (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
  35. (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
  36. (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
  37. (Farbar) C:\Users\Karola\Desktop\sciagane\FRST64 (1).exe
  38.  
  39. ==================== Registry (Whitelisted) ===========================
  40.  
  41. (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
  42.  
  43. HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
  44. HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
  45. HKLM\...\Run: [egui] => c:\Program Files\ESET\ESET NOD32 Antivirus\ecmds.exe [178496 2018-04-21] (ESET)
  46. HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
  47. HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456328 2017-06-07] (Power Software Ltd)
  48. HKU\S-1-5-21-559423208-2678498331-2271372539-1000\...\Run: [GmailNotifierPro] => C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe [2828096 2014-08-12] (IntelliBreeze Software)
  49. HKU\S-1-5-21-559423208-2678498331-2271372539-1000\...\Run: [Google Update] => C:\Users\Karola\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-17] (Google Inc.)
  50. HKU\S-1-5-21-559423208-2678498331-2271372539-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
  51. HKU\S-1-5-18\...\Run: [] => [X]
  52. HKU\S-1-5-18\...\Run: [Paltalk] => "C:\Program Files (x86)\Paltalk\Paltalk.exe" minimized
  53.  
  54. ==================== Internet (Whitelisted) ====================
  55.  
  56. (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
  57.  
  58. Winsock: Catalog9 01 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
  59. Winsock: Catalog9 02 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
  60. Winsock: Catalog9 03 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
  61. Winsock: Catalog9 04 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
  62. Winsock: Catalog9 15 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
  63. Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
  64. Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
  65. Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
  66. Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
  67. Winsock: Catalog9-x64 15 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
  68. Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
  69. Tcpip\..\Interfaces\{38CED0E0-EE39-4EF0-8DB9-C41FDA0030BA}: [DhcpNameServer] 8.8.8.8
  70. Tcpip\..\Interfaces\{92981694-12E2-4DAC-B56A-25A4F0475331}: [DhcpNameServer] 95.211.101.197 95.211.101.198
  71. Tcpip\..\Interfaces\{EBEDF5CA-4DDD-4543-A194-7D95423F249D}: [DhcpNameServer] 185.232.23.177 185.232.23.179
  72.  
  73. Internet Explorer:
  74. ==================
  75. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
  76. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
  77. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
  78. HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
  79. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  80. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
  81. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
  82. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  83. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
  84. HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  85. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
  86. HKU\S-1-5-21-559423208-2678498331-2271372539-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=avantsearch6
  87. SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  88. SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  89. SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  90. BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-01-17] (Microsoft Corporation)
  91. BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
  92. BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
  93. BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
  94. BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
  95. BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)
  96. BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
  97. BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
  98. BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
  99. BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
  100. BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
  101. BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)
  102.  
  103. FireFox:
  104. ========
  105. FF DefaultProfile: btt3gxo9.default
  106. FF ProfilePath: C:\Users\Karola\AppData\Roaming\Mozilla\Firefox\Profiles\84i6behz.default [2018-06-18]
  107. FF Session Restore: Mozilla\Firefox\Profiles\84i6behz.default -> is enabled.
  108. FF Extension: (Video DownloadHelper) - C:\Users\Karola\AppData\Roaming\Mozilla\Firefox\Profiles\84i6behz.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-06-15]
  109. FF Extension: (Adblock Plus) - C:\Users\Karola\AppData\Roaming\Mozilla\Firefox\Profiles\84i6behz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-18]
  110. FF ProfilePath: C:\Users\Karola\AppData\Roaming\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\btt3gxo9.default [2018-06-17]
  111. FF NetworkProxy: Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\btt3gxo9.default -> type", 0
  112. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-11] ()
  113. FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
  114. FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
  115. FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
  116. FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-11] ()
  117. FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
  118. FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> c:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
  119. FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> c:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
  120. FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
  121. FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
  122. FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
  123. FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-02-23] (Microsoft Corporation)
  124. FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
  125. FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
  126. FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
  127. FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
  128. FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
  129. FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
  130. FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
  131. FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
  132. FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
  133. FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
  134. FF Plugin HKU\S-1-5-21-559423208-2678498331-2271372539-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Karola\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
  135. FF Plugin HKU\S-1-5-21-559423208-2678498331-2271372539-1000: @talk.google.com/O1DPlugin -> C:\Users\Karola\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
  136. FF Plugin HKU\S-1-5-21-559423208-2678498331-2271372539-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Karola\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
  137. FF Plugin HKU\S-1-5-21-559423208-2678498331-2271372539-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Karola\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
  138. FF Plugin ProgramFiles/Appdata: C:\Users\Karola\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
  139. FF Plugin ProgramFiles/Appdata: C:\Users\Karola\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
  140.  
  141. Chrome:
  142. =======
  143. CHR DefaultProfile: Default
  144. CHR HomePage: Default -> search.ask.com/?gct=hp
  145. CHR StartupUrls: Default -> "hxxp://gazeta.pl/","hxxp://google.pl/"
  146. CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
  147. CHR DefaultSearchKeyword: Default -> search.ask.com
  148. CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
  149. CHR Profile: C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default [2018-06-18]
  150. CHR Extension: (Przelewy24) - C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiicmmpkicnndkhlnnloilpgncbpkbjj [2017-10-11]
  151. CHR Extension: (Bloker reklam AdGuard) - C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-04-10]
  152. CHR Extension: (Adblock Plus) - C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-16]
  153. CHR Extension: (Więcej opcji wyszukiwania) - C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\cocbildmfbnlkejdbnibobnhggmfkbij [2016-09-16]
  154. CHR Extension: (Tpay.com) - C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmbhnokcfchfkdgechgkhcfekdfpdjld [2017-07-12]
  155. CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2018-06-18]
  156. CHR Extension: (Flash Player & Playlist) - C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbajclanpfajnmiiihhnllgfobjbhpem [2016-04-12]
  157. CHR Extension: (Hangout Chat Notifications) - C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhnghpfjmlncfmkdcamdnomjcobgmo [2015-09-07]
  158. CHR Extension: (Google Voice (by Google)) - C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-04-20]
  159. CHR Extension: (Google Hangouts) - C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2018-05-22]
  160. CHR Extension: (Google Hangouts) - C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-05-22]
  161. CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-19]
  162. CHR Extension: (Chrome Media Router) - C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-06]
  163. CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
  164. CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
  165.  
  166. Opera:
  167. =======
  168. OPR StartupUrls: "hxxp://gunmemorial.org/2017/10/13/jerzy-milewski"
  169.  
  170. ==================== Services (Whitelisted) ====================
  171.  
  172. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  173.  
  174. S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
  175. R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
  176. R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2013-07-30] (Creative Technology Ltd)
  177. R2 ekrn; c:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2240264 2018-04-21] (ESET)
  178. S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-06-03] (Futuremark)
  179. R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
  180. S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
  181. R2 jhi_service; c:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
  182. R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [430840 2018-05-02] ()
  183. R3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [4606976 2015-08-03] (SafeIP) [File not signed]
  184. R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
  185. S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
  186. R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [466096 2018-04-07] (Windscribe Limited)
  187. R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
  188.  
  189. ===================== Drivers (Whitelisted) ======================
  190.  
  191. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  192.  
  193. R1 cgnetfilter1521; C:\Windows\System32\drivers\cgnetfilter1521.sys [81696 2017-03-22] (Windows (R) Win 7 DDK provider)
  194. R3 cthda; C:\Windows\System32\drivers\cthda.sys [1049880 2013-07-30] (Creative Technology Ltd)
  195. R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-07-30] (Creative Technology Ltd)
  196. S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
  197. R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
  198. R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137928 2018-03-15] (ESET)
  199. U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
  200. R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [196112 2018-03-15] (ESET)
  201. R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [108320 2018-03-15] (ESET)
  202. R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
  203. R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
  204. S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
  205. S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [35696 2017-06-05] (The OpenVPN Project)
  206. R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [75088 2017-03-29] (The OpenVPN Project)
  207. R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2018-02-01] (The OpenVPN Project)
  208. U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
  209. S3 cpuz134; \??\c:\Temp\cpuz134\cpuz134_x64.sys [X]
  210. S3 gdrv; \??\C:\Windows\gdrv.sys [X]
  211. S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
  212. S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
  213. S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
  214. S3 VGPU; System32\drivers\rdvgkmd.sys [X]
  215.  
  216. ==================== NetSvcs (Whitelisted) ===================
  217.  
  218. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  219.  
  220.  
  221. ==================== One Month Created files and folders ========
  222.  
  223. (If an entry is included in the fixlist, the file/folder will be moved.)
  224.  
  225. 2018-06-18 10:46 - 2018-06-18 21:18 - 000000000 ____D C:\FRST
  226. 2018-05-25 01:14 - 2018-05-25 01:15 - 000007812 _____ C:\Users\Karola\Documents\cc_20180525_011451.reg
  227. 2018-05-25 01:09 - 2018-05-25 01:10 - 001354848 _____ (Opera Software) C:\Users\Karola\Downloads\OperaSetup.exe
  228. 2018-05-20 22:28 - 2018-06-13 12:46 - 000000000 ____D C:\Program Files\Opera
  229. 2018-05-20 22:28 - 2018-05-20 22:28 - 000001069 _____ C:\Users\Public\Desktop\Przeglądarka Opera.lnk
  230. 2018-05-20 22:28 - 2018-05-20 22:28 - 000001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk
  231. 2018-05-20 22:28 - 2018-05-20 22:28 - 000000000 ____D C:\Users\Karola\AppData\Roaming\Opera Software
  232.  
  233. ==================== One Month Modified files and folders ========
  234.  
  235. (If an entry is included in the fixlist, the file/folder will be moved.)
  236.  
  237. 2018-06-18 21:18 - 2014-10-13 00:11 - 000000000 ____D C:\Temp
  238. 2018-06-18 21:17 - 2014-10-12 22:55 - 000740082 _____ C:\Windows\system32\perfh015.dat
  239. 2018-06-18 21:17 - 2014-10-12 22:55 - 000155656 _____ C:\Windows\system32\perfc015.dat
  240. 2018-06-18 21:17 - 2009-07-14 07:13 - 001669190 _____ C:\Windows\system32\PerfStringBackup.INI
  241. 2018-06-18 21:17 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
  242. 2018-06-18 21:16 - 2014-10-13 23:08 - 000000000 ___RD C:\Users\Karola\Desktop\sciagane
  243. 2018-06-18 21:14 - 2014-02-15 18:06 - 000000000 ____D C:\Users\Karola\AppData\Roaming\GmailNotifierPro
  244. 2018-06-18 21:13 - 2013-10-18 20:25 - 000000000 ____D C:\Users\Karola\AppData\Roaming\Skype
  245. 2018-06-18 21:13 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
  246. 2018-06-18 18:24 - 2013-05-11 23:31 - 000000000 ____D C:\Users\Karola\AppData\Roaming\FileZilla
  247. 2018-06-18 15:44 - 2014-11-11 14:03 - 000000000 ____D C:\Users\Karola\Desktop\Przepisy
  248. 2018-06-18 15:44 - 2013-05-12 00:02 - 000000000 ____D C:\Users\Karola\Desktop\skroty
  249. 2018-06-18 12:55 - 2009-07-14 06:45 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  250. 2018-06-18 12:55 - 2009-07-14 06:45 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  251. 2018-06-18 12:45 - 2014-10-12 22:15 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
  252. 2018-06-18 12:16 - 2014-10-12 22:50 - 000000000 ____D C:\Program Files\7-Zip
  253. 2018-06-18 12:13 - 2014-10-13 21:28 - 000000000 ____D C:\Users\Karola\AppData\Roaming\vlc
  254. 2018-06-18 12:11 - 2017-12-20 10:19 - 000631808 ___SH C:\Users\Karola\Desktop\Thumbs.db
  255. 2018-06-16 23:44 - 2015-09-29 18:10 - 000000000 ____D C:\Users\Karola\AppData\LocalLow\Mozilla
  256. 2018-06-13 23:08 - 2018-04-22 22:39 - 000002472 _____ C:\Windows\SysWOW64\SafeIPSOff.ini
  257. 2018-06-13 23:08 - 2018-04-22 01:09 - 000002472 _____ C:\Windows\system32\SafeIPSOff.ini
  258. 2018-06-12 19:55 - 2014-10-12 23:43 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
  259. 2018-06-12 19:55 - 2014-10-12 23:43 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
  260. 2018-06-11 19:33 - 2018-05-09 06:33 - 005776384 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
  261. 2018-06-11 19:33 - 2014-10-13 21:42 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
  262. 2018-06-11 19:33 - 2014-10-13 21:42 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
  263. 2018-06-11 19:33 - 2014-10-13 21:42 - 000000000 ____D C:\Windows\SysWOW64\Macromed
  264. 2018-06-11 19:33 - 2014-10-13 21:42 - 000000000 ____D C:\Windows\system32\Macromed
  265. 2018-06-05 23:02 - 2018-02-09 22:29 - 000000000 ____D C:\Users\Karola\Desktop\Anita
  266. 2018-06-04 20:42 - 2018-01-29 00:54 - 000000000 ____D C:\Users\Karola\dwhelper
  267. 2018-06-04 09:08 - 2016-11-20 13:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
  268. 2018-06-04 09:08 - 2015-09-29 19:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
  269. 2018-05-31 22:59 - 2018-01-29 00:54 - 000000000 ____D C:\Program Files\net.downloadhelper.coapp
  270. 2018-05-30 22:42 - 2015-02-19 22:30 - 000000000 ____D C:\Users\Karola\AppData\Roaming\MPC-HC
  271. 2018-05-26 09:03 - 2017-10-20 20:16 - 000000000 ____D C:\Users\Karola\Desktop\pogrzeb Jurka
  272.  
  273. ==================== Files in the root of some directories =======
  274.  
  275. 2015-10-11 23:04 - 2015-10-12 16:17 - 000005632 _____ () C:\Users\Karola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  276. 2014-10-12 22:17 - 2014-10-12 22:17 - 000000000 _____ () C:\Users\Karola\AppData\Local\Driver_LOM_8161Present.flag
  277. 2015-10-27 20:32 - 2016-12-13 20:34 - 000000600 _____ () C:\Users\Karola\AppData\Local\PUTTY.RND
  278. 2017-11-18 17:59 - 2017-11-18 17:59 - 000007605 _____ () C:\Users\Karola\AppData\Local\Resmon.ResmonCfg
  279. 2015-04-22 03:18 - 2015-04-22 03:18 - 000000000 _____ () C:\Users\Karola\AppData\Local\{50CBBFC9-4683-4CF2-B3FA-820983664260}
  280. 2015-04-20 03:18 - 2015-04-20 03:18 - 000000000 _____ () C:\Users\Karola\AppData\Local\{67A47FAC-3A04-4355-9FCA-DC5484153875}
  281. 2015-03-29 14:15 - 2015-03-29 14:15 - 000000000 _____ () C:\Users\Karola\AppData\Local\{7530743E-774D-4D2F-98E6-4EA20B02114B}
  282. 2015-04-18 03:18 - 2015-04-18 03:18 - 000000000 _____ () C:\Users\Karola\AppData\Local\{84F5A3F9-420E-410F-A411-E3F61D6A47A9}
  283. 2015-04-21 03:18 - 2015-04-21 03:18 - 000000000 _____ () C:\Users\Karola\AppData\Local\{92C2DA78-083B-45EC-82A3-5F7AD5E34CB4}
  284. 2015-04-19 03:18 - 2015-04-19 03:18 - 000000000 _____ () C:\Users\Karola\AppData\Local\{B80358E8-B646-40D6-AC37-4AE6EDEC20D7}
  285. 2015-03-30 14:15 - 2015-03-30 14:15 - 000000000 _____ () C:\Users\Karola\AppData\Local\{C551BD04-ABB4-407C-859D-61AE484DF9EC}
  286. 2015-04-23 03:18 - 2015-04-23 03:18 - 000000000 _____ () C:\Users\Karola\AppData\Local\{FBB2A083-047F-4CE9-96E9-E75C683161E6}
  287. 2015-03-31 14:15 - 2015-03-31 14:15 - 000000000 _____ () C:\Users\Karola\AppData\Local\{FC7F46FF-FDA2-4052-A7C9-B6851E157948}
  288.  
  289. ==================== Bamital & volsnap ======================
  290.  
  291. (There is no automatic fix for files that do not pass verification.)
  292.  
  293. C:\Windows\system32\winlogon.exe => File is digitally signed
  294. C:\Windows\system32\wininit.exe => File is digitally signed
  295. C:\Windows\SysWOW64\wininit.exe => File is digitally signed
  296. C:\Windows\explorer.exe => File is digitally signed
  297. C:\Windows\SysWOW64\explorer.exe => File is digitally signed
  298. C:\Windows\system32\svchost.exe => File is digitally signed
  299. C:\Windows\SysWOW64\svchost.exe => File is digitally signed
  300. C:\Windows\system32\services.exe => File is digitally signed
  301. C:\Windows\system32\User32.dll => File is digitally signed
  302. C:\Windows\SysWOW64\User32.dll => File is digitally signed
  303. C:\Windows\system32\userinit.exe => File is digitally signed
  304. C:\Windows\SysWOW64\userinit.exe => File is digitally signed
  305. C:\Windows\system32\rpcss.dll => File is digitally signed
  306. C:\Windows\system32\dnsapi.dll => File is digitally signed
  307. C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
  308. C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
  309.  
  310. LastRegBack: 2018-06-17 01:38
  311.  
  312. ==================== End of FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!