Scribd
Upload
182 views

FRST

The document describes the results of a scan of the system using Farbar Recovery Scan Tool. It lists processes, registry items, and internet settings that were found. Many items found are linked to programs installed on the system like NVIDIA, Realtek, and others.

Uploaded by

Anonymous G2DzbO
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
182 views

FRST

The document describes the results of a scan of the system using Farbar Recovery Scan Tool. It lists processes, registry items, and internet settings that were found. Many items found are linked to programs installed on the system like NVIDIA, Realtek, and others.

Uploaded by

Anonymous G2DzbO
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 12

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017

Ran by Sebastian (administrator) on DOKTORX (25-02-2017 10:47:52)


Running from C:\Users\Sebastian\Downloads
Loaded Profiles: Sebastian (Available Profiles: Sebastian)
Platform: Windows 8.1 Pro (Update) (X64) Language: Engelska (USA)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Birdjob\A
pplication\chrome.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335
081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file wi
ll not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpap
isvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(TODO: <Company name>) C:\Users\Sebastian\AppData\Roaming\gjdgj\UvConverter.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer
.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Serv
ice\nvwirelesscontroller.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrv
c.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwrite
r.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(hxxp://ytdownloader.biz/) C:\Program Files (x86)\Common Files\YT Updater\ytupda
ter.exe
(Intel Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcon
tainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Presentati
onFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAS
torDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusche
d.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Comp
onents\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Comp
onents\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Comp
onents\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAS
torIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Birdjob\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Birdjob\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Birdjob\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Birdjob\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Birdjob\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Birdjob\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Comm
on7\IDE\VSIXAutoUpdate.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Birdjob\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Birdjob\Application\chrome.exe
(OldTimer Tools) C:\Users\Sebastian\Downloads\OTL.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack
_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to d
efault or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA
\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6340312 2014-06-10] (Realtek s
emiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Tech
nology\IAStorIcon.exe [287592 2014-03-26] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [140
21336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
[1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAV
Bg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2635016 2016-02-
08] (FSPro Labs)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\syst
em32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Ja
va\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3936271138-2850751734-2826734864-1001\...\Run: [DAEMON Tools Lite A
utomount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15]
(Disc Soft Ltd)
HKU\S-1-5-21-3936271138-2850751734-2826734864-1001\...\Run: [Steam] => C:\Progra
m Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-3936271138-2850751734-2826734864-1001\...\Run: [msnmsgr] => "C:\Pro
gram Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-3936271138-2850751734-2826734864-1001\...\MountPoints2: {77850ee6-b
c71-11e5-824f-f0761cfc559f} - "E:\Ret.exe"
HKU\S-1-5-21-3936271138-2850751734-2826734864-1001\...\MountPoints2: {82cc19fe-d
7bd-11e5-825f-acd1b8e33b44} - "D:\AUTORUN.EXE"
HKU\S-1-5-21-3936271138-2850751734-2826734864-1001\...\MountPoints2: {c9ac2e09-4
f87-11e6-8278-acd1b8e33b44} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3936271138-2850751734-2826734864-1001\...\MountPoints2: {c9ac2e4d-4
f87-11e6-8278-acd1b8e33b44} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3936271138-2850751734-2826734864-1001\...\MountPoints2: {cabd6dbb-e
c64-11e5-8269-acd1b8e33b44} - "F:\start.exe"
IFEO\MRT.exe: [Debugger] C:\ProgramData\jdgjd\Gubed.exe -Yrrehs
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\
BtwProximityCP.dll
ShellExecuteHooks: No Name - {B19FD676-A733-11E6-868D-64006A5CFC23} - C:\Users\S
ebastian\AppData\Roaming\Ghgerleshowerther\Warasywubus.dll -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.
lnk [2016-01-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTT
ray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk * sh4native Sh4Removal
GroupPolicy: Restriction - Chrome <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be remo
ved or restored to default.)
AutoConfigURL: [S-1-5-21-3936271138-2850751734-2826734864-1001] => hxxp://no-blo
ck.net/wpad.dat?e7cdbb71bf5b30df95f52d4a4d31f0c723222196
Tcpip\Parameters: [DhcpNameServer] 83.255.255.2 83.255.255.1
Tcpip\..\Interfaces\{C610867F-FBC8-49FA-8EF9-DC9B434DF130}: [DhcpNameServer] 83.
255.255.2 83.255.255.1
ManualProxies: 0hxxp://no-block.net/wpad.dat?e7cdbb71bf5b30df95f52d4a4d31f0c7232
22196
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpage
ing123.com/?type=hp&ts=1487704091&z=78c782cce360af3734a5b82g1zfbem5m8e2z3e5m3c&f
rom=ggg0221&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A65CASZTCASZT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://w
ww.startpageing123.com/?type=hp&ts=1487704091&z=78c782cce360af3734a5b82g1zfbem5m
8e2z3e5m3c&from=ggg0221&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A65CASZTCASZT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites
.com/search/?type=ds&ts=1481127637&z=883bd6c2c6173fc0e63b189g6zabcg7gdo2m1q1c4m&
from=che0812&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A65CASZTCASZT&q={searchTer
ms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.amisites.com/search/?type=ds&ts=1481127637&z=883bd6c2c6173fc0e63b189g6zabcg7
gdo2m1q1c4m&from=che0812&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A65CASZTCASZT&
q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sta
rtpageing123.com/?type=hp&ts=1487704091&z=78c782cce360af3734a5b82g1zfbem5m8e2z3e
5m3c&from=ggg0221&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A65CASZTCASZT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hx
xp://www.startpageing123.com/?type=hp&ts=1487704091&z=78c782cce360af3734a5b82g1z
fbem5m8e2z3e5m3c&from=ggg0221&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A65CASZTC
ASZT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.a
misites.com/search/?type=ds&ts=1481127637&z=883bd6c2c6173fc0e63b189g6zabcg7gdo2m
1q1c4m&from=che0812&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A65CASZTCASZT&q={se
archTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
hxxp://www.amisites.com/search/?type=ds&ts=1481127637&z=883bd6c2c6173fc0e63b189g
6zabcg7gdo2m1q1c4m&from=che0812&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A65CASZ
TCASZT&q={searchTerms}
HKU\S-1-5-21-3936271138-2850751734-2826734864-1001\Software\Microsoft\Internet E
xplorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=148
7704091&z=78c782cce360af3734a5b82g1zfbem5m8e2z3e5m3c&from=ggg0221&uid=WDCXWD10S2
1X-24R1BT0-SSHD-8GB_WD-WX71A65CASZTCASZT&q={searchTerms}
HKU\S-1-5-21-3936271138-2850751734-2826734864-1001\Software\Microsoft\Internet E
xplorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=14877
04091&z=78c782cce360af3734a5b82g1zfbem5m8e2z3e5m3c&from=ggg0221&uid=WDCXWD10S21X
-24R1BT0-SSHD-8GB_WD-WX71A65CASZTCASZT
HKU\S-1-5-21-3936271138-2850751734-2826734864-1001\Software\Microsoft\Internet E
xplorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds
&ts=1487704091&z=78c782cce360af3734a5b82g1zfbem5m8e2z3e5m3c&from=ggg0221&uid=WDC
XWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A65CASZTCASZT&q={searchTerms}
HKU\S-1-5-21-3936271138-2850751734-2826734864-1001\Software\Microsoft\Internet E
xplorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/sv-se/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
hxxp://www.amisites.com/search/?type=ds&ts=1481127637&z=883bd6c2c6173fc0e63b189g
6zabcg7gdo2m1q1c4m&from=che0812&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A65CASZ
TCASZT&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.am
isites.com/search/?type=ds&ts=1481127637&z=883bd6c2c6173fc0e63b189g6zabcg7gdo2m1
q1c4m&from=che0812&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A65CASZTCASZT&q={sea
rchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} UR
L = hxxp://www.amisites.com/search/?type=ds&ts=1481127637&z=883bd6c2c6173fc0e63b
189g6zabcg7gdo2m1q1c4m&from=che0812&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A65
CASZTCASZT&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://ww
w.amisites.com/search/?type=ds&ts=1481127637&z=883bd6c2c6173fc0e63b189g6zabcg7gd
o2m1q1c4m&from=che0812&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A65CASZTCASZT&q=
{searchTerms}
SearchScopes: HKU\S-1-5-21-3936271138-2850751734-2826734864-1001 -> {33BB0A4E-99
AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&
ts=1487704091&z=78c782cce360af3734a5b82g1zfbem5m8e2z3e5m3c&from=ggg0221&uid=WDCX
WD10S21X-24R1BT0-SSHD-8GB_WD-WX71A65CASZTCASZT&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:
\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-25] (Oracle Corporation)
BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Fil
es (x86)\Youtube AdBlock\IEEF\pla5Awa.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} ->
C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft
Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->
C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-25] (Oracle Corporati
on)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-25] (Oracle Corp
oration)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF}
-> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (
Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9}
-> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-25] (Oracle
Corporation)
FireFox:
========
FF DefaultProfile: vsr3fbrw.default
FF ProfilePath: [General]
AutoLogin=1
Default=Tozsamosc1
[Identities]
Tozsamosc1=C:\Program Files (x86)\Draco Software\Draco Organizer 3\Profiles\Tozs
amosc1\
[not found]
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\vsr3
fbrw.default [2017-02-17]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\vsr3fbrw.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\vsr3fbrw.default -> hxxp://www.google.se/
FF Keyword.URL: Mozilla\Firefox\Profiles\vsr3fbrw.default -> hxxps://se.search.y
ahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Extension: (Aktualizacja dodatku Flash) - C:\Users\Sebastian\AppData\Roaming\
Mozilla\Firefox\Profiles\vsr3fbrw.default\Extensions\[email protected] [201
6-09-06]
FF Extension: (Mark Ads Sites In Search) - C:\Users\Sebastian\AppData\Roaming\Mo
zilla\Firefox\Profiles\vsr3fbrw.default\Extensions\[email protected]
pi [2016-04-28]
FF Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefo
x\Profiles\vsr3fbrw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xp
i [2016-04-28]
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Firefox\Firefox\Profiles\vsr3
fbrw.default [2017-02-23]
FF SelectedSearchEngine: Firefox\Firefox\Profiles\vsr3fbrw.default -> Yahoo!
FF Homepage: Firefox\Firefox\Profiles\vsr3fbrw.default -> hxxp://www.google.se/
FF Keyword.URL: Firefox\Firefox\Profiles\vsr3fbrw.default -> hxxps://se.search.y
ahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Extension: (FF Adr) - C:\Users\Sebastian\AppData\Roaming\Firefox\Firefox\Prof
iles\vsr3fbrw.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017
-01-18] [not signed]
FF Extension: (Aktualizacja dodatku Flash) - C:\Users\Sebastian\AppData\Roaming\
Firefox\Firefox\Profiles\vsr3fbrw.default\Extensions\[email protected] [201
6-09-06]
FF Extension: (Mark Ads Sites In Search) - C:\Users\Sebastian\AppData\Roaming\Fi
refox\Firefox\Profiles\vsr3fbrw.default\Extensions\[email protected]
pi [2016-04-28]
FF Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Roaming\Firefox\Firefo
x\Profiles\vsr3fbrw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xp
i [2017-02-20]
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Firefox\Firefox\Profiles\vsr
3fbrw.default\searchplugins\searchinme.xml [2017-01-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_
23_0_0_162.dll [2016-10-03] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog We
b Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0
_121\bin\dtplugin\npDeployJava1.dll [2017-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8
.0_121\bin\plugin2\npjp2.dll [2017-01-25] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Offic
e14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSW
F32_23_0_0_162.dll [2016-10-03] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\
np32dsw.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelo
g Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Prog
ram Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT
.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files
(x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [
2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Jav
a\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\J
ava\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\O
ffice14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Of
fice14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x
86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation
\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Co
rporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x8
6)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x8
6)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-23] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default [2
017-02-23]
CHR Extension: (Google Presentationer) - C:\Users\Sebastian\AppData\Local\Google
\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-2
3]
CHR Extension: (Google Dokument) - C:\Users\Sebastian\AppData\Local\Google\Chrom
e\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-23]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\U
ser Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-23]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User D
ata\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-23]
CHR Extension: (Google Kalkylark) - C:\Users\Sebastian\AppData\Local\Google\Chro
me\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-23]
CHR Extension: (Google Dokument Offline) - C:\Users\Sebastian\AppData\Local\Goog
le\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02
-23]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Sebastian\AppData\Loc
al\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [
2017-02-23]
CHR Extension: (Gmail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Dat
a\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-23]
CHR Extension: (Chrome Media Router) - C:\Users\Sebastian\AppData\Local\Google\C
hrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-23]
Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. T
he file will not be moved unless listed separately.)
R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [112640
2017-02-23] () [File not signed]
R2 APPLE_svr; C:\ProgramData\Apple Computer\iTunes\iPodDevices.dll [482304 2017-
02-13] () [File not signed]
R2 Convxxxx; C:\Users\Sebastian\AppData\Roaming\gjdgj\UvConverter.exe [451072 20
16-12-19] (TODO: <Company name>) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusSer
vice.exe [1369464 2016-01-15] (Disc Soft Ltd)
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [162992 2017-0
2-13] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteServic
e64.exe [191688 2016-05-25] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IA
StorDataMgrSvc.exe [16232 2014-03-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08
-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS
Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signe
d]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Inte
l\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine
Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation
)
R3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [459264 20
17-02-13] () [File not signed] <==== ATTENTION
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Componen
ts\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12
-04] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5691912 2016-05-18] (INCA Internet
Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcon
tainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nv
container.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeFor
ce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corp
oration)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe
[2122248 2016-08-12] (Electronic Arts)
S2 Prercertain; C:\Windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Co
rporation)
S2 Prercertain; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Co
rporation)
R2 Themes; C:\Windows\system32\themeservice.dll [59392 2014-10-29] (Microsoft Co
rporation) [DependOnService: iThemes5]<==== ATTENTION
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio
14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776
2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (M
icrosoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (
Microsoft Corporation)
R2 WinSAPSvc; C:\Users\Sebastian\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 20
17-02-24] (TODO: <Company name>) [File not signed]
R2 WinSnare; C:\Users\Sebastian\AppData\Roaming\WinSnare\WinSnare.dll [778752 20
17-02-24] (InterSect Alliance Pty Ltd) [File not signed]
R2 YT Updater Service; C:\Program Files (x86)\Common Files\YT Updater\ytupdater.
exe [16384 2015-01-26] (hxxp://ytdownloader.biz/) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [382
0960 2014-12-04] (Intel Corporation)
S2 ed2kidle; "C:\Program Files (x86)\amuleC1\ed2k.exe" -downloadwhenidle [X]
S2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [X]
S2 GubZL; C:\Program Files (x86)\Gub\GubZL.dll [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. T
he file will not be moved unless listed separately.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [172760 2013-10-02] (Broadco
m Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broad
com Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-04] (Sams
ung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-01-1
6] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-01-16]
(Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18816 201
6-05-25] (Huawei Technologies Co., Ltd.)
R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FS
Pro Labs)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Hua
wei Technologies Co., Ltd.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Inte
l Corporation)
R1 netfilter2; C:\Windows\System32\drivers\netfilter2.sys [57832 2015-09-30] (Wi
ndows (R) Win 7 DDK provider)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
[27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-11
-17] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-24] (Realsil S
emiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9121496 2014-06-10] (Realtek
Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-1
0-29] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-03-07]
(Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-04] (Samsung
Electronics Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Appl
e, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft
Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Micro
soft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Micro
soft Corporation)
S1 p1481375318am; \??\C:\Users\SEBAST~1\AppData\Local\Temp\bk70B7.tmp\p148137531
8am.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. T
he file will not be moved unless listed separately.)

==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-25 10:46 - 2017-02-25 10:46 - 00602112 _____ (OldTimer Tools) C:\Users\S
ebastian\Downloads\OTL.exe
2017-02-25 10:45 - 2017-02-25 10:45 - 00000000 ____D C:\Users\Sebastian\Download
s\FRST-OlderVersion
2017-02-24 19:51 - 2017-02-24 19:51 - 16938323 _____ (Bractwo Spolszczenia ) C:\
Users\Sebastian\Downloads\Wojna z Orkami patch (1).exe
2017-02-24 18:51 - 2017-02-24 18:52 - 13767776 _____ (Microsoft Corporation) C:\
Users\Sebastian\Downloads\vc_redist.x86.exe
2017-02-24 18:50 - 2017-02-24 19:30 - 00003348 _____ C:\Program Files (x86)\meta
data
2017-02-24 18:50 - 2017-02-24 18:50 - 00000040 _____ C:\Program Files (x86)\sett
ings.dat
2017-02-24 18:32 - 2017-02-24 18:33 - 16938323 _____ (Bractwo Spolszczenia ) C:\
Users\Sebastian\Downloads\Wojna z Orkami patch.exe
2017-02-24 18:24 - 2017-02-24 18:24 - 00000000 ____D C:\Users\Sebastian\AppData\
Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2017-02-24 18:24 - 2017-02-24 18:24 - 00000000 ____D C:\Users\Sebastian\AppData\
Roaming\aMule
2017-02-24 18:24 - 2017-02-24 18:24 - 00000000 ____D C:\Program Files (x86)\WinS
nare(4.1.6)
2017-02-24 18:24 - 2017-02-24 18:24 - 00000000 ____D C:\Program Files (x86)\amul
eCexx
2017-02-24 18:23 - 2017-02-24 18:23 - 00000000 ____D C:\Program Files (x86)\cvbs
0
2017-02-23 22:06 - 2017-02-23 22:06 - 00000000 _____ C:\temp.dat
2017-02-23 21:33 - 2017-02-23 21:33 - 00000000 ____D C:\Users\Sebastian\AppData\
Local\Birdjob
2017-02-23 21:32 - 2017-02-23 21:32 - 00003426 _____ C:\Windows\System32\Tasks\G
oogleUpdateTaskMachineUA
2017-02-23 21:32 - 2017-02-23 21:32 - 00002275 _____ C:\Users\Public\Desktop\Goo
gle Chrome.lnk
2017-02-23 21:32 - 2017-02-23 21:32 - 00000000 ____D C:\Program Files (x86)\Goog
le
2017-02-23 21:31 - 2017-02-23 21:31 - 01129376 _____ (Google Inc.) C:\Users\Seba
stian\Downloads\ChromeSetup.exe
2017-02-23 21:00 - 2017-02-23 21:00 - 00000000 ____D C:\Program Files (x86)\Bird
job
2017-02-23 20:59 - 2017-02-23 20:59 - 00000000 ____D C:\Program Files (x86)\MIO
2017-02-23 20:07 - 2017-02-23 20:08 - 00000900 _____ C:\Users\Sebastian\Desktop\
MaxPayne.exe - genvg.lnk
2017-02-22 21:39 - 2017-02-22 21:39 - 00003832 _____ C:\Windows\System32\Tasks\O
pera scheduled Autoupdate 1487795959
2017-02-22 21:39 - 2017-02-22 21:39 - 00001109 _____ C:\Users\Public\Desktop\Ope
ra.lnk
2017-02-22 21:39 - 2017-02-22 21:39 - 00001109 _____ C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\Opera.lnk
2017-02-22 21:39 - 2017-02-22 21:39 - 00000000 ____D C:\Users\Sebastian\AppData\
Roaming\Opera Software
2017-02-22 21:39 - 2017-02-22 21:39 - 00000000 ____D C:\Users\Sebastian\AppData\
Local\Opera Software
2017-02-22 21:38 - 2017-02-22 21:39 - 00000000 ____D C:\Program Files\Opera
2017-02-22 19:54 - 2017-02-24 19:30 - 00000000 ____D C:\Program Files (x86)\repo
rts
2017-02-22 19:54 - 2017-02-22 19:57 - 00007669 _____ C:\Users\Sebastian\AppData\
Local\resmon.resmoncfg
2017-02-18 18:16 - 2017-02-23 21:26 - 00000000 ____D C:\Users\Sebastian\Document
s\Max Payne Savegames
2017-02-18 16:25 - 2017-02-18 16:25 - 00000000 ____D C:\Users\Sebastian\AppData\
LocalLow\uTorrent
2017-02-14 21:24 - 2017-02-23 21:00 - 00000217 _____ C:\Users\Public\Desktop\Goo
gle Chrome.url
2017-02-13 20:57 - 2017-02-13 20:57 - 00000000 ____D C:\Program Files (x86)\Fire
fox
2017-02-13 20:45 - 2017-02-13 20:57 - 00002011 _____ C:\Users\Public\Desktop\Moz
illa Firefox.lnk
2017-02-13 20:45 - 2017-02-13 20:45 - 00000000 ____D C:\Users\Sebastian\AppData\
Local\Goldass
2017-02-13 20:43 - 2017-02-25 10:34 - 00000000 ____D C:\Users\Sebastian\AppData\
Roaming\WinSAPSvc
2017-02-12 10:05 - 2017-02-12 10:05 - 22140464 _____ C:\Users\Sebastian\Download
s\BankID_installation_7_3_0.exe
2017-02-09 19:56 - 2017-02-24 18:24 - 00003604 _____ C:\Windows\System32\Tasks\M
ilimili
2017-02-09 19:17 - 2017-02-09 19:17 - 12754040 _____ C:\Users\Sebastian\Document
s\Chopin - Spring Waltz.mp4
2017-01-29 20:34 - 2017-01-29 20:34 - 00000772 _____ C:\Windows\SysWOW64\ping.cf
g
2017-01-27 19:59 - 2017-01-27 19:59 - 06792995 _____ C:\Users\Sebastian\Document
s\Travesuras - Nicky Jam (Lyrics Spanish & English) (HD).mp4
2017-01-27 19:36 - 2017-01-27 19:36 - 03186126 _____ C:\Users\Sebastian\Download
s\Maja och hennes kritor.odt
2017-01-27 19:36 - 2017-01-27 19:36 - 00000000 ____D C:\Users\Sebastian\Desktop\
ilona
2017-01-27 18:09 - 2017-01-27 18:09 - 00000000 ____D C:\Users\Sebastian\AppData\
Local\Apps\2.0
2017-01-27 18:08 - 2017-01-27 18:10 - 00000000 ____D C:\Users\Sebastian\AppData\
Local\Deployment
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-25 10:47 - 2017-01-17 18:15 - 00028054 _____ C:\Users\Sebastian\Download
s\FRST.txt
2017-02-25 10:47 - 2016-12-10 14:03 - 00000000 _____ C:\Users\Public\Documents\r
eport.dat
2017-02-25 10:47 - 2016-10-03 21:57 - 00000000 ____D C:\FRST
2017-02-25 10:47 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2017-02-25 10:45 - 2017-01-17 18:14 - 02423296 _____ (Farbar) C:\Users\Sebastian
\Downloads\FRST64.exe
2017-02-25 10:42 - 2016-01-16 16:26 - 00003794 _____ C:\Windows\System32\Tasks\U
ser_Feed_Synchronization-{DF919879-6280-402B-A7DF-982E3824E6B6}
2017-02-25 10:38 - 2016-01-16 16:36 - 00000000 ___DO C:\Users\Sebastian\SkyDrive
2017-02-25 10:37 - 2016-01-16 17:52 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-25 10:37 - 2016-01-16 16:46 - 00000000 __SHD C:\Users\Sebastian\IntelGra
phicsProfiles
2017-02-25 10:35 - 2016-12-10 14:03 - 00000000 _____ C:\Users\Public\Documents\t
emp.dat
2017-02-25 10:35 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-25 00:24 - 2016-01-19 22:58 - 00000868 _____ C:\Windows\Tasks\Adobe Flas
h Player Updater.job
2017-02-24 19:56 - 2016-01-16 16:30 - 00003600 _____ C:\Windows\System32\Tasks\O
ptimize Start Menu Cache Files-S-1-5-21-3936271138-2850751734-2826734864-1001
2017-02-24 18:24 - 2017-01-18 18:33 - 00000000 ____D C:\Users\Sebastian\AppData\
Roaming\WinSnare
2017-02-23 21:33 - 2017-01-18 18:49 - 00000000 ____D C:\Users\Sebastian\AppData\
LocalLow\Mozilla
2017-02-23 21:32 - 2016-08-29 13:47 - 00003298 _____ C:\Windows\System32\Tasks\G
oogleUpdateTaskMachineCore
2017-02-23 21:32 - 2016-08-29 13:47 - 00002287 _____ C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\Google Chrome.lnk
2017-02-23 21:32 - 2016-08-29 13:47 - 00000000 ____D C:\Users\Sebastian\AppData\
Local\Google
2017-02-23 21:00 - 2016-02-24 06:34 - 00000000 ____D C:\ProgramData\Apple
2017-02-22 20:01 - 2016-01-28 20:39 - 00000000 ____D C:\Users\Sebastian\AppData\
Local\ElevatedDiagnostics
2017-02-19 14:17 - 2016-12-07 17:29 - 00003178 _____ C:\Windows\System32\Tasks\O
neDrive Standalone Update Task v2
2017-02-19 14:17 - 2016-06-28 07:47 - 00002314 _____ C:\Users\Sebastian\AppData\
Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive fr fretag.lnk
2017-02-19 00:18 - 2016-01-16 16:54 - 00000000 ____D C:\Users\Sebastian\AppData\
Roaming\uTorrent
2017-02-19 00:18 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\
BBI
2017-02-16 21:44 - 2016-01-21 22:32 - 00000000 ____D C:\Users\Sebastian\AppData\
Local\CrashDumps
2017-02-16 19:17 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-02-14 23:03 - 2016-01-17 16:20 - 00000000 ____D C:\Users\Sebastian
2017-02-13 20:57 - 2017-01-18 18:45 - 00002081 _____ C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-13 20:52 - 2016-11-30 19:55 - 00000000 ____D C:\ProgramData\WinSAPSvc
2017-02-13 20:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\System
2017-02-09 19:17 - 2016-12-02 21:35 - 00000000 ____D C:\ProgramData\YTD Video Do
wnloader
2017-02-09 19:10 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2017-01-28 13:14 - 2016-10-10 22:37 - 00846800 _____ C:\Windows\system32\perfh01
5.dat
2017-01-28 13:14 - 2016-10-10 22:37 - 00187734 _____ C:\Windows\system32\perfc01
5.dat
2017-01-28 13:14 - 2016-01-17 16:16 - 02909910 _____ C:\Windows\system32\PerfStr
ingBackup.INI
2017-01-28 13:14 - 2016-01-16 21:31 - 00769366 _____ C:\Windows\system32\perfh01
D.dat
2017-01-28 13:14 - 2016-01-16 21:31 - 00173672 _____ C:\Windows\system32\perfc01
D.dat
2017-01-27 18:22 - 2016-02-22 17:01 - 00000000 ____D C:\Users\Sebastian\Desktop\
foty z pulpu
2017-01-27 18:14 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2017-02-24 18:50 - 2017-02-24 19:30 - 0003348 _____ () C:\Program Files (x86)\me
tadata
2017-02-24 18:50 - 2017-02-24 18:50 - 0000040 _____ () C:\Program Files (x86)\se
ttings.dat
2016-10-15 19:59 - 2016-10-15 19:59 - 0009668 _____ () C:\Users\Sebastian\AppDat
a\Local\recently-used.xbel
2017-02-22 19:54 - 2017-02-22 19:57 - 0007669 _____ () C:\Users\Sebastian\AppDat
a\Local\resmon.resmoncfg
2016-01-21 22:30 - 2016-01-21 22:30 - 0000000 ____H () C:\ProgramData\DP45977C.l
fl
Some files in TEMP:
====================
2016-10-05 19:53 - 2016-10-05 19:53 - 0004128 _____ () C:\Users\Sebastian\AppDat
a\Local\Temp\apm689F.exe
2016-10-05 21:29 - 2016-10-05 21:29 - 0004128 _____ () C:\Users\Sebastian\AppDat
a\Local\Temp\apm7CC7.exe
2016-10-05 19:57 - 2016-10-05 19:57 - 0004128 _____ () C:\Users\Sebastian\AppDat
a\Local\Temp\apm90E4.exe
2016-10-05 21:34 - 2016-10-05 21:34 - 0004128 _____ () C:\Users\Sebastian\AppDat
a\Local\Temp\apmA4FC.exe
2016-10-05 19:49 - 2016-10-05 19:49 - 0004128 _____ () C:\Users\Sebastian\AppDat
a\Local\Temp\apmAE46.exe
2016-10-05 20:06 - 2016-10-05 20:06 - 0004128 _____ () C:\Users\Sebastian\AppDat
a\Local\Temp\apmEFE5.exe
2017-01-12 17:36 - 2017-01-12 17:37 - 26883792 _____ () C:\Users\Sebastian\AppDa
ta\Local\Temp\ins7327.tmp.exe
2017-01-18 18:33 - 2017-01-18 18:33 - 26967248 _____ () C:\Users\Sebastian\AppDa
ta\Local\Temp\inst12.exe
2016-09-23 20:04 - 2016-09-23 20:04 - 0737856 _____ (Oracle Corporation) C:\User
s\Sebastian\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-25 19:55 - 2017-01-25 19:55 - 0739904 _____ (Oracle Corporation) C:\User
s\Sebastian\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-10-20 18:26 - 2016-10-20 18:26 - 2458672 _____ (The OpenSSL Project, http:/
/www.openssl.org/) C:\Users\Sebastian\AppData\Local\Temp\libeay32.dll
2016-10-20 18:26 - 2016-10-20 18:26 - 0970912 _____ (Microsoft Corporation) C:\U
sers\Sebastian\AppData\Local\Temp\msvcr120.dll
2016-10-20 18:26 - 2016-10-20 18:26 - 0772672 _____ () C:\Users\Sebastian\AppDat
a\Local\Temp\sqlite3.dll
2002-08-31 18:07 - 2002-08-31 18:07 - 0270336 _____ () C:\Users\Sebastian\AppDat
a\Local\Temp\tdll.dll
2017-01-05 16:52 - 2017-01-05 16:52 - 0361472 _____ (update) C:\Users\Sebastian\
AppData\Local\Temp\~ctBC95.tmp.dll
2017-01-03 13:24 - 2017-01-03 13:24 - 0471552 _____ () C:\Users\Sebastian\AppDat
a\Local\Temp\~ctD647.tmp.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-16 21:41
==================== End of FRST.txt ============================

You might also like