Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 Ran by Pjeruk (administrator) on MICHAL (26-08-2017 18:53:40) Running from C:\Users\Pjeruk\Downloads Loaded Profiles: Pjeruk (Available Profiles: Pjeruk) Platform: Windows 8.1 Pro (Update) (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Hi-Rez Studios) E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe (Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-12-17] (Realtek Semiconductor) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2109440 2013-04-23] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2013-08-02] (Creative Technology Ltd) HKLM-x32\...\Run: [V0790Mon.exe] => C:\Windows\V0790Mon.exe [32884 2013-06-19] (Creative Technology Ltd.) HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1833188592-4251096465-124180988-1001\...\Run: [EADM] => E:\Program Files (x86)\Origin\Origin.exe [3048256 2017-07-26] (Electronic Arts) HKU\S-1-5-21-1833188592-4251096465-124180988-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1833188592-4251096465-124180988-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd) HKU\S-1-5-21-1833188592-4251096465-124180988-1001\...\Run: [Discord] => C:\Users\Pjeruk\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.) HKU\S-1-5-21-1833188592-4251096465-124180988-1001\...\MountPoints2: {66c24347-a636-11e4-8265-fcaa14268080} - "D:\setup.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-12-17] ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) Startup: C:\Users\Pjeruk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.scf [2013-05-06] () BootExecute: sdnclean64.exe GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 Tcpip\..\Interfaces\{466F35E9-A6D5-46DA-BA84-2813B011E58E}: [DhcpNameServer] 192.168.0.1 192.168.0.2 Tcpip\..\Interfaces\{A72F1CC9-768F-4605-8ED1-E92F95A8127F}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{A72F1CC9-768F-4605-8ED1-E92F95A8127F}: [DhcpNameServer] 192.168.0.1 192.168.0.2 Internet Explorer: ================== HKU\S-1-5-21-1833188592-4251096465-124180988-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-15] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-15] (Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Pjeruk\AppData\Roaming\Mozilla\Firefox\Profiles\m4cBUf7B.default [2017-08-26] FF Extension: (uBlock Origin) - C:\Users\Pjeruk\AppData\Roaming\Mozilla\Firefox\Profiles\m4cBUf7B.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-28] FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\Pjeruk\AppData\Local\htyh\application\htwebHelper.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-15] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-15] (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-08] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-08] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-26] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-26] (Google Inc.) FF Plugin HKU\S-1-5-21-1833188592-4251096465-124180988-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pjeruk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.pl/ CHR DefaultSearchKeyword: Default -> google.pl_ CHR Profile: C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default [2017-08-26] CHR Extension: (Prezentacje Google) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-26] CHR Extension: (Magic Actions for YouTube™) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-08-26] CHR Extension: (Dokumenty Google) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-26] CHR Extension: (Dysk Google) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-26] CHR Extension: (Snooker) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjohiacoelemalmancnccjggomjnkfod [2017-08-26] CHR Extension: (YouTube) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-26] CHR Extension: (Adblock Plus) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-08-26] CHR Extension: (Adblock dla serwisu Youtube™) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-08-26] CHR Extension: (Arkusze Google) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-26] CHR Extension: (Dokumenty Google offline) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-26] CHR Extension: (AdBlock) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-26] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26] CHR Extension: (Adblock Pro) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2017-08-26] CHR Extension: (Gmail) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-26] CHR Extension: (Chrome Media Router) - C:\Users\Pjeruk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-26] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1833188592-4251096465-124180988-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bncccjepkagemgfhbeknoggaadchfcfb] - ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [111104 2014-10-29] (Microsoft Corporation) [File not signed] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-07-30] () S3 CertPropSvc; C:\Windows\System32\certprop.dll [156160 2014-10-29] (Microsoft Corporation) [File not signed] S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-12-17] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-12-17] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-08-19] (EasyAntiCheat Ltd) S3 EFS; C:\Windows\system32\efssvc.dll [41472 2014-10-29] (Microsoft Corporation) [File not signed] S3 fhsvc; C:\Windows\system32\fhsvc.dll [121856 2014-10-29] (Microsoft Corporation) [File not signed] U2 HiPatchService; E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-07-11] (Hi-Rez Studios) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-08] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation) S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2168672 2017-07-26] (Electronic Arts) S2 Origin Web Helper Service; E:\Program Files (x86)\Origin\OriginWebHelperService.exe [3148128 2017-07-26] (Electronic Arts) R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed] R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [401024 2017-07-03] (Razer Inc.) R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [179840 2017-06-20] (Razer Inc.) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] () S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [194048 2014-10-29] (Microsoft Corporation) [File not signed] S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [131072 2014-10-29] (Microsoft Corporation) [File not signed] S3 SCPolicySvc; C:\Windows\System32\certprop.dll [156160 2014-10-29] (Microsoft Corporation) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [230400 2014-10-29] (Microsoft Corporation) [File not signed] S3 WinRM; C:\Windows\system32\WsmSvc.dll [2608640 2014-10-29] (Microsoft Corporation) [File not signed] S3 wlidsvc; C:\Windows\system32\wlidsvc.dll [1639424 2014-10-29] (Microsoft Corporation) [File not signed] S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [201728 2014-10-29] (Microsoft Corporation) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-27] (Disc Soft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-21] () S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2017-02-27] (LogMeIn Inc.) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-08-25] () R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-08-26] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [101824 2017-08-26] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-08-26] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-08-26] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [94144 2017-08-26] (Malwarebytes) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation) R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [46200 2017-06-08] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [59448 2017-03-17] (NVIDIA Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13536 2015-05-25] () R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-06-22] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.) S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [40960 2014-10-29] (Microsoft Corporation) [File not signed] R3 V0790Vid; C:\Windows\system32\DRIVERS\V0790Vid.sys [380416 2013-07-09] (Creative Technology Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [55128 2015-06-06] (Intel Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-26 18:49 - 2017-08-26 18:52 - 000001969 _____ C:\Users\Pjeruk\Desktop\AdwCleaner[C5].txt 2017-08-26 18:47 - 2017-08-26 18:47 - 000044693 _____ C:\Users\Pjeruk\Downloads\Addition_24-08-2017 21.42.26.txt 2017-08-26 18:44 - 2017-08-26 18:44 - 000049498 _____ C:\Users\Pjeruk\Downloads\Addition.txt 2017-08-26 18:43 - 2017-08-26 18:54 - 000019675 _____ C:\Users\Pjeruk\Downloads\FRST.txt 2017-08-26 18:43 - 2017-08-26 18:53 - 000000000 ____D C:\FRST 2017-08-26 18:43 - 2017-08-26 18:43 - 002395648 _____ (Farbar) C:\Users\Pjeruk\Downloads\FRST64.exe 2017-08-26 18:23 - 2017-08-26 18:23 - 001130328 _____ (Google Inc.) C:\Users\Pjeruk\Downloads\ChromeSetup.exe 2017-08-26 18:23 - 2017-08-26 18:23 - 000003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-08-26 18:23 - 2017-08-26 18:23 - 000003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-08-26 18:23 - 2017-08-26 18:23 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-26 18:23 - 2017-08-26 18:23 - 000002281 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-08-26 18:19 - 2017-08-26 18:19 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\Google 2017-08-26 18:11 - 2017-08-26 18:51 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-08-26 18:11 - 2017-08-26 18:51 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-08-26 18:11 - 2017-08-26 18:51 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-08-26 18:11 - 2017-08-26 18:51 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-08-26 18:11 - 2017-08-26 18:11 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-08-26 18:11 - 2017-08-26 18:11 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-08-26 18:11 - 2017-08-26 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-08-26 18:11 - 2017-08-26 18:11 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-08-26 18:11 - 2017-08-26 18:11 - 000000000 ____D C:\Program Files\Malwarebytes 2017-08-26 18:11 - 2017-08-21 07:20 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-08-26 16:55 - 2017-08-26 16:55 - 000000085 _____ C:\Windows\wininit.ini 2017-08-26 15:55 - 2017-08-26 16:55 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2017-08-26 15:55 - 2017-08-26 15:55 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2017-08-26 15:43 - 2017-08-26 15:43 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Pjeruk\Downloads\spybotsd-2.6.46.exe 2017-08-26 14:19 - 2017-08-26 15:21 - 000000000 ____D C:\Users\Pjeruk\Documents\RegRun2 2017-08-26 14:19 - 2017-08-26 14:19 - 000000002 RSHOT C:\Windows\winstart.bat 2017-08-26 14:19 - 2017-08-26 14:19 - 000000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT 2017-08-26 14:19 - 2017-08-26 14:19 - 000000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT 2017-08-26 14:19 - 2017-08-26 14:19 - 000000000 ____D C:\Users\Pjeruk\Downloads\unhackme 2017-08-26 14:19 - 2017-08-26 14:19 - 000000000 ____D C:\ProgramData\RegRun 2017-08-26 14:18 - 2017-08-26 14:18 - 018819914 _____ C:\Users\Pjeruk\Downloads\unhackme.zip 2017-08-25 17:25 - 2017-08-25 17:25 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\Obsidium 2017-08-25 16:34 - 2017-08-25 16:39 - 000000000 ____D C:\ProgramData\AVAST Software 2017-08-25 16:31 - 2017-08-25 16:33 - 000000000 ____D C:\Users\Pjeruk\AppData\Local\AvgSetupLog 2017-08-25 16:31 - 2017-08-25 16:33 - 000000000 ____D C:\ProgramData\Avg 2017-08-25 16:31 - 2017-08-25 16:31 - 000000000 ____D C:\Users\Pjeruk\AppData\Local\Avg 2017-08-25 15:14 - 2017-08-25 15:14 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2017-08-25 15:10 - 2017-08-25 15:10 - 000001010 _____ C:\Windows\system32\.crusader 2017-08-25 15:03 - 2017-08-25 15:10 - 000000000 ____D C:\ProgramData\HitmanPro 2017-08-22 00:01 - 2017-08-22 00:01 - 001305367 _____ C:\Users\Pjeruk\Downloads\Autoruns.zip 2017-08-22 00:01 - 2017-08-22 00:01 - 000000000 ____D C:\Users\Pjeruk\Downloads\Autoruns 2017-08-21 23:23 - 2017-08-21 23:23 - 008185288 _____ (Malwarebytes) C:\Users\Pjeruk\Downloads\AdwCleaner.exe 2017-08-21 23:16 - 2017-08-21 23:21 - 000000000 ____D C:\ProgramData\GlarySoft 2017-08-21 23:14 - 2017-08-21 23:21 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\GlarySoft 2017-08-21 23:14 - 2017-08-21 23:14 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\DiskDefrag 2017-08-21 18:19 - 2017-08-21 18:19 - 000000266 __RSH C:\Users\Pjeruk\ntuser.pol 2017-08-21 18:13 - 2017-08-26 18:52 - 000000000 ____D C:\AdwCleaner 2017-08-21 18:00 - 2017-08-21 18:34 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\zla0nz04gh4 2017-08-21 17:59 - 2017-08-21 18:34 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\hpnqo1wlfs3 2017-08-21 17:58 - 2017-08-21 18:34 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\czbgr5tkqlz 2017-08-21 17:58 - 2017-08-21 18:34 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\a4e3exeydm5 2017-08-21 17:58 - 2017-08-21 18:34 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\50apdqtiqzb 2017-08-21 17:55 - 2017-08-21 18:34 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\itf05c12nqx 2017-08-21 17:55 - 2017-08-21 18:34 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\iceyupgb4st 2017-08-21 17:55 - 2017-08-21 18:34 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\5umud1luvqv 2017-08-21 17:55 - 2017-08-21 16:39 - 001954304 ___SH (Micrasaft Carparation) C:\Windows\C_iRUX.dat 2017-08-21 17:54 - 2017-08-22 00:04 - 000014920 _____ C:\Windows\System32\Tasks\{24EC6635-04CA-4656-80A2-7CAB131AD7A9} 2017-08-21 17:54 - 2017-08-21 17:56 - 000000000 ____D C:\ProgramData\Windows 2017-08-21 17:54 - 2017-08-21 17:55 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\chroma 2017-08-21 17:53 - 2017-08-21 17:53 - 000003098 _____ C:\Windows\System32\Tasks\{AFC2BF7D-BB52-42AC-8505-CCEE0D465A8B} 2017-08-21 17:30 - 2017-08-21 17:30 - 000140800 _____ C:\Users\Pjeruk\AppData\Local\installer.dat 2017-08-16 20:34 - 2017-08-16 20:34 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2017-08-13 14:03 - 2017-08-19 20:13 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\EasyAntiCheat 2017-08-13 14:01 - 2017-08-19 20:12 - 000000000 ____D C:\Users\Pjeruk\AppData\Local\HirezLauncherUI 2017-08-13 14:00 - 2017-08-13 14:04 - 000000000 ____D C:\ProgramData\Hi-Rez Studios 2017-08-13 14:00 - 2017-08-13 14:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2017-08-13 12:00 - 2017-08-13 12:00 - 000000222 _____ C:\Users\Pjeruk\Desktop\Paladins.url 2017-08-10 15:27 - 2017-08-10 15:28 - 000000000 ____D C:\Users\Pjeruk\Downloads\Ignition 2017-08-10 15:21 - 2017-08-10 15:23 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\dgVoodoo 2017-08-10 15:18 - 2017-08-10 15:18 - 000003192 _____ C:\Windows\System32\Tasks\{397B38DA-E238-4411-BC57-76FF4C675DFD} 2017-08-06 17:54 - 2017-08-06 17:54 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\baidu 2017-08-06 17:54 - 2017-08-06 17:54 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\360se6 2017-07-30 22:19 - 2017-07-30 22:19 - 000000000 ____D C:\Users\Pjeruk\AppData\Local\UnrealEngine 2017-07-30 22:19 - 2017-07-30 22:19 - 000000000 ____D C:\Users\Pjeruk\AppData\Local\TslGame 2017-07-30 21:31 - 2017-07-30 21:31 - 000000222 _____ C:\Users\Pjeruk\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url 2017-07-29 17:35 - 2017-07-29 17:35 - 000000000 ____D C:\Users\Pjeruk\AppData\LocalLow\Temp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-26 18:52 - 2014-12-17 17:28 - 000000000 ____D C:\ProgramData\NVIDIA 2017-08-26 18:51 - 2014-12-17 17:21 - 000000000 __SHD C:\Users\Pjeruk\IntelGraphicsProfiles 2017-08-26 18:50 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-08-26 18:34 - 2014-12-17 17:10 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1833188592-4251096465-124180988-1001 2017-08-26 18:29 - 2017-07-06 00:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-08-26 18:23 - 2017-07-06 00:16 - 000000000 ____D C:\Users\Pjeruk\AppData\LocalLow\Mozilla 2017-08-26 18:23 - 2014-12-17 17:12 - 000000000 ____D C:\Users\Pjeruk\AppData\Local\Google 2017-08-26 18:23 - 2014-12-17 17:12 - 000000000 ____D C:\Program Files (x86)\Google 2017-08-26 18:13 - 2015-06-19 22:46 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner 2017-08-26 17:29 - 2015-01-11 15:47 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\uTorrent 2017-08-26 17:03 - 2014-12-17 17:38 - 000809976 _____ C:\Windows\system32\perfh015.dat 2017-08-26 17:03 - 2014-12-17 17:38 - 000167164 _____ C:\Windows\system32\perfc015.dat 2017-08-26 17:03 - 2013-09-30 06:14 - 001825074 _____ C:\Windows\system32\PerfStringBackup.INI 2017-08-26 17:03 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf 2017-08-26 16:55 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2017-08-26 15:48 - 2014-12-17 17:08 - 000003778 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7105E8D8-8609-4008-A4CB-3D68EBC4023E} 2017-08-26 00:03 - 2014-12-24 22:00 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\Skype 2017-08-25 16:41 - 2014-12-24 22:00 - 000000000 ____D C:\ProgramData\Skype 2017-08-25 16:40 - 2015-07-08 21:20 - 000000000 ____D C:\temp 2017-08-22 18:36 - 2015-04-10 16:17 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-08-22 18:11 - 2015-02-02 21:03 - 000000000 ____D C:\Users\Pjeruk\Documents\My Games 2017-08-21 23:38 - 2016-09-04 21:51 - 000000000 ____D C:\Users\Pjeruk\AppData\Local\CrashDumps 2017-08-21 23:22 - 2015-06-19 22:47 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2017-08-21 23:17 - 2014-12-23 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III 2017-08-21 19:09 - 2014-12-17 17:05 - 000000000 ____D C:\Users\Pjeruk 2017-08-21 19:00 - 2016-09-20 20:17 - 000000335 _____ C:\Users\Pjeruk\Documents\Nowy dokument tekstowy (2).txt 2017-08-21 18:59 - 2017-03-26 16:15 - 000000000 ____D C:\Users\Pjeruk\AppData\Local\New Technology Studio 2017-08-21 18:55 - 2016-08-11 18:11 - 000000000 ____D C:\Users\Pjeruk\AppData\LocalLow\Weappy 2017-08-21 18:17 - 2014-12-17 17:05 - 000001400 _____ C:\Users\Pjeruk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-08-21 17:58 - 2015-06-23 21:37 - 000002916 __RSH C:\ProgramData\ntuser.pol 2017-08-21 17:58 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\GroupPolicy 2017-08-21 17:47 - 2015-01-27 19:26 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\DAEMON Tools Lite 2017-08-21 17:47 - 2014-12-30 18:35 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\TS3Client 2017-08-20 19:23 - 2014-12-17 17:54 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\Origin 2017-08-20 19:22 - 2014-12-17 17:51 - 000000000 ____D C:\ProgramData\Origin 2017-08-19 19:47 - 2015-11-28 22:39 - 000382504 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2017-08-16 20:34 - 2016-04-08 15:42 - 000002173 _____ C:\Users\Pjeruk\Desktop\Discord.lnk 2017-08-16 20:34 - 2016-04-08 15:42 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\discord 2017-08-16 20:34 - 2016-04-08 15:42 - 000000000 ____D C:\Users\Pjeruk\AppData\Local\Discord 2017-08-16 16:32 - 2014-12-23 16:56 - 000000000 ____D C:\Users\Pjeruk\AppData\Local\Battle.net 2017-08-15 21:19 - 2015-02-28 23:07 - 000000000 ____D C:\ProgramData\Oracle 2017-08-15 21:17 - 2015-11-25 22:27 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2017-08-15 21:17 - 2015-11-25 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-08-15 21:17 - 2015-02-28 23:07 - 000000000 ____D C:\Program Files (x86)\Java 2017-08-13 14:01 - 2014-12-17 17:43 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-13 14:00 - 2014-12-17 17:45 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-08-10 15:48 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\NDF 2017-08-03 21:25 - 2014-12-17 17:29 - 000000000 ____D C:\Users\Pjeruk\AppData\Local\NVIDIA Corporation 2017-08-01 19:30 - 2017-04-26 10:50 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\NVIDIA 2017-07-31 21:54 - 2016-04-08 15:42 - 000000000 ____D C:\Users\Pjeruk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc ==================== Files in the root of some directories ======= 2014-12-29 19:02 - 2015-05-25 19:45 - 000000299 _____ () C:\Users\Pjeruk\AppData\Roaming\BreakingPoint_Login.ini 2014-12-29 19:03 - 2015-05-25 20:09 - 000001454 _____ () C:\Users\Pjeruk\AppData\Roaming\BreakingPoint_Options.ini 2015-06-23 15:47 - 2015-06-23 15:47 - 000000044 _____ () C:\Users\Pjeruk\AppData\Roaming\WB.CFG 2014-12-17 17:44 - 2014-12-17 17:45 - 000000000 _____ () C:\Users\Pjeruk\AppData\Local\Driver_LOM_8161Present.flag 2017-08-21 17:30 - 2017-08-21 17:30 - 000140800 _____ () C:\Users\Pjeruk\AppData\Local\installer.dat 2015-07-03 17:52 - 2017-06-28 19:50 - 000007597 _____ () C:\Users\Pjeruk\AppData\Local\Resmon.ResmonCfg 2016-04-19 17:16 - 2016-04-19 17:16 - 000000000 _____ () C:\Users\Pjeruk\AppData\Local\{02979918-5A1E-4093-97A7-018EAB4A6D37} 2016-06-25 21:05 - 2016-06-25 21:05 - 000000000 _____ () C:\Users\Pjeruk\AppData\Local\{3E0DCA6E-03A5-41AB-86B9-B75420D9D71E} 2015-10-06 19:06 - 2015-10-06 19:06 - 000000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-12 18:32 ==================== End of FRST.txt ============================