Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-09-2017 02 Ran by Konar (administrator) on KOMPUTER (23-09-2017 16:21:45) Running from C:\Users\Konar\Downloads Loaded Profiles: Konar (Available Profiles: Konar) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-08-15] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [919032 2017-09-23] (Avira Operations GmbH & Co. KG) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 217.113.224.36 217.113.224.134 Tcpip\..\Interfaces\{01C48293-91C3-4410-97A2-CD69EF51FC04}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{4FF87214-2C83-4CDF-B7BB-6414917EB950}: [DhcpNameServer] 62.179.1.60 62.179.1.61 Tcpip\..\Interfaces\{82DC20F9-B530-442C-8436-8333164D7240}: [DhcpNameServer] 217.113.224.36 217.113.224.134 Tcpip\..\Interfaces\{A15F8625-8B7C-4B63-B910-8BD3D73B4E4B}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKU\S-1-5-21-908772619-3192644915-72303369-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/ BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation) Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Konar\AppData\Roaming\Mozilla\Firefox\Profiles\jcnuuusc.default [2017-09-23] FF Homepage: Mozilla\Firefox\Profiles\jcnuuusc.default -> about:home FF Extension: (Adblock Plus) - C:\Users\Konar\AppData\Roaming\Mozilla\Firefox\Profiles\jcnuuusc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll [2012-07-25] ( ) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll [2012-07-25] ( ) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://steamcommunity.com/market/" CHR Profile: C:\Users\Konar\AppData\Local\Google\Chrome\User Data\Default [2017-09-23] CHR Extension: (Dysk Google) - C:\Users\Konar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Konar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\Konar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (LoungeDestroyer) - C:\Users\Konar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2017-01-30] CHR Extension: (Dokumenty Google offline) - C:\Users\Konar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-02] CHR Extension: (AdBlock) - C:\Users\Konar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-15] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Konar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-23] CHR Extension: (Gmail) - C:\Users\Konar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15] CHR Extension: (Chrome Media Router) - C:\Users\Konar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-23] CHR Extension: (Steam Inventory Expert) - C:\Users\Konar\Downloads\SteamInventoryExpert-master [2016-05-15] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-09-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-09-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-09-23] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-09-23] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [404816 2017-08-15] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-03-21] () S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [488000 2017-06-23] (GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8077376 2017-06-06] (GOG.com) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-20] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [194912 2017-09-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [151128 2017-09-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [35328 2017-02-25] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [78600 2017-02-25] (Avira Operations GmbH & Co. KG) R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77376 2017-06-27] () R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-04-01] (REALiX(tm)) S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-15] (Malwarebytes) S3 BCM43XX; system32\DRIVERS\bcmwl664.sys [X] S3 btwaudio; system32\drivers\btwaudio.sys [X] S3 btwavdt; system32\DRIVERS\btwavdt.sys [X] S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X] S3 btwrchid; system32\DRIVERS\btwrchid.sys [X] S3 MBAMFarflt; \??\C:\windows\system32\drivers\farflt.sys [X] S3 MBAMProtection; \??\C:\windows\system32\drivers\mbam.sys [X] S3 MBAMWebProtection; \??\C:\windows\system32\drivers\mwac.sys [X] S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X] S4 sptd; System32\Drivers\sptd.sys [X] S3 STHDA; system32\DRIVERS\stwrt64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-23 16:21 - 2017-09-23 16:22 - 000010791 _____ C:\Users\Konar\Downloads\FRST.txt 2017-09-23 16:17 - 2017-09-23 16:17 - 002399744 _____ (Farbar) C:\Users\Konar\Downloads\FRST64.exe 2017-09-23 16:01 - 2017-09-23 16:01 - 009809688 _____ (Piriform Ltd) C:\Users\Konar\Downloads\ccsetup535.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-23 16:21 - 2013-12-09 16:39 - 000000000 ____D C:\FRST 2017-09-23 15:41 - 2016-06-12 03:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-09-23 15:41 - 2012-12-27 20:22 - 000002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-09-23 15:41 - 2009-07-14 07:13 - 000782578 _____ C:\windows\system32\PerfStringBackup.INI 2017-09-23 15:41 - 2009-07-14 05:20 - 000000000 ____D C:\windows\inf 2017-09-23 15:38 - 2014-08-19 11:08 - 000000000 ____D C:\ProgramData\Package Cache 2017-09-23 15:35 - 2016-06-12 03:15 - 000194912 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2017-09-23 15:35 - 2016-06-12 03:15 - 000151128 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2017-09-23 15:32 - 2009-07-14 07:08 - 000000006 ____H C:\windows\Tasks\SA.DAT ==================== Files in the root of some directories ======= 2014-08-13 01:21 - 2014-08-13 01:28 - 000000052 _____ () C:\Users\Konar\AppData\Roaming\mbam.context.scan 2016-01-27 17:41 - 2017-05-16 18:19 - 000007607 _____ () C:\Users\Konar\AppData\Local\Resmon.ResmonCfg 2016-04-30 04:43 - 2016-04-30 04:43 - 000000000 _____ () C:\Users\Konar\AppData\Local\{0BA3C2AB-047E-44D4-80CB-3AF56329BCEF} 2016-04-25 11:17 - 2016-04-25 11:17 - 000000000 _____ () C:\Users\Konar\AppData\Local\{49DCF76D-DEC8-4BED-ADBB-F2A4827D748A} 2016-04-26 11:27 - 2016-04-26 11:27 - 000000000 _____ () C:\Users\Konar\AppData\Local\{A798B2F4-D7B7-4EBE-AFDD-0F8DF42C8239} ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-23 15:32 ==================== End of FRST.txt ============================