Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-02-2017 Ran by Sajkros (administrator) on SAJKROS-PC (21-02-2017 17:08:44) Running from C:\Users\Sajkros\Downloads Loaded Profiles: Sajkros (Available Profiles: Sajkros) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Gainward Co.) C:\Program Files\EXPERTool\TBPANEL.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (FranmoSoftware) C:\Program Files\Odkurzacz\odkurzacz.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10081560 2015-03-12] (Logitech Inc.) HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\Run: [GAINWARD] => C:\Program Files\EXPERTool\TBPanel.exe [2181672 2009-05-12] (Gainward Co.) HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\Run: [uTorrent] => C:\Users\Sajkros\AppData\Roaming\uTorrent\uTorrent.exe [2143936 2017-02-01] (BitTorrent Inc.) HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: D - D:\Lenovo_Suite.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: H - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {0157672b-00fa-11e3-8731-00241d2ab2c1} - E:\Setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {0348bf05-651b-11e6-8b92-00241d2ab2c1} - E:\Lenovo_Suite.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {04e4882b-11a6-11e3-a716-00241d2ab2c1} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {05bb72e7-6fd3-11e3-b1c0-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {0ab26ad7-ea89-11e2-8592-00241d2ab2c1} - G:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {0ab26ae6-ea89-11e2-8592-00241d2ab2c1} - G:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {0c541b63-ddc1-11e3-b457-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {0df23629-21fb-11e3-9048-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {10457f66-8454-11e3-913d-001e101f82a7} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {17260aef-39b4-11e3-900d-00241d2ab2c1} - H:\Setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {1c1d9b5c-a7fb-11e5-b690-00241d2ab2c1} - E:\autorun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {1e3b3198-40b6-11e3-988a-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {1e86ea47-f333-11e2-b1e9-00241d2ab2c1} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {22497604-2afd-11e5-aad3-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {26f1c6c0-0f6a-11e3-81e9-00241d2ab2c1} - E:\Setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {26f1c6dc-0f6a-11e3-81e9-00241d2ab2c1} - E:\Setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {26f1c738-0f6a-11e3-81e9-00241d2ab2c1} - E:\Setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {26f1c764-0f6a-11e3-81e9-00241d2ab2c1} - E:\Setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {28d2a313-5d70-11e3-aac6-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {2ba71ddb-360a-11e3-912e-00241d2ab2c1} - K:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {2ba71deb-360a-11e3-912e-001e101f79c9} - K:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {2bc9c299-4ec7-11e3-9907-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {2bc9c2ab-4ec7-11e3-9907-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {37207e61-dd85-11e3-97b0-001e101f50a4} - E:\LiteAuto.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {3a61198a-4236-11e3-93bd-806e6f6e6963} - H:\Setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {3bc12faf-5dca-11e3-9295-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {3f1fbc3a-1276-11e3-878a-00241d2ab2c1} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {47dc9cb4-7523-11e3-a80d-001e101fea86} - O:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {4d27b93c-fe39-11e2-b2ee-00241d2ab2c1} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {4d27b952-fe39-11e2-b2ee-00241d2ab2c1} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {50314d0d-e732-11e3-a0d1-001e101f2c0e} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {5b1f9a53-1278-11e3-a404-001e101f1838} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {5d902574-32c6-11e3-a5b7-00241d2ab2c1} - K:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {6b3a9a14-20ca-11e3-b1e3-00241d2ab2c1} - F:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {6b3a9a2e-20ca-11e3-b1e3-00241d2ab2c1} - K:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {6d8890b7-0b26-11e3-a9a4-00241d2ab2c1} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {78edffb5-93f6-11e3-aaea-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {78edffce-93f6-11e3-aaea-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {7ab5582b-2155-11e3-af82-00241d2ab2c1} - K:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {7cb4a3ff-12bd-11e5-be4a-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {7e128b48-032b-11e6-bcf9-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {7ff6ce07-0481-11e3-92f7-00241d2ab2c1} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {7ff6ce16-0481-11e3-92f7-00241d2ab2c1} - I:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {80f925bc-c586-11e3-9e28-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {81407d59-a10e-11e3-b385-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {814ab5fa-dc42-11e3-aa33-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {865e4aab-74ef-11e5-ae87-00241d2ab2c1} - D:\setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {8d544443-1ce1-11e3-b6d8-00241d2ab2c1} - F:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {8d544453-1ce1-11e3-b6d8-00241d2ab2c1} - F:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {8d54446b-1ce1-11e3-b6d8-001e101f1ed9} - F:\Setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {91aaa877-f070-11e2-a06b-00241d2ab2c1} - G:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {92645439-360a-11e6-869f-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {93238499-9518-11e5-810f-00241d2ab2c1} - D:\setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {933bbc94-94c0-11e3-b3fd-001e101f50a4} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {933bbcdd-94c0-11e3-b3fd-001e101f50a4} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {956b126d-ec11-11e3-8049-001e101f79c9} - K:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {96098f46-efa4-11e2-a02f-00241d2ab2c1} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {96098f51-efa4-11e2-a02f-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {990714d2-4031-11e3-9fe4-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {9ff38b10-e775-11e2-a6ee-00241d2ab2c1} - G:\Setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {a82b6ab3-c96b-11e3-b7a8-001e101f63cf} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {a82b6ac7-c96b-11e3-b7a8-001e101f63cf} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {a92be130-19a2-11e6-9981-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {b586bc0a-7481-11e3-87f6-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {b6f6d382-11ef-11e3-bc84-00241d2ab2c1} - E:\Setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {c3a1458d-8c96-11e3-91c5-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {c9fe12af-3e94-11e3-b9b8-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {c9fe12bf-3e94-11e3-b9b8-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {caad6585-cbae-11e3-bca5-001e101fa1f5} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {cb9fb4ae-587f-11e5-9013-00241d2ab2c1} - D:\setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {cb9fb4c6-587f-11e5-9013-00241d2ab2c1} - D:\setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {d086904d-0546-11e3-8519-00241d2ab2c1} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {d3ca6108-5067-11e3-a22f-00241d2ab2c1} - H:\Setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {e04f083b-a8c4-11e5-abe4-00241d2ab2c1} - H:\setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {e4a4160b-5fa1-11e5-b408-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {e4a4161a-5fa1-11e5-b408-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {e553294b-fe99-11e2-9659-00241d2ab2c1} - E:\Setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {e6f04f39-ec55-11e2-8ab4-00241d2ab2c1} - E:\Setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {e6f3858e-6100-11e3-add2-00241d2ab2c1} - H:\Setup.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {ea6a2d07-111f-11e3-9c46-00241d2ab2c1} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {ea6a2d1a-111f-11e3-9c46-00241d2ab2c1} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {eba031a7-5793-11e3-b6a6-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {eccdc3aa-cb68-11e3-9c8a-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {eccdc3bb-cb68-11e3-9c8a-00241d2ab2c1} - D:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {ef119b12-5151-11e3-bed9-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {ef119b25-5151-11e3-bed9-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {f071bdc6-f2d2-11e2-b70b-001e101fabdd} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {f08fb21f-3769-11e4-a2fb-00a0c6000000} - E:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {f46857f0-6681-11e3-b0f6-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {f4685800-6681-11e3-b0f6-00241d2ab2c1} - H:\AutoRun.exe HKU\S-1-5-21-1941034440-304669165-1358077965-1000\...\MountPoints2: {f4daca32-0717-11e6-8141-00241d2ab2c1} - D:\AutoRun.exe ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File Startup: C:\Users\Sajkros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WATREMOVER.lnk [2015-04-19] ShortcutTarget: WATREMOVER.lnk -> C:\ProgramData\{503ce47e-a7ac-4331-503c-ce47ea7a91fa}\WATREMOVER.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 mpa.one.microsoft.com Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{0092444F-A86C-4462-95F7-9602DCC7147C}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{08D1C443-12D2-44A3-9459-3D2D834F694A}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{1644115B-4D1A-4905-91BC-9A3E20C3F955}: [NameServer] 212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{19754B8D-9C70-47C3-AEA7-B0E8C52C5189}: [NameServer] 212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{2C707013-4FA4-47F2-93AF-99396409A0F3}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{51005CA9-E0E3-43F9-A061-D0BA05B5AB34}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{586F568E-7CAA-4490-881A-EB82D2129C3F}: [DhcpNameServer] 193.41.112.18 193.41.112.14 Tcpip\..\Interfaces\{694BBC78-F20C-4761-8A10-FA2BC1C9A136}: [NameServer] 212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{7EA7D3FA-F3BE-457D-A8E7-EB926360E0B1}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{C2E928DF-B0DC-4CCC-B484-483ECE62B3B8}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{DC1EC065-F9C6-4EE7-B58F-4F58F53561F2}: [NameServer] 212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{F176B20C-AB6A-48FD-99B7-D0B1C075D1A7}: [DhcpNameServer] 192.168.0.1 ManualProxies: Internet Explorer: ================== Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-19] () FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 2 CHR StartupUrls: Profile 2 -> "hxxps://www.google.pl/" CHR Profile: C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Default [2017-02-20] CHR Extension: (Prezentacje Google) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22] CHR Extension: (Dokumenty Google) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22] CHR Extension: (Dysk Google) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-06] CHR Extension: (YouTube) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-06] CHR Extension: (Szukaj w Google) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22] CHR Extension: (Ponyhoof) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd [2017-02-20] CHR Extension: (Arkusze Google) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22] CHR Extension: (Dokumenty Google offline) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-06] CHR Extension: (Ponify) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaelfbndbnpddlehfmbhjnphpjljegae [2015-03-23] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-20] CHR Extension: (Gmail) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-06] CHR Extension: (Chrome Media Router) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-07] CHR Profile: C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-06-21] CHR Profile: C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-02-21] CHR Extension: (Dysk Google) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Ponyhoof) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd [2017-02-20] CHR Extension: (AdBlock) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-20] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20] CHR Extension: (Gmail) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Chrome Media Router) - C:\Users\Sajkros\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-06] CHR HKLM\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - CHR HKLM\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - StartMenuInternet: Google Chrome.KQDVFIEDRX5AXL3AJDPTIVRIU4 - chrome.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1081688 2015-11-18] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2015-10-13] (NVIDIA Corporation) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1962504 2016-11-11] (LogMeIn Inc.) R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-11-11] (LogMeIn, Inc.) S3 npggsvc; C:\Windows\system32\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19775632 2015-10-13] (NVIDIA Corporation) S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [135168 2014-09-23] (Airytec) [File not signed] S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [135168 2014-09-23] (Airytec) [File not signed] S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1343400 2014-10-14] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC.sys [13264 2014-07-30] (Windows (R) Win 7 DDK provider) S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2015-01-10] (Phoenix Technologies) [File not signed] R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2015-11-27] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [39992 2015-11-27] (Disc Soft Ltd) S3 gdrv; C:\Windows\gdrv.sys [16608 2013-08-31] (Windows (R) 2000 DDK provider) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-08-06] (LogMeIn, Inc.) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85248 2011-07-04] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [51456 2011-07-04] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-07-04] (Huawei Technologies Co., Ltd.) S3 ladfGSS; C:\Windows\System32\drivers\ladfGSS.sys [41104 2016-08-30] (Logitech Inc.) R3 LADF_CaptureOnly; C:\Windows\System32\DRIVERS\ladfGSCi386.sys [378392 2013-04-15] (Logitech) R3 LADF_RenderOnly; C:\Windows\System32\DRIVERS\ladfGSRi386.sys [78616 2013-04-15] (Logitech) R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.) S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [63632 2016-08-30] (Logitech Inc.) S3 lgLowAudio; C:\Windows\System32\drivers\lgLowAudio.sys [25240 2015-11-20] (Logitech Inc.) R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.) S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) [File not signed] R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-10-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation) S3 NWRmNet; C:\Windows\System32\DRIVERS\NWRmNet.sys [118784 2009-11-10] (Novatel Wireless Inc.) S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [174720 2009-11-10] (Novatel Wireless Inc.) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20416 2015-01-31] (Razer, Inc.) S3 SaiKCB02; C:\Windows\System32\DRIVERS\SaiKCB02.sys [106496 2008-10-22] (Saitek) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2014-08-05] (Duplex Secure Ltd.) R2 TBPanel; C:\Windows\system32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider) S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation) S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-20 18:41 - 2017-02-21 17:08 - 00026548 _____ C:\Users\Sajkros\Downloads\FRST.txt 2017-02-20 18:41 - 2017-02-20 18:41 - 00075316 _____ C:\Users\Sajkros\Downloads\Shortcut.txt 2017-02-20 18:38 - 2017-02-20 18:41 - 00028413 _____ C:\Users\Sajkros\Downloads\Addition.txt 2017-02-20 18:37 - 2017-02-21 17:08 - 00000000 ____D C:\FRST 2017-02-20 18:33 - 2017-02-20 18:33 - 01764864 _____ (Farbar) C:\Users\Sajkros\Downloads\FRST.exe 2017-02-20 18:23 - 2017-02-20 18:24 - 00276344 _____ C:\Windows\system32\FNTCACHE.DAT 2017-02-20 18:15 - 2017-02-20 18:25 - 00062080 _____ C:\Users\Sajkros\AppData\Local\GDIPFONTCACHEV1.DAT 2017-02-20 14:38 - 2017-02-20 14:38 - 00000000 ____D C:\Users\Sajkros\Downloads\polish font for DarNified UI-34516 2017-02-20 14:31 - 2017-02-20 14:31 - 00000000 ____D C:\Users\Sajkros\Downloads\Keychain v5_00-3409 2017-02-16 20:55 - 2017-02-21 17:04 - 00000000 ____D C:\Users\Sajkros\AppData\LocalLow\uTorrent 2017-02-16 18:12 - 2017-02-16 18:12 - 00000020 ___SH C:\Users\Sajkros\ntuser.ini 2017-02-15 22:02 - 2017-02-15 22:02 - 01614107 _____ C:\Users\Sajkros\Downloads\Restored-Armor GLASS-23742.zip 2017-02-15 21:58 - 2017-02-15 21:58 - 18644802 _____ C:\Users\Sajkros\Downloads\DarkUId DarN 16 OMOD Version-11280.omod 2017-02-15 21:58 - 2017-02-15 21:58 - 00039377 _____ C:\Users\Sajkros\Downloads\Keychain v5_00-3409.7z 2017-02-15 21:54 - 2017-02-20 14:45 - 00000000 ____D C:\Users\Sajkros\Downloads\Elven Map Redux-3002 2017-02-15 21:33 - 2017-02-20 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager 2017-02-15 21:33 - 2017-02-15 21:33 - 00000737 _____ C:\Users\Sajkros\Desktop\Oblivion Mod Manager.lnk 2017-02-15 21:13 - 2017-02-15 21:25 - 00000000 ____D C:\Users\Sajkros\AppData\Local\Oblivion 2017-02-15 21:08 - 2017-02-20 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager 2017-02-15 21:08 - 2017-02-20 18:21 - 00000000 ____D C:\Program Files\Nexus Mod Manager 2017-02-15 21:08 - 2017-02-15 21:08 - 00001009 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk 2017-02-15 21:06 - 2017-02-15 21:06 - 06441176 _____ (Black Tree Gaming ) C:\Users\Sajkros\Downloads\Nexus Mod Manager-0.63.13.exe 2017-02-15 21:06 - 2017-02-15 21:06 - 00000659 _____ C:\Users\Public\Desktop\Oblivion.lnk 2017-02-14 21:40 - 2017-02-15 21:25 - 00000000 ____D C:\Users\Sajkros\Documents\Nexus Mod Manager 2017-02-14 19:38 - 2017-02-14 19:38 - 08746266 _____ C:\Users\Sajkros\Downloads\Elven Map Redux-3002.rar 2017-02-11 14:30 - 2017-02-11 14:30 - 00000000 ____D C:\Users\Sajkros\Documents\Square Enix 2017-02-11 10:58 - 2017-02-20 18:42 - 00030208 ___SH C:\Users\Sajkros\Documents\Thumbs.db 2017-02-11 00:40 - 2017-02-11 00:40 - 00003660 _____ C:\Users\Sajkros\Downloads\Fathis Fix-2106.zip 2017-02-05 00:09 - 2017-02-05 00:09 - 00000200 _____ C:\Users\Sajkros\Desktop\Just Cause 2.url 2017-02-01 16:49 - 2017-02-01 16:49 - 00000934 _____ C:\Users\Public\Desktop\The Elder Scrolls III - Morrowind Złota Edycja.lnk 2017-01-26 21:36 - 2017-01-26 21:36 - 00036904 _____ C:\Users\Sajkros\Downloads\polish font for DarNified UI-34516.rar 2017-01-26 19:37 - 2017-01-26 19:37 - 00000000 ____D C:\Users\Sajkros\Downloads\Re_KARTEN_MACHEN_RAAAAUUUSSSSSSSS!!! (1) 2017-01-25 17:29 - 2017-01-25 17:29 - 00000000 ____D C:\Program Files\Common Files\Skype ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-21 17:10 - 2016-09-21 11:47 - 00000000 ____D C:\Users\Sajkros\AppData\Roaming\TS3Client 2017-02-21 17:04 - 2015-11-02 17:38 - 00000000 ____D C:\Users\Sajkros\AppData\Roaming\uTorrent 2017-02-21 17:03 - 2015-03-29 10:15 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2017-02-21 17:02 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-20 21:16 - 2009-07-14 05:34 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-20 21:16 - 2009-07-14 05:34 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-20 18:33 - 2013-07-21 19:33 - 00769718 _____ C:\Windows\system32\perfh015.dat 2017-02-20 18:33 - 2013-07-21 19:33 - 00166916 _____ C:\Windows\system32\perfc015.dat 2017-02-20 18:33 - 2013-07-08 02:56 - 01735144 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-20 18:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2017-02-20 18:24 - 2013-07-08 03:03 - 00000000 ____D C:\Users\Sajkros 2017-02-20 18:21 - 2016-07-03 12:42 - 00000000 ____D C:\Users\Sajkros\AppData\Roaming\AIMP 2017-02-20 18:21 - 2015-03-22 22:16 - 00000000 ____D C:\Users\Sajkros\AppData\Local\Black_Tree_Gaming 2017-02-20 18:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF 2017-02-20 18:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration 2017-02-20 18:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat 2017-02-20 18:20 - 2015-06-23 18:11 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2017-02-20 18:20 - 2013-07-20 04:29 - 00000000 ____D C:\Users\Sajkros\AppData\Roaming\Skype 2017-02-20 18:20 - 2013-02-27 07:45 - 00000000 ____D C:\Users\Sajkros\Documents\My Games 2017-02-20 18:11 - 2009-07-14 05:34 - 00000000 ____D C:\Windows\ServiceProfiles 2017-02-20 18:10 - 2017-01-07 18:50 - 00000000 ____D C:\Users\Sajkros\AppData\Roaming\Macromedia 2017-02-20 17:32 - 2015-03-28 12:47 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-02-15 20:56 - 2014-11-11 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks 2017-02-13 17:09 - 2013-07-24 14:30 - 00000000 ____D C:\Users\Sajkros\Documents\Zdjęcia z tel 2017-02-11 14:30 - 2013-07-09 02:34 - 00000000 ____D C:\Program Files\Common Files\Steam 2017-02-11 11:09 - 2015-10-01 19:39 - 00000000 ____D C:\Users\Sajkros\AppData\Local\LogMeIn Hamachi 2017-02-09 15:51 - 2016-07-02 20:16 - 00000000 ____D C:\Program Files\TeamViewer 2017-02-09 15:49 - 2013-07-20 04:29 - 00000000 ____D C:\ProgramData\Skype 2017-02-01 18:42 - 2013-07-14 23:05 - 00000000 ____D C:\Users\Sajkros\AppData\Roaming\Audacity 2017-01-25 17:29 - 2013-07-20 04:29 - 00000000 ___RD C:\Program Files\Skype 2017-01-25 16:57 - 2013-08-31 19:49 - 00000000 ____D C:\Windows\system32\directx ==================== Files in the root of some directories ======= 2013-07-08 03:36 - 2016-02-28 16:17 - 0007598 _____ () C:\Users\Sajkros\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2017-02-21 17:07 - 2017-02-21 17:08 - 6233158 _____ () C:\Users\Sajkros\AppData\Local\Temp\odk_setup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-16 22:00 ==================== End of FRST.txt ============================