Facebook

FRST safest cryptocurrency exchange

From jaco90lek, 7 Years ago, written in Plain Text.
URL https://pastebin.pl/view/d45a2651
Embed
Download Paste or View Raw
Hits: 303
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-10-2016
  2. Ran by Jacek (administrator) on NEVOVCOMP (12-10-2016 13:32:09)
  3. Running from C:\Users\Jacek\Downloads
  4. Loaded Profiles: Jacek (Available Profiles: Jacek)
  5. Platform: Windows 8.1 Pro (X64) Language: English (United States)
  6. Internet Explorer Version 11 (Default browser: Chrome)
  7. Boot Mode: Normal
  8. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  9.  
  10. ==================== Processes (Whitelisted) =================
  11.  
  12. (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
  13.  
  14. (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
  15. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
  16. (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
  17. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
  18. (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
  19. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
  20. (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
  21. () C:\Users\Jacek\AppData\Roaming\Hemkajdoa\Hemkajdoa.exe
  22. (TODO: <公司名>) C:\Program Files (x86)\YouKu\YoukuClient\WebServe.exe
  23. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
  24. (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
  25. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
  26. () C:\Users\Jacek\AppData\Roaming\Hemkajdoa\Sejheb.exe
  27. () C:\Users\Jacek\AppData\Roaming\Hemkajdoa\Soccartuwc.exe
  28. (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
  29. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
  30. (Intel Corporation) C:\Windows\System32\igfxtray.exe
  31. (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
  32. (Intel Corporation) C:\Windows\System32\hkcmd.exe
  33. (Intel Corporation) C:\Windows\System32\igfxpers.exe
  34. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  35. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  36. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  37. () C:\Program Files (x86)\Atawuhtucult_\AtawuhtucultInternetExplorer.exe
  38. () C:\Program Files (x86)\GUMB3BF.tmp\GUMBBFtmpGoogle.exe
  39. () C:\PerfLogs\PerfLogsPerfLogs.exe
  40. () C:\Program Files\PerfLogsProgramFiles.exe
  41. () C:\Program Files (x86)\Common Files\PliperphbrilyCommonFiles.exe
  42. () C:\Program Files (x86)\Google\PliperphbrilyGoogle.exe
  43. () C:\Intel\ProgramFilesIntel.exe
  44. () C:\NVIDIA\ProgramFilesNVIDIA.exe
  45. () C:\Program Files (x86)\ProgramFilesProgramFilesx.exe
  46. () C:\PerfLogs\UsersPerfLogs.exe
  47. () C:\Users\UsersProgramFiles.exe
  48. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  49. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  50. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  51. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  52. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  53. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  54.  
  55.  
  56. ==================== Registry (Whitelisted) ====================
  57.  
  58. (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
  59.  
  60. HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-10-01] (NVIDIA Corporation)
  61. HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-10-01] (NVIDIA Corporation)
  62. HKLM-x32\...\Run: [app] => C:\Program Files (x86)\hhh\uc.exe
  63. HKLM-x32\...\Run: [YoukuMediaCenter] => C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe [3193904 2016-09-22] (youku.com)
  64. Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
  65. ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll [2016-10-12] ()
  66. ShellIconOverlayIdentifiers-x32: [   Report] -> {32C50D96-7A9E-4F3E-8763-F74D86AFEDC2} => C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\ytmediacenter\report.dll [2015-10-10] (Youku.com)
  67. ShellIconOverlayIdentifiers-x32: [   YoukuModShlExt] -> {9071723E-9F41-4A8C-9CC2-EB6F94BA9B9E} => C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\ytmediacenter\coreplay.dll [2015-12-08] (Youku.com)
  68.  
  69. ==================== Internet (Whitelisted) ====================
  70.  
  71. (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
  72.  
  73. AutoConfigURL: [S-1-5-21-1529912858-1414345264-3061538310-1001] => hxxp://127.0.0.1:8088/ppsva.pac
  74. Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
  75. Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
  76. Tcpip\..\Interfaces\{75760B43-466E-48FE-B6AC-7BFA2CC06A03}: [DhcpNameServer] 192.168.1.1 192.168.1.1
  77. ManualProxies: 0hxxp://127.0.0.1:8088/ppsva.pac
  78.  
  79. Internet Explorer:
  80. ==================
  81. BHO-x32: YoukuEyeOnIE Class -> {7DC4B5B6-C122-44C4-825C-B310513A47CB} -> C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\ytmediacenter\ykcool.dll [2015-12-25] (Youku.com)
  82.  
  83. FireFox:
  84. ========
  85. FF Plugin: @iqiyi.com/npclient -> C:\Program Files (x86)\IQIYI Video\LStyle\5.4.28.3179\npclient.dll [No File]
  86. FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-12] (Google Inc.)
  87. FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-12] (Google Inc.)
  88. FF Plugin HKU\.DEFAULT: youku.com/YoukuAgent -> C:\Windows\SYSTEM32\config\systemprofile\AppData\Roaming\ytmediacenter\npYoukuAgent.dll [No File]
  89. FF Plugin HKU\.DEFAULT: youku.com/YoukuAgent_x86_64 -> C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ytmediacenter\X64\npYoukuAgent_x64.dll [2016-08-24] (Youku)
  90.  
  91. Chrome:
  92. =======
  93. CHR Profile: C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default [2016-10-12]
  94. CHR Extension: (Prezentacje Google) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-12]
  95. CHR Extension: (Dokumenty Google) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-12]
  96. CHR Extension: (Dysk Google) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-12]
  97. CHR Extension: (YouTube) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-12]
  98. CHR Extension: (Arkusze Google) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-12]
  99. CHR Extension: (Dokumenty Google offline) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-12]
  100. CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-12]
  101. CHR Extension: (Gmail) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-12]
  102. CHR Extension: (Chrome Media Router) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-12]
  103.  
  104. ==================== Services (Whitelisted) ====================
  105.  
  106. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  107.  
  108. S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
  109. R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1401504 2016-09-23] (Intel Corporation)
  110. R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-10-01] (NVIDIA Corporation)
  111. R2 GUMBBFtmpGoogle; C:\Program Files (x86)\GUMB3BF.tmp\GUMBBFtmpGoogle.exe [228352 2016-10-12] () [File not signed]
  112. R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-10-01] (NVIDIA Corporation)
  113. R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-10-01] (NVIDIA Corporation)
  114. R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-10-01] (NVIDIA Corporation)
  115. R2 PerfLogsPerfLogs; C:\PerfLogs\PerfLogsPerfLogs.exe [228352 2016-10-12] () [File not signed]
  116. R2 PerfLogsProgramFiles; C:\Program Files\PerfLogsProgramFiles.exe [228352 2016-10-12] () [File not signed]
  117. R2 PliperphbrilyCommonFiles; C:\Program Files (x86)\Common Files\PliperphbrilyCommonFiles.exe [228352 2016-10-12] () [File not signed]
  118. R2 PliperphbrilyGoogle; C:\Program Files (x86)\Google\PliperphbrilyGoogle.exe [228352 2016-10-12] () [File not signed]
  119. R2 ProgramFilesIntel; C:\Intel\ProgramFilesIntel.exe [228352 2016-10-12] () [File not signed]
  120. R2 ProgramFilesNVIDIA; C:\NVIDIA\ProgramFilesNVIDIA.exe [228352 2016-10-12] () [File not signed]
  121. R2 ProgramFilesProgramFilesx; C:\Program Files (x86)\ProgramFilesProgramFilesx.exe [228352 2016-10-12] () [File not signed]
  122. R2 Rohucultatoergh; C:\Program Files (x86)\Atawuhtucult_\rrgsch.dll [280064 2016-10-12] () [File not signed]
  123. R2 UsersPerfLogs; C:\PerfLogs\UsersPerfLogs.exe [228352 2016-10-12] () [File not signed]
  124. R2 UsersProgramFiles; C:\Users\UsersProgramFiles.exe [228352 2016-10-12] () [File not signed]
  125. R2 Viokdojvaf; C:\Users\Jacek\AppData\Roaming\Hemkajdoa\Hemkajdoa.exe [170496 2016-08-11] () [File not signed]
  126. S3 vmicvss; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation)
  127. S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
  128. R2 WebServe; C:\Program Files (x86)\YouKu\YoukuClient\WebServe.exe [370224 2015-12-08] (TODO: <公司名>) <==== ATTENTION
  129. S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
  130. R2 AtawuhtucultInternetExplorer; "C:\Program Files (x86)\Atawuhtucult_\AtawuhtucultInternetExplorer.exe" e47b5abf08794d6b8b774f94eeb062f4 [X]
  131. S2 AtawuhtucultKuaiZip; "C:\Program Files (x86)\KuaiZip\AtawuhtucultKuaiZip.exe" e47b5abf08794d6b8b774f94eeb062f4 [X]
  132. S2 Citdhwa; "C:\Users\Jacek\AppData\Roaming\AzigcWig\Geeswu.exe" -cms [X]
  133. S2 GoogleCleanBrowser; "C:\Program Files (x86)\CleanBrowser\GoogleCleanBrowser.exe" ae2ce54ab1294744903dca4a5f8539bf [X]
  134. S2 InternetExplorerhhh; "C:\Program Files (x86)\hhh\InternetExplorerhhh.exe" c54102ea829e4d458c86147e71427a8f [X]
  135. S2 ProgramFilesqycache; "C:\qycache\ProgramFilesqycache.exe" 3e19779b2974487e881c2174c0562504 [X]
  136.  
  137. ===================== Drivers (Whitelisted) ======================
  138.  
  139. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  140.  
  141. R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
  142. R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
  143. R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [64504 2016-09-23] (Intel Corporation)
  144. S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
  145. R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [268792 2016-09-23] (Intel Corporation)
  146. R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
  147. R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-10-01] (NVIDIA Corporation)
  148. R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56376 2016-10-01] (NVIDIA Corporation)
  149. R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [827096 2015-03-12] (Realsil Semiconductor Corporation)
  150. S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
  151. R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
  152. R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
  153.  
  154. ==================== NetSvcs (Whitelisted) ===================
  155.  
  156. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  157.  
  158.  
  159. ==================== One Month Created files and folders ========
  160.  
  161. (If an entry is included in the fixlist, the file/folder will be moved.)
  162.  
  163. 2016-10-12 22:14 - 2016-10-12 12:27 - 00000000 ____D C:\Windows\Panther
  164. 2016-10-12 13:32 - 2016-10-12 13:32 - 00012663 _____ C:\Users\Jacek\Downloads\FRST.txt
  165. 2016-10-12 13:22 - 2016-10-12 13:22 - 00076049 _____ C:\Users\Jacek\Downloads\FRST (1).txt
  166. 2016-10-12 13:19 - 2016-10-12 13:19 - 00024840 _____ C:\Users\Jacek\Downloads\Addition.txt
  167. 2016-10-12 13:19 - 2016-10-12 13:19 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\KuaiZip
  168. 2016-10-12 13:18 - 2016-10-12 13:32 - 00000000 ____D C:\FRST
  169. 2016-10-12 13:18 - 2016-10-12 13:19 - 00030139 _____ C:\Users\Jacek\Downloads\fixlist.txt
  170. 2016-10-12 13:18 - 2016-10-12 13:18 - 02407424 _____ (Farbar) C:\Users\Jacek\Downloads\FRST64.exe
  171. 2016-10-12 13:15 - 2016-10-12 13:15 - 00005640 _____ C:\Users\Jacek\Desktop\RepairDNS.txt
  172. 2016-10-12 13:14 - 2016-10-12 13:14 - 01231872 _____ C:\Users\Jacek\Downloads\RepairDNS.exe
  173. 2016-10-12 13:06 - 2016-10-12 13:06 - 00000000 ____D C:\Windows\system32\laff
  174. 2016-10-12 13:03 - 2016-10-12 13:12 - 00000000 ____D C:\AdwCleaner
  175. 2016-10-12 13:02 - 2016-10-12 13:02 - 03874368 _____ C:\Users\Jacek\Downloads\adwcleaner_6.021.exe
  176. 2016-10-12 12:52 - 2016-10-12 12:52 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\Macromedia
  177. 2016-10-12 12:48 - 2016-10-12 12:49 - 00000000 ____D C:\Program Files\Aiduwb
  178. 2016-10-12 12:48 - 2016-10-12 12:48 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\Hemkajdoa
  179. 2016-10-12 12:48 - 2016-10-12 12:48 - 00000000 ____D C:\Users\Jacek\AppData\LocalLow\Company
  180. 2016-10-12 12:48 - 2016-10-12 12:48 - 00000000 ____D C:\Users\Jacek\AppData\Local\Tempfolder
  181. 2016-10-12 12:47 - 2016-10-12 12:47 - 00001560 _____ C:\Users\Jacek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
  182. 2016-10-12 12:47 - 2016-10-12 12:47 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
  183. 2016-10-12 12:47 - 2016-10-12 12:47 - 00000000 ____D C:\Users\Jacek\AppData\Local\UCBrowser
  184. 2016-10-12 12:47 - 2016-10-12 12:47 - 00000000 _____ C:\Windows\SysWOW64\Number of results
  185. 2016-10-12 12:46 - 2016-10-12 12:46 - 00000000 ____D C:\Users\Jacek\AppData\Local\NVIDIA Corporation
  186. 2016-10-12 12:45 - 2016-10-12 12:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
  187. 2016-10-12 12:45 - 2016-10-12 12:45 - 00000000 ____D C:\Users\Jacek\AppData\Local\NVIDIA
  188. 2016-10-12 12:45 - 2016-10-12 12:45 - 00000000 ____D C:\ProgramData\NVIDIA
  189. 2016-10-12 12:45 - 2016-10-12 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
  190. 2016-10-12 12:45 - 2016-10-12 12:45 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
  191. 2016-10-12 12:45 - 2016-10-01 23:15 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
  192. 2016-10-12 12:45 - 2016-10-01 23:15 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
  193. 2016-10-12 12:45 - 2016-10-01 23:15 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
  194. 2016-10-12 12:45 - 2016-10-01 23:15 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
  195. 2016-10-12 12:45 - 2016-10-01 23:15 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
  196. 2016-10-12 12:45 - 2016-10-01 21:44 - 06384064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
  197. 2016-10-12 12:45 - 2016-10-01 21:44 - 02473408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
  198. 2016-10-12 12:45 - 2016-10-01 21:44 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
  199. 2016-10-12 12:45 - 2016-10-01 21:44 - 01362368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
  200. 2016-10-12 12:45 - 2016-10-01 21:44 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
  201. 2016-10-12 12:45 - 2016-10-01 21:44 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
  202. 2016-10-12 12:45 - 2016-10-01 21:44 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
  203. 2016-10-12 12:45 - 2016-10-01 21:44 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
  204. 2016-10-12 12:45 - 2016-10-01 02:26 - 07422645 _____ C:\Windows\system32\nvcoproc.bin
  205. 2016-10-12 12:45 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
  206. 2016-10-12 12:45 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
  207. 2016-10-12 12:45 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
  208. 2016-10-12 12:45 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
  209. 2016-10-12 12:45 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
  210. 2016-10-12 12:45 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
  211. 2016-10-12 12:44 - 2016-10-12 12:44 - 00000000 ____D C:\ProgramData\Package Cache
  212. 2016-10-12 12:43 - 2016-10-12 12:43 - 00008928 _____ C:\Windows\System32\Tasks\Rehition Schedule
  213. 2016-10-12 12:43 - 2016-10-12 12:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
  214. 2016-10-12 12:43 - 2016-10-12 12:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
  215. 2016-10-12 12:43 - 2016-10-12 12:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
  216. 2016-10-12 12:43 - 2016-10-01 23:15 - 40068544 _____ C:\Windows\system32\nvcompiler.dll
  217. 2016-10-12 12:43 - 2016-10-01 23:15 - 35180992 _____ C:\Windows\SysWOW64\nvcompiler.dll
  218. 2016-10-12 12:43 - 2016-10-01 23:15 - 34808768 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
  219. 2016-10-12 12:43 - 2016-10-01 23:15 - 28213696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
  220. 2016-10-12 12:43 - 2016-10-01 23:15 - 19856296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
  221. 2016-10-12 12:43 - 2016-10-01 23:15 - 17464952 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
  222. 2016-10-12 12:43 - 2016-10-01 23:15 - 17272008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
  223. 2016-10-12 12:43 - 2016-10-01 23:15 - 14353328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
  224. 2016-10-12 12:43 - 2016-10-01 23:15 - 14126528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
  225. 2016-10-12 12:43 - 2016-10-01 23:15 - 10868472 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
  226. 2016-10-12 12:43 - 2016-10-01 23:15 - 10745848 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
  227. 2016-10-12 12:43 - 2016-10-01 23:15 - 10286296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
  228. 2016-10-12 12:43 - 2016-10-01 23:15 - 09091648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
  229. 2016-10-12 12:43 - 2016-10-01 23:15 - 08877808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
  230. 2016-10-12 12:43 - 2016-10-01 23:15 - 08685352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
  231. 2016-10-12 12:43 - 2016-10-01 23:15 - 03919048 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
  232. 2016-10-12 12:43 - 2016-10-01 23:15 - 03594176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
  233. 2016-10-12 12:43 - 2016-10-01 23:15 - 03459448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
  234. 2016-10-12 12:43 - 2016-10-01 23:15 - 03161024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
  235. 2016-10-12 12:43 - 2016-10-01 23:15 - 01935808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437306.dll
  236. 2016-10-12 12:43 - 2016-10-01 23:15 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437306.dll
  237. 2016-10-12 12:43 - 2016-10-01 23:15 - 01018816 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
  238. 2016-10-12 12:43 - 2016-10-01 23:15 - 00958520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
  239. 2016-10-12 12:43 - 2016-10-01 23:15 - 00943672 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
  240. 2016-10-12 12:43 - 2016-10-01 23:15 - 00893376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
  241. 2016-10-12 12:43 - 2016-10-01 23:15 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
  242. 2016-10-12 12:43 - 2016-10-01 23:15 - 00578240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
  243. 2016-10-12 12:43 - 2016-10-01 23:15 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
  244. 2016-10-12 12:43 - 2016-10-01 23:15 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
  245. 2016-10-12 12:43 - 2016-10-01 23:15 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
  246. 2016-10-12 12:43 - 2016-10-01 23:15 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
  247. 2016-10-12 12:43 - 2016-10-01 23:15 - 00180136 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
  248. 2016-10-12 12:43 - 2016-10-01 23:15 - 00157464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
  249. 2016-10-12 12:43 - 2016-10-01 23:15 - 00113208 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
  250. 2016-10-12 12:43 - 2016-10-01 23:15 - 00102968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
  251. 2016-10-12 12:43 - 2016-10-01 23:15 - 00056376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
  252. 2016-10-12 12:43 - 2016-10-01 23:15 - 00039730 _____ C:\Windows\system32\nvinfo.pb
  253. 2016-10-12 12:43 - 2016-10-01 23:15 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
  254. 2016-10-12 12:43 - 2016-10-01 23:15 - 00000669 _____ C:\Windows\system32\nv-vk64.json
  255. 2016-10-12 12:42 - 2016-10-12 12:43 - 00000000 ____D C:\Program Files (x86)\Intel
  256. 2016-10-12 12:42 - 2016-10-12 12:43 - 00000000 ____D C:\Intel
  257. 2016-10-12 12:42 - 2016-10-12 12:42 - 00000000 ____D C:\Windows\LastGood.Tmp
  258. 2016-10-12 12:42 - 2016-10-12 12:42 - 00000000 ____D C:\Program Files\Intel
  259. 2016-10-12 12:42 - 2013-10-01 13:02 - 00064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
  260. 2016-10-12 12:42 - 2013-10-01 13:02 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
  261. 2016-10-12 12:41 - 2016-10-12 12:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation
  262. 2016-10-12 12:40 - 2016-10-12 12:43 - 00000000 ____D C:\NVIDIA
  263. 2016-10-12 12:38 - 2016-10-12 12:38 - 00000000 ____D C:\Users\Public\QiYi
  264. 2016-10-12 12:38 - 2016-10-12 12:38 - 00000000 ____D C:\ProgramData\boost_interprocess
  265. 2016-10-12 12:37 - 2016-10-12 12:37 - 00000000 ____D C:\Program Files (x86)\YouKu
  266. 2016-10-12 12:36 - 2016-10-12 13:28 - 00000498 _____ C:\Windows\Tasks\UCBrowserUpdater.job
  267. 2016-10-12 12:36 - 2016-10-12 13:04 - 00000000 ____D C:\Program Files (x86)\KuaiZip
  268. 2016-10-12 12:36 - 2016-10-12 12:36 - 00228352 ____H C:\Users\UsersProgramFiles.exe
  269. 2016-10-12 12:36 - 2016-10-12 12:36 - 00003470 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
  270. 2016-10-12 12:36 - 2016-10-12 12:36 - 00002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
  271. 2016-10-12 12:36 - 2016-10-12 12:36 - 00002285 _____ C:\Users\Public\Desktop\Google Chrome.lnk
  272. 2016-10-12 12:36 - 2016-10-12 12:36 - 00000000 ____D C:\Users\Jacek\AppData\Local\Google
  273. 2016-10-12 12:35 - 2016-10-12 13:06 - 00000000 ____D C:\Program Files (x86)\Atawuhtucult_
  274. 2016-10-12 12:35 - 2016-10-12 13:06 - 00000000 ____D C:\Program Files (x86)\Atawuhtucult
  275. 2016-10-12 12:35 - 2016-10-12 12:35 - 00228352 ____H C:\Program Files\PerfLogsProgramFiles.exe
  276. 2016-10-12 12:35 - 2016-10-12 12:35 - 00228352 ____H C:\Program Files (x86)\ProgramFilesProgramFilesx.exe
  277. 2016-10-12 12:35 - 2016-10-12 12:35 - 00008894 _____ C:\Windows\System32\Tasks\Chtisriropy Renew
  278. 2016-10-12 12:35 - 2016-10-12 12:35 - 00003560 _____ C:\Windows\System32\Tasks\4302b581db2c75f47106e61331e30ae3
  279. 2016-10-12 12:35 - 2016-10-12 12:35 - 00000000 ____D C:\ProgramData\Avira
  280. 2016-10-12 12:35 - 2016-10-12 12:35 - 00000000 ____D C:\ProgramData\Avg
  281. 2016-10-12 12:35 - 2016-10-12 12:35 - 00000000 ____D C:\ProgramData\AVAST Software
  282. 2016-10-12 12:34 - 2016-10-12 13:16 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
  283. 2016-10-12 12:34 - 2016-10-12 12:43 - 00000000 ____D C:\Program Files (x86)\Google
  284. 2016-10-12 12:34 - 2016-10-12 12:39 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
  285. 2016-10-12 12:34 - 2016-10-12 12:36 - 00000000 ____D C:\Program Files (x86)\GUMB3BF.tmp
  286. 2016-10-12 12:34 - 2016-10-12 12:34 - 01065376 _____ (Google Inc.) C:\Users\Jacek\Downloads\ChromeSetup.exe
  287. 2016-10-12 12:34 - 2016-10-12 12:34 - 00004038 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
  288. 2016-10-12 12:34 - 2016-10-12 12:34 - 00003802 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
  289. 2016-10-12 12:33 - 2016-10-12 13:21 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1529912858-1414345264-3061538310-1001
  290. 2016-10-12 12:33 - 2016-10-12 12:40 - 352622016 _____ (NVIDIA Corporation) C:\Users\Jacek\Downloads\373.06-notebook-win8-win7-64bit-international-whql.exe
  291. 2016-10-12 12:33 - 2016-10-12 12:33 - 00000000 _____ C:\TOSTACK
  292. 2016-10-12 12:31 - 2016-10-12 13:16 - 00000000 ___RD C:\Users\Jacek\SkyDrive
  293. 2016-10-12 12:27 - 2016-10-12 12:31 - 00000000 ____D C:\Users\Jacek
  294. 2016-10-12 12:27 - 2016-10-12 12:28 - 00000000 ____D C:\Users\Jacek\AppData\Local\PackageStaging
  295. 2016-10-12 12:27 - 2016-10-12 12:28 - 00000000 ____D C:\Users\Jacek\AppData\Local\Packages
  296. 2016-10-12 12:27 - 2016-10-12 12:27 - 00001446 _____ C:\Users\Jacek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
  297. 2016-10-12 12:27 - 2016-10-12 12:27 - 00000020 ___SH C:\Users\Jacek\ntuser.ini
  298. 2016-10-12 12:27 - 2016-10-12 12:27 - 00000000 _SHDL C:\Users\Jacek\My Documents
  299. 2016-10-12 12:27 - 2016-10-12 12:27 - 00000000 _SHDL C:\Users\Jacek\Documents\My Videos
  300. 2016-10-12 12:27 - 2016-10-12 12:27 - 00000000 _SHDL C:\Users\Jacek\Documents\My Pictures
  301. 2016-10-12 12:27 - 2016-10-12 12:27 - 00000000 _SHDL C:\Users\Jacek\Documents\My Music
  302. 2016-10-12 12:27 - 2016-10-12 12:27 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\Adobe
  303. 2016-10-12 12:26 - 2016-10-12 12:26 - 00000000 ____D C:\Windows\CSC
  304. 2016-09-23 08:37 - 2016-09-23 08:37 - 01813400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01011.dll
  305. 2016-09-23 08:37 - 2016-09-23 08:37 - 00980656 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120.dll
  306. 2016-09-23 08:37 - 2016-09-23 08:37 - 00677552 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120.dll
  307. 2016-09-23 08:37 - 2016-09-23 08:37 - 00268792 _____ (Intel Corporation) C:\Windows\system32\Drivers\esif_lf.sys
  308. 2016-09-23 08:36 - 2016-09-23 08:36 - 00064504 _____ (Intel Corporation) C:\Windows\system32\Drivers\dptf_acpi.sys
  309. 2016-09-23 08:34 - 2016-09-23 08:34 - 01401504 _____ (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
  310.  
  311. ==================== One Month Modified files and folders ========
  312.  
  313. (If an entry is included in the fixlist, the file/folder will be moved.)
  314.  
  315. 2016-10-12 22:14 - 2013-08-22 17:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
  316. 2016-10-12 13:23 - 2013-09-30 06:04 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
  317. 2016-10-12 13:23 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
  318. 2016-10-12 13:16 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
  319. 2016-10-12 13:12 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
  320. 2016-10-12 13:06 - 2013-08-22 16:44 - 00337872 _____ C:\Windows\system32\FNTCACHE.DAT
  321. 2016-10-12 12:45 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Help
  322. 2016-10-12 12:43 - 2013-08-22 17:36 - 00000000 ____D C:\PerfLogs
  323. 2016-10-12 12:36 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
  324. 2016-10-12 12:35 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
  325. 2016-10-12 12:35 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
  326. 2016-10-12 12:35 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
  327. 2016-10-12 12:35 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows NT
  328. 2016-10-12 12:35 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
  329. 2016-10-12 12:35 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
  330. 2016-10-12 12:28 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
  331. 2016-10-12 12:27 - 2013-08-22 16:45 - 00000000 ____D C:\Windows\Setup
  332.  
  333. ==================== Files in the root of some directories =======
  334.  
  335. 2016-10-12 12:35 - 2016-10-12 12:35 - 0228352 ____H () C:\Program Files\PerfLogsProgramFiles.exe
  336. 2016-10-12 12:35 - 2016-10-12 12:35 - 0228352 ____H () C:\Program Files (x86)\ProgramFilesProgramFilesx.exe
  337. 2016-10-12 12:43 - 2016-10-12 12:43 - 0228352 ____H () C:\Program Files (x86)\Common Files\PliperphbrilyCommonFiles.exe
  338.  
  339. Some files in TEMP:
  340. ====================
  341. C:\Users\Jacek\AppData\Local\Temp\BC1C.tmp.exe
  342. C:\Users\Jacek\AppData\Local\Temp\dnsapi.dll
  343. C:\Users\Jacek\AppData\Local\Temp\fsdDE5E.exe
  344. C:\Users\Jacek\AppData\Local\Temp\libeay32.dll
  345. C:\Users\Jacek\AppData\Local\Temp\msvcr120.dll
  346. C:\Users\Jacek\AppData\Local\Temp\setup_758.exe
  347. C:\Users\Jacek\AppData\Local\Temp\setup_v21_ra.exe
  348. C:\Users\Jacek\AppData\Local\Temp\sqlite3.dll
  349.  
  350.  
  351. ==================== Bamital & volsnap ======================
  352.  
  353. (There is no automatic fix for files that do not pass verification.)
  354.  
  355. C:\Windows\system32\winlogon.exe => File is digitally signed
  356. C:\Windows\system32\wininit.exe => File is digitally signed
  357. C:\Windows\explorer.exe => File is digitally signed
  358. C:\Windows\SysWOW64\explorer.exe => File is digitally signed
  359. C:\Windows\system32\svchost.exe => File is digitally signed
  360. C:\Windows\SysWOW64\svchost.exe => File is digitally signed
  361. C:\Windows\system32\services.exe => File is digitally signed
  362. C:\Windows\system32\User32.dll => File is digitally signed
  363. C:\Windows\SysWOW64\User32.dll => File is digitally signed
  364. C:\Windows\system32\userinit.exe => File is digitally signed
  365. C:\Windows\SysWOW64\userinit.exe => File is digitally signed
  366. C:\Windows\system32\rpcss.dll => File is digitally signed
  367. C:\Windows\system32\dnsapi.dll => File is digitally signed
  368. C:\Windows\SysWOW64\dnsapi.dll
  369. [2013-08-22 04:55] - [2013-08-22 04:55] - 0492032 ____A (Microsoft Corporation) DE64DE573F0C8CA28C15728B6748BD1E
  370.  
  371. C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
  372.  
  373.  
  374. LastRegBack: 2016-10-12 12:21
  375.  
  376. ==================== End of FRST.txt ============================

Reply to "FRST"