Re: Eset předchází k otevření static.adsnative
Napsal: 04 bře 2019 20:26
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.03.2019 01
Ran by peter (administrator) on DESKTOP-452CQVQ (04-03-2019 20:24:06)
Running from C:\Users\Nighters\Desktop
Loaded Profiles: peter & Nighters (Available Profiles: peter & Nighters)
Platform: Windows 10 Pro Version 1809 17763.316 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Autodesk, Inc -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Zemana D.O.O. Sarajevo -> Copyright 2018.) D:\Software\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20453.0_x64__8wekyb3d8bbwe\YourPhone.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Cinema 3\Sound Blaster Cinema 3\SBCinema3.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Pinnula) [File not signed] C:\Program Files\WindowsApps\55888ChristopheLavalle.DynamicTheme_1.4.30212.0_x64__jdggxwd41xcr0\Pinnula.DynamicThemeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google LLC -> Google) C:\Users\Nighters\AppData\Local\Google\Chrome\User Data\SwReporter\38.192.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Nighters\AppData\Local\Google\Chrome\User Data\SwReporter\38.192.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Nighters\AppData\Local\Google\Chrome\User Data\SwReporter\38.192.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Nighters\AppData\Local\Google\Chrome\User Data\SwReporter\38.192.200.3\software_reporter_tool.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18388928 2019-01-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [41088 2014-02-21] (Creative Technology Ltd -> Creative Technology Ltd.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-11-29] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [ZAM] => D:\Software\Zemana AntiMalware\ZAM.exe [25160568 2019-02-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
HKLM-x32\...\Run: [Sound Blaster Cinema 3] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 3\Sound Blaster Cinema 3\SBCinema3.exe [1464832 2016-07-29] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [700328 2017-01-06] (Autodesk, Inc -> Autodesk, Inc.)
HKU\S-1-5-21-3387105439-1097537418-4165403734-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3144480 2019-02-18] (Valve -> Valve Corporation)
HKU\S-1-5-21-3387105439-1097537418-4165403734-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3387105439-1097537418-4165403734-1001\...\Run: [Fatal1tySTU] => [X]
HKU\S-1-5-21-3387105439-1097537418-4165403734-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3387105439-1097537418-4165403734-1003\...\Run: [Spotify] => C:\Users\Nighters\AppData\Roaming\Spotify\Spotify.exe [26154216 2019-02-10] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3387105439-1097537418-4165403734-1003\...\Run: [GalaxyClient] => D:\Games\GOG Galaxy\GalaxyClient.exe [7415880 2018-12-20] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-3387105439-1097537418-4165403734-1003\...\Policies\Explorer: []
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-21] (Google LLC -> Google Inc.)
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{51446afe-c7a1-412c-b20e-353f0080fea5}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{6a3eadd6-1b55-4aa6-ac12-7caac65453ea}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3387105439-1097537418-4165403734-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3387105439-1097537418-4165403734-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-11] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-11] (Google Inc -> Google Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1290744 2017-01-06] (Autodesk, Inc -> Autodesk Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-02-07] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-02-07] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
S3 GalaxyClientService; D:\Games\GOG Galaxy\GalaxyClientService.exe [707144 2018-12-20] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2018-12-20] (GOG Sp. z o.o. -> GOG.com)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [760008 2018-04-12] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [720072 2018-04-12] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [218176 2018-06-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2298688 2019-01-23] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3171144 2019-01-23] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381128 2019-01-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 sshd; C:\Windows\System32\OpenSSH\sshd.exe [974848 2019-02-24] (Microsoft Windows -> )
S3 SshdBroker; C:\Windows\System32\SshdBroker.dll [289280 2018-09-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R2 ZAMSvc; D:\Software\Zemana AntiMalware\ZAM.exe [25160568 2019-02-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2019-03-02] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2019-01-14] (ASROCK Incorporation -> ASRock Incorporation)
R0 asstahci64; C:\Windows\System32\drivers\asstahci64.sys [89960 2016-05-18] (ASMedia Technology Inc. -> Asmedia Technology)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [143448 2018-11-29] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107896 2018-11-29] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15872 2018-10-17] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [188832 2018-10-17] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50144 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [82304 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [109864 2018-10-17] (ESET, spol. s r.o. -> ESET)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_3b97b64bf877b381\nvlddmkm.sys [20726016 2019-02-21] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 UcmCxUcsiNvppc; C:\Windows\System32\drivers\UcmCxUcsiNvppc.sys [468504 2018-12-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2019-03-03] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2019-03-03] (Zemana Ltd. -> Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-04 20:24 - 2019-03-04 20:24 - 000014757 _____ C:\Users\Nighters\Desktop\FRST.txt
2019-03-04 20:23 - 2019-03-04 20:24 - 000000000 ____D C:\FRST
2019-03-04 20:23 - 2019-03-04 20:17 - 002434560 _____ (Farbar) C:\Users\Nighters\Desktop\FRST64.exe
2019-03-04 20:20 - 2019-03-04 20:20 - 000000000 ____D C:\Users\Nighters\Desktop\backups
2019-03-04 20:18 - 2019-03-02 21:08 - 000388608 _____ (Trend Micro Inc.) C:\Users\Nighters\Desktop\HijackThis.exe
2019-03-04 16:21 - 2019-03-04 16:21 - 000000000 ____D C:\Users\Nighters\AppData\Local\Zemana
2019-03-03 19:54 - 2019-03-04 20:24 - 000116623 _____ C:\Windows\ZAM_Guard.krnl.trace
2019-03-03 19:54 - 2019-03-03 19:54 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2019-03-03 19:54 - 2019-03-03 19:54 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2019-03-03 19:54 - 2019-03-03 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2019-03-03 16:59 - 2014-02-13 23:59 - 000024064 _____ C:\Windows\zoek-delete.exe
2019-03-03 16:41 - 2019-03-03 16:58 - 000445226 _____ C:\Windows\ntbtlog.txt
2019-03-03 16:41 - 2019-03-03 16:48 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2019-03-03 16:41 - 2019-03-03 16:41 - 000000000 ____D C:\zoek_backup
2019-03-02 21:58 - 2019-03-04 20:24 - 000280122 _____ C:\Windows\ZAM.krnl.trace
2019-03-02 21:58 - 2019-03-03 19:53 - 000000000 ____D C:\Users\peter\AppData\Local\Zemana
2019-03-02 21:58 - 2019-03-02 21:58 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2019-03-02 21:58 - 2019-03-02 21:58 - 000003522 _____ C:\Windows\System32\Tasks\AMHelper
2019-03-02 21:58 - 2019-03-02 21:58 - 000000000 ____D C:\Users\peter\AppData\Local\AMSDK
2019-03-02 15:20 - 2019-03-02 15:23 - 000000000 ____D C:\ProgramData\HitmanPro
2019-02-25 19:36 - 2019-02-25 19:36 - 000000000 ____D C:\Users\Nighters\AppData\Roaming\Kubat Software
2019-02-25 19:36 - 2019-02-25 19:36 - 000000000 ____D C:\ProgramData\Kubat Software
2019-02-25 19:36 - 2019-02-25 19:36 - 000000000 ____D C:\ProgramData\CS-Script
2019-02-24 17:22 - 2019-02-24 17:22 - 000000000 __RSD C:\Windows\SysWOW64\WindowsDevicePortal
2019-02-24 17:22 - 2019-02-24 17:22 - 000000000 __RSD C:\Windows\system32\WindowsDevicePortal
2019-02-24 17:22 - 2019-02-24 17:22 - 000000000 ___RD C:\Windows\WebManagement
2019-02-24 17:22 - 2018-09-14 21:54 - 000525544 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftWebDriver.exe
2019-02-24 17:22 - 2018-09-14 21:09 - 000404200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftWebDriver.exe
2019-02-24 17:22 - 2018-09-14 18:05 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperTools.ProxyStub.dll
2019-02-24 17:22 - 2018-09-14 18:04 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\SshdPinAuthLsa.dll
2019-02-24 17:22 - 2018-09-14 18:04 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\DeployUtil.exe
2019-02-24 17:22 - 2018-09-14 18:03 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\DevToolsLauncher.exe
2019-02-24 17:22 - 2018-09-14 18:03 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\debugregsvcapi.dll
2019-02-24 17:22 - 2018-09-14 18:02 - 000295424 _____ (Microsoft Corporation) C:\Windows\system32\PerceptionSimulationREST.dll
2019-02-24 17:22 - 2018-09-14 18:02 - 000289280 _____ (Microsoft Corporation) C:\Windows\system32\SshdBroker.dll
2019-02-24 17:22 - 2018-09-14 18:02 - 000155648 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperToolsSvc.exe
2019-02-24 17:22 - 2018-09-14 17:59 - 000093184 _____ (Microsoft Corporation) C:\Windows\system32\debugregsvc.dll
2019-02-24 17:22 - 2018-09-14 17:57 - 000909312 _____ (Microsoft Corporation) C:\Windows\system32\wdp.dll
2019-02-24 17:22 - 2018-09-14 17:56 - 001303040 _____ (Microsoft Corporation) C:\Windows\system32\WebManagement.exe
2019-02-24 17:22 - 2018-09-14 17:37 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdp.dll
2019-02-24 17:14 - 2019-02-24 17:14 - 000000000 ____D C:\Users\peter\AppData\Local\ESET
2019-02-24 16:23 - 2019-02-24 16:23 - 000000000 ____D C:\Users\Nighters\AppData\Local\ESET
2019-02-24 16:22 - 2019-02-24 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2019-02-24 16:22 - 2019-02-24 16:22 - 000000000 ____D C:\ProgramData\ESET
2019-02-24 16:22 - 2019-02-24 16:22 - 000000000 ____D C:\Program Files\ESET
2019-02-24 15:02 - 2019-03-04 20:02 - 000000000 ____D C:\Users\Nighters\AppData\Roaming\Factorio
2019-02-24 13:19 - 2019-02-24 13:19 - 000000000 ____D C:\Users\peter\AppData\Local\mbamtray
2019-02-24 11:50 - 2019-02-24 11:50 - 000000000 ____D C:\ProgramData\Sophos
2019-02-24 11:49 - 2019-02-24 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2019-02-24 11:41 - 2019-02-24 11:41 - 000000000 ____D C:\Users\peter\AppData\Local\mbam
2019-02-23 22:32 - 2019-02-23 22:32 - 000000000 ____D C:\Users\Nighters\Documents\Forza Horizon 3
2019-02-22 22:49 - 2019-02-22 22:50 - 000000000 ____D C:\Users\Nighters\Documents\Assassin's Creed Origins
2019-02-22 22:49 - 2019-02-22 22:49 - 000000000 ____D C:\Users\Public\Documents\uPlay
2019-02-22 19:59 - 2019-02-22 19:59 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-02-22 19:59 - 2019-02-20 12:15 - 005365128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-02-22 19:59 - 2019-02-20 12:15 - 002624368 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-02-22 19:59 - 2019-02-20 12:15 - 001767632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-02-22 19:59 - 2019-02-20 12:15 - 000651472 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-02-22 19:59 - 2019-02-20 12:15 - 000450600 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-02-22 19:59 - 2019-02-20 12:15 - 000125240 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-02-22 19:59 - 2019-02-20 12:15 - 000083440 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-02-22 19:59 - 2019-02-15 13:14 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-02-22 19:59 - 2019-02-15 10:06 - 008504452 _____ C:\Windows\system32\nvcoproc.bin
2019-02-22 19:58 - 2019-02-21 09:55 - 001006800 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-02-22 19:58 - 2019-02-21 09:55 - 001006800 _____ C:\Windows\system32\vulkan-1.dll
2019-02-22 19:58 - 2019-02-21 09:55 - 000870096 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-02-22 19:58 - 2019-02-21 09:55 - 000870096 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-02-22 19:58 - 2019-02-21 09:55 - 000552224 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-02-22 19:58 - 2019-02-21 09:55 - 000457096 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-02-22 19:58 - 2019-02-21 09:55 - 000286416 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-02-22 19:58 - 2019-02-21 09:55 - 000286416 _____ C:\Windows\system32\vulkaninfo.exe
2019-02-22 19:58 - 2019-02-21 09:55 - 000260304 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-02-22 19:58 - 2019-02-21 09:55 - 000260304 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-02-22 19:58 - 2019-02-21 09:54 - 001464256 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-02-22 19:58 - 2019-02-21 09:54 - 001129920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-02-22 19:58 - 2019-02-21 09:54 - 000992032 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2019-02-22 19:58 - 2019-02-21 09:54 - 000668640 _____ C:\Windows\system32\nvofapi64.dll
2019-02-22 19:58 - 2019-02-21 09:54 - 000631688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-02-22 19:58 - 2019-02-21 09:54 - 000534544 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-02-22 19:58 - 2019-02-21 09:54 - 000521824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 040234808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 035140056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 020102872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 017429864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 010319504 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 008784920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 005274560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 004624832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 002031872 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 001535232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 001471816 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 001462416 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 001169336 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 001152200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 001145752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 000915120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 000858712 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2019-02-22 19:58 - 2019-02-21 09:53 - 000822816 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 000794656 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 000752064 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 000638384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 000611720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 000566368 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2019-02-22 19:58 - 2019-02-21 09:53 - 000448800 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2019-02-22 19:58 - 2019-02-21 09:52 - 005042392 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-02-22 19:58 - 2019-02-21 09:52 - 004301152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-02-22 19:58 - 2019-02-20 15:03 - 000104677 _____ C:\Windows\system32\nvidia-smi.1.pdf
2019-02-22 19:58 - 2019-02-20 15:03 - 000066792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2019-02-22 19:58 - 2019-02-20 15:03 - 000047032 _____ C:\Windows\system32\nvinfo.pb
Ran by peter (administrator) on DESKTOP-452CQVQ (04-03-2019 20:24:06)
Running from C:\Users\Nighters\Desktop
Loaded Profiles: peter & Nighters (Available Profiles: peter & Nighters)
Platform: Windows 10 Pro Version 1809 17763.316 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Autodesk, Inc -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Zemana D.O.O. Sarajevo -> Copyright 2018.) D:\Software\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20453.0_x64__8wekyb3d8bbwe\YourPhone.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Cinema 3\Sound Blaster Cinema 3\SBCinema3.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Pinnula) [File not signed] C:\Program Files\WindowsApps\55888ChristopheLavalle.DynamicTheme_1.4.30212.0_x64__jdggxwd41xcr0\Pinnula.DynamicThemeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google LLC -> Google) C:\Users\Nighters\AppData\Local\Google\Chrome\User Data\SwReporter\38.192.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Nighters\AppData\Local\Google\Chrome\User Data\SwReporter\38.192.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Nighters\AppData\Local\Google\Chrome\User Data\SwReporter\38.192.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Nighters\AppData\Local\Google\Chrome\User Data\SwReporter\38.192.200.3\software_reporter_tool.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18388928 2019-01-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [41088 2014-02-21] (Creative Technology Ltd -> Creative Technology Ltd.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-11-29] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [ZAM] => D:\Software\Zemana AntiMalware\ZAM.exe [25160568 2019-02-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
HKLM-x32\...\Run: [Sound Blaster Cinema 3] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 3\Sound Blaster Cinema 3\SBCinema3.exe [1464832 2016-07-29] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [700328 2017-01-06] (Autodesk, Inc -> Autodesk, Inc.)
HKU\S-1-5-21-3387105439-1097537418-4165403734-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3144480 2019-02-18] (Valve -> Valve Corporation)
HKU\S-1-5-21-3387105439-1097537418-4165403734-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3387105439-1097537418-4165403734-1001\...\Run: [Fatal1tySTU] => [X]
HKU\S-1-5-21-3387105439-1097537418-4165403734-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3387105439-1097537418-4165403734-1003\...\Run: [Spotify] => C:\Users\Nighters\AppData\Roaming\Spotify\Spotify.exe [26154216 2019-02-10] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3387105439-1097537418-4165403734-1003\...\Run: [GalaxyClient] => D:\Games\GOG Galaxy\GalaxyClient.exe [7415880 2018-12-20] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-3387105439-1097537418-4165403734-1003\...\Policies\Explorer: []
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-21] (Google LLC -> Google Inc.)
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{51446afe-c7a1-412c-b20e-353f0080fea5}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{6a3eadd6-1b55-4aa6-ac12-7caac65453ea}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3387105439-1097537418-4165403734-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3387105439-1097537418-4165403734-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-11] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-11] (Google Inc -> Google Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1290744 2017-01-06] (Autodesk, Inc -> Autodesk Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-02-07] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-02-07] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
S3 GalaxyClientService; D:\Games\GOG Galaxy\GalaxyClientService.exe [707144 2018-12-20] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2018-12-20] (GOG Sp. z o.o. -> GOG.com)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [760008 2018-04-12] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [720072 2018-04-12] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [218176 2018-06-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2298688 2019-01-23] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3171144 2019-01-23] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381128 2019-01-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 sshd; C:\Windows\System32\OpenSSH\sshd.exe [974848 2019-02-24] (Microsoft Windows -> )
S3 SshdBroker; C:\Windows\System32\SshdBroker.dll [289280 2018-09-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R2 ZAMSvc; D:\Software\Zemana AntiMalware\ZAM.exe [25160568 2019-02-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2019-03-02] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2019-01-14] (ASROCK Incorporation -> ASRock Incorporation)
R0 asstahci64; C:\Windows\System32\drivers\asstahci64.sys [89960 2016-05-18] (ASMedia Technology Inc. -> Asmedia Technology)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [143448 2018-11-29] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107896 2018-11-29] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15872 2018-10-17] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [188832 2018-10-17] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50144 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [82304 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [109864 2018-10-17] (ESET, spol. s r.o. -> ESET)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_3b97b64bf877b381\nvlddmkm.sys [20726016 2019-02-21] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 UcmCxUcsiNvppc; C:\Windows\System32\drivers\UcmCxUcsiNvppc.sys [468504 2018-12-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2019-03-03] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2019-03-03] (Zemana Ltd. -> Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-04 20:24 - 2019-03-04 20:24 - 000014757 _____ C:\Users\Nighters\Desktop\FRST.txt
2019-03-04 20:23 - 2019-03-04 20:24 - 000000000 ____D C:\FRST
2019-03-04 20:23 - 2019-03-04 20:17 - 002434560 _____ (Farbar) C:\Users\Nighters\Desktop\FRST64.exe
2019-03-04 20:20 - 2019-03-04 20:20 - 000000000 ____D C:\Users\Nighters\Desktop\backups
2019-03-04 20:18 - 2019-03-02 21:08 - 000388608 _____ (Trend Micro Inc.) C:\Users\Nighters\Desktop\HijackThis.exe
2019-03-04 16:21 - 2019-03-04 16:21 - 000000000 ____D C:\Users\Nighters\AppData\Local\Zemana
2019-03-03 19:54 - 2019-03-04 20:24 - 000116623 _____ C:\Windows\ZAM_Guard.krnl.trace
2019-03-03 19:54 - 2019-03-03 19:54 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2019-03-03 19:54 - 2019-03-03 19:54 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2019-03-03 19:54 - 2019-03-03 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2019-03-03 16:59 - 2014-02-13 23:59 - 000024064 _____ C:\Windows\zoek-delete.exe
2019-03-03 16:41 - 2019-03-03 16:58 - 000445226 _____ C:\Windows\ntbtlog.txt
2019-03-03 16:41 - 2019-03-03 16:48 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2019-03-03 16:41 - 2019-03-03 16:41 - 000000000 ____D C:\zoek_backup
2019-03-02 21:58 - 2019-03-04 20:24 - 000280122 _____ C:\Windows\ZAM.krnl.trace
2019-03-02 21:58 - 2019-03-03 19:53 - 000000000 ____D C:\Users\peter\AppData\Local\Zemana
2019-03-02 21:58 - 2019-03-02 21:58 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2019-03-02 21:58 - 2019-03-02 21:58 - 000003522 _____ C:\Windows\System32\Tasks\AMHelper
2019-03-02 21:58 - 2019-03-02 21:58 - 000000000 ____D C:\Users\peter\AppData\Local\AMSDK
2019-03-02 15:20 - 2019-03-02 15:23 - 000000000 ____D C:\ProgramData\HitmanPro
2019-02-25 19:36 - 2019-02-25 19:36 - 000000000 ____D C:\Users\Nighters\AppData\Roaming\Kubat Software
2019-02-25 19:36 - 2019-02-25 19:36 - 000000000 ____D C:\ProgramData\Kubat Software
2019-02-25 19:36 - 2019-02-25 19:36 - 000000000 ____D C:\ProgramData\CS-Script
2019-02-24 17:22 - 2019-02-24 17:22 - 000000000 __RSD C:\Windows\SysWOW64\WindowsDevicePortal
2019-02-24 17:22 - 2019-02-24 17:22 - 000000000 __RSD C:\Windows\system32\WindowsDevicePortal
2019-02-24 17:22 - 2019-02-24 17:22 - 000000000 ___RD C:\Windows\WebManagement
2019-02-24 17:22 - 2018-09-14 21:54 - 000525544 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftWebDriver.exe
2019-02-24 17:22 - 2018-09-14 21:09 - 000404200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftWebDriver.exe
2019-02-24 17:22 - 2018-09-14 18:05 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperTools.ProxyStub.dll
2019-02-24 17:22 - 2018-09-14 18:04 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\SshdPinAuthLsa.dll
2019-02-24 17:22 - 2018-09-14 18:04 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\DeployUtil.exe
2019-02-24 17:22 - 2018-09-14 18:03 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\DevToolsLauncher.exe
2019-02-24 17:22 - 2018-09-14 18:03 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\debugregsvcapi.dll
2019-02-24 17:22 - 2018-09-14 18:02 - 000295424 _____ (Microsoft Corporation) C:\Windows\system32\PerceptionSimulationREST.dll
2019-02-24 17:22 - 2018-09-14 18:02 - 000289280 _____ (Microsoft Corporation) C:\Windows\system32\SshdBroker.dll
2019-02-24 17:22 - 2018-09-14 18:02 - 000155648 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperToolsSvc.exe
2019-02-24 17:22 - 2018-09-14 17:59 - 000093184 _____ (Microsoft Corporation) C:\Windows\system32\debugregsvc.dll
2019-02-24 17:22 - 2018-09-14 17:57 - 000909312 _____ (Microsoft Corporation) C:\Windows\system32\wdp.dll
2019-02-24 17:22 - 2018-09-14 17:56 - 001303040 _____ (Microsoft Corporation) C:\Windows\system32\WebManagement.exe
2019-02-24 17:22 - 2018-09-14 17:37 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdp.dll
2019-02-24 17:14 - 2019-02-24 17:14 - 000000000 ____D C:\Users\peter\AppData\Local\ESET
2019-02-24 16:23 - 2019-02-24 16:23 - 000000000 ____D C:\Users\Nighters\AppData\Local\ESET
2019-02-24 16:22 - 2019-02-24 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2019-02-24 16:22 - 2019-02-24 16:22 - 000000000 ____D C:\ProgramData\ESET
2019-02-24 16:22 - 2019-02-24 16:22 - 000000000 ____D C:\Program Files\ESET
2019-02-24 15:02 - 2019-03-04 20:02 - 000000000 ____D C:\Users\Nighters\AppData\Roaming\Factorio
2019-02-24 13:19 - 2019-02-24 13:19 - 000000000 ____D C:\Users\peter\AppData\Local\mbamtray
2019-02-24 11:50 - 2019-02-24 11:50 - 000000000 ____D C:\ProgramData\Sophos
2019-02-24 11:49 - 2019-02-24 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2019-02-24 11:41 - 2019-02-24 11:41 - 000000000 ____D C:\Users\peter\AppData\Local\mbam
2019-02-23 22:32 - 2019-02-23 22:32 - 000000000 ____D C:\Users\Nighters\Documents\Forza Horizon 3
2019-02-22 22:49 - 2019-02-22 22:50 - 000000000 ____D C:\Users\Nighters\Documents\Assassin's Creed Origins
2019-02-22 22:49 - 2019-02-22 22:49 - 000000000 ____D C:\Users\Public\Documents\uPlay
2019-02-22 19:59 - 2019-02-22 19:59 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-02-22 19:59 - 2019-02-20 12:15 - 005365128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-02-22 19:59 - 2019-02-20 12:15 - 002624368 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-02-22 19:59 - 2019-02-20 12:15 - 001767632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-02-22 19:59 - 2019-02-20 12:15 - 000651472 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-02-22 19:59 - 2019-02-20 12:15 - 000450600 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-02-22 19:59 - 2019-02-20 12:15 - 000125240 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-02-22 19:59 - 2019-02-20 12:15 - 000083440 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-02-22 19:59 - 2019-02-15 13:14 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-02-22 19:59 - 2019-02-15 10:06 - 008504452 _____ C:\Windows\system32\nvcoproc.bin
2019-02-22 19:58 - 2019-02-21 09:55 - 001006800 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-02-22 19:58 - 2019-02-21 09:55 - 001006800 _____ C:\Windows\system32\vulkan-1.dll
2019-02-22 19:58 - 2019-02-21 09:55 - 000870096 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-02-22 19:58 - 2019-02-21 09:55 - 000870096 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-02-22 19:58 - 2019-02-21 09:55 - 000552224 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-02-22 19:58 - 2019-02-21 09:55 - 000457096 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-02-22 19:58 - 2019-02-21 09:55 - 000286416 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-02-22 19:58 - 2019-02-21 09:55 - 000286416 _____ C:\Windows\system32\vulkaninfo.exe
2019-02-22 19:58 - 2019-02-21 09:55 - 000260304 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-02-22 19:58 - 2019-02-21 09:55 - 000260304 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-02-22 19:58 - 2019-02-21 09:54 - 001464256 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-02-22 19:58 - 2019-02-21 09:54 - 001129920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-02-22 19:58 - 2019-02-21 09:54 - 000992032 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2019-02-22 19:58 - 2019-02-21 09:54 - 000668640 _____ C:\Windows\system32\nvofapi64.dll
2019-02-22 19:58 - 2019-02-21 09:54 - 000631688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-02-22 19:58 - 2019-02-21 09:54 - 000534544 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-02-22 19:58 - 2019-02-21 09:54 - 000521824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 040234808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 035140056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 020102872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 017429864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 010319504 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 008784920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 005274560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 004624832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 002031872 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 001535232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 001471816 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 001462416 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 001169336 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 001152200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 001145752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 000915120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 000858712 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2019-02-22 19:58 - 2019-02-21 09:53 - 000822816 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 000794656 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 000752064 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 000638384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 000611720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2019-02-22 19:58 - 2019-02-21 09:53 - 000566368 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2019-02-22 19:58 - 2019-02-21 09:53 - 000448800 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2019-02-22 19:58 - 2019-02-21 09:52 - 005042392 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-02-22 19:58 - 2019-02-21 09:52 - 004301152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-02-22 19:58 - 2019-02-20 15:03 - 000104677 _____ C:\Windows\system32\nvidia-smi.1.pdf
2019-02-22 19:58 - 2019-02-20 15:03 - 000066792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2019-02-22 19:58 - 2019-02-20 15:03 - 000047032 _____ C:\Windows\system32\nvinfo.pb