Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02 Ran by zawias (administrator) on ZAWIAS-KOMPUTER on 11-02-2015 20:47:52 Running from C:\Users\zawias\Desktop\frst Loaded Profiles: zawias (Available profiles: zawias) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe () C:\Users\zawias\AppData\Local\Viber\Viber.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor) HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] () HKU\S-1-5-21-157093298-1084357142-467351005-1000\...\Run: [Viber] => C:\Users\zawias\AppData\Local\Viber\Viber.exe [776400 2015-02-03] () HKU\S-1-5-21-157093298-1084357142-467351005-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-157093298-1084357142-467351005-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-157093298-1084357142-467351005-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2014-10-09] (BitDefender) S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-10-09] (BitDefender) R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2014-10-09] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2014-10-09] (BitDefender LLC) R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation ) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed] S3 avc3; system32\DRIVERS\avc3.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 20:32 - 2015-02-11 20:47 - 00000000 ____D () C:\Users\zawias\Desktop\frst 2015-02-11 20:22 - 2015-02-11 20:22 - 00003232 _____ () C:\Windows\System32\Tasks\{9823F287-BD34-40DB-A9A5-3230637A2D18} 2015-02-11 20:18 - 2015-02-11 20:19 - 00009296 _____ () C:\Users\zawias\Desktop\porady.txt 2015-02-11 20:15 - 2015-02-11 20:15 - 00000412 _____ () C:\Users\zawias\Desktop\bookmarks_11.02.2015.html 2015-02-11 11:24 - 2015-02-11 11:25 - 00380416 _____ () C:\Users\zawias\Downloads\velodq04.exe 2015-02-11 10:34 - 2015-02-11 12:03 - 00000000 ____D () C:\Users\zawias\Desktop\logi 2015-02-11 10:24 - 2015-02-11 10:25 - 00380416 _____ () C:\Users\zawias\Downloads\5vwhpvtt.exe 2015-02-11 10:21 - 2015-02-11 20:47 - 00000000 ____D () C:\FRST 2015-02-11 10:20 - 2015-02-11 10:21 - 02132992 _____ (Farbar) C:\Users\zawias\Downloads\FRST64.exe 2015-02-10 12:44 - 2015-02-10 12:44 - 00000000 ____D () C:\Users\zawias\AppData\Roaming\Lavasoft 2015-02-10 12:16 - 2015-02-10 12:16 - 175883848 _____ () C:\Windows\MEMORY.DMP 2015-02-10 12:16 - 2015-02-10 12:16 - 00279536 _____ () C:\Windows\Minidump\021015-38142-01.dmp 2015-02-10 12:16 - 2015-02-10 12:16 - 00000000 ____D () C:\Windows\Minidump 2015-02-10 11:51 - 2015-02-10 11:51 - 00000000 ____D () C:\ProgramData\Adobe 2015-02-10 11:46 - 2015-02-10 12:02 - 00000000 ____D () C:\Users\zawias\AppData\Local\Adobe 2015-02-10 11:18 - 2015-02-10 11:18 - 00000000 ____D () C:\ProgramData\BitDefender 2015-02-10 11:00 - 2015-02-10 11:00 - 00000000 ____D () C:\Users\zawias\AppData\Roaming\LavasoftStatistics 2015-02-10 11:00 - 2014-10-09 10:09 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll 2015-02-10 11:00 - 2014-10-09 10:08 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll 2015-02-10 11:00 - 2014-10-09 10:08 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll 2015-02-10 11:00 - 2014-10-09 10:08 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll 2015-02-10 11:00 - 2014-10-09 10:08 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll 2015-02-10 11:00 - 2014-10-09 10:08 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll 2015-02-10 11:00 - 2014-10-09 10:08 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll 2015-02-10 11:00 - 2014-10-09 10:08 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll 2015-02-10 10:57 - 2015-02-11 20:38 - 00002321 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2015-02-10 10:57 - 2015-02-10 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-02-10 10:56 - 2015-02-10 10:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2015-02-10 10:51 - 2015-02-10 10:51 - 00000000 ____D () C:\Program Files\Lavasoft 2015-02-10 10:49 - 2015-02-10 10:49 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2015-02-10 10:46 - 2015-02-10 10:46 - 00000000 ____D () C:\ProgramData\Lavasoft 2015-02-05 09:57 - 2015-02-06 09:44 - 00000000 ____D () C:\Program Files (x86)\saVer beoox 2015-02-04 15:06 - 2015-02-04 15:14 - 271004092 _____ () C:\Users\zawias\Downloads\Profesor-Klaus-6.0.part3.rar 2015-02-04 15:06 - 2015-02-04 15:13 - 272629760 _____ () C:\Users\zawias\Downloads\Profesor-Klaus-6.0.part2.rar 2015-02-04 15:03 - 2015-02-04 15:06 - 272629760 _____ () C:\Users\zawias\Downloads\Profesor-Klaus-6.0.part1.rar 2015-01-26 21:39 - 2015-01-26 21:55 - 734195712 _____ () C:\Users\zawias\Downloads\Scoop.avi 2015-01-23 19:54 - 2015-01-23 19:54 - 02347384 _____ (ESET) C:\Users\zawias\Downloads\esetsmartinstaller_plk.exe 2015-01-15 22:17 - 2015-01-15 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-01-15 22:17 - 2015-01-15 22:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-01-15 22:17 - 2015-01-15 22:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-01-15 22:15 - 2015-01-15 22:16 - 13087456 _____ (Microsoft Corporation) C:\Users\zawias\Downloads\Silverlight_x64.exe 2015-01-13 21:01 - 2015-01-13 21:01 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM 2015-01-13 21:01 - 2015-01-13 21:01 - 00000000 ____D () C:\Program Files\Realtek 2015-01-13 21:00 - 2015-01-13 21:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-13 21:00 - 2015-01-13 21:00 - 00000000 ____D () C:\Users\zawias\AppData\Roaming\WinBatch 2015-01-13 21:00 - 2015-01-13 21:00 - 00000000 ____D () C:\Program Files (x86)\Realtek 2015-01-13 21:00 - 2009-07-28 21:15 - 01356320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2015-01-13 21:00 - 2009-07-28 21:15 - 00611360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2015-01-13 21:00 - 2009-07-28 21:15 - 00332320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll 2015-01-13 21:00 - 2009-07-28 21:14 - 01603104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll 2015-01-13 21:00 - 2009-07-28 21:14 - 01167904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2015-01-13 21:00 - 2009-07-28 21:14 - 00417824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2015-01-13 21:00 - 2009-07-28 21:14 - 00149536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2015-01-13 21:00 - 2009-07-28 21:14 - 00063008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll 2015-01-13 21:00 - 2009-07-28 21:00 - 01966624 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2015-01-13 21:00 - 2009-07-21 22:03 - 00294400 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll 2015-01-13 21:00 - 2009-06-24 10:43 - 00831488 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll 2015-01-13 21:00 - 2009-04-16 10:13 - 00166400 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll 2015-01-13 21:00 - 2009-03-31 14:02 - 00108032 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll 2015-01-13 21:00 - 2009-03-09 05:32 - 00304640 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll 2015-01-13 21:00 - 2009-03-09 05:30 - 00304640 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll 2015-01-13 21:00 - 2008-11-09 11:57 - 00311296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll 2015-01-13 21:00 - 2008-04-30 08:48 - 00193536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll 2015-01-13 21:00 - 2007-07-25 09:34 - 00150528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll 2015-01-13 21:00 - 2007-05-17 11:26 - 00211376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll 2015-01-13 21:00 - 2006-12-13 10:30 - 00513536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll 2015-01-13 20:58 - 2009-10-27 13:57 - 00000000 ___RD () C:\Users\zawias\Desktop\6.0.1.5904 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 20:41 - 2014-10-11 07:27 - 00423122 _____ () C:\Windows\WindowsUpdate.log 2015-02-11 20:39 - 2014-11-19 17:53 - 00000000 ____D () C:\Users\zawias\AppData\Roaming\ViberPC 2015-02-11 20:39 - 2014-11-19 17:51 - 00000000 ____D () C:\Users\zawias\AppData\Local\Viber 2015-02-11 20:36 - 2010-11-21 04:47 - 00165030 _____ () C:\Windows\PFRO.log 2015-02-11 20:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-11 20:36 - 2009-07-14 05:51 - 00044664 _____ () C:\Windows\setupact.log 2015-02-11 20:35 - 2009-07-14 05:45 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-11 20:35 - 2009-07-14 05:45 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-11 20:22 - 2014-12-26 15:33 - 00000000 ____D () C:\Program Files (x86)\IP Address 2015-02-11 20:20 - 2014-10-11 07:55 - 00001451 _____ () C:\Users\zawias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-10 12:23 - 2011-04-12 14:21 - 00687828 _____ () C:\Windows\system32\perfh015.dat 2015-02-10 12:23 - 2011-04-12 14:21 - 00131382 _____ () C:\Windows\system32\perfc015.dat 2015-02-10 12:23 - 2009-07-14 06:13 - 01523412 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-09 12:03 - 2014-11-19 17:53 - 00001029 _____ () C:\Users\zawias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk 2015-02-09 12:03 - 2014-11-19 17:53 - 00001021 _____ () C:\Users\zawias\Desktop\Viber.lnk 2015-02-06 15:56 - 2014-10-11 07:54 - 00000000 ____D () C:\Users\zawias 2015-02-06 15:54 - 2014-12-30 23:17 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2015-02-06 15:54 - 2014-11-19 17:56 - 00000000 ____D () C:\Users\zawias\AppData\Roaming\Skype 2015-02-06 15:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-06 15:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-02-04 14:44 - 2014-10-10 22:22 - 00000000 ____D () C:\Windows.old 2015-02-04 14:19 - 2014-10-11 07:54 - 00000000 ____D () C:\Users\zawias\AppData\Local\VirtualStore ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-30 19:14 ==================== End Of Log ============================