Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2016 Ran by Andrzej (administrator) on WINDOWS-R08CI6E (29-08-2016 17:35:32) Running from C:\Users\Andrzej\Downloads\Programy do czyszczenia\FRST64 Loaded Profiles: Andrzej (Available Profiles: Andrzej) Platform: Windows 8.1 (Update) (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Google\Chrome\Application.b388a6c\chrome.exe" -- "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe ( ) C:\Windows\System32\lxczcoms.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE (Enigma Software Group USA, LLC.) C:\Program Files\SpyHunter\SpyHunter4.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application.b388a6c\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application.b388a6c\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application.b388a6c\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application.b388a6c\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application.b388a6c\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application.b388a6c\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application.b388a6c\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application.b388a6c\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application.b388a6c\chrome.exe () C:\Users\Andrzej\Downloads\Programy do czyszczenia\Nowy folder\FRST64.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" HKLM\...\Run: [UsBuga Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519584 2013-08-21] (Acronis) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.) HKLM-x32\...\Run: [PowerDVD12Agent] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [377880 2013-11-29] (CyberLink Corp.) HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe [156448 2012-05-04] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-21] (AVAST Software) HKLM-x32\...\Run: [CheckNDISPortF0acE3] => C:\Program Files (x86)\Hostless Modem\USB device MF63\CheckNDISPort_df.exe [459008 2013-08-28] () HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\USB device MF63\CancelAutoPlay_df.exe [446208 2013-08-28] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7840568 2013-11-08] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104792 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\Andrzej\AppData\Local\Temp\DeleteOnReboot.bat [702 2016-08-29] () <===== ATTENTION HKLM\...\Winlogon: [Userinit] wscript C:\windows\run.vbs, Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\Run: [BlazeServoTool] => C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe [286720 2010-03-06] (BlazeVideo Company) HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\Run: [Nokia Internet Modem] => C:\Program Files (x86)\Nokia\Nokia Internet Modem\WellPhone2.exe [1962648 2009-12-17] (SmartCom) HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\Run: [LaunchFinalMate] => C:\Program Files (x86)\Aunsoft\Final Mate\LaunchFinalMate.exe [465920 2011-12-22] () HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\ChomikBox.exe [6033408 2014-03-11] ( ) HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\Run: [C] => cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@att (the data entry has 99 more characters). HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {3a02e7ba-e647-11e5-8360-f82fa8c82b90} - "E:\setup.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {42dc3585-b4f4-11e4-82fe-f82fa8c82b90} - "D:\setup.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {42dc380d-b4f4-11e4-82fe-f82fa8c82b90} - "D:\setup.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {42dc38cd-b4f4-11e4-82fe-f82fa8c82b90} - "D:\setup.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {5810bd48-69c3-11e4-82c8-f82fa8c82b90} - "D:\AutoRun.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {5a21b28f-12e8-11e4-8278-f82fa8c82b90} - "D:\application\Setup.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {83ebfdc5-c67a-11e5-835a-f82fa8c82b90} - "E:\setup.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {83ebfdd1-c67a-11e5-835a-f82fa8c82b90} - "E:\setup.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {8ec17452-5aea-11e5-833d-f82fa8c82b90} - "D:\setup.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {8ec17504-5aea-11e5-833d-f82fa8c82b90} - "D:\setup.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {9498acce-25b6-11e6-8376-f82fa8c82b90} - "E:\setup.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {a62d833a-7cc8-11e5-8342-f82fa8c82b90} - "D:\setup.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {c7b63f7e-fe2c-11e3-8263-f82fa8c82b90} - "D:\AutoRun.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {c7b63fb2-fe2c-11e3-8263-f82fa8c82b90} - "D:\AutoRun.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {e1c0666e-598e-11e6-837d-f82fa8c82b90} - "E:\setup.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {e1c066e2-598e-11e6-837d-f82fa8c82b90} - "E:\setup.exe" HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\...\MountPoints2: {eca104fc-2178-11e4-828a-f82fa8c82b90} - "D:\AutoRun.exe" AppInit_DLLs: C:\ProgramData\Quoteex\Sunzoolax.dll => No File AppInit_DLLs-x32: C:\ProgramData\Quoteex\Alphabam.dll => No File ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-14] (AVAST Software) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Startup: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Super Finder XT.lnk [2016-04-17] ShortcutTarget: Super Finder XT.lnk -> C:\Users\Andrzej\Desktop\Super Finder XT v1.6.3.2\SuperFinder.exe (FSL) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 192.168.0.1 Tcpip\..\Interfaces\{49BBC5B6-6A6E-42D0-9635-A0CA50C79F3F}: [DhcpNameServer] 37.8.214.2 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com URLSearchHook: [S-1-5-21-1169792134-2358267525-3225177676-1001] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-09-25] (Microsoft Corporation) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-14] (AVAST Software) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-09-16] (Microsoft Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-09-25] (Microsoft Corporation) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-15] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-14] (AVAST Software) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.) BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\Andrzej\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll => No File BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-09-16] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-15] (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation) FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2014-04-12] (Cuminas Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-15] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-15] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-07-27] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-27] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-07-27] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-03] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-03] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-12] [not signed] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.pl/" CHR Profile: C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04] CHR Extension: (Przelewy24) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiicmmpkicnndkhlnnloilpgncbpkbjj [2016-05-17] CHR Extension: (Dokumenty Google) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Dysk Google) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (Ultimate YouTube Downloader) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop [2015-01-04] [UpdateUrl: hxxps://dl.dropbox.com/s/xymwrufbnl7titl/update.txt] <==== ATTENTION CHR Extension: (YouTube) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Arkusze Google) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04] CHR Extension: (Dokumenty Google offline) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24] CHR Extension: (Avast Online Security) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-20] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR Extension: (Chrome Media Router) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-28] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01] CHR HKLM-x32\...\Chrome\Extension: [imhlianhlhdicjchlbmbfaefhhjencbe] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (Sense) - C:\Users\Andrzej\AppData\Roaming\Opera Software\Opera Stable\Extensions\jhapbopfchfogphiimjbhodmgnppoigk [2014-11-24] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-14] (AVAST Software) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-06] (Broadcom Corporation.) R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-11-29] (CyberLink Corp.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-11] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-11] (Dell Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.) R2 lxcz_device; C:\windows\system32\lxczcoms.exe [566192 2007-04-19] ( ) R2 lxcz_device; C:\windows\SysWOW64\lxczcoms.exe [537520 2007-04-19] ( ) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915408 2013-10-17] (SoftThinks SAS) S2 SpyHunter 4 Service; C:\Program Files\SpyHunter\SH4Service.exe [797352 2016-07-20] (Enigma Software Group USA, LLC.) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.) R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [274208 2012-05-04] () S3 vmicvss; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.) S2 GhreringuwekCenter; C:\Program Files (x86)\Isakphovey\PlewagetofertCnf.dll [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-14] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-14] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-14] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-06] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-09-06] (Broadcom Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 esgiguard; C:\Program Files\SpyHunter\esgiguard.sys [16432 2016-07-20] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-27] () S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2016-07-20] () S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [178688 2014-06-27] (ITE ) S2 Kmm4xNT; C:\Windows\SysWow64\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk) [File not signed] S3 nokiacpo; C:\Windows\System32\drivers\nokiacpo.sys [22528 2009-08-05] (Icera Inc.) S3 nokiappo; C:\Windows\system32\DRIVERS\nokiappo.sys [32256 2009-08-05] (Icera Inc.) R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-15] (Cyberlink Corp.) S3 qcusbnet; C:\Windows\system32\DRIVERS\innosusbnet.sys [510976 2012-10-26] (QUALCOMM Incorporated) S3 qcusbser; C:\Windows\system32\DRIVERS\innosusbser.sys [369792 2012-10-26] (QUALCOMM Incorporated) R3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-05] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-23] (Synaptics Incorporated) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-11-29] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2015-11-29] (Acronis International GmbH) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-11-29] (Acronis International GmbH) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-03-24] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-03-24] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2016-05-29] (Zemana Ltd.) R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2016-05-29] (Zemana Ltd.) R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [32456 2013-11-30] (CyberLink Corp.) S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-29 17:33 - 2016-08-29 17:35 - 00000000 ____D C:\FRST 2016-08-29 16:35 - 2016-08-29 17:07 - 00000000 ____D C:\Users\Andrzej\Desktop\raporty 2016-08-29 14:45 - 2016-08-29 14:45 - 00000655 _____ C:\Users\Andrzej\Desktop\Infekcja.txt 2016-08-29 12:58 - 2016-08-29 12:58 - 00001613 _____ C:\Users\Andrzej\Desktop\adwcleaner.pl 6.010.exe — skrót.lnk 2016-08-29 12:29 - 2016-08-29 12:29 - 03826240 _____ C:\Users\Andrzej\Downloads\adwcleaner.pl 6.010.exe 2016-08-29 09:29 - 2016-08-29 09:29 - 00003238 _____ C:\windows\System32\Tasks\SpyHunter4Startup 2016-08-28 19:45 - 2016-08-28 19:45 - 00000518 _____ C:\Users\Andrzej\Desktop\StrongRecovery v.2.8.9 crack.txt 2016-08-28 19:34 - 2016-08-28 19:34 - 03904173 _____ C:\Users\Andrzej\Downloads\Download Strong Recovery 3.8.2 (1).rar 2016-08-28 19:33 - 2016-08-28 19:33 - 03904163 _____ C:\Users\Andrzej\Downloads\StrongRecovery 3.8.0 (6).rar 2016-08-28 19:33 - 2016-08-28 19:33 - 03904163 _____ C:\Users\Andrzej\Downloads\StrongRecovery 3.8.0 (5).rar 2016-08-28 19:32 - 2016-08-28 19:33 - 03904163 _____ C:\Users\Andrzej\Downloads\StrongRecovery 3.8.0 (2).rar 2016-08-28 15:18 - 2016-08-28 15:18 - 03904163 _____ C:\Users\Andrzej\Downloads\StrongRecovery 3.8.0 (4).rar 2016-08-28 14:22 - 2016-08-28 14:23 - 03904163 _____ C:\Users\Andrzej\Downloads\StrongRecovery 3.8.0 (3).rar 2016-08-28 13:59 - 2016-08-28 15:15 - 00000000 ____D C:\Users\Andrzej\Desktop\Strongrecovery 2016-08-28 11:22 - 2016-08-28 12:48 - 00000000 ____D C:\Users\Andrzej\Desktop\Full Gruzja 2016-08-28 11:14 - 2016-08-28 11:14 - 00001851 _____ C:\Users\Andrzej\Desktop\chrome.exe — skrót.lnk 2016-08-28 08:20 - 2016-08-29 16:53 - 00000000 ____D C:\Program Files\SpyHunter 2016-08-28 08:20 - 2016-08-28 08:20 - 00000843 _____ C:\Users\Public\Desktop\SpyHunter4.lnk 2016-08-28 08:20 - 2016-08-28 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter4 2016-08-28 08:17 - 2016-08-28 08:18 - 00000000 ____D C:\Users\Andrzej\Downloads\Spyhunter 4 2016-08-28 08:16 - 2016-08-28 08:21 - 16596640 _____ C:\Users\Andrzej\Downloads\SpyHunter 4.23.2.4686 Crack Lang PL (2).7z.m68bsin.partial 2016-08-28 08:12 - 2016-08-28 08:21 - 43582418 _____ C:\Users\Andrzej\Downloads\SpyHunter 4.23.2.4686 Crack Lang PL (1).7z.0at5uvb.partial 2016-08-27 18:02 - 2016-08-27 18:02 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys 2016-08-27 00:17 - 2016-08-29 17:30 - 00001088 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-27 00:17 - 2016-08-29 16:29 - 00001084 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-27 00:17 - 2016-08-27 00:25 - 00004060 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-08-27 00:17 - 2016-08-27 00:25 - 00003824 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-08-25 21:10 - 2016-08-25 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2016-08-25 21:00 - 2016-08-25 21:00 - 00000000 ____D C:\ProgramData\Microleaves 2016-08-25 20:59 - 2016-08-25 21:10 - 00001090 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2016-08-25 17:23 - 2016-08-25 17:30 - 00000000 ____D C:\Users\Andrzej\AppData\Local\arodeziraphvucerly 2016-08-25 17:15 - 2016-08-25 17:15 - 00003606 _____ C:\windows\System32\Tasks\{4C74801A-B66D-4F35-9292-6052B0840E78} 2016-08-25 17:13 - 2016-08-25 17:08 - 00000991 _____ C:\windows\system32\Drivers\etc\hp.bak 2016-08-25 17:12 - 2016-08-25 17:12 - 00008904 _____ C:\windows\System32\Tasks\Ghreringuwek Center 2016-08-25 17:11 - 2016-08-25 17:15 - 00000000 ____D C:\Users\Andrzej\AppData\Local\Stijtain 2016-08-25 17:10 - 2016-08-25 17:10 - 00000000 ____D C:\Users\Andrzej\AppData\Local\UCBrowser 2016-08-25 17:08 - 2016-08-25 17:08 - 00000000 ____D C:\Users\Andrzej\AppData\Roaming\Mozilla 2016-08-25 17:07 - 2016-08-25 17:07 - 01900522 _____ C:\Users\Andrzej\AppData\Roaming\AirDex.tst 2016-08-25 17:07 - 2016-08-25 17:07 - 00072707 _____ C:\Users\Andrzej\AppData\Roaming\Lotsing.tst 2016-08-24 22:59 - 2016-08-24 22:59 - 00000000 ____D C:\Users\Andrzej\licman 2016-08-24 22:59 - 2016-08-24 22:59 - 00000000 ____D C:\Users\Andrzej\AppData\Local\LC Technology Inc 2016-08-24 22:57 - 2016-08-24 22:59 - 00000000 ____D C:\Program Files (x86)\PHOTORECOVERY Professional 2015 2016-08-24 22:57 - 2016-08-24 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHOTORECOVERY Professional 2015 2016-08-24 22:50 - 2016-08-24 22:50 - 00000000 ____D C:\Users\Andrzej\AppData\Roaming\VOS 2016-08-24 17:45 - 2016-08-24 17:45 - 03518768 _____ C:\Users\Andrzej\Downloads\TestDisk & PhotoRec 6.14 Instrukcja (1).rar 2016-08-24 17:44 - 2016-08-24 17:44 - 03518768 _____ C:\Users\Andrzej\Downloads\TestDisk & PhotoRec 6.14 Instrukcja.rar 2016-08-24 17:08 - 2016-08-24 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drive Rescue 2016-08-24 17:08 - 2016-08-24 17:08 - 00000000 ____D C:\Program Files (x86)\Drive Rescue 2016-08-23 23:30 - 2016-08-23 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardRecovery 2016-08-23 23:30 - 2016-08-23 23:30 - 00000000 ____D C:\Program Files (x86)\CardRecovery 2016-08-23 23:28 - 2016-08-23 23:28 - 01594056 _____ C:\Users\Andrzej\Downloads\Card Recovery 6.10 build 1210 Crack (3).rar 2016-08-23 23:26 - 2016-08-23 23:26 - 01594056 _____ C:\Users\Andrzej\Downloads\Card Recovery 6.10 build 1210 Crack (2).rar 2016-08-23 23:25 - 2016-08-23 23:25 - 01594056 _____ C:\Users\Andrzej\Downloads\Card Recovery 6.10 build 1210 Crack (1).rar 2016-08-23 23:23 - 2016-08-23 23:23 - 01594056 _____ C:\Users\Andrzej\Downloads\Card Recovery 6.10 build 1210 Crack.rar 2016-08-23 22:54 - 2016-08-23 22:55 - 07453909 _____ C:\Users\Andrzej\Downloads\Download Strong Recovery 3.8.2.rar 2016-08-23 22:48 - 2016-08-23 22:48 - 00000786 _____ C:\Users\Public\Desktop\Download StrongRecovery...lnk 2016-08-23 22:45 - 2016-08-23 22:46 - 07453899 _____ C:\Users\Andrzej\Downloads\StrongRecovery 3.8.0 (1).rar 2016-08-23 22:45 - 2016-08-23 22:45 - 07453899 _____ C:\Users\Andrzej\Downloads\StrongRecovery 3.8.0.rar 2016-08-23 22:10 - 2016-08-23 22:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StrongRecovery 2.1 2016-08-23 21:57 - 2016-08-23 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StrongRecovery 2016-08-23 21:57 - 2016-08-23 22:27 - 00000000 ____D C:\Program Files (x86)\StrongRecovery 2016-08-23 17:20 - 2016-08-23 17:20 - 00000000 ____D C:\Users\Andrzej\Documents\My Data Files 2016-08-23 17:20 - 2016-08-23 17:20 - 00000000 ____D C:\Users\Andrzej\AppData\Local\Wondershare 2016-08-23 17:20 - 2016-08-23 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2016-08-23 17:19 - 2016-08-23 17:20 - 00000000 ____D C:\ProgramData\Wondershare 2016-08-23 17:19 - 2016-08-23 17:19 - 00000000 ____D C:\Program Files (x86)\Wondershare 2016-08-23 14:48 - 2016-08-23 14:48 - 00000000 ____D C:\Users\Andrzej\AppData\Local\CrashRpt 2016-08-23 14:43 - 2016-08-23 14:45 - 00000000 ____D C:\ProgramData\Ashampoo 2016-08-23 14:43 - 2016-08-23 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2016-08-23 14:43 - 2016-08-23 14:43 - 00000000 ____D C:\Program Files (x86)\Ashampoo 2016-08-23 13:28 - 2016-08-28 11:30 - 00000000 ____D C:\Users\Andrzej\Desktop\Służbowe 2016-08-23 13:26 - 2016-08-23 13:26 - 00000113 _____ C:\Users\Andrzej\Desktop\bateria DELL INSPIRON M531R.txt 2016-08-23 13:04 - 2016-08-23 13:04 - 00000000 ____D C:\odzysk 2016-08-22 23:01 - 2016-08-22 23:01 - 00000035 _____ C:\Users\Andrzej\Desktop\Bateria Dell.txt 2016-08-21 09:39 - 2016-08-21 10:02 - 00000000 ____D C:\Users\Andrzej\Downloads\Chorwacja2016 2016-08-21 09:20 - 2016-08-21 20:55 - 00000000 ____D C:\Users\Andrzej\AppData\Roaming\WhatsApp 2016-08-21 09:20 - 2016-08-21 09:20 - 00002236 _____ C:\Users\Andrzej\Desktop\WhatsApp.lnk 2016-08-21 09:20 - 2016-08-21 09:20 - 00000000 ____D C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2016-08-21 09:19 - 2016-08-21 09:20 - 00000000 ____D C:\Users\Andrzej\AppData\Local\WhatsApp 2016-08-21 09:19 - 2016-08-21 09:20 - 00000000 ____D C:\Users\Andrzej\AppData\Local\SquirrelTemp 2016-08-21 09:10 - 2016-08-21 09:18 - 70157072 _____ (WhatsApp) C:\Users\Andrzej\Desktop\WhatsAppSetup.exe 2016-08-07 22:34 - 2016-08-07 22:35 - 00010354 _____ C:\Users\Andrzej\Desktop\Łazienka Ani.xlsx 2016-08-07 20:21 - 2016-08-07 20:32 - 00000000 ____D C:\Users\Andrzej\Desktop\2016 07-08 2016-08-03 18:50 - 2016-08-03 18:50 - 00032151 _____ C:\Users\Andrzej\Desktop\Poradnik - jak zwiększyć głośność, gdy jest zbyt cicho _ ROMy i Modyfikacje.html 2016-08-03 18:50 - 2016-08-03 18:50 - 00000000 ____D C:\Users\Andrzej\Desktop\Poradnik - jak zwiększyć głośność, gdy jest zbyt cicho _ ROMy i Modyfikacje_files 2016-08-03 17:48 - 2016-08-03 17:48 - 00000000 ____D C:\Users\Andrzej\AppData\Local\CEF 2016-08-03 17:46 - 2016-08-03 17:46 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-08-03 17:46 - 2016-08-03 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-08-03 17:39 - 2016-08-03 17:39 - 00001940 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-08-03 17:38 - 2016-08-29 09:28 - 00004180 _____ C:\windows\System32\Tasks\avast! Emergency Update 2016-08-03 17:34 - 2016-07-14 22:55 - 00390984 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2016-08-03 17:31 - 2016-08-03 17:39 - 00003972 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1470238239 2016-08-03 17:30 - 2016-08-03 17:39 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-08-03 17:30 - 2016-08-03 17:30 - 00001055 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-29 17:36 - 2016-05-29 18:21 - 00641889 _____ C:\windows\ZAM.krnl.trace 2016-08-29 17:35 - 2016-05-29 18:21 - 00264118 _____ C:\windows\ZAM_Guard.krnl.trace 2016-08-29 17:33 - 2014-08-10 12:54 - 00000000 ____D C:\Users\Andrzej\Downloads\Programy do czyszczenia 2016-08-29 17:33 - 2014-06-17 23:22 - 00004020 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{9D3E0168-7EEA-4BD7-846D-02302D8D269D} 2016-08-29 16:47 - 2014-07-17 13:58 - 00000000 ____D C:\Users\Andrzej\AppData\Roaming\ClassicShell 2016-08-29 13:25 - 2014-08-12 13:09 - 00018960 _____ (Logitech, Inc.) C:\windows\system32\Drivers\LNonPnP.sys 2016-08-29 13:24 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf 2016-08-29 13:01 - 2014-06-17 18:53 - 00000000 ____D C:\Users\Andrzej 2016-08-29 12:58 - 2014-03-06 20:27 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2016-08-29 12:53 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-08-29 12:51 - 2015-06-28 21:50 - 00000000 ____D C:\AdwCleaner 2016-08-29 10:14 - 2014-03-06 20:09 - 00000000 ____D C:\ProgramData\Temp 2016-08-28 16:23 - 2014-06-17 18:59 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1169792134-2358267525-3225177676-1001 2016-08-28 12:51 - 2014-06-17 19:44 - 00807160 _____ C:\windows\system32\perfh015.dat 2016-08-28 12:51 - 2014-06-17 19:44 - 00163478 _____ C:\windows\system32\perfc015.dat 2016-08-28 12:51 - 2014-03-06 19:34 - 01825074 _____ C:\windows\system32\PerfStringBackup.INI 2016-08-28 11:33 - 2015-11-22 20:53 - 00000000 ____D C:\Users\Andrzej\Desktop\2015-do przen. na DYSK 2016-08-28 11:04 - 2014-06-17 18:53 - 00001036 _____ C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-08-27 23:19 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\NDF 2016-08-27 19:06 - 2014-10-19 23:00 - 00029184 ___SH C:\Users\Andrzej\Thumbs.db 2016-08-25 22:15 - 2016-05-29 18:21 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2016-08-25 22:13 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI 2016-08-25 22:09 - 2014-06-17 23:44 - 00000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-25 22:08 - 2015-07-21 19:16 - 00000000 ____D C:\Users\Andrzej\Downloads\EXIF 2016-08-25 17:34 - 2014-06-28 16:57 - 00000000 ____D C:\Users\Andrzej\AppData\Local\ElevatedDiagnostics 2016-08-23 22:47 - 2014-07-03 22:52 - 03586560 ___SH C:\Users\Andrzej\Desktop\Thumbs.db 2016-08-07 23:07 - 2014-06-20 18:07 - 00000000 ____D C:\Users\Andrzej\AppData\Roaming\vlc 2016-08-07 21:13 - 2016-04-29 14:17 - 00000000 ____D C:\Users\Andrzej\Desktop\20160330 Koszykówka 2016-08-07 20:03 - 2016-06-21 07:53 - 00000000 ____D C:\Users\Andrzej\Desktop\Rózne z pulpitu 2016-08-07 20:03 - 2015-09-12 21:38 - 00000000 ____D C:\ProgramData\Adobe 2016-08-07 20:03 - 2015-08-30 17:04 - 00000000 ____D C:\Users\Andrzej\AppData\Roaming\Adobe 2016-08-07 20:03 - 2014-07-05 22:59 - 00000000 ____D C:\Users\Andrzej\AppData\LocalLow\Adobe 2016-08-05 20:45 - 2016-06-28 14:31 - 00000000 ____D C:\Users\Andrzej\Desktop\PW przyłącza wody _T.Zawadzki 2016-08-05 20:40 - 2014-07-03 22:34 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys 2016-08-03 23:43 - 2014-06-22 23:13 - 00000000 ____D C:\Users\Andrzej\AppData\Roaming\Skype 2016-08-03 23:14 - 2014-03-06 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2016-08-03 17:46 - 2014-06-22 23:13 - 00000000 ____D C:\Users\Andrzej\AppData\Local\Skype 2016-08-03 17:46 - 2014-06-22 23:12 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk 2016-08-03 17:46 - 2014-06-22 23:12 - 00000000 ____D C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2014-10-19 21:21 - 2014-10-19 21:21 - 0000000 ___RH () C:\Users\Andrzej\AppData\Roaming\45a23766288a8c27628f5c5a39c960ef 2014-10-20 16:57 - 2014-10-20 16:57 - 0000000 ___RH () C:\Users\Andrzej\AppData\Roaming\45a23766288a8c27628f5c5a39c960ef2 2016-08-25 17:07 - 2016-08-25 17:07 - 1900522 _____ () C:\Users\Andrzej\AppData\Roaming\AirDex.tst 2015-12-10 00:18 - 2015-12-10 00:18 - 0005120 _____ () C:\Users\Andrzej\AppData\Roaming\GiftBag.db 2016-08-25 17:07 - 2016-08-25 17:07 - 0072707 _____ () C:\Users\Andrzej\AppData\Roaming\Lotsing.tst 2015-06-24 19:27 - 2015-06-24 19:27 - 0000132 _____ () C:\Users\Andrzej\AppData\Roaming\Preferencje filtru IllExport CS5 firmy Adobe 2015-06-24 23:38 - 2016-03-01 19:54 - 0001781 _____ () C:\Users\Andrzej\AppData\Roaming\WINDOWS-R08CI6E.MTBF.txt 2015-06-24 23:38 - 2016-03-01 19:58 - 0000904 _____ () C:\Users\Andrzej\AppData\Roaming\__AvidCloudManager.log 2015-06-24 23:38 - 2015-11-29 01:21 - 0000904 _____ () C:\Users\Andrzej\AppData\Roaming\__AvidCloudManagerPrevious.log 2014-11-13 20:31 - 2014-11-13 20:31 - 0000004 _____ () C:\Users\Andrzej\AppData\Roaming\Microsoft\_win900212_.log 2015-06-27 20:00 - 2015-06-27 20:00 - 212590361 _____ () C:\Users\Andrzej\AppData\Local\ACCCx3_1_2_114.2.zip.aamdownload 2015-06-27 20:00 - 2015-06-27 20:00 - 0002491 _____ () C:\Users\Andrzej\AppData\Local\ACCCx3_1_2_114.2.zip.aamdownload.aamd 2015-02-01 13:28 - 2015-06-24 23:39 - 0003584 _____ () C:\Users\Andrzej\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 18:38 - 2014-07-25 18:38 - 0000564 _____ () C:\Users\Andrzej\AppData\Local\FSCache.dat 2016-03-22 13:53 - 2016-03-22 13:53 - 0000000 _____ () C:\Users\Andrzej\AppData\Local\{DD1419C3-F66A-4405-AC7F-B0D793626C1B} 2014-03-06 21:21 - 2014-03-06 21:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-06-27 20:43 - 2016-03-02 23:08 - 0004417 _____ () C:\ProgramData\LmeUSB.log 2014-06-27 20:43 - 2016-03-02 23:08 - 0004418 _____ () C:\ProgramData\LSDmbTH.log 2014-03-06 20:18 - 2014-03-06 20:19 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2014-03-06 20:10 - 2014-03-06 20:11 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2014-03-06 20:12 - 2014-03-06 20:14 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2014-03-06 20:15 - 2014-03-06 20:18 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2014-03-06 20:09 - 2014-03-06 20:10 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Files to move or delete: ==================== C:\Users\Andrzej\AppData\Local\Temp\DeleteOnReboot.bat Some files in TEMP: ==================== C:\Users\Andrzej\AppData\Local\Temp\p21506.exe C:\Users\Andrzej\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-29 08:08 ==================== End of FRST.txt ============================