Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016 Ran by Zbigniew Niewiński (administrator) on HOMELAPTOP (05-10-2016 13:01:35) Running from C:\Users\Zbigniew Niewiński\Downloads Loaded Profiles: Zbigniew Niewiński (Available Profiles: Zbigniew Niewiński) Platform: Windows 8.1 (Update) (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\AMD\ATI.ACE\a4\AdaptiveSleepService.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe () C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6626696 2016-07-18] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-14] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-27] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-08-23] (Raptr, Inc) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-13] (AVAST Software) HKLM-x32\...\Run: [Tv-Plug-In] => "C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe" nogui HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation) HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] () HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd) HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd) HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3134728 2016-09-26] (Wargaming.net) HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\Run: [World of Warships] => C:\Games\World_of_Warships\WargamingGameUpdater.exe [3134216 2016-09-08] (Wargaming.net) HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\MountPoints2: {a9e9de6f-2d09-11e6-beb0-a0481cebc4c5} - "F:\wada.exe" HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\MountPoints2: {ec4e9bef-7daf-11e6-becc-a0481cebc4c5} - "F:\Startme.exe" HKU\S-1-5-21-2006376192-134370331-1719292346-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Zbigniew Niewiński\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-28] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Zbigniew Niewiński\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-28] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Zbigniew Niewiński\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-28] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-09] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Zbigniew Niewiński\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-28] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Zbigniew Niewiński\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-28] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Zbigniew Niewiński\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-28] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2016-10-05] ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 31.11.202.254 37.8.214.2 Tcpip\..\Interfaces\{0928B016-FCCD-4385-A70B-0565900A37C4}: [DhcpNameServer] 31.11.202.254 37.8.214.2 Tcpip\..\Interfaces\{470526B3-EA30-4B1D-A0BB-267C13FE4C18}: [DhcpNameServer] 31.11.202.254 37.8.214.2 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS HKU\S-1-5-21-2006376192-134370331-1719292346-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=182&d=20160304 HKU\S-1-5-21-2006376192-134370331-1719292346-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS SearchScopes: HKLM -> {10605B21-50A2-4BEA-9225-B8F9622C749A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {10605B21-50A2-4BEA-9225-B8F9622C749A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2006376192-134370331-1719292346-1002 -> {10605B21-50A2-4BEA-9225-B8F9622C749A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-09-09] (AVAST Software) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-04] (HP Inc.) BHO-x32: GetGo URLCatch -> {0315AA2C-10C7-4504-A1C4-F552ABA8A095} -> C:\Program Files (x86)\GetGo Software\GetGo Download Manager\URLCatch.dll [2016-02-04] (GetGo Software) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-27] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-09] (AVAST Software) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-04] (HP Inc.) Toolbar: HKLM-x32 - GetGo Toolbar - {075BBE29-FEC0-404a-A459-FF58713616FA} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGToolBand.dll [2016-02-04] (GetGo Software) FireFox: ======== FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-09] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-09] FF HKLM-x32\...\Firefox\Extensions: [{0DB87752-EDD2-4ddf-8AE4-A020088EF267}] - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGMoz FF Extension: (GetGo Firefox Addon) - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGMoz [2016-02-29] [not signed] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2006376192-134370331-1719292346-1002: hp.com/HPDetect -> C:\Users\Zbigniew Niewiński\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP) Chrome: ======= CHR StartupUrls: ChromeDefaultData -> "hxxps://www.google.pl/" CHR Profile: C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-10-05] <==== ATTENTION CHR Extension: (Dokumenty Google) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-26] CHR Extension: (Dysk Google) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-26] CHR Extension: (YouTube) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-26] CHR Extension: (Avast Online Security) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-08-13] CHR Extension: (Avast Passwords) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2016-10-05] CHR Extension: (Dokumenty Google offline) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-26] CHR Extension: (Avast Online Security) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-30] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-26] CHR Extension: (Gmail) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-26] CHR Extension: (Chrome Media Router) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-05] CHR Profile: C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default [2016-10-05] CHR Extension: (Dokumenty Google) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-22] CHR Extension: (Dysk Google) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-22] CHR Extension: (YouTube) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-22] CHR Extension: (Google Search) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-22] CHR Extension: (No Name) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnphlgnajanjnkcmbpancdjoidceilk [2016-05-26] CHR Extension: (Arkusze Google) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-22] CHR Extension: (Dokumenty Google offline) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (Gmail) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-22] CHR Extension: (Torrent Search) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkljnnogdmlajgaoodihioopfdkpgjgg [2016-05-26] CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 0287211475661876mcinstcleanup; C:\Users\Zbigniew Niewiński\AppData\Local\Temp\0287211475661876mcinst.exe [883024 2016-10-05] (McAfee, Inc.) R2 AdaptiveSleepService; C:\Program Files\AMD\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-07-18] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-27] (Hewlett-Packard Development Company, L.P.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-05] (Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [252008 2016-08-21] (Synaptics Incorporated) S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-02-23] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-02-23] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-09] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-09] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-09-09] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-09] (AVAST Software) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4297216 2016-08-21] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102400 2016-03-21] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) S3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30264 2016-03-01] (Disc Soft Ltd) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-08-21] (REALiX(tm)) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [328920 2016-08-21] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-08] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-08] (Synaptics Incorporated) R0 stormmc; C:\Windows\System32\drivers\stormmc.sys [44256 2016-08-21] (Advanced Micro Devices) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2016-02-23] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2016-02-23] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2016-02-23] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-05 13:01 - 2016-10-05 13:01 - 00022149 _____ C:\Users\Zbigniew Niewiński\Downloads\FRST.txt 2016-10-05 13:00 - 2016-10-05 13:01 - 00000000 ____D C:\FRST 2016-10-05 12:59 - 2016-10-05 12:59 - 00380928 _____ C:\Users\Zbigniew Niewiński\Downloads\o3nqhki0.exe 2016-10-05 12:58 - 2016-10-05 12:58 - 02405376 _____ (Farbar) C:\Users\Zbigniew Niewiński\Downloads\FRST64.exe 2016-10-05 12:04 - 2016-10-05 12:04 - 00000000 ____D C:\Program Files\McAfee 2016-10-05 11:23 - 2016-10-05 11:33 - 00592669 _____ C:\Users\Zbigniew Niewiński\Downloads\dir(dobreprogramy.pl).zip 2016-10-05 11:23 - 2016-10-05 11:28 - 00000000 ____D C:\Program Files\ByteFence 2016-10-05 11:23 - 2016-10-05 11:23 - 00001670 _____ C:\Users\Public\Desktop\Recuva.lnk 2016-10-05 11:23 - 2016-10-05 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva 2016-10-05 11:22 - 2016-10-05 11:52 - 00000000 ____D C:\Program Files (x86)\McAfee 2016-10-05 11:21 - 2016-10-05 11:21 - 05562976 _____ (Piriform Ltd) C:\Users\Zbigniew Niewiński\Downloads\rcsetup153.exe 2016-10-05 11:19 - 2016-10-05 11:42 - 00000328 _____ C:\Users\Zbigniew Niewiński\Downloads\Files encrypted.txt 2016-10-05 11:19 - 2016-10-05 11:19 - 01153280 _____ ( ) C:\Users\Zbigniew Niewiński\Downloads\Recuva-13044-dp.exe 2016-10-05 11:17 - 2016-10-05 11:17 - 01153280 _____ ( ) C:\Users\Zbigniew Niewiński\Downloads\Digital-Image-Recovery-11446-dp.exe 2016-10-05 11:05 - 2016-10-05 11:05 - 00025088 _____ C:\Users\Zbigniew Niewiński\Documents\decryptor.exe 2016-10-05 11:05 - 2016-10-05 11:05 - 00000020 _____ C:\Users\Zbigniew Niewiński\Documents\uid.txt 2016-10-05 11:05 - 2016-10-05 11:05 - 00000020 _____ C:\Users\Zbigniew Niewiński\AppData\Roaming\uid.txt 2016-10-05 11:05 - 2016-10-05 11:05 - 00000020 _____ C:\ProgramData\uid.txt 2016-09-19 03:03 - 2016-10-05 11:19 - 01260655 _____ C:\Users\Zbigniew Niewiński\Downloads\centrala-sygnalizacji-pozaru-detect-3004-plus-d32551-Instrukcja-Instalatora (2).pdf 2016-09-18 17:06 - 2016-10-05 11:19 - 01260655 _____ C:\Users\Zbigniew Niewiński\Downloads\centrala-sygnalizacji-pozaru-detect-3004-plus-d32551-Instrukcja-Instalatora (1).pdf 2016-09-15 22:54 - 2016-09-07 03:11 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-09-15 22:54 - 2016-09-07 03:11 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-15 20:51 - 2016-07-09 18:10 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2016-09-15 20:51 - 2016-07-09 00:35 - 00101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2016-09-15 20:51 - 2016-07-08 16:17 - 00377344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll 2016-09-15 20:51 - 2016-07-08 16:17 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll 2016-09-15 20:51 - 2016-07-08 00:32 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys 2016-09-15 20:51 - 2016-07-08 00:18 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll 2016-09-15 20:51 - 2016-07-08 00:10 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll 2016-09-15 20:51 - 2016-07-08 00:01 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasppp.dll 2016-09-15 20:51 - 2016-07-07 23:04 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll 2016-09-15 20:51 - 2016-07-07 22:59 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2016-09-15 20:51 - 2016-07-07 22:44 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2016-09-15 20:51 - 2016-07-07 22:41 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2016-09-15 20:51 - 2016-07-07 22:34 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2016-09-15 20:51 - 2016-07-07 22:29 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2016-09-15 20:51 - 2016-07-07 22:29 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2016-09-15 20:51 - 2016-07-07 22:23 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll 2016-09-15 20:51 - 2016-07-07 22:18 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll 2016-09-15 20:51 - 2016-07-07 22:11 - 01661064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-09-15 20:51 - 2016-07-07 22:11 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-09-15 20:51 - 2016-07-07 22:11 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasppp.dll 2016-09-15 20:51 - 2016-07-07 21:35 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll 2016-09-15 20:51 - 2016-07-07 21:14 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2016-09-15 20:51 - 2016-07-04 07:09 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-09-15 20:51 - 2016-07-04 05:45 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2016-09-15 20:51 - 2016-07-04 05:37 - 02897920 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2016-09-15 20:51 - 2016-07-04 05:33 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2016-09-15 20:51 - 2016-07-04 05:04 - 02539008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2016-09-15 20:51 - 2016-07-04 05:02 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2016-09-15 20:51 - 2016-07-04 04:19 - 03547136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-09-15 20:51 - 2016-07-01 22:39 - 00197352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssenh.dll 2016-09-15 20:51 - 2016-07-01 22:39 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dssenh.dll 2016-09-15 20:51 - 2016-01-10 19:08 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2016-09-15 20:03 - 2016-08-21 01:45 - 07076864 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll 2016-09-15 20:03 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-09-15 20:03 - 2016-08-21 01:05 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll 2016-09-15 20:03 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-09-15 20:03 - 2016-08-21 00:42 - 07795712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-09-15 20:03 - 2016-08-21 00:27 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-09-15 20:03 - 2016-08-10 00:47 - 00803176 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2016-09-15 20:03 - 2016-08-10 00:47 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2016-09-15 20:03 - 2016-08-04 16:17 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-09-15 20:03 - 2016-08-03 20:06 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-09-15 20:03 - 2016-08-03 20:05 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2016-09-15 20:02 - 2016-09-01 05:08 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-09-15 20:02 - 2016-09-01 04:46 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-09-15 20:02 - 2016-09-01 04:24 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-09-15 20:02 - 2016-09-01 03:39 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-09-15 20:02 - 2016-09-01 03:30 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-09-15 20:02 - 2016-09-01 03:27 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-09-15 20:02 - 2016-09-01 03:24 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-09-15 20:02 - 2016-09-01 02:45 - 25770496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-09-15 20:02 - 2016-09-01 02:43 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-09-15 20:02 - 2016-09-01 02:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-09-15 20:02 - 2016-09-01 02:38 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-09-15 20:02 - 2016-09-01 02:24 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-09-15 20:02 - 2016-09-01 02:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-09-15 20:02 - 2016-09-01 02:06 - 06047232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-09-15 20:02 - 2016-09-01 01:38 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-09-15 20:02 - 2016-09-01 01:28 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-09-15 20:02 - 2016-09-01 01:15 - 15411712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-09-15 20:02 - 2016-09-01 01:10 - 02921472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-09-15 20:02 - 2016-09-01 00:58 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-09-15 20:02 - 2016-09-01 00:47 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-09-15 20:02 - 2016-08-26 07:51 - 02894336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-09-15 20:02 - 2016-08-26 06:44 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-09-15 20:02 - 2016-08-26 06:41 - 02881536 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-09-15 20:02 - 2016-08-26 06:00 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2016-09-15 20:01 - 2016-09-08 23:51 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-09-15 20:01 - 2016-09-08 23:51 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-09-15 20:01 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2016-09-15 20:01 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2016-09-15 20:01 - 2016-08-21 03:03 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-09-15 20:01 - 2016-08-21 03:01 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-09-15 20:01 - 2016-08-21 03:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-09-15 20:01 - 2016-08-21 02:17 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2016-09-15 20:01 - 2016-08-21 01:27 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-09-15 20:01 - 2016-08-21 01:26 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2016-09-15 20:01 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2016-09-15 20:01 - 2016-08-14 21:34 - 01541248 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-09-15 20:01 - 2016-08-14 20:25 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-09-15 20:01 - 2016-08-14 18:14 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-09-15 20:01 - 2016-08-13 09:41 - 07445848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-09-15 20:01 - 2016-08-13 09:40 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-09-15 20:01 - 2016-08-13 09:40 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-09-15 20:01 - 2016-08-13 09:40 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-09-15 20:01 - 2016-08-13 09:40 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-09-15 20:01 - 2016-08-13 09:40 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-09-15 20:01 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll 2016-09-15 20:01 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2016-09-15 20:01 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2016-09-15 20:01 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2016-09-15 19:32 - 2016-09-15 19:32 - 00155047 _____ C:\Users\Zbigniew Niewiński\Desktop\dp-30416359-2 dokumenty podróży 2016-09-13 04:31 - 2016-10-05 11:19 - 00198990 _____ C:\Users\Zbigniew Niewiński\Desktop\Avantor plan na wrzesień.xls 2016-09-09 19:37 - 2016-09-09 19:37 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2016-09-09 19:36 - 2016-09-09 19:36 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2016-09-07 17:07 - 2016-09-07 17:07 - 00000000 ____D C:\Users\Zbigniew Niewiński\AppData\Roaming\Wargaming.net 2016-09-07 15:08 - 2016-09-07 15:09 - 00000000 ____D C:\WINDOWS\SysWOW64\directx 2016-09-07 15:08 - 2016-09-07 15:08 - 04726080 _____ (Wargaming.net ) C:\Users\Zbigniew Niewiński\Downloads\WoT_internet_install_eu.exe 2016-09-07 15:08 - 2016-09-07 15:08 - 00000000 ___HD C:\WINDOWS\msdownld.tmp 2016-09-07 15:08 - 2016-09-07 15:08 - 00000000 ____D C:\Users\Zbigniew Niewiński\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks 2016-09-07 14:14 - 2016-09-07 14:14 - 00000000 ____D C:\Users\Zbigniew Niewiński\AppData\Local\AVAST Software ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-05 12:34 - 2016-02-23 06:28 - 00000000 ____D C:\Program Files\Recuva 2016-10-05 12:10 - 2016-02-23 00:45 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2006376192-134370331-1719292346-1002 2016-10-05 12:01 - 2016-08-21 18:04 - 00002904 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Zbigniew Niewiński) 2016-10-05 12:00 - 2016-02-24 06:00 - 00000000 ____D C:\Program Files (x86)\Steam 2016-10-05 12:00 - 2016-02-23 11:07 - 00000000 ____D C:\Users\Zbigniew Niewiński\AppData\Roaming\Raptr 2016-10-05 11:57 - 2016-06-30 18:18 - 00003894 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1467303472 2016-10-05 11:57 - 2016-06-30 18:18 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-10-05 11:52 - 2016-07-26 18:53 - 00000406 _____ C:\WINDOWS\Tasks\HPCeeScheduleForZbigniew Niewiński.job 2016-10-05 11:52 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-10-05 11:44 - 2016-02-23 23:23 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2016-10-05 11:42 - 2016-03-05 20:51 - 512833342 _____ C:\Users\Zbigniew Niewiński\Downloads\MIITW_UPDATE2_Polish_RC_Final.zip 2016-10-05 11:22 - 2016-02-24 03:36 - 00000000 ____D C:\ProgramData\McAfee 2016-10-05 11:21 - 2016-02-23 23:14 - 00849040 _____ C:\WINDOWS\system32\perfh015.dat 2016-10-05 11:21 - 2016-02-23 23:14 - 00185138 _____ C:\WINDOWS\system32\perfc015.dat 2016-10-05 11:21 - 2014-11-21 10:44 - 01995236 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-10-05 11:21 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf 2016-10-05 11:20 - 2016-09-03 14:13 - 00108728 _____ C:\Users\Zbigniew Niewiński\Downloads\UmowaSprzedazy.pdf 2016-10-05 11:20 - 2016-08-28 21:14 - 02884269 _____ C:\Users\Zbigniew Niewiński\Downloads\D19970483.pdf 2016-10-05 11:20 - 2016-07-20 17:49 - 00301502 _____ C:\Users\Zbigniew Niewiński\Downloads\uokik_lista_nr_VIN_Honda_20150720.xlsx 2016-10-05 11:20 - 2016-04-26 11:41 - 00628078 _____ C:\Users\Zbigniew Niewiński\Downloads\konstytucja PIS-2010.pdf 2016-10-05 11:20 - 2016-03-16 03:30 - 00012531 _____ C:\Users\Zbigniew Niewiński\Downloads\potwierdzenie.pdf 2016-10-05 11:20 - 2016-03-04 00:57 - 00000000 ____D C:\Z HDD 2016-10-05 11:20 - 2016-02-24 03:36 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-10-05 11:19 - 2016-09-03 13:28 - 00364562 _____ C:\Users\Zbigniew Niewiński\Downloads\30416359_potwierdzenie_podrozy.pdf 2016-10-05 11:19 - 2016-08-13 13:36 - 00021652 _____ C:\Users\Zbigniew Niewiński\Desktop\18785328_Detale_20160709.pdf.pdf 2016-10-05 11:14 - 2016-02-23 04:34 - 00000000 ____D C:\priv1 and instalki 2016-10-05 11:07 - 2016-02-23 04:31 - 00000000 ____D C:\priv and instalki 2016-10-05 11:05 - 2016-02-23 10:40 - 00000000 ____D C:\AMD 2016-10-05 11:00 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-10-05 11:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-10-05 10:55 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-19 22:18 - 2016-07-26 18:53 - 00003246 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForZbigniew Niewiński 2016-09-19 22:17 - 2016-03-05 20:13 - 00004044 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CFE7D020-E677-4E79-B928-A5A56791E15C} 2016-09-17 19:57 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2016-09-17 04:28 - 2016-05-26 22:54 - 00002169 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-09-17 04:28 - 2016-02-22 04:59 - 00002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-09-17 02:22 - 2016-03-01 02:45 - 00000000 ____D C:\Users\Zbigniew Niewiński\AppData\Local\ApplicationHistory 2016-09-16 19:55 - 2016-06-30 18:15 - 00004180 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-09-15 22:52 - 2013-08-22 16:44 - 00566960 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-09-15 22:50 - 2016-02-23 00:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-09-15 22:50 - 2016-02-23 00:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-09-15 22:46 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup 2016-09-15 22:46 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\setup 2016-09-15 22:44 - 2016-02-23 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-09-15 22:41 - 2016-02-22 08:35 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-09-15 22:35 - 2016-02-22 08:34 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-09-15 22:33 - 2014-11-21 10:25 - 00000000 ____D C:\WINDOWS\ShellNew 2016-09-15 19:25 - 2016-08-21 18:04 - 00000000 ____D C:\Users\Zbigniew Niewiński\AppData\Roaming\IObit 2016-09-13 19:39 - 2016-06-30 18:15 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2016-09-13 03:53 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-09-09 19:37 - 2016-06-30 18:15 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2016-09-09 19:37 - 2016-06-30 18:15 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2016-09-09 19:37 - 2016-06-30 18:15 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2016-09-09 19:37 - 2016-06-30 18:15 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2016-09-09 19:37 - 2016-06-30 18:15 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2016-09-09 19:37 - 2016-06-30 18:15 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2016-09-09 19:37 - 2016-06-30 18:15 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2016-09-09 19:36 - 2016-06-30 18:17 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2016-09-07 17:25 - 2016-08-13 14:23 - 00000000 ____D C:\Users\Zbigniew Niewiński\Desktop\gry 2016-09-07 15:08 - 2016-07-17 03:51 - 00000000 ____D C:\Games ==================== Files in the root of some directories ======= 2016-02-23 06:26 - 2016-02-23 06:26 - 0011568 _____ () C:\Users\Zbigniew Niewiński\AppData\Roaming\InstallationConfiguration.xml 2016-02-23 06:26 - 2016-02-23 06:26 - 0126976 _____ () C:\Users\Zbigniew Niewiński\AppData\Roaming\Installer.dat 2016-05-27 00:55 - 2016-05-27 02:14 - 0000115 _____ () C:\Users\Zbigniew Niewiński\AppData\Roaming\LogFile.txt 2016-10-05 11:05 - 2016-10-05 11:05 - 0000020 _____ () C:\Users\Zbigniew Niewiński\AppData\Roaming\uid.txt 2016-03-01 02:45 - 2016-03-01 02:45 - 0000106 _____ () C:\Users\Zbigniew Niewiński\AppData\Local\fusioncache.dat 2016-02-24 03:42 - 2016-02-24 03:42 - 0003236 _____ () C:\Users\Zbigniew Niewiński\AppData\Local\unins000.dat 2016-02-24 03:42 - 2016-02-24 03:42 - 0707672 _____ () C:\Users\Zbigniew Niewiński\AppData\Local\unins000.exe 2016-02-24 03:42 - 2016-02-24 03:42 - 0011761 _____ () C:\Users\Zbigniew Niewiński\AppData\Local\unins000.msg 2016-10-05 11:05 - 2016-10-05 11:42 - 0309728 _____ () C:\ProgramData\encfiles.log 2016-10-05 11:42 - 2016-10-05 11:42 - 0061741 _____ () C:\ProgramData\encinfo.jpg 2016-10-05 11:05 - 2016-10-05 11:05 - 0000020 _____ () C:\ProgramData\uid.txt Some files in TEMP: ==================== C:\Users\Zbigniew Niewiński\AppData\Local\Temp\0210311475659521mcinst.exe C:\Users\Zbigniew Niewiński\AppData\Local\Temp\0287211475661876mcinst.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-16 19:55 ==================== End of FRST.txt ============================