Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016 Ran by Zbigniew Niewiński (administrator) on HOMELAPTOP (08-10-2016 16:33:36) Running from C:\Users\Zbigniew Niewiński\Downloads Loaded Profiles: Zbigniew Niewiński (Available Profiles: Zbigniew Niewiński) Platform: Windows 8.1 (Update) (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe () C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Wargaming.net) C:\Games\World_of_Warships\WargamingGameUpdater.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe () C:\Program Files\AMD\ATI.ACE\a4\AdaptiveSleepService.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6626696 2016-07-18] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-14] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-27] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-13] (AVAST Software) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation) HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] () HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd) HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd) HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3134728 2016-09-26] (Wargaming.net) HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\Run: [World of Warships] => C:\Games\World_of_Warships\WargamingGameUpdater.exe [3134216 2016-09-08] (Wargaming.net) HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\MountPoints2: {a9e9de6f-2d09-11e6-beb0-a0481cebc4c5} - "F:\wada.exe" HKU\S-1-5-21-2006376192-134370331-1719292346-1002\...\MountPoints2: {ec4e9bef-7daf-11e6-becc-a0481cebc4c5} - "F:\Startme.exe" HKU\S-1-5-21-2006376192-134370331-1719292346-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Zbigniew Niewiński\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-28] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Zbigniew Niewiński\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-28] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Zbigniew Niewiński\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-28] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-09] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Zbigniew Niewiński\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-28] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Zbigniew Niewiński\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-28] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Zbigniew Niewiński\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-28] (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 31.11.202.254 37.8.214.2 Tcpip\..\Interfaces\{0928B016-FCCD-4385-A70B-0565900A37C4}: [DhcpNameServer] 31.11.202.254 37.8.214.2 Tcpip\..\Interfaces\{470526B3-EA30-4B1D-A0BB-267C13FE4C18}: [DhcpNameServer] 31.11.202.254 37.8.214.2 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS HKU\S-1-5-21-2006376192-134370331-1719292346-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS SearchScopes: HKLM -> {10605B21-50A2-4BEA-9225-B8F9622C749A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {10605B21-50A2-4BEA-9225-B8F9622C749A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2006376192-134370331-1719292346-1002 -> {10605B21-50A2-4BEA-9225-B8F9622C749A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-09-09] (AVAST Software) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-04] (HP Inc.) BHO-x32: GetGo URLCatch -> {0315AA2C-10C7-4504-A1C4-F552ABA8A095} -> C:\Program Files (x86)\GetGo Software\GetGo Download Manager\URLCatch.dll [2016-02-04] (GetGo Software) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-27] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-09] (AVAST Software) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-04] (HP Inc.) Toolbar: HKLM-x32 - GetGo Toolbar - {075BBE29-FEC0-404a-A459-FF58713616FA} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGToolBand.dll [2016-02-04] (GetGo Software) Chrome: ======= CHR HomePage: Profile 1 -> hxxps://www.google.pl/ CHR StartupUrls: Profile 1 -> "hxxps://www.google.pl/" CHR DefaultSearchURL: Profile 1 -> hxxp://szukaj.onet.pl/wyniki.html?qt={searchTerms} CHR DefaultSearchKeyword: Profile 1 -> onet.pl CHR Profile: C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-10-08] <==== ATTENTION CHR Profile: C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default [2016-10-08] CHR Extension: (Dokumenty Google) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-22] CHR Extension: (Dysk Google) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-22] CHR Extension: (YouTube) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-22] CHR Extension: (Google Search) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-22] CHR Extension: (No Name) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnphlgnajanjnkcmbpancdjoidceilk [2016-05-26] CHR Extension: (Arkusze Google) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-22] CHR Extension: (Dokumenty Google offline) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (Gmail) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-22] CHR Profile: C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-10-08] CHR Extension: (Dokumenty Google) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-08] CHR Extension: (Dysk Google) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-08] CHR Extension: (YouTube) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-08] CHR Extension: (Avast Online Security) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-10-08] CHR Extension: (Dokumenty Google offline) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-08] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-08] CHR Extension: (Gmail) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-08] CHR Extension: (Chrome Media Router) - C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-08] CHR Profile: C:\Users\Zbigniew Niewiński\AppData\Local\Google\Chrome\User Data\System Profile [2016-10-08] CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\AMD\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-07-18] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software) R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-27] (Hewlett-Packard Development Company, L.P.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-05] (Realtek Semiconductor) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [252008 2016-08-21] (Synaptics Incorporated) S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-02-23] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-02-23] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-09] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-09] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-10-05] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-09] (AVAST Software) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4297216 2016-08-21] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102400 2016-03-21] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) S3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30264 2016-03-01] (Disc Soft Ltd) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-08-21] (REALiX(tm)) R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-08] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [328920 2016-08-21] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-08] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-08] (Synaptics Incorporated) R0 stormmc; C:\Windows\System32\drivers\stormmc.sys [44256 2016-08-21] (Advanced Micro Devices) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2016-02-23] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2016-02-23] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2016-02-23] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-08 15:01 - 2016-10-08 15:12 - 00027806 _____ C:\Users\Zbigniew Niewiński\Downloads\Fixlog.txt 2016-10-08 15:00 - 2016-10-08 15:00 - 00006540 _____ C:\Users\Zbigniew Niewiński\Desktop\Nowy dokument tekstowy.txt 2016-10-08 14:51 - 2016-10-08 14:51 - 00002459 _____ C:\Users\Zbigniew Niewiński\Desktop\user0 - Chrome.lnk 2016-10-08 13:55 - 2016-10-08 13:55 - 00000000 ____D C:\Users\Zbigniew Niewiński\AppData\Roaming\www.shadowexplorer.com 2016-10-08 13:54 - 2016-10-08 13:54 - 00001857 _____ C:\Users\Zbigniew Niewiński\Desktop\ShadowExplorer.lnk 2016-10-08 13:54 - 2016-10-08 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer 2016-10-08 13:54 - 2016-10-08 13:54 - 00000000 ____D C:\Program Files (x86)\ShadowExplorer 2016-10-08 13:51 - 2016-10-08 13:51 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Zbigniew Niewiński\Downloads\ShadowExplorer-0.9-setup.exe 2016-10-06 18:20 - 2016-10-07 13:39 - 00031232 ___SH C:\Users\Zbigniew Niewiński\Desktop\Thumbs.db 2016-10-06 17:27 - 2016-02-24 03:38 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161006-172747.backup 2016-10-06 15:07 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2016-10-06 13:27 - 2016-10-06 13:27 - 00067396 _____ C:\malware wyniki.txt 2016-10-06 12:09 - 2016-10-06 17:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-10-06 12:09 - 2016-10-06 14:00 - 00001351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2016-10-06 12:09 - 2016-10-06 14:00 - 00001345 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2016-10-06 12:09 - 2016-10-06 12:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking 2016-10-06 12:09 - 2016-10-06 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2016-10-06 12:09 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2016-10-06 12:08 - 2016-10-08 16:05 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-10-06 12:08 - 2016-10-06 15:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-10-06 12:08 - 2016-10-06 14:00 - 00001068 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-10-06 12:08 - 2016-10-06 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-10-06 12:08 - 2016-10-06 12:08 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-10-06 12:08 - 2016-10-06 12:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-10-06 12:08 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-10-06 12:08 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-10-06 12:08 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-10-06 12:05 - 2016-10-06 12:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Zbigniew Niewiński\Downloads\spybot-2.4.exe 2016-10-06 12:03 - 2016-10-06 12:04 - 22851472 _____ (Malwarebytes ) C:\Users\Zbigniew Niewiński\Downloads\mbam-setup-2.2.1.1043.exe 2016-10-05 18:58 - 2016-10-05 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2016-10-05 18:58 - 2016-10-05 18:58 - 00000000 ____D C:\Program Files\7-Zip 2016-10-05 17:47 - 2016-10-05 17:47 - 00121538 _____ C:\Users\Zbigniew Niewiński\Documents\cc_20161005_174717.reg 2016-10-05 13:07 - 2016-10-05 13:07 - 00080776 _____ C:\Users\Zbigniew Niewiński\Downloads\Shortcut.txt 2016-10-05 13:04 - 2016-10-05 13:07 - 00052834 _____ C:\Users\Zbigniew Niewiński\Downloads\Addition.txt 2016-10-05 13:01 - 2016-10-08 16:34 - 00020297 _____ C:\Users\Zbigniew Niewiński\Downloads\FRST.txt 2016-10-05 13:00 - 2016-10-08 16:33 - 00000000 ____D C:\FRST 2016-10-05 12:58 - 2016-10-05 12:58 - 02405376 _____ (Farbar) C:\Users\Zbigniew Niewiński\Downloads\FRST64.exe 2016-10-05 11:23 - 2016-10-06 14:00 - 00001708 _____ C:\Users\Public\Desktop\Recuva.lnk 2016-10-05 11:23 - 2016-10-05 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva 2016-09-15 22:54 - 2016-09-07 03:11 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-09-15 22:54 - 2016-09-07 03:11 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-15 20:51 - 2016-07-09 18:10 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2016-09-15 20:51 - 2016-07-09 00:35 - 00101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2016-09-15 20:51 - 2016-07-08 16:17 - 00377344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll 2016-09-15 20:51 - 2016-07-08 16:17 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll 2016-09-15 20:51 - 2016-07-08 00:32 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys 2016-09-15 20:51 - 2016-07-08 00:18 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll 2016-09-15 20:51 - 2016-07-08 00:10 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll 2016-09-15 20:51 - 2016-07-08 00:01 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasppp.dll 2016-09-15 20:51 - 2016-07-07 23:04 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll 2016-09-15 20:51 - 2016-07-07 22:59 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2016-09-15 20:51 - 2016-07-07 22:44 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2016-09-15 20:51 - 2016-07-07 22:41 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2016-09-15 20:51 - 2016-07-07 22:34 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2016-09-15 20:51 - 2016-07-07 22:29 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2016-09-15 20:51 - 2016-07-07 22:29 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2016-09-15 20:51 - 2016-07-07 22:23 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll 2016-09-15 20:51 - 2016-07-07 22:18 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll 2016-09-15 20:51 - 2016-07-07 22:11 - 01661064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-09-15 20:51 - 2016-07-07 22:11 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-09-15 20:51 - 2016-07-07 22:11 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasppp.dll 2016-09-15 20:51 - 2016-07-07 21:35 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll 2016-09-15 20:51 - 2016-07-07 21:14 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2016-09-15 20:51 - 2016-07-04 07:09 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-09-15 20:51 - 2016-07-04 05:45 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2016-09-15 20:51 - 2016-07-04 05:37 - 02897920 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2016-09-15 20:51 - 2016-07-04 05:33 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2016-09-15 20:51 - 2016-07-04 05:04 - 02539008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2016-09-15 20:51 - 2016-07-04 05:02 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2016-09-15 20:51 - 2016-07-04 04:19 - 03547136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-09-15 20:51 - 2016-07-01 22:39 - 00197352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssenh.dll 2016-09-15 20:51 - 2016-07-01 22:39 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dssenh.dll 2016-09-15 20:51 - 2016-01-10 19:08 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2016-09-15 20:03 - 2016-08-21 01:45 - 07076864 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll 2016-09-15 20:03 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-09-15 20:03 - 2016-08-21 01:05 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll 2016-09-15 20:03 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-09-15 20:03 - 2016-08-21 00:42 - 07795712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-09-15 20:03 - 2016-08-21 00:27 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-09-15 20:03 - 2016-08-10 00:47 - 00803176 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2016-09-15 20:03 - 2016-08-10 00:47 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2016-09-15 20:03 - 2016-08-04 16:17 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-09-15 20:03 - 2016-08-03 20:06 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-09-15 20:03 - 2016-08-03 20:05 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2016-09-15 20:02 - 2016-09-01 05:08 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-09-15 20:02 - 2016-09-01 04:46 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-09-15 20:02 - 2016-09-01 04:24 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-09-15 20:02 - 2016-09-01 03:39 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-09-15 20:02 - 2016-09-01 03:30 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-09-15 20:02 - 2016-09-01 03:27 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-09-15 20:02 - 2016-09-01 03:24 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-09-15 20:02 - 2016-09-01 02:45 - 25770496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-09-15 20:02 - 2016-09-01 02:43 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-09-15 20:02 - 2016-09-01 02:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-09-15 20:02 - 2016-09-01 02:38 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-09-15 20:02 - 2016-09-01 02:24 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-09-15 20:02 - 2016-09-01 02:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-09-15 20:02 - 2016-09-01 02:06 - 06047232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-09-15 20:02 - 2016-09-01 01:38 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-09-15 20:02 - 2016-09-01 01:28 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-09-15 20:02 - 2016-09-01 01:15 - 15411712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-09-15 20:02 - 2016-09-01 01:10 - 02921472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-09-15 20:02 - 2016-09-01 00:58 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-09-15 20:02 - 2016-09-01 00:47 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-09-15 20:02 - 2016-08-26 07:51 - 02894336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-09-15 20:02 - 2016-08-26 06:44 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-09-15 20:02 - 2016-08-26 06:41 - 02881536 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-09-15 20:02 - 2016-08-26 06:00 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2016-09-15 20:01 - 2016-09-08 23:51 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-09-15 20:01 - 2016-09-08 23:51 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-09-15 20:01 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2016-09-15 20:01 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2016-09-15 20:01 - 2016-08-21 03:03 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-09-15 20:01 - 2016-08-21 03:01 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-09-15 20:01 - 2016-08-21 03:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-09-15 20:01 - 2016-08-21 02:17 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2016-09-15 20:01 - 2016-08-21 01:27 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-09-15 20:01 - 2016-08-21 01:26 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2016-09-15 20:01 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2016-09-15 20:01 - 2016-08-14 21:34 - 01541248 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-09-15 20:01 - 2016-08-14 20:25 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-09-15 20:01 - 2016-08-14 18:14 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-09-15 20:01 - 2016-08-13 09:41 - 07445848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-09-15 20:01 - 2016-08-13 09:40 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-09-15 20:01 - 2016-08-13 09:40 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-09-15 20:01 - 2016-08-13 09:40 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-09-15 20:01 - 2016-08-13 09:40 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-09-15 20:01 - 2016-08-13 09:40 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-09-15 20:01 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll 2016-09-15 20:01 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2016-09-15 20:01 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2016-09-15 20:01 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2016-09-15 19:32 - 2016-09-15 19:32 - 00155047 _____ C:\Users\Zbigniew Niewiński\Desktop\dp-30416359-2 dokumenty podróży 2016-09-09 19:37 - 2016-09-09 19:37 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2016-09-09 19:36 - 2016-09-09 19:36 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-08 16:06 - 2016-02-24 06:00 - 00000000 ____D C:\Program Files (x86)\Steam 2016-10-08 16:04 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-10-08 16:03 - 2016-02-23 23:23 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2016-10-08 16:03 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-10-08 15:13 - 2016-02-23 00:45 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2006376192-134370331-1719292346-1002 2016-10-08 15:11 - 2016-02-23 10:40 - 00000000 ____D C:\AMD 2016-10-08 14:42 - 2016-02-23 23:14 - 00849040 _____ C:\WINDOWS\system32\perfh015.dat 2016-10-08 14:42 - 2016-02-23 23:14 - 00185138 _____ C:\WINDOWS\system32\perfc015.dat 2016-10-08 14:42 - 2014-11-21 10:44 - 01995236 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-10-08 14:42 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf 2016-10-08 14:21 - 2016-02-23 04:31 - 00000000 ____D C:\priv and instalki 2016-10-08 13:41 - 2016-03-05 20:13 - 00004044 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CFE7D020-E677-4E79-B928-A5A56791E15C} 2016-10-08 05:44 - 2016-02-23 04:34 - 00000000 ____D C:\priv1 and instalki 2016-10-08 04:42 - 2016-02-22 04:56 - 00000000 ____D C:\Program Files (x86)\Google 2016-10-07 19:53 - 2016-02-24 03:35 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-10-07 10:31 - 2016-08-21 18:05 - 00000000 ____D C:\ProgramData\ProductData 2016-10-07 07:53 - 2016-08-21 18:04 - 00002904 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Zbigniew Niewiński) 2016-10-06 15:07 - 2016-02-23 02:30 - 00000000 ____D C:\Program Files\Common Files\AV 2016-10-06 14:00 - 2016-08-23 10:03 - 00002197 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk 2016-10-06 14:00 - 2016-08-21 07:42 - 00000872 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-10-06 14:00 - 2016-08-13 13:24 - 00002419 _____ C:\Users\Zbigniew Niewiński\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive dla Firm.lnk 2016-10-06 14:00 - 2016-07-02 00:05 - 00001976 _____ C:\Users\Public\Desktop\Avast Pro Antivirus.lnk 2016-10-06 14:00 - 2016-06-30 18:18 - 00001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-10-06 14:00 - 2016-06-30 18:18 - 00001175 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-10-06 14:00 - 2016-05-26 22:54 - 00002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-10-06 14:00 - 2016-02-24 03:46 - 00000923 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Deklaracje.lnk 2016-10-06 14:00 - 2016-02-24 03:46 - 00000917 _____ C:\Users\Public\Desktop\e-Deklaracje.lnk 2016-10-06 14:00 - 2016-02-24 00:29 - 00001426 _____ C:\Users\Zbigniew Niewiński\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-10-06 14:00 - 2016-02-23 23:48 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-10-06 14:00 - 2016-02-23 23:39 - 00000445 _____ C:\Users\Zbigniew Niewiński\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2016-10-06 14:00 - 2016-02-23 23:39 - 00000443 _____ C:\Users\Zbigniew Niewiński\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2016-10-06 14:00 - 2016-02-23 00:50 - 00000291 _____ C:\Users\Zbigniew Niewiński\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Komputer.lnk 2016-10-06 14:00 - 2016-02-22 04:59 - 00002169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-06 14:00 - 2014-02-26 02:43 - 00001100 _____ C:\Users\Public\Desktop\HP Quick Start.lnk 2016-10-06 14:00 - 2013-07-17 02:45 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2016-10-06 14:00 - 2013-07-17 02:45 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2016-10-06 14:00 - 2013-07-17 02:39 - 00001968 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 2016-10-06 13:57 - 2016-07-26 18:53 - 00000406 _____ C:\WINDOWS\Tasks\HPCeeScheduleForZbigniew Niewiński.job 2016-10-06 12:47 - 2016-07-26 18:53 - 00003246 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForZbigniew Niewiński 2016-10-06 11:30 - 2016-03-01 02:42 - 00000000 ____D C:\Users\Zbigniew Niewiński\AppData\Local\CrashDumps 2016-10-05 17:56 - 2016-02-22 04:08 - 00000000 ____D C:\Users\Zbigniew Niewiński\AppData\Local\Packages 2016-10-05 17:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-10-05 16:56 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-10-05 13:29 - 2016-06-30 18:15 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2016-10-05 12:34 - 2016-02-23 06:28 - 00000000 ____D C:\Program Files\Recuva 2016-10-05 11:57 - 2016-06-30 18:18 - 00003894 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1467303472 2016-10-05 11:42 - 2016-03-05 20:51 - 512833342 _____ C:\Users\Zbigniew Niewiński\Downloads\MIITW_UPDATE2_Polish_RC_Final.zip 2016-10-05 11:20 - 2016-07-20 17:49 - 00301502 _____ C:\Users\Zbigniew Niewiński\Downloads\uokik_lista_nr_VIN_Honda_20150720.xlsx 2016-10-05 11:00 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-17 19:57 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2016-09-17 02:22 - 2016-03-01 02:45 - 00000000 ____D C:\Users\Zbigniew Niewiński\AppData\Local\ApplicationHistory 2016-09-16 19:55 - 2016-06-30 18:15 - 00004180 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-09-15 22:52 - 2013-08-22 16:44 - 00566960 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-09-15 22:50 - 2016-02-23 00:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-09-15 22:50 - 2016-02-23 00:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-09-15 22:46 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup 2016-09-15 22:46 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\setup 2016-09-15 22:44 - 2016-02-23 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-09-15 22:41 - 2016-02-22 08:35 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-09-15 22:35 - 2016-02-22 08:34 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-09-15 22:33 - 2014-11-21 10:25 - 00000000 ____D C:\WINDOWS\ShellNew 2016-09-15 19:25 - 2016-08-21 18:04 - 00000000 ____D C:\Users\Zbigniew Niewiński\AppData\Roaming\IObit 2016-09-13 19:39 - 2016-06-30 18:15 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2016-09-09 19:37 - 2016-06-30 18:15 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2016-09-09 19:37 - 2016-06-30 18:15 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2016-09-09 19:37 - 2016-06-30 18:15 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2016-09-09 19:37 - 2016-06-30 18:15 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2016-09-09 19:37 - 2016-06-30 18:15 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2016-09-09 19:37 - 2016-06-30 18:15 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2016-09-09 19:36 - 2016-06-30 18:17 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys ==================== Files in the root of some directories ======= 2016-03-01 02:45 - 2016-03-01 02:45 - 0000106 _____ () C:\Users\Zbigniew Niewiński\AppData\Local\fusioncache.dat 2016-02-24 03:42 - 2016-02-24 03:42 - 0003236 _____ () C:\Users\Zbigniew Niewiński\AppData\Local\unins000.dat 2016-02-24 03:42 - 2016-02-24 03:42 - 0707672 _____ () C:\Users\Zbigniew Niewiński\AppData\Local\unins000.exe 2016-02-24 03:42 - 2016-02-24 03:42 - 0011761 _____ () C:\Users\Zbigniew Niewiński\AppData\Local\unins000.msg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-16 19:55 ==================== End of FRST.txt ============================