Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017 Ran by Piotr (administrator) on PIOTR (22-01-2017 14:08:33) Running from D:\Program Files\FRST Loaded Profiles: Piotr (Available Profiles: Piotr) Platform: Windows 8.1 Pro (Update) (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Node.js) C:\Users\Piotr\AppData\Roaming\win-svc\bin\winsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation) HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6340312 2014-06-10] (Realtek semiconductor) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2015-10-02] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [8235848 2015-10-02] (Lenovo(beijing) Limited) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-1787938467-411497002-959167669-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd) HKU\S-1-5-21-1787938467-411497002-959167669-1002\...\MountPoints2: {aeaef7af-9302-11e5-826a-104a7d6bc9d8} - "F:\LGAutoRun.exe" HKU\S-1-5-21-1787938467-411497002-959167669-1002\...\MountPoints2: {b6983382-c4da-11e5-826d-104a7d6bc9d8} - "E:\setup.exe" HKU\S-1-5-21-1787938467-411497002-959167669-1002\...\MountPoints2: {d2e23a67-e1f9-11e5-8270-104a7d6bc9d8} - "E:\Launcher.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-09-14] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155792 2015-09-14] (NVIDIA Corporation) Startup: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winsvc.vbs [2016-12-21] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{67B92672-34DA-40AC-AE03-D8849F3661A4}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1787938467-411497002-959167669-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) Chrome: ======= CHR HomePage: Default -> hxxp://google.com/ CHR StartupUrls: Default -> "hxxp://google.com/" CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll () CHR Profile: C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default [2017-01-22] CHR Extension: (Dysk Google) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-19] CHR Extension: (YouTube) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-19] CHR Extension: (Adblock Plus) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-19] CHR Extension: (AdBlock) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-19] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19] CHR Extension: (Gmail) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-19] CHR Extension: (Chrome Media Router) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-19] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.) S3 GalaxyClientService; D:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [284224 2016-12-28] (GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-18] (GOG.com) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation) R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-12-12] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-11-21] (Intel Corporation) S3 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-25] (Electronic Arts) S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.) R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2016-03-04] (DT Soft Ltd) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-16] (REALiX(tm)) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [231152 2014-12-12] (Intel Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-24] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9121496 2014-06-10] (Realtek Semiconductor Corp.) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-03-07] (Synaptics Incorporated) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-21 15:22 - 2017-01-21 15:22 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2017-01-21 15:22 - 2017-01-21 15:22 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software 2017-01-20 14:41 - 2017-01-20 15:29 - 00000000 ____D C:\Program Files (x86)\MIO 2017-01-20 14:41 - 2017-01-20 14:41 - 00003596 _____ C:\Windows\System32\Tasks\Milimili 2017-01-20 14:35 - 2017-01-20 14:35 - 00000000 ____D C:\Users\Piotr\Desktop\Baltic Porter Day 2017-01-19 16:47 - 2017-01-19 16:47 - 00060506 _____ C:\Users\Piotr\Desktop\gmer.txt 2017-01-19 16:34 - 2017-01-19 16:34 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Piotr\Downloads\sc-cleaner.exe 2017-01-19 16:28 - 2017-01-19 16:29 - 01285352 _____ (Rocere ) C:\Users\Piotr\Downloads\Shortcut-Cleaner-39923-dp.exe 2017-01-19 16:23 - 2017-01-19 16:27 - 54199488 _____ (Malwarebytes ) C:\Users\Piotr\Downloads\mb3-setup-consumer-3.0.5.1299.exe 2017-01-19 16:07 - 2017-01-19 16:07 - 00371282 _____ C:\Users\Piotr\Downloads\gmer.zip 2017-01-19 16:03 - 2017-01-19 16:03 - 05659349 _____ (Swearware) C:\Users\Piotr\Downloads\ComboFix.exe 2017-01-19 15:52 - 2017-01-22 14:08 - 00000000 ____D C:\FRST 2017-01-19 15:48 - 2017-01-19 15:48 - 00008578 _____ C:\Users\Piotr\Desktop\fixlist.txt 2017-01-19 15:26 - 2017-01-19 15:26 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\AVG 2017-01-19 15:25 - 2017-01-21 15:22 - 00000952 _____ C:\Users\Public\Desktop\AVG Protection.lnk 2017-01-19 15:25 - 2017-01-21 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2017-01-19 15:25 - 2017-01-19 15:25 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\TuneUp Software 2017-01-19 15:24 - 2017-01-19 15:24 - 00000000 ___HD C:\$AVG 2017-01-19 15:23 - 2017-01-22 13:51 - 00000000 ____D C:\ProgramData\MFAData 2017-01-19 15:23 - 2017-01-21 15:17 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task 2017-01-19 15:18 - 2017-01-22 13:49 - 00002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-19 15:18 - 2017-01-22 13:49 - 00002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-01-19 15:16 - 2017-01-19 15:24 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-01-19 15:16 - 2017-01-19 15:24 - 00003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-01-19 14:55 - 2017-01-20 14:41 - 00003640 _____ C:\Windows\System32\Tasks\WinTOOL 2017-01-19 14:55 - 2017-01-20 14:41 - 00000000 ____D C:\ProgramData\wintools 2017-01-19 14:48 - 2017-01-19 14:49 - 08845344 _____ (Piriform Ltd) C:\Users\Piotr\Downloads\ccsetup526pro (1).exe 2017-01-19 14:44 - 2017-01-19 15:06 - 00000000 ____D C:\Program Files\CCleaner 2017-01-19 14:44 - 2017-01-19 14:44 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-01-19 14:44 - 2017-01-19 14:44 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-01-19 14:44 - 2017-01-19 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-01-19 14:43 - 2017-01-19 14:44 - 08845344 _____ (Piriform Ltd) C:\Users\Piotr\Downloads\ccsetup526pro.exe 2017-01-19 14:42 - 2017-01-19 14:42 - 00013686 _____ C:\Users\Piotr\Downloads\bookmarks_19.01.2017.html 2017-01-19 14:15 - 2017-01-19 14:23 - 265802136 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Piotr\Downloads\AVG_Antivirus_Free_x64_693.exe 2017-01-19 11:09 - 2017-01-19 11:09 - 00246921 _____ C:\Users\Piotr\Downloads\baltic-porter-day-logo-dark.pdf 2017-01-19 11:08 - 2017-01-03 21:02 - 00246921 _____ C:\Users\Piotr\Desktop\baltic-porter-day-logo-dark.pdf 2017-01-19 10:33 - 2017-01-19 10:33 - 00661300 _____ C:\Users\Piotr\Downloads\Baltic-Porter-Day-Pack (1).rar 2017-01-19 10:32 - 2017-01-19 10:32 - 00661300 _____ C:\Users\Piotr\Downloads\Baltic-Porter-Day-Pack.rar 2017-01-19 02:26 - 2017-01-22 11:00 - 00000000 ____D C:\Program Files\f09er35s 2017-01-18 22:23 - 2017-01-19 17:24 - 00000000 ____D C:\Program Files\kkez28a6 2017-01-18 17:47 - 2017-01-18 17:48 - 03356453 _____ C:\Users\Piotr\Downloads\Wyniki PIM ROK B.pdf 2017-01-17 13:38 - 2017-01-17 13:38 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Piotr\Downloads\SpyHunter-Installer (1).exe 2017-01-17 11:51 - 2017-01-22 14:05 - 00000000 ____D C:\AdwCleaner 2017-01-17 11:51 - 2017-01-17 11:51 - 03988944 _____ C:\Users\Piotr\Downloads\adwcleaner_6.042.exe 2017-01-17 01:24 - 2017-01-17 01:24 - 01944616 _____ (WiperSoft) C:\Users\Piotr\Downloads\WiperSoft-installer.exe 2017-01-17 01:01 - 2017-01-17 01:01 - 00002760 _____ C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance 2017-01-17 00:44 - 2017-01-17 00:44 - 08803648 _____ (Piriform Ltd) C:\Users\Piotr\Downloads\ccsetup525.exe 2017-01-17 00:43 - 2017-01-17 00:43 - 01285352 _____ (Rocere ) C:\Users\Piotr\Downloads\CCleaner-13061-dp.exe 2017-01-17 00:40 - 2017-01-17 00:40 - 00942897 _____ C:\Users\Piotr\Downloads\Spyhunter-4.5.7.3531-Serial-Key-Generator.zip 2017-01-16 23:50 - 2017-01-16 23:50 - 00000000 _____ C:\autoexec.bat 2017-01-16 23:48 - 2017-01-16 23:48 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Piotr\Downloads\SpyHunter-Installer.exe 2017-01-16 20:41 - 2017-01-22 13:59 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1787938467-411497002-959167669-1002 2017-01-16 19:35 - 2017-01-19 14:46 - 00000008 __RSH C:\Users\Piotr\ntuser.pol 2017-01-16 19:32 - 2017-01-16 19:37 - 00000000 ____D C:\ProgramData\ProductData 2017-01-16 19:32 - 2017-01-16 19:33 - 00000000 ____D C:\Users\Piotr\AppData\LocalLow\IObit 2017-01-16 19:32 - 2017-01-16 19:32 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS 2017-01-16 19:32 - 2017-01-16 19:32 - 00000000 ____D C:\Windows\IObit 2017-01-16 19:32 - 2017-01-16 19:32 - 00000000 ____D C:\ProgramData\IObit 2017-01-16 19:31 - 2017-01-16 19:31 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\IObit 2017-01-16 19:28 - 2017-01-16 19:28 - 00000000 ____D C:\Users\Public\Thunder Network 2017-01-16 19:27 - 2017-01-16 19:27 - 00000000 ____D C:\ProgramData\Avira 2017-01-16 19:26 - 2017-01-22 13:51 - 00000000 ____D C:\Program Files (x86)\Toheshphfeied 2017-01-16 19:26 - 2017-01-16 19:34 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Clorertyckidering 2017-01-16 19:26 - 2017-01-16 19:27 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\win-svc 2017-01-16 19:25 - 2017-01-19 14:46 - 00000008 __RSH C:\ProgramData\ntuser.pol 2017-01-16 19:24 - 2017-01-16 19:24 - 02337392 _____ C:\Users\Piotr\Downloads\The_Hateful_Eight_2015DVDScr_XVID_AC3_HQ.zip 2017-01-16 19:00 - 2017-01-16 19:00 - 00000294 _____ C:\Users\Piotr\Desktop\po.txt 2017-01-10 23:32 - 2017-01-10 23:32 - 00000041 _____ C:\Users\Piotr\Desktop\abt.txt 2017-01-10 23:27 - 2017-01-17 00:52 - 00000000 ____D C:\Users\Piotr\Desktop\Kozieł Piotr 2017-01-10 22:47 - 2017-01-10 22:47 - 00000000 ____D C:\ProgramData\Apowersoft 2017-01-10 21:14 - 2017-01-10 22:47 - 00000000 ____D C:\Users\Piotr\Documents\Apowersoft 2017-01-10 21:14 - 2017-01-10 21:14 - 00001103 _____ C:\Users\Public\Desktop\Rejestrator Ekranu Apowersoft.lnk 2017-01-10 21:14 - 2017-01-10 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft 2017-01-10 21:12 - 2017-01-10 21:12 - 06699032 _____ C:\Users\Piotr\Downloads\jing.exe 2017-01-10 21:02 - 2017-01-10 21:03 - 01267720 _____ ( ) C:\Users\Piotr\Downloads\Jing-Free-13164-dp.exe 2017-01-10 20:31 - 2017-01-10 21:13 - 17199800 _____ (APOWERSOFT LIMITED ) C:\Users\Piotr\Downloads\screen-recorder-pro.exe 2017-01-10 19:38 - 2017-01-10 22:47 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Apowersoft 2017-01-10 19:35 - 2017-01-10 19:37 - 01226104 _____ (Apowersoft Ltd. ) C:\Users\Piotr\Downloads\apowersoft-online-launcher.exe 2017-01-10 19:34 - 2017-01-10 19:34 - 00004537 _____ C:\Users\Piotr\AppData\Roaming\CamStudio.cfg 2017-01-10 18:16 - 2017-01-10 19:34 - 00000408 _____ C:\Users\Piotr\AppData\Roaming\CamShapes.ini 2017-01-10 18:16 - 2017-01-10 19:34 - 00000408 _____ C:\Users\Piotr\AppData\Roaming\CamLayout.ini 2017-01-10 18:16 - 2017-01-10 19:34 - 00000096 _____ C:\Users\Piotr\AppData\Roaming\Camdata.ini 2017-01-10 18:15 - 2017-01-19 15:26 - 00000000 ____D C:\Program Files\Common Files\AV 2017-01-10 18:15 - 2017-01-10 18:15 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2017-01-10 18:01 - 2017-01-10 19:33 - 00000000 ____D C:\Users\Piotr\Documents\My CamStudio Temp Files 2017-01-10 18:01 - 2017-01-10 19:25 - 00000096 _____ C:\Users\Piotr\AppData\Roaming\version2.xml 2017-01-10 17:58 - 2017-01-19 14:28 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-10 17:58 - 2017-01-10 17:58 - 06334896 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online__5_.exe 2017-01-10 17:29 - 2017-01-10 17:30 - 01267720 _____ ( ) C:\Users\Piotr\Downloads\Camtasia-Studio-12665-dp (1).exe 2017-01-10 17:28 - 2017-01-10 17:28 - 01267720 _____ ( ) C:\Users\Piotr\Downloads\Camtasia-Studio-12665-dp.exe 2017-01-10 17:11 - 2017-01-10 17:11 - 02326976 _____ (Beepa Pty Ltd) C:\Users\Piotr\Downloads\Fraps_3.5.99.exe 2017-01-10 17:09 - 2017-01-10 17:09 - 01267720 _____ ( ) C:\Users\Piotr\Downloads\Fraps-12500-dp.exe 2017-01-09 15:34 - 2017-01-09 15:34 - 00001601 _____ C:\Users\Piotr\Desktop\pim.txt 2017-01-09 15:26 - 2017-01-09 15:26 - 00000024 _____ C:\Users\Piotr\Desktop\zrzut.txt 2017-01-09 13:49 - 2017-01-09 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwent [GOG.com] 2017-01-09 12:57 - 2017-01-10 23:08 - 00000000 ____D C:\Users\Piotr\Documents\Algodoo 2017-01-09 12:57 - 2017-01-09 12:57 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\NVIDIA 2017-01-09 12:56 - 2017-01-09 12:56 - 43058423 _____ (Algoryx ) C:\Users\Piotr\Downloads\Algodoo_2_1_0-Win32.exe 2017-01-09 12:56 - 2017-01-09 12:56 - 00000722 _____ C:\Users\Public\Desktop\Algodoo.lnk 2017-01-09 12:56 - 2017-01-09 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Algodoo 2017-01-09 12:55 - 2017-01-09 12:55 - 01267720 _____ ( ) C:\Users\Piotr\Downloads\Algodoo-16412-dp.exe 2017-01-01 03:23 - 2017-01-01 03:23 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\MK10 2016-12-31 14:54 - 2017-01-17 00:46 - 00000000 ____D C:\Users\Piotr\Desktop\rozna 2016-12-29 14:10 - 2016-12-29 14:10 - 00619521 _____ C:\Users\Piotr\Downloads\24b1b79d49d15365575d072f15a06374.mp4 2016-12-28 17:57 - 2016-12-31 14:55 - 00000222 _____ C:\Users\Piotr\Desktop\Crusader Kings II.url 2016-12-27 13:47 - 2016-12-27 13:47 - 00000222 _____ C:\Users\Piotr\Desktop\Crusader Kings Complete.url 2016-12-27 11:48 - 2016-12-28 17:57 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-12-27 11:48 - 2016-12-27 11:48 - 00000222 _____ C:\Users\Piotr\Desktop\Mortal Kombat X.url 2016-12-25 23:59 - 2016-12-25 23:59 - 00000222 _____ C:\Users\Piotr\Desktop\Company of Heroes 2.url 2016-12-25 23:47 - 2016-12-25 23:47 - 01446792 _____ C:\Users\Piotr\Downloads\SteamSetup.exe 2016-12-25 23:47 - 2016-12-25 23:47 - 00000702 _____ C:\Users\Public\Desktop\Steam.lnk 2016-12-25 23:47 - 2016-12-25 23:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-22 14:04 - 2015-10-05 19:26 - 01627648 ___SH C:\Users\Piotr\Desktop\Thumbs.db 2017-01-22 13:59 - 2016-03-01 20:11 - 00000000 ____D C:\Users\Piotr\Documents\Pliki programu Outlook 2017-01-22 13:55 - 2015-10-02 13:19 - 00000000 ____D C:\ProgramData\Energy Manager 2017-01-22 13:55 - 2015-10-01 12:51 - 00000000 ____D C:\Users\Piotr\OneDrive 2017-01-22 13:51 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-22 13:50 - 2015-10-01 12:43 - 00000000 ____D C:\Users\Piotr 2017-01-22 13:50 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2017-01-22 13:49 - 2015-10-01 12:44 - 00001162 _____ C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-01-22 08:03 - 2015-10-01 12:54 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D5BA7AD9-9285-471B-B7BE-D38A37CE7592} 2017-01-19 16:44 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2017-01-19 15:25 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2017-01-19 15:24 - 2016-03-04 13:09 - 00000000 ____D C:\Program Files (x86)\AVG 2017-01-19 15:23 - 2016-03-04 13:09 - 00000000 ____D C:\ProgramData\Avg 2017-01-19 15:18 - 2015-10-01 14:06 - 00000000 ____D C:\Program Files (x86)\Google 2017-01-19 14:43 - 2015-11-11 17:19 - 00504832 ___SH C:\Users\Piotr\Downloads\Thumbs.db 2017-01-19 11:18 - 2015-10-01 13:54 - 00807134 _____ C:\Windows\system32\perfh015.dat 2017-01-19 11:18 - 2015-10-01 13:54 - 00163478 _____ C:\Windows\system32\perfc015.dat 2017-01-19 11:18 - 2014-11-21 08:38 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-19 11:18 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2017-01-18 01:56 - 2015-10-02 21:46 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\vlc 2017-01-17 11:54 - 2015-10-14 17:09 - 00000000 ____D C:\Windows\system32\log 2017-01-17 11:37 - 2015-10-01 12:44 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Adobe 2017-01-17 11:26 - 2015-10-01 14:45 - 00000000 ____D C:\Program Files (x86)\Intel 2017-01-17 00:47 - 2016-03-04 13:00 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\DAEMON Tools Lite 2017-01-17 00:46 - 2015-10-02 13:21 - 00000000 ____D C:\Windows\Minidump 2017-01-17 00:46 - 2015-09-10 22:21 - 00000000 ____D C:\Windows\Panther 2017-01-16 19:27 - 2015-10-03 08:31 - 00000000 ____D C:\Program Files (x86)\Origin 2017-01-16 19:27 - 2015-10-02 12:49 - 00000000 ____D C:\Program Files (x86)\Realtek 2017-01-12 12:53 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF 2017-01-10 19:28 - 2016-09-22 19:15 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-01-10 19:28 - 2015-09-10 22:43 - 00000000 ____D C:\ProgramData\Skype 2017-01-09 13:49 - 2016-09-22 19:47 - 00001085 _____ C:\Users\Public\Desktop\Gwent.lnk 2017-01-05 16:53 - 2016-09-21 15:08 - 00000258 _____ C:\Users\Piotr\Desktop\ggh.txt 2016-12-28 18:36 - 2013-08-22 16:36 - 00000000 __RSD C:\Windows\assembly 2016-12-28 18:28 - 2016-03-04 13:14 - 00000000 ____D C:\Users\Piotr\Documents\Paradox Interactive 2016-12-28 16:55 - 2013-08-22 15:44 - 00496104 _____ C:\Windows\system32\FNTCACHE.DAT 2016-12-25 23:46 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness ==================== Files in the root of some directories ======= 2017-01-10 18:16 - 2017-01-10 19:34 - 0000096 _____ () C:\Users\Piotr\AppData\Roaming\Camdata.ini 2017-01-10 18:16 - 2017-01-10 19:34 - 0000408 _____ () C:\Users\Piotr\AppData\Roaming\CamLayout.ini 2017-01-10 18:16 - 2017-01-10 19:34 - 0000408 _____ () C:\Users\Piotr\AppData\Roaming\CamShapes.ini 2017-01-10 19:34 - 2017-01-10 19:34 - 0004537 _____ () C:\Users\Piotr\AppData\Roaming\CamStudio.cfg 2017-01-10 18:01 - 2017-01-10 19:25 - 0000096 _____ () C:\Users\Piotr\AppData\Roaming\version2.xml 2015-10-12 17:52 - 2015-11-16 10:38 - 0000600 _____ () C:\Users\Piotr\AppData\Local\PUTTY.RND 2015-10-02 12:50 - 2015-10-02 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed