Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by Paweł (administrator) on ANIA-KOMP on 28-01-2015 11:08:02 Running from C:\Users\Paweł\Downloads Loaded Profiles: Paweł (Available profiles: tav & Jarek & Paweł) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (GG Network S.A.) C:\Users\Paweł\AppData\Local\GG\Application\gghub.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (GG Network S.A.) C:\Users\Paweł\AppData\Local\GG\Application\ggapp.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (GG Network S.A.) C:\Users\Paweł\AppData\Local\GG\Application\ggdrive\ggdrive.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-12-02] (Western Digital Technologies, Inc.) HKU\S-1-5-21-1776262867-2562919316-2788798546-1043\...\Run: [GG] => C:\Users\Paweł\AppData\Local\GG\Application\gghub.exe [4023360 2014-12-02] (GG Network S.A.) Startup: C:\Users\tav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk ShortcutTarget: OpenVPN GUI.lnk -> C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1776262867-2562919316-2788798546-1043\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\wl9mkgd8.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\wl9mkgd8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-25] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Profile: C:\Users\Paweł\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\Paweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-11] CHR Extension: (Dysk Google) - C:\Users\Paweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-11] CHR Extension: (YouTube) - C:\Users\Paweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-11] CHR Extension: (Szukaj w Google) - C:\Users\Paweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-11] CHR Extension: (Avast Online Security) - C:\Users\Paweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-11] CHR Extension: (Google Wallet) - C:\Users\Paweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-11] CHR Extension: (Adblock Pro) - C:\Users\Paweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-07-15] CHR Extension: (Gmail) - C:\Users\Paweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed] S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.) S4 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () [File not signed] S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed] R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.) R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374304 2011-05-27] (SafeNet, Inc.) R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250848 2011-05-27] (SafeNet, Inc) R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292384 2011-05-27] (SafeNet, Inc.) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [296576 2012-06-15] (SafeNet Inc.) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [323584 2012-10-06] (SafeNet Inc.) R2 hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [665600 2014-02-05] (Aladdin Knowledge Systems) [File not signed] S2 Haspnt; C:\Windows\SysWOW64\drivers\Haspnt.sys [47616 2014-02-05] (Aladdin Knowledge Systems) [File not signed] R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation) S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation) S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation) S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation) S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation) S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation) S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation) S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.) S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-28 11:08 - 2015-01-28 11:08 - 00014938 _____ () C:\Users\Paweł\Downloads\FRST.txt 2015-01-28 11:07 - 2015-01-28 11:08 - 00000000 ____D () C:\FRST 2015-01-28 11:06 - 2015-01-28 11:06 - 02129920 _____ (Farbar) C:\Users\Paweł\Downloads\FRST64.exe 2015-01-28 09:16 - 2015-01-28 09:18 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat 2015-01-27 17:32 - 2015-01-27 17:32 - 05040384 _____ (AVAST Software) C:\Users\Paweł\Desktop\avastclear.exe 2015-01-27 17:01 - 2015-01-27 17:01 - 00000000 ____D () C:\Users\Paweł\Desktop\naprawa sieci 2015-01-26 21:33 - 2015-01-26 21:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 08:48 - 2015-01-26 08:49 - 00000197 _____ () C:\Windows\system32\2015-01-26-07-48-47.010-AvastVBoxSVC.exe-3628.log 2015-01-23 11:04 - 2015-01-23 11:04 - 00000197 _____ () C:\Windows\system32\2015-01-23-10-04-41.028-AvastVBoxSVC.exe-4008.log 2015-01-23 11:00 - 2014-08-27 14:10 - 00942808 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys 2015-01-23 11:00 - 2014-08-27 14:10 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll 2015-01-23 11:00 - 2014-08-27 14:10 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll 2015-01-23 10:59 - 2015-01-23 11:00 - 00000000 ____D () C:\Program Files (x86)\Realtek 2015-01-23 10:58 - 2015-01-23 10:58 - 00000000 ____D () C:\Users\Paweł\Desktop\0001-Install_Win7_7090_11252014 2015-01-23 10:57 - 2015-01-23 10:57 - 06166500 _____ () C:\Users\Paweł\Desktop\0001-Install_Win7_7090_11252014.zip 2015-01-22 13:55 - 2015-01-23 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-21 09:07 - 2015-01-21 09:07 - 00003048 _____ () C:\Windows\System32\Tasks\{0FB7081D-DDA2-49D5-BD1B-EB0CAC2FF17F} 2015-01-21 08:59 - 2015-01-21 09:00 - 00000197 _____ () C:\Windows\system32\2015-01-21-07-59-39.084-AvastVBoxSVC.exe-3444.log 2015-01-20 08:46 - 2015-01-20 08:46 - 00000197 _____ () C:\Windows\system32\2015-01-20-07-46-03.049-AvastVBoxSVC.exe-2112.log 2015-01-19 10:01 - 2015-01-19 10:02 - 00000197 _____ () C:\Windows\system32\2015-01-19-09-01-53.019-AvastVBoxSVC.exe-2348.log 2015-01-16 13:01 - 2015-01-16 13:01 - 00000197 _____ () C:\Windows\system32\2015-01-16-12-01-14.073-AvastVBoxSVC.exe-3896.log 2015-01-16 12:55 - 2015-01-27 12:31 - 00000000 ____D () C:\Users\Paweł\Documents\STOCZNIA GDYNIA - LIKWIDACJA 2015-01-16 08:40 - 2015-01-16 08:40 - 00000197 _____ () C:\Windows\system32\2015-01-16-07-40-41.018-AvastVBoxSVC.exe-3560.log 2015-01-15 14:39 - 2015-01-15 16:50 - 00000000 ____D () C:\Users\Paweł\Desktop\KSZYK 2015-01-15 13:57 - 2015-01-15 14:54 - 00292297 _____ () C:\Users\Paweł\Desktop\kszyk2.cpt 2015-01-15 11:23 - 2015-01-15 11:23 - 00000197 _____ () C:\Windows\system32\2015-01-15-10-23-13.066-AvastVBoxSVC.exe-3768.log 2015-01-14 10:24 - 2015-01-28 10:57 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2015-01-14 10:24 - 2015-01-14 10:24 - 00001768 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 ____D () C:\Users\Paweł\AppData\Roaming\SUPERAntiSpyware.com 2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-01-14 10:23 - 2015-01-14 10:23 - 20995512 _____ (SUPERAntiSpyware) C:\Users\Paweł\Desktop\SUPERAntiSpyware.exe 2015-01-14 10:18 - 2015-01-14 10:18 - 00000247 _____ () C:\Windows\system32\2015-01-14-09-18-39.078-aswFe.exe-6044.log 2015-01-14 10:14 - 2015-01-14 10:18 - 00000247 _____ () C:\Windows\system32\2015-01-14-09-14-58.017-aswFe.exe-4984.log 2015-01-14 10:14 - 2015-01-14 10:14 - 00000197 _____ () C:\Windows\system32\2015-01-14-09-14-52.060-AvastVBoxSVC.exe-2808.log 2015-01-14 09:50 - 2015-01-14 09:53 - 00000000 ____D () C:\AdwCleaner 2015-01-14 09:46 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 09:46 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 09:46 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 09:46 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 09:46 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 09:46 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 09:46 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 09:46 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 09:46 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 09:46 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 09:46 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 09:46 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 09:46 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 09:38 - 2015-01-14 09:38 - 02191360 _____ () C:\Users\Paweł\Downloads\adwcleaner_4.107.exe 2015-01-14 09:33 - 2015-01-14 09:33 - 00000197 _____ () C:\Windows\system32\2015-01-14-08-33-08.079-AvastVBoxSVC.exe-4012.log 2015-01-13 09:55 - 2015-01-13 09:55 - 00000247 _____ () C:\Windows\system32\2015-01-13-08-55-20.015-aswFe.exe-4068.log 2015-01-13 09:51 - 2015-01-13 09:55 - 00000247 _____ () C:\Windows\system32\2015-01-13-08-51-34.037-aswFe.exe-4364.log 2015-01-13 09:51 - 2015-01-13 09:51 - 00000197 _____ () C:\Windows\system32\2015-01-13-08-51-30.089-AvastVBoxSVC.exe-2380.log 2015-01-13 09:31 - 2015-01-13 09:31 - 00000000 ____D () C:\Program Files\Common Files\Western Digital 2015-01-13 09:13 - 2015-01-13 09:13 - 00000000 ____D () C:\Analytics 2015-01-13 09:11 - 2015-01-13 09:11 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital 2015-01-13 09:06 - 2015-01-13 09:06 - 00000000 ____D () C:\Users\Paweł\AppData\Local\Western Digital 2015-01-13 09:04 - 2015-01-13 09:04 - 00000000 ____D () C:\Users\Paweł\AppData\Local\Western_Digital_Technolog 2015-01-13 09:03 - 2015-01-13 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2015-01-13 09:03 - 2015-01-13 09:31 - 00000000 ____D () C:\Program Files (x86)\Western Digital 2015-01-13 09:03 - 2015-01-13 09:03 - 00001117 _____ () C:\Users\Public\Desktop\WD Drive Utilities.lnk 2015-01-13 09:03 - 2015-01-13 09:03 - 00000000 ____D () C:\Program Files\Western Digital 2015-01-13 09:02 - 2015-01-13 09:31 - 00000000 ____D () C:\ProgramData\Western Digital 2015-01-13 08:59 - 2015-01-13 08:59 - 00000000 ____D () C:\Program Files\WDCSAM 2015-01-13 08:59 - 2015-01-13 08:59 - 00000000 ____D () C:\Program Files\DIFX 2015-01-13 08:58 - 2015-01-13 08:58 - 00378553 _____ () C:\Users\Paweł\Desktop\WD_SES_Driver_Setup_x64.zip 2015-01-13 08:58 - 2015-01-13 08:58 - 00000000 ____D () C:\Users\Paweł\Desktop\WD_SES_Driver_Setup_x64 2015-01-13 08:44 - 2015-01-13 08:45 - 00000197 _____ () C:\Windows\system32\2015-01-13-07-44-31.053-AvastVBoxSVC.exe-2916.log 2015-01-12 16:57 - 2015-01-12 16:57 - 00000197 _____ () C:\Windows\system32\2015-01-12-15-57-14.036-AvastVBoxSVC.exe-1676.log 2015-01-12 12:03 - 2015-01-12 11:49 - 04184684 _____ () C:\Users\Paweł\Documents\Kopia_zapasowa_Druk_delegacja.cdr 2015-01-12 11:49 - 2015-01-12 12:03 - 04267892 _____ () C:\Users\Paweł\Documents\Druk_delegacja.cdr 2015-01-12 09:18 - 2015-01-12 09:18 - 00000197 _____ () C:\Windows\system32\2015-01-12-08-18-22.041-AvastVBoxSVC.exe-2984.log 2015-01-08 08:41 - 2015-01-08 08:41 - 00000197 _____ () C:\Windows\system32\2015-01-08-07-41-03.044-AvastVBoxSVC.exe-2824.log 2015-01-07 12:40 - 2015-01-07 12:40 - 40340736 _____ () C:\Users\Paweł\Desktop\Firefox Setup 34.0.5.exe 2015-01-07 10:39 - 2015-01-07 10:40 - 00000000 ____D () C:\Users\Paweł\Documents\zwierciadła wody - gdańsk śródmieście 2015-01-07 08:47 - 2015-01-07 08:48 - 00000197 _____ () C:\Windows\system32\2015-01-07-07-47-30.043-AvastVBoxSVC.exe-2004.log 2015-01-05 10:20 - 2015-01-05 10:20 - 00000197 _____ () C:\Windows\system32\2015-01-05-09-20-07.037-AvastVBoxSVC.exe-2892.log 2015-01-02 08:47 - 2015-01-02 08:47 - 00000197 _____ () C:\Windows\system32\2015-01-02-07-47-11.010-AvastVBoxSVC.exe-3416.log 2014-12-31 08:38 - 2014-12-31 08:39 - 00000197 _____ () C:\Windows\system32\2014-12-31-07-38-53.002-AvastVBoxSVC.exe-3184.log 2014-12-30 12:08 - 2014-12-30 12:08 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-12-30 12:08 - 2014-12-30 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-30 12:07 - 2014-12-30 12:07 - 00000000 ____D () C:\ProgramData\Oracle 2014-12-30 12:07 - 2014-12-30 12:07 - 00000000 ____D () C:\Program Files\Java 2014-12-30 12:05 - 2014-12-30 12:06 - 92658088 _____ (Oracle Corporation) C:\Users\Paweł\Desktop\jre-8u25-windows-x64.exe 2014-12-30 12:04 - 2014-12-30 12:04 - 00638888 _____ (Oracle Corporation) C:\Users\Paweł\Desktop\jxpiinstall.exe 2014-12-30 08:33 - 2014-12-30 08:34 - 00000197 _____ () C:\Windows\system32\2014-12-30-07-33-44.035-AvastVBoxSVC.exe-3192.log 2014-12-29 15:42 - 2014-12-29 15:42 - 00000197 _____ () C:\Windows\system32\2014-12-29-14-42-37.084-AvastVBoxSVC.exe-3628.log 2014-12-29 11:49 - 2014-12-29 11:49 - 00000168 _____ () C:\Users\Paweł\Documents\plot.log 2014-12-29 11:06 - 2014-12-29 11:06 - 00001621 _____ () C:\Users\Paweł\Desktop\GG dysk.lnk 2014-12-29 11:06 - 2014-12-29 11:06 - 00000000 ___SD () C:\Users\Paweł\GG dysk 2014-12-29 11:05 - 2015-01-28 08:11 - 00000000 ____D () C:\Users\Paweł\AppData\Roaming\GG 2014-12-29 11:05 - 2014-12-29 11:06 - 00000000 ____D () C:\Users\Paweł\AppData\Local\GG 2014-12-29 11:05 - 2014-12-29 11:05 - 00001150 _____ () C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk 2014-12-29 11:05 - 2014-12-29 11:05 - 00001142 _____ () C:\Users\Paweł\Desktop\GG.lnk 2014-12-29 11:05 - 2014-12-29 11:05 - 00000000 ____D () C:\ProgramData\GG 2014-12-29 09:32 - 2014-12-29 09:33 - 57627080 _____ (GG Network S.A.) C:\Users\Paweł\Desktop\ggsetup.exe 2014-12-29 08:47 - 2014-12-29 08:47 - 00000197 _____ () C:\Windows\system32\2014-12-29-07-47-03.015-AvastVBoxSVC.exe-3952.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-28 10:55 - 2002-01-03 11:37 - 01309084 _____ () C:\Windows\WindowsUpdate.log 2015-01-28 10:39 - 2012-04-06 07:17 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-28 10:28 - 2013-08-19 07:21 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-28 08:29 - 2009-07-14 05:45 - 00027664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-28 08:29 - 2009-07-14 05:45 - 00027664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-28 08:11 - 2013-08-19 07:21 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-28 08:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-28 08:10 - 2009-07-14 05:51 - 00092732 _____ () C:\Windows\setupact.log 2015-01-28 08:10 - 2002-01-06 17:18 - 02057056 _____ () C:\Windows\PFRO.log 2015-01-27 18:04 - 2014-12-11 15:29 - 00000000 ____D () C:\Users\Paweł\Documents\SKRZESZEWO - projekt studnia 2015-01-27 18:01 - 2014-12-15 14:10 - 00000000 ____D () C:\Users\Paweł\Documents\RÓŻYNY ul orzechowa - pompa ciepła 2015-01-27 17:35 - 2012-05-01 07:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-27 17:34 - 2014-09-22 09:36 - 00065231 _____ () C:\Users\Paweł\Desktop\ZUHOWY GEOPORTAL v2.0.qgs 2015-01-27 16:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-27 15:47 - 2014-08-12 10:27 - 00000000 ____D () C:\Users\Paweł\.qgis2 2015-01-26 10:39 - 2012-04-06 07:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-26 10:39 - 2012-04-06 07:17 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-26 10:39 - 2002-01-06 13:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-23 14:36 - 2014-12-01 09:17 - 00013405 _____ () C:\Windows\BRRBCOM.INI 2015-01-23 11:04 - 2014-02-05 12:42 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-01-23 10:59 - 2002-01-06 16:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-22 15:46 - 2009-07-14 06:13 - 01670590 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-22 15:46 - 2002-01-03 20:33 - 00740438 _____ () C:\Windows\system32\perfh015.dat 2015-01-22 15:46 - 2002-01-03 20:33 - 00156012 _____ () C:\Windows\system32\perfc015.dat 2015-01-21 09:23 - 2011-10-27 09:24 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4 2015-01-21 09:08 - 2014-08-19 08:57 - 00000000 ____D () C:\Program Files\Highresolution Enterprises 2015-01-16 08:40 - 2014-07-11 18:25 - 00127416 _____ () C:\Users\Paweł\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-16 08:37 - 2009-07-14 05:45 - 00443816 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-13 13:03 - 2014-10-20 09:18 - 00000000 ____D () C:\Users\Paweł\Documents\PRUSIEWO LIKWIDACJA 2015-01-13 09:32 - 2011-08-09 07:07 - 00179698 _____ () C:\Windows\DPINST.LOG 2015-01-13 09:29 - 2014-12-04 13:46 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-09 16:29 - 2014-09-22 09:36 - 00065233 _____ () C:\Users\Paweł\Desktop\ZUHOWY GEOPORTAL v2.0.qgs~ 2015-01-07 12:41 - 2002-01-06 18:15 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-07 10:59 - 2014-10-03 10:22 - 00000000 ____D () C:\Users\Paweł\AppData\Local\Thunderbird 2015-01-06 04:36 - 2011-07-19 08:34 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-30 12:09 - 2011-08-30 11:06 - 00000000 ____D () C:\Program Files (x86)\Java 2014-12-30 12:01 - 2014-07-15 08:36 - 00000000 ____D () C:\Users\Paweł\Documents\WARSZAWA pompy ciepla 2014-12-29 11:06 - 2014-07-11 18:25 - 00000000 ____D () C:\Users\Paweł 2014-12-29 11:05 - 2011-07-19 12:42 - 00000000 ____D () C:\Program Files (x86)\Gadu-Gadu ==================== Files in the root of some directories ======= 2014-07-28 09:38 - 2014-07-28 09:38 - 0007649 _____ () C:\Users\Paweł\AppData\Local\Resmon.ResmonCfg 2011-08-09 07:23 - 2011-08-09 07:23 - 0148736 _____ (Avanquest Software) C:\ProgramData\hpe2CF9.dll Files to move or delete: ==================== C:\ProgramData\hpe2CF9.dll Some content of TEMP: ==================== C:\Users\Paweł\AppData\Local\Temp\AcDeltree.exe C:\Users\Paweł\AppData\Local\Temp\JDSetup130501419452619984.exe C:\Users\tav\AppData\Local\Temp\_is1776.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-26 19:31 ==================== End Of Log ============================