Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015 Ran by BASIA (administrator) on BASIAB on 10-07-2015 14:48:39 Running from C:\Users\BASIA\Downloads Loaded Profiles: BASIA (Available Profiles: BASIA) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe () C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [45680 2010-06-08] (FUJITSU LIMITED) HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [199528 2010-11-13] (FUJITSU LIMITED) HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-10-08] (FUJITSU LIMITED) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-07] (Realtek Semiconductor) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation) HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [162416 2010-07-16] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [21616 2010-07-09] (FUJITSU LIMITED) HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED) HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102528 2012-09-25] (Fujitsu Technology Solutions) HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2012-12-26] (RealNetworks, Inc.) HKLM-x32\...\Run: [Plus Internet] => C:\Program Files (x86)\Plus Internet\PlusInternetChecker.exe [472384 2011-07-04] () HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe [446720 2013-02-25] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-05] (Google Inc.) HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\Run: [Mobile Partner] => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [515072 2012-08-06] () HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\Run: [GG] => C:\Users\BASIA\AppData\Local\GG\Application\gghub.exe [4078144 2015-04-06] (GG Network S.A.) HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd) HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3582c417-4626-11e2-803c-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3582c42b-4626-11e2-803c-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3f8c799a-6207-11e2-a4c5-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3f8c79a7-6207-11e2-a4c5-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3f8c79bc-6207-11e2-a4c5-4c8093665d4a} - G:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361eb4-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361ec1-26a9-11e3-9368-4c8093665d4a} - I:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361ed3-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361ede-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361eef-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361ef9-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361f04-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {6881d2aa-5c7c-11e4-8f23-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {97a41044-212c-11e3-9746-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {97a41050-212c-11e3-9746-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {97a4105e-212c-11e3-9746-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {ad88fe5c-4861-11e2-b2ed-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {b7025fae-47a8-11e2-a9d7-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {def49c6e-261b-11e3-a501-4c8093665d4a} - F:\AutoRun.exe Startup: C:\Users\BASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TorpedoCopy.lnk [2014-08-31] ShortcutTarget: TorpedoCopy.lnk -> C:\Users\BASIA\AppData\Local\Torpedo\Torpedo.exe (No File) Startup: C:\Users\BASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk [2013-01-12] ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2012-12-06] ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk [2012-12-06] ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2012-12-06] ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk [2012-12-06] ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1576861816-666788470-2069471701-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-1576861816-666788470-2069471701-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKU\S-1-5-21-1576861816-666788470-2069471701-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG HKU\S-1-5-21-1576861816-666788470-2069471701-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1576861816-666788470-2069471701-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.) Toolbar: HKU\S-1-5-21-1576861816-666788470-2069471701-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{72BD5B63-A6C5-4DC6-961C-89B78EC13397}: [DhcpNameServer] 212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{92587C96-8EB4-429E-95F5-A2455059B16B}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{BED8604D-A9AA-4932-B7EE-03D120FC5685}: [DhcpNameServer] 212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{E7A55052-1D8E-4CD5-9834-9C089575D9E8}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-12-26] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-12-26] (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012-12-05] FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-26] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR Profile: C:\Users\BASIA\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (RealDownloader) - C:\Users\BASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-20] CHR Extension: (Google Wallet) - C:\Users\BASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed] R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed] R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [983104 2010-11-03] (Intel Corporation) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655744 2012-09-22] () S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] () R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [331776 2010-10-08] (FUJITSU LIMITED) [File not signed] S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2013-01-19] () R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-18] (FUJITSU LIMITED) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-07] (Symantec Corporation) R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [239104 2012-09-18] (Huawei Technologies Co., Ltd.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1801216 2010-10-09] () ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-10 14:48 - 2015-07-10 14:48 - 00023719 _____ C:\Users\BASIA\Downloads\FRST.txt 2015-07-10 14:43 - 2015-07-10 14:43 - 00002038 _____ C:\Users\BASIA\Desktop\tdssk.txt 2015-07-10 14:41 - 2015-07-10 14:44 - 00021128 _____ C:\Windows\WindowsUpdate.log 2015-07-10 14:37 - 2015-07-10 14:37 - 00000000 ____D C:\TDSSKiller_Quarantine 2015-07-10 14:31 - 2015-07-10 14:31 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\BASIA\Downloads\tdsskiller.exe 2015-07-10 14:28 - 2015-07-10 14:29 - 00032991 _____ C:\Users\BASIA\Downloads\Addition.txt 2015-07-10 14:27 - 2015-07-10 14:29 - 00047828 _____ C:\Users\BASIA\Downloads\FRST1.txt 2015-07-10 14:26 - 2015-07-10 14:48 - 00000000 ____D C:\FRST 2015-07-10 14:26 - 2015-07-10 14:26 - 02112512 _____ (Farbar) C:\Users\BASIA\Downloads\FRST64.exe 2015-07-08 12:32 - 2015-07-08 12:32 - 00000000 ____D C:\Users\BASIA\Downloads\backups 2015-07-08 12:29 - 2015-07-08 12:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\BASIA\Downloads\HijackThis.exe 2015-07-08 11:30 - 2015-07-08 11:30 - 00380416 _____ C:\Users\BASIA\Downloads\2o5nox0m.exe 2015-07-08 11:02 - 2015-07-08 11:07 - 00000000 ____D C:\Users\BASIA\AppData\Roaming\Solvusoft 2015-07-08 11:02 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe 2015-07-08 11:01 - 2015-07-08 11:01 - 03894696 _____ (solvusoft Corporation ) C:\Users\BASIA\Downloads\Setup_WinThruster_2015.exe 2015-07-08 10:28 - 2015-07-08 10:32 - 115397264 ____N (Symantec Corporation) C:\Users\BASIA\Downloads\NS-TW-22.0.0-PL.exe 2015-07-06 21:02 - 2015-07-06 21:02 - 00000000 ____D C:\ProgramData\Symantec 2015-07-06 20:03 - 2015-07-06 20:03 - 00779704 _____ (Symantec) C:\Users\BASIA\Downloads\Setup.exe 2015-07-06 19:54 - 2015-07-10 14:38 - 00000784 _____ C:\Windows\setupact.log 2015-07-06 19:54 - 2015-07-06 19:54 - 00000000 _____ C:\Windows\setuperr.log 2015-07-06 19:53 - 2015-07-08 13:34 - 01753710 _____ C:\Windows\PFRO.log 2015-07-06 18:05 - 2015-07-06 18:05 - 05481344 _____ (Avast Software s.r.o.) C:\Users\BASIA\Downloads\avast_free_antivirus_setup_online_dobreprogramy.exe 2015-07-06 16:57 - 2015-07-06 17:26 - 00000000 ____D C:\Users\BASIA\Doctor Web 2015-07-06 16:54 - 2015-07-06 16:56 - 166187544 _____ C:\Users\BASIA\Downloads\c7ahka6x.exe 2015-07-06 16:37 - 2015-07-06 21:32 - 00000000 ____D C:\AdwCleaner 2015-07-06 16:36 - 2015-07-06 16:36 - 02244096 _____ C:\Users\BASIA\Downloads\AdwCleaner.pl 4.207.exe 2015-07-06 16:35 - 2015-07-06 16:35 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-07-06 16:35 - 2015-07-06 16:35 - 00000788 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-07-06 16:35 - 2015-07-06 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-07-06 16:35 - 2015-07-06 16:35 - 00000000 ____D C:\Program Files\CCleaner 2015-07-06 16:34 - 2015-07-06 16:34 - 06549184 _____ (Piriform Ltd) C:\Users\BASIA\Downloads\ccsetup506.exe 2015-07-06 16:34 - 2015-07-06 16:34 - 06549184 _____ (Piriform Ltd) C:\Users\BASIA\Downloads\ccsetup506 (1).exe 2015-07-06 09:15 - 2015-07-06 21:30 - 00003610 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_BASIA 2015-07-06 09:15 - 2015-07-06 21:30 - 00003492 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_BASIA 2015-07-06 09:15 - 2015-07-06 21:30 - 00003486 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_BASIA 2015-07-06 09:15 - 2015-07-06 21:30 - 00003192 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_BASIA 2015-06-26 12:23 - 2015-06-27 22:20 - 00000000 ____D C:\Users\BASIA\Desktop\chrzest_na_spływie 2015-06-23 17:46 - 2015-06-23 17:46 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\BASIA\Downloads\flashplayer18axau_ga_install.exe 2015-06-23 17:38 - 2015-06-23 17:38 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 2015-06-23 12:26 - 2015-06-23 19:03 - 00000000 ____D C:\Users\BASIA\Desktop\RRN 2015-06-23 11:27 - 2015-07-06 21:30 - 00003338 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-06-23 11:27 - 2015-07-06 21:30 - 00003204 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-06-21 21:48 - 2015-06-21 21:48 - 00147351 _____ C:\Users\BASIA\Desktop\i-stopien-konspekty-zip_517_121.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-10 14:48 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-10 14:48 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-10 14:40 - 2014-01-24 10:08 - 00000000 ____D C:\Users\BASIA\AppData\Roaming\GG 2015-07-10 14:38 - 2012-12-05 19:31 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-10 14:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-10 14:10 - 2013-01-20 16:44 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-10 14:10 - 2012-12-05 19:31 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-10 14:02 - 2012-12-05 20:54 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-08 15:15 - 2012-12-05 19:31 - 00000000 ___RD C:\Users\BASIA 2015-07-08 12:33 - 2013-02-03 22:41 - 00000000 ____D C:\ProgramData\AVAST Software 2015-07-08 11:10 - 2011-05-12 09:21 - 00000000 ____D C:\ProgramData\Norton 2015-07-08 10:54 - 2014-01-24 10:08 - 00000000 ____D C:\Users\BASIA\AppData\Local\GG 2015-07-08 10:48 - 2011-04-12 19:08 - 00741124 _____ C:\Windows\system32\perfh015.dat 2015-07-08 10:48 - 2011-04-12 19:08 - 00156408 _____ C:\Windows\system32\perfc015.dat 2015-07-08 10:48 - 2009-07-14 07:13 - 01672134 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-06 21:31 - 2012-12-26 15:31 - 00003080 _____ C:\Windows\System32\Tasks\RealCreateProcessScheduledTask9819155S-1-5-21-1576861816-666788470-2069471701-1000 2015-07-06 21:31 - 2012-12-16 09:33 - 00003534 _____ C:\Windows\System32\Tasks\CreateChoiceProcessTask 2015-07-06 21:30 - 2015-06-06 22:08 - 00003360 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-07-06 21:30 - 2015-06-06 22:08 - 00003226 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-07-06 21:30 - 2012-12-26 16:05 - 00003380 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-07-06 19:34 - 2013-10-10 00:55 - 00000000 ____D C:\Windows\Minidump 2015-07-06 19:34 - 2012-12-05 19:54 - 00000000 ____D C:\Users\BASIA\AppData\Local\CrashDumps 2015-07-06 19:34 - 2011-04-12 02:18 - 00000000 ____D C:\Windows\Panther 2015-07-05 22:35 - 2012-12-05 19:32 - 00000000 ____D C:\Windows\System32\Tasks\Fujitsu 2015-07-05 21:58 - 2015-02-09 20:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-06-26 22:29 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-24 00:03 - 2012-12-05 20:54 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-24 00:02 - 2012-12-05 20:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-24 00:02 - 2012-12-05 20:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-23 22:51 - 2012-12-07 19:48 - 00002321 _____ C:\Users\BASIA\Desktop\Internet.lnk 2015-06-14 23:32 - 2012-12-07 19:33 - 00005632 _____ C:\Users\BASIA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-10 21:07 - 2014-11-13 10:39 - 00000000 __SHD C:\Users\BASIA\AppData\Local\EmieBrowserModeList 2015-06-10 21:07 - 2014-04-22 22:08 - 00000000 __SHD C:\Users\BASIA\AppData\Local\EmieUserList 2015-06-10 21:07 - 2014-04-22 22:08 - 00000000 __SHD C:\Users\BASIA\AppData\Local\EmieSiteList 2015-06-10 06:39 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-06-10 06:37 - 2009-07-14 06:45 - 00408144 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-10 06:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions ==================== Files in the root of some directories ======= 2012-12-07 21:13 - 2014-06-02 20:23 - 0000453 _____ () C:\Users\BASIA\AppData\Roaming\burnaware.ini 2012-12-07 19:33 - 2015-06-14 23:32 - 0005632 _____ () C:\Users\BASIA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-12-05 19:33 - 2012-12-05 19:34 - 0018940 _____ () C:\Users\BASIA\AppData\Local\IWDAudHelper.20121205.183359.txt 2012-12-05 19:33 - 2012-12-05 19:33 - 0000661 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20121205.183351.txt 2012-12-05 19:33 - 2012-12-05 19:33 - 0001579 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20121205.183353.txt 2012-12-05 19:33 - 2012-12-05 19:33 - 0001227 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20121205.183354.txt 2012-12-05 19:42 - 2012-12-05 19:42 - 0001526 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20121205.184202.txt 2013-12-08 16:15 - 2013-12-08 16:15 - 0001526 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20131208.151502.txt Some files in TEMP: ==================== C:\Users\BASIA\AppData\Local\Temp\ggdrive-menu.exe C:\Users\BASIA\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\BASIA\AppData\Local\Temp\installstats.exe C:\Users\BASIA\AppData\Local\Temp\Quarantine.exe C:\Users\BASIA\AppData\Local\Temp\sqlite3.dll C:\Users\BASIA\AppData\Local\Temp\{7C939DEC-292F-49F0-91D6-75A2826498E3}.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2014-09-16 07:02 ==================== End of log ============================