Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015 Ran by user (administrator) on USER-KOMPUTER (30-07-2015 22:27:38) Running from C:\Users\user\Desktop\Pobrane Loaded Profiles: user (Available Profiles: user) Platform: Windows 7 Professional (X64) Language: Polski (Polska) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dinotify.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011824 2013-01-10] (Synaptics Incorporated) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3175312 2015-07-23] () HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-06-30] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\WB: C:\PROGRA~2\Stardock\WINDOW~1\fast64.dll [X] HKU\S-1-5-21-1027461290-2157871058-3066203419-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2765256 2015-04-27] (ALLPlayer Group Ltd.) HKU\S-1-5-21-1027461290-2157871058-3066203419-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.) HKU\S-1-5-21-1027461290-2157871058-3066203419-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3198224 2014-04-28] (Disc Soft Ltd) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1027461290-2157871058-3066203419-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1027461290-2157871058-3066203419-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=175 SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = SearchScopes: HKU\S-1-5-21-1027461290-2157871058-3066203419-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={2AF0EB63-9B3E-48B7-972A-F1D551E0EAC0}&mid=83cd9e1891c447d2bd6e41affc13c243-208580736f61aff15d84c222fec9dc1f8403215d&lang=pl&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-10 15:34:04&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1027461290-2157871058-3066203419-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1027461290-2157871058-3066203419-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = SearchScopes: HKU\S-1-5-21-1027461290-2157871058-3066203419-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={2AF0EB63-9B3E-48B7-972A-F1D551E0EAC0}&mid=83cd9e1891c447d2bd6e41affc13c243-208580736f61aff15d84c222fec9dc1f8403215d&lang=pl&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-10 15:34:04&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1027461290-2157871058-3066203419-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = SearchScopes: HKU\S-1-5-21-1027461290-2157871058-3066203419-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll No File BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-04] (Oracle Corporation) BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.5.143\AVG Web TuneUp.dll [2015-07-23] (AVG) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-04] (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-10] (AVG Secure Search) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 80.72.37.106 8.8.8.8 Tcpip\..\Interfaces\{0F2E5C09-758C-4CD4-B3F8-E355EE9E3BE2}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{5D416D86-0545-4934-BD82-CAFE60E722C4}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{8A7A688C-1E2E-478D-B59D-442183883BEA}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{B3880E57-8BE3-42B3-91E6-44548616FD98}: [DhcpNameServer] 80.72.37.106 8.8.8.8 Tcpip\..\Interfaces\{F032A262-8A7A-4AC7-910E-E97385DC990C}: [DhcpNameServer] 192.168.8.1 192.168.8.1 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9ypqjomn.default FF DefaultSearchEngine: Allegro FF SearchEngineOrder.1: default-search.net FF Homepage: hxxp://www.gazeta.pl/0,0.html?p=175 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.8.0\\npsitesafety.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-11-04] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1027461290-2157871058-3066203419-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-01] (Unity Technologies ApS) FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9ypqjomn.default\user.js [2015-02-25] FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9ypqjomn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-08] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19] CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-19] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-19] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-19] CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19] CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-19] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-19] CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-27] CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-27] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-27] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-27] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-27] CHR Extension: (Gazeta.pl) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efhdjkbfpoohkmfaldijcpbnmbpefpkb [2015-07-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-27] CHR HKU\S-1-5-21-1027461290-2157871058-3066203419-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - C:\Program Files (x86)\ALLPlayer\AllPlayer.crx [2015-07-12] CHR HKLM-x32\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - C:\Program Files (x86)\ALLPlayer\AllPlayer.crx [2015-07-12] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-06-30] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-06-30] (AVG Technologies CZ, s.r.o.) S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd) S3 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-02-12] () [File not signed] S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.) S2 vToolbarUpdater18.8.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe [1874320 2015-07-23] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-07-23] () (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.) S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.) R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2015-07-03] (Disc Soft Ltd) S3 mobilna_x64; C:\Windows\System32\DRIVERS\mobilna_x64.sys [40056 2014-12-05] () R3 MTsensor64; C:\Windows\System32\DRIVERS\PuAcpi64.sys [15880 2009-06-04] () S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.) S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-30 22:27 - 2015-07-30 22:27 - 00000000 ____D C:\FRST 2015-07-30 22:21 - 2015-07-30 22:21 - 00275224 _____ C:\Windows\Minidump\073015-30154-01.dmp 2015-07-30 21:47 - 2015-07-30 22:56 - 00000000 ____D C:\Windows\pss 2015-07-30 20:51 - 2015-07-30 20:51 - 00000000 ____D C:\Users\user\AppData\Local\MFAData 2015-07-30 20:51 - 2015-07-30 20:51 - 00000000 ____D C:\Users\user\AppData\Local\Avg2015 2015-07-29 18:22 - 2015-07-29 18:24 - 00000000 ____D C:\AdwCleaner 2015-07-29 17:49 - 2015-07-30 19:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-27 10:51 - 2015-07-27 10:56 - 00000000 ____D C:\Users\user\Desktop\Nowy folder 2015-07-27 10:44 - 2015-07-27 10:44 - 00000000 ____D C:\Users\user\AppData\Local\Nero 2015-07-26 17:22 - 2015-07-30 21:32 - 00000167 _____ C:\Users\user\AppData\Roaming\default.rss 2015-07-26 16:13 - 2015-07-26 16:20 - 00000000 ____D C:\Program Files (x86)\Nero 2015-07-26 16:12 - 2015-07-26 16:14 - 00000000 ____D C:\ProgramData\Nero 2015-07-26 16:02 - 2015-07-26 16:02 - 00000000 __RHD C:\Users\Public\Libraries 2015-07-25 19:25 - 2015-07-25 19:25 - 01556480 _____ C:\Windows\isRS-000.tmp 2015-07-25 18:54 - 2015-07-25 18:55 - 00275224 _____ C:\Windows\Minidump\072515-50669-01.dmp 2015-07-25 12:47 - 2015-07-25 12:47 - 00275224 _____ C:\Windows\Minidump\072515-47720-01.dmp 2015-07-12 21:52 - 2015-07-12 21:52 - 00001095 _____ C:\Users\user\Desktop\ALLPlayer.Radio.lnk 2015-07-12 21:52 - 2015-07-12 21:52 - 00001087 _____ C:\Users\user\Desktop\ALLPlayer.VOD.lnk 2015-07-08 21:12 - 2015-07-08 21:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-06 11:38 - 2015-07-17 10:10 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-07-03 16:18 - 2015-07-03 16:18 - 00000000 ____D C:\Windows\SysWOW64\directx 2015-07-03 15:55 - 2015-07-30 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra 2015-07-03 15:55 - 2015-07-30 22:56 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Ultra 2015-07-03 15:55 - 2015-07-03 15:55 - 00029696 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtscsibus.sys 2015-07-03 15:55 - 2015-07-03 15:55 - 00001953 _____ C:\Users\Public\Desktop\DAEMON Tools Ultra.lnk 2015-07-03 15:55 - 2015-07-03 15:55 - 00000000 ____D C:\Users\user\AppData\Roaming\DAEMON Tools Ult 2015-07-03 15:55 - 2015-07-03 15:55 - 00000000 ____D C:\ProgramData\DAEMON Tools Ult 2015-07-03 15:54 - 2015-07-03 15:55 - 00000000 ____D C:\ProgramData\DAEMON Tools Ultra 2015-07-03 15:39 - 2015-07-03 15:39 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro 2015-07-03 12:52 - 2015-07-03 12:52 - 00275224 _____ C:\Windows\Minidump\070315-48641-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-30 22:56 - 2015-05-20 01:21 - 00000000 ____D C:\ProgramData\AVG Web TuneUp 2015-07-30 22:56 - 2015-05-19 11:32 - 00000000 ____D C:\Users\user\AppData\Roaming\AVG2015 2015-07-30 22:56 - 2015-05-19 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-07-30 22:56 - 2015-05-19 11:30 - 00000000 ____D C:\ProgramData\AVG2015 2015-07-30 22:56 - 2015-05-19 11:12 - 00000000 ____D C:\ProgramData\AVG Secure Search 2015-07-30 22:56 - 2015-02-25 12:52 - 00000000 ____D C:\Users\user\AppData\Roaming\Gameo 2015-07-30 22:56 - 2014-12-10 16:34 - 00000000 ____D C:\Users\user\AppData\Local\AVG Web TuneUp 2015-07-30 22:56 - 2014-12-10 16:33 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp 2015-07-30 22:56 - 2014-11-25 20:44 - 00000000 ____D C:\Program Files\CDBurnerXP 2015-07-30 22:56 - 2014-05-21 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2015-07-30 22:56 - 2014-03-18 12:05 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype 2015-07-30 22:56 - 2014-02-27 16:42 - 00000000 ____D C:\ProgramData\MFAData 2015-07-30 22:56 - 2014-02-19 14:38 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2015-07-30 22:56 - 2014-02-16 11:23 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent 2015-07-30 22:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2015-07-30 22:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat 2015-07-30 22:55 - 2014-11-26 13:33 - 00000000 ____D C:\Program Files (x86)\AVG 2015-07-30 22:27 - 2015-06-25 16:16 - 00000000 ____D C:\Users\user\Desktop\Pobrane 2015-07-30 22:23 - 2009-07-14 19:55 - 03799198 _____ C:\Windows\system32\perfh015.dat 2015-07-30 22:23 - 2009-07-14 19:55 - 01224132 _____ C:\Windows\system32\perfc015.dat 2015-07-30 22:23 - 2009-07-14 07:13 - 00006208 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-30 22:21 - 2015-06-05 13:46 - 310443414 _____ C:\Windows\MEMORY.DMP 2015-07-30 22:21 - 2015-02-25 13:00 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2015-07-30 22:21 - 2014-02-15 19:16 - 00000000 ____D C:\Windows\Minidump 2015-07-30 20:20 - 2015-02-25 21:36 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps 2015-07-28 12:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing 2015-07-26 18:40 - 2015-03-28 15:42 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-26 17:29 - 2014-04-03 13:03 - 00000000 ____D C:\Users\user\Desktop\psp 2015-07-26 17:19 - 2014-02-12 16:58 - 01298183 _____ C:\Windows\WindowsUpdate.log 2015-07-26 09:53 - 2009-07-14 06:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-26 09:53 - 2009-07-14 06:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-26 09:45 - 2015-05-25 10:53 - 00009164 _____ C:\Windows\setupact.log 2015-07-26 09:45 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-25 19:25 - 2015-05-11 15:08 - 00001748 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2015-07-25 19:25 - 2014-11-25 20:44 - 00001692 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2015-07-17 10:10 - 2014-04-03 13:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-07-14 23:40 - 2015-03-28 15:42 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-14 23:40 - 2014-02-14 04:59 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-14 23:40 - 2014-02-14 04:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-13 03:33 - 2015-06-20 14:50 - 00000000 ____D C:\ProgramData\Skype 2015-07-12 21:53 - 2015-02-19 19:43 - 00000000 ____D C:\Program Files (x86)\ALLPlayer 2015-07-12 21:52 - 2015-02-19 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLPlayer 2015-07-12 21:52 - 2015-02-19 19:43 - 00000000 ____D C:\ProgramData\ALLPlayer ==================== Files in the root of some directories ======= 2015-07-26 17:22 - 2015-07-30 21:32 - 0000167 _____ () C:\Users\user\AppData\Roaming\default.rss 2014-06-26 14:19 - 2014-06-26 14:19 - 0003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-13 22:28 - 2015-02-13 22:28 - 0007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-23 13:52 ==================== End of log ============================