Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015 Ran by user (administrator) on USER-KOMPUTER (10-08-2015 21:00:25) Running from C:\Users\user\Desktop\Pobrane Loaded Profiles: user (Available Profiles: user) Platform: Windows 7 Professional (X64) Language: Polski (Polska) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011824 2013-01-10] (Synaptics Incorporated) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS) Winlogon\Notify\WB: C:\PROGRA~2\Stardock\WINDOW~1\fast64.dll [X] HKU\S-1-5-21-1027461290-2157871058-3066203419-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-08-03] (Glarysoft Ltd) HKU\S-1-5-21-1027461290-2157871058-3066203419-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1027461290-2157871058-3066203419-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1027461290-2157871058-3066203419-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=183 SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1027461290-2157871058-3066203419-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-05] (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll No File BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-05] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-04] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-04] (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 80.72.37.106 8.8.8.8 Tcpip\..\Interfaces\{0F2E5C09-758C-4CD4-B3F8-E355EE9E3BE2}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{5D416D86-0545-4934-BD82-CAFE60E722C4}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{8A7A688C-1E2E-478D-B59D-442183883BEA}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{B3880E57-8BE3-42B3-91E6-44548616FD98}: [DhcpNameServer] 80.72.37.106 8.8.8.8 Tcpip\..\Interfaces\{F032A262-8A7A-4AC7-910E-E97385DC990C}: [DhcpNameServer] 192.168.8.1 192.168.8.1 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9ypqjomn.default FF DefaultSearchEngine: Allegro FF Homepage: hxxp://www.gazeta.pl/0,0.html?p=183 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-08] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-05] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-08] () FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-11-04] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-08] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-08] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1027461290-2157871058-3066203419-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-01] (Unity Technologies ApS) FF Extension: Avira Browser Safety - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9ypqjomn.default\Extensions\abs@avira.com [2015-08-01] FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9ypqjomn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-08] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19] CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-19] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-19] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-19] CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19] CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-19] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-19] CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-27] CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-27] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-27] CHR Extension: (Please enter your password) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-08-08] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-27] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-27] CHR Extension: (Gazeta.pl) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efhdjkbfpoohkmfaldijcpbnmbpefpkb [2015-07-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-27] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1027461290-2157871058-3066203419-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - C:\Program Files (x86)\ALLPlayer\AllPlayer.crx [2015-07-12] CHR HKLM-x32\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - C:\Program Files (x86)\ALLPlayer\AllPlayer.crx [2015-07-12] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [202752 2009-11-11] (AMD) [File not signed] S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET) S4 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-02-12] () [File not signed] R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AIDA64Driver; C:\Users\user\AppData\Local\Temp\AIDA64Driver.sys [34648 2015-07-27] () S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6108672 2009-11-11] (ATI Technologies Inc.) [File not signed] S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [155136 2009-11-11] (Advanced Micro Devices, Inc.) [File not signed] S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.) S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6108672 2009-11-11] (ATI Technologies Inc.) [File not signed] R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2015-07-03] (Disc Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [168208 2015-07-14] (ESET) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-08-05] (Glarysoft Ltd) S3 mobilna_x64; C:\Windows\System32\DRIVERS\mobilna_x64.sys [40056 2014-12-05] () S3 MTsensor64; C:\Windows\System32\DRIVERS\PuAcpi64.sys [15880 2009-06-04] () R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.) S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-10 20:24 - 2015-08-10 20:24 - 00003018 _____ C:\Windows\System32\Tasks\ASUS Live Update 2015-08-10 20:24 - 2015-08-10 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility 2015-08-10 20:20 - 2009-11-11 12:06 - 00015360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2015-08-10 20:20 - 2009-11-11 12:06 - 00012800 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2015-08-10 20:20 - 2009-09-09 12:14 - 00018618 _____ C:\Windows\atiogl.xml 2015-08-10 20:20 - 2009-02-19 02:55 - 00332288 _____ C:\Windows\system32\ATIODE.exe 2015-08-10 20:20 - 2009-02-04 05:52 - 00051200 _____ C:\Windows\system32\ATIODCLI.exe 2015-08-10 20:19 - 2009-11-11 12:53 - 03035136 _____ (ATI Technologies Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2015-08-10 20:19 - 2009-11-11 12:46 - 03624448 _____ (ATI Technologies Inc. ) C:\Windows\system32\atidxx64.dll 2015-08-10 20:19 - 2009-11-11 12:37 - 03602432 _____ (ATI Technologies Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2015-08-10 20:19 - 2009-11-11 12:19 - 02902528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2015-08-10 20:19 - 2009-11-11 12:19 - 00406112 _____ C:\Windows\SysWOW64\atiumdva.cap 2015-08-10 20:19 - 2009-11-11 12:07 - 00208896 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2015-08-10 20:19 - 2009-11-11 12:07 - 00052224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2015-08-10 20:19 - 2009-11-11 12:07 - 00052224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2015-08-10 20:19 - 2009-11-11 12:06 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll 2015-08-10 20:19 - 2009-11-11 12:06 - 00029696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2015-08-10 20:19 - 2009-11-11 12:06 - 00016896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2015-08-10 20:19 - 2009-11-11 12:06 - 00014848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll 2015-08-10 20:19 - 2009-11-11 12:05 - 00028672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll 2015-08-10 20:19 - 2009-11-11 12:05 - 00020992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2015-08-10 20:19 - 2009-11-11 12:04 - 17199104 _____ (ATI Technologies Inc.) C:\Windows\system32\atio6axx.dll 2015-08-10 20:19 - 2009-11-11 11:04 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2015-08-10 20:19 - 2009-11-11 11:04 - 00043008 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll 2015-08-10 20:19 - 2009-11-11 11:04 - 00039936 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll 2015-08-10 20:19 - 2009-11-11 11:03 - 04634112 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll 2015-08-10 20:19 - 2009-11-11 11:03 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2015-08-10 20:19 - 2009-11-11 11:02 - 03547136 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2015-08-10 20:19 - 2009-09-16 06:43 - 00001018 _____ C:\Windows\SysWOW64\atipblag.dat 2015-08-10 20:19 - 2009-09-16 06:43 - 00001018 _____ C:\Windows\system32\atipblag.dat 2015-08-10 20:18 - 2015-08-10 20:43 - 00000000 ____D C:\Windows\LastGood.Tmp 2015-08-10 20:18 - 2009-11-11 13:34 - 06108672 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys 2015-08-10 20:18 - 2009-11-11 12:59 - 00479232 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIDEMGX.dll 2015-08-10 20:18 - 2009-11-11 12:59 - 00436736 _____ (AMD) C:\Windows\system32\atieclxx.exe 2015-08-10 20:18 - 2009-11-11 12:58 - 00202752 _____ (AMD) C:\Windows\system32\atiesrxx.exe 2015-08-10 20:18 - 2009-11-11 12:57 - 00120320 _____ (AMD) C:\Windows\system32\atitmm64.dll 2015-08-10 20:18 - 2009-11-11 12:56 - 00059392 _____ (ATI Technologies, Inc.) C:\Windows\system32\atiedu64.dll 2015-08-10 20:18 - 2009-11-11 12:56 - 00012288 _____ (AMD) C:\Windows\system32\atimuixx.dll 2015-08-10 20:18 - 2009-11-11 12:31 - 04661760 _____ (ATI Technologies Inc. ) C:\Windows\system32\atiumd64.dll 2015-08-10 20:18 - 2009-11-11 12:25 - 02599424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2015-08-10 20:18 - 2009-11-11 12:23 - 00406112 _____ C:\Windows\system32\atiumd6a.cap 2015-08-10 20:18 - 2009-11-11 12:07 - 00302592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2015-08-10 20:18 - 2009-11-11 12:07 - 00053248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2015-08-10 20:18 - 2009-11-11 12:07 - 00053248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2015-08-10 20:18 - 2009-11-11 12:06 - 00155136 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys 2015-08-10 20:18 - 2009-11-11 11:52 - 00053248 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\ati2erec.dll 2015-08-10 20:18 - 2009-09-02 04:55 - 00195855 _____ C:\Windows\system32\atiicdxx.dat 2015-08-10 20:12 - 2015-08-10 20:12 - 00271152 _____ C:\Windows\Minidump\081015-45224-01.dmp 2015-08-10 19:52 - 2015-08-10 19:53 - 00000000 ____D C:\Program Files (x86)\Driver Cleaner 2015-08-10 19:52 - 2015-08-10 19:52 - 00001903 _____ C:\Users\user\Desktop\Driver Cleaner 3.lnk 2015-08-10 19:52 - 2015-08-10 19:52 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Cleaner 3 2015-08-10 19:50 - 2015-08-10 19:50 - 00275224 _____ C:\Windows\Minidump\081015-19796-01.dmp 2015-08-10 19:18 - 2015-08-10 19:18 - 00275168 _____ C:\Windows\Minidump\081015-49748-01.dmp 2015-08-10 18:06 - 2015-08-10 18:06 - 00275168 _____ C:\Windows\Minidump\081015-24601-01.dmp 2015-08-10 17:19 - 2015-08-10 17:19 - 00275224 _____ C:\Windows\Minidump\081015-13509-01.dmp 2015-08-10 17:11 - 2015-08-10 20:12 - 617349934 _____ C:\Windows\MEMORY.DMP 2015-08-08 17:35 - 2015-08-10 20:46 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-08 17:35 - 2015-08-10 16:40 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-08 17:35 - 2015-08-08 17:35 - 00004040 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-08 17:35 - 2015-08-08 17:35 - 00003788 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-08 09:31 - 2015-08-08 09:31 - 00001097 _____ C:\Users\Public\Desktop\ALLPlayer Pilot.lnk 2015-08-08 09:31 - 2015-08-08 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLPlayer Pilot 2015-08-08 09:31 - 2015-08-08 09:31 - 00000000 ____D C:\ProgramData\ALLPlayerRemote 2015-08-08 09:31 - 2015-08-08 09:31 - 00000000 ____D C:\Program Files (x86)\ALLPlayer Remote 2015-08-06 21:01 - 2015-08-06 21:01 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Help 2015-08-06 20:43 - 2015-08-06 21:14 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-06 09:40 - 2015-08-10 20:44 - 00000504 _____ C:\Windows\setupact.log 2015-08-06 09:40 - 2015-08-06 09:40 - 00000574 _____ C:\Windows\PFRO.log 2015-08-06 09:40 - 2015-08-06 09:40 - 00000000 _____ C:\Windows\setuperr.log 2015-08-05 10:56 - 2015-08-05 10:57 - 00003318 _____ C:\Windows\System32\Tasks\GlaryInitialize 5 2015-08-05 10:56 - 2015-08-05 10:57 - 00002980 _____ C:\Windows\System32\Tasks\GU5SkipUAC 2015-08-05 10:56 - 2015-08-05 10:56 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys 2015-08-05 10:56 - 2015-08-05 10:56 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2015-08-05 10:56 - 2015-08-05 10:56 - 00001044 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk 2015-08-05 10:56 - 2015-08-05 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5 2015-08-05 10:56 - 2015-08-05 10:56 - 00000000 ____D C:\ProgramData\GlarySoft 2015-08-05 10:54 - 2015-08-10 20:49 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5 2015-08-05 08:11 - 2015-08-05 07:55 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-08-05 07:53 - 2015-08-05 07:53 - 00000000 ____D C:\Program Files\Java 2015-08-04 13:27 - 2015-08-04 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2015-08-04 13:27 - 2015-08-04 13:27 - 00000000 ____D C:\ProgramData\ESET 2015-08-04 13:27 - 2015-08-04 13:27 - 00000000 ____D C:\Program Files\ESET 2015-08-01 08:32 - 2015-08-01 08:32 - 00000000 ____D C:\Program Files\ATI 2015-07-31 23:20 - 2009-11-11 12:57 - 00421376 _____ (ATI Technologies, Inc.) C:\Windows\system32\atipdl64.dll 2015-07-31 23:20 - 2009-11-11 12:05 - 00026112 _____ C:\Windows\system32\atitmp64.dll 2015-07-31 20:19 - 2015-07-31 20:19 - 00000016 _____ C:\ProgramData\mntemp 2015-07-30 22:27 - 2015-08-10 21:01 - 00000000 ____D C:\FRST 2015-07-30 21:47 - 2015-07-30 22:56 - 00000000 ____D C:\Windows\pss 2015-07-29 18:22 - 2015-07-31 23:34 - 00000000 ____D C:\AdwCleaner 2015-07-29 17:49 - 2015-08-05 16:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-27 10:51 - 2015-07-27 10:56 - 00000000 ____D C:\Users\user\Desktop\Nowy folder 2015-07-27 10:44 - 2015-07-27 10:44 - 00000000 ____D C:\Users\user\AppData\Local\Nero 2015-07-26 17:22 - 2015-08-03 20:15 - 00000138 _____ C:\Users\user\AppData\Roaming\default.rss 2015-07-26 16:13 - 2015-07-26 16:20 - 00000000 ____D C:\Program Files (x86)\Nero 2015-07-26 16:12 - 2015-07-26 16:14 - 00000000 ____D C:\ProgramData\Nero 2015-07-26 16:02 - 2015-07-26 16:02 - 00000000 __RHD C:\Users\Public\Libraries 2015-07-14 15:29 - 2015-07-14 15:29 - 00255240 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys 2015-07-14 15:29 - 2015-07-14 15:29 - 00251632 _____ (ESET) C:\Windows\system32\Drivers\edevmon.sys 2015-07-14 15:29 - 2015-07-14 15:29 - 00178520 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys 2015-07-14 15:29 - 2015-07-14 15:29 - 00168208 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys 2015-07-12 21:52 - 2015-08-08 09:30 - 00001095 _____ C:\Users\user\Desktop\ALLPlayer.Radio.lnk 2015-07-12 21:52 - 2015-08-08 09:30 - 00001087 _____ C:\Users\user\Desktop\ALLPlayer.VOD.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-10 21:00 - 2015-06-25 16:16 - 00000000 ____D C:\Users\user\Desktop\Pobrane 2015-08-10 20:57 - 2009-07-14 06:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-10 20:57 - 2009-07-14 06:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-10 20:45 - 2015-02-25 13:00 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2015-08-10 20:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-10 20:25 - 2014-02-12 16:58 - 01453481 _____ C:\Windows\WindowsUpdate.log 2015-08-10 20:24 - 2014-02-12 17:29 - 00000000 ____D C:\Program Files (x86)\ASUS 2015-08-10 20:12 - 2014-02-15 19:16 - 00000000 ____D C:\Windows\Minidump 2015-08-10 17:03 - 2014-02-16 11:23 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent 2015-08-10 16:55 - 2009-07-14 19:55 - 00703150 _____ C:\Windows\system32\perfh015.dat 2015-08-10 16:55 - 2009-07-14 19:55 - 00141844 _____ C:\Windows\system32\perfc015.dat 2015-08-10 16:40 - 2015-03-28 15:42 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-10 11:51 - 2014-04-03 13:03 - 00000000 ____D C:\Users\user\Desktop\psp 2015-08-10 11:45 - 2009-07-14 07:13 - 00006208 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-09 18:57 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-08 17:57 - 2014-02-14 04:59 - 00000000 ____D C:\Users\user\AppData\Local\Adobe 2015-08-08 17:56 - 2015-03-28 15:42 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-08-08 17:56 - 2014-02-14 04:59 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-08-08 17:56 - 2014-02-14 04:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-08 17:35 - 2014-11-07 18:29 - 00000000 ____D C:\Program Files (x86)\Google 2015-08-08 17:34 - 2014-11-07 18:29 - 00000000 ____D C:\Users\user\AppData\Local\Google 2015-08-08 09:31 - 2015-02-19 19:43 - 00000000 ____D C:\Program Files (x86)\ALLPlayer 2015-08-08 09:30 - 2015-02-19 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLPlayer 2015-08-08 09:30 - 2015-02-19 19:43 - 00000000 ____D C:\ProgramData\ALLPlayer 2015-08-06 21:22 - 2014-03-18 12:05 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype 2015-08-06 20:02 - 2015-06-20 14:50 - 00000000 ____D C:\ProgramData\Skype 2015-08-06 09:40 - 2014-09-24 10:36 - 00000000 ____D C:\Program Files\WinRAR 2015-08-05 19:07 - 2014-02-14 10:43 - 00000000 ____D C:\Users\user\AppData\Roaming\GlarySoft 2015-08-05 16:45 - 2014-02-16 10:46 - 00000000 ____D C:\Users\user\AppData\Roaming\DAEMON Tools Lite 2015-08-05 16:45 - 2014-02-14 05:08 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe 2015-08-05 16:45 - 2014-02-14 04:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla 2015-08-05 16:42 - 2014-02-14 04:49 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla 2015-08-05 11:29 - 2015-07-03 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra 2015-08-05 11:29 - 2015-05-26 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.1 (Win32) 2015-08-05 11:28 - 2014-11-19 17:11 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-08-05 11:28 - 2014-11-19 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-08-05 07:53 - 2014-11-04 11:57 - 00000000 ____D C:\ProgramData\Oracle 2015-07-31 23:54 - 2014-11-25 20:44 - 00000000 ____D C:\Program Files\CDBurnerXP 2015-07-31 23:49 - 2009-07-14 06:45 - 00416352 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-31 23:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system 2015-07-31 23:06 - 2014-05-21 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2015-07-31 23:05 - 2015-07-03 15:55 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Ultra 2015-07-31 23:05 - 2014-02-19 14:38 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2015-07-31 23:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2015-07-31 23:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat 2015-07-31 21:57 - 2015-02-25 21:36 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps 2015-07-28 12:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing 2015-07-17 10:10 - 2015-07-06 11:38 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-07-17 10:10 - 2014-04-03 13:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk ==================== Files in the root of some directories ======= 2015-07-26 17:22 - 2015-08-03 20:15 - 0000138 _____ () C:\Users\user\AppData\Roaming\default.rss 2014-06-26 14:19 - 2014-06-26 14:19 - 0003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-13 22:28 - 2015-02-13 22:28 - 0007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg 2015-07-31 20:19 - 2015-07-31 20:19 - 0000016 _____ () C:\ProgramData\mntemp Some files in TEMP: ==================== C:\Users\user\AppData\Local\Temp\AutoDetectUtilApp.exe C:\Users\user\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-03 22:28 ==================== End of log ============================