Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016 Ran by Kamila (administrator) on KAMILA (07-11-2016 18:34:17) Running from C:\Users\Kamila\Desktop Loaded Profiles: Kamila (Available Profiles: Kamila & Administrator) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-20] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-09] (TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation) HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-23] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-24] (TOSHIBA) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{58C477A9-34B6-48D8-806A-E3D591897A00}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6F63DAAF-A68D-4029-82DA-2F70223355F2}: [DhcpNameServer] 62.179.1.61 62.179.1.63 Internet Explorer: ================== HKU\S-1-5-21-1284645723-4238519777-3840485311-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1284645723-4238519777-3840485311-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1284645723-4238519777-3840485311-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c HKU\S-1-5-21-1284645723-4238519777-3840485311-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1284645723-4238519777-3840485311-1001 -> DefaultScope {E408A8CB-F49D-42EF-BD18-4FBF86416F22} URL = SearchScopes: HKU\S-1-5-21-1284645723-4238519777-3840485311-1001 -> {E408A8CB-F49D-42EF-BD18-4FBF86416F22} URL = BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab) BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-24] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-07] CHR Extension: (Dokumenty Google) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-17] CHR Extension: (Dysk Google) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30] CHR Extension: (Adblock Plus) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26] CHR Extension: (Google Search) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (uBlock) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2015-06-17] CHR Extension: (Dokumenty Google offline) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (FlashUpdates4) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ljmpfoipkbhnieokggpkjobogaenehee [2016-10-04] CHR Extension: (Kaspersky Protection) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-08-24] CHR Extension: (Flashcontrol) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-07-11] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09] CHR Extension: (Gmail) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17] CHR Extension: (Chrome Media Router) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04] CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-23] () [File not signed] R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab) S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2014-07-10] (Broadcom Corporation.) R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21328 2014-02-24] () S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab) S2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2015-06-17] () [File not signed] R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7031056 2016-05-02] (TeamViewer GmbH) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-12-24] (Toshiba Europe GmbH) S3 vmicguestinterface; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) S3 vmicheartbeat; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) S3 vmickvpexchange; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) S3 vmicshutdown; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) S3 vmictimesync; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.) S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [92360 2015-04-10] (Advanced Micro Devices, Inc. ) R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.) R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [264904 2015-04-10] (Advanced Micro Devices, Inc. ) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices) R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2014-07-10] (Broadcom Corporation.) R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7633624 2015-04-01] (Broadcom Corporation) R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO) S0 ebdrv; C:\WINDOWS\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [31136 2015-04-16] (REALiX(tm)) R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab) R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78200 2015-12-01] (AO Kaspersky Lab) S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab) R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab) R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [237400 2016-08-24] (AO Kaspersky Lab) R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-11-04] (AO Kaspersky Lab) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [992600 2016-08-24] (AO Kaspersky Lab) R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [51288 2016-05-05] (AO Kaspersky Lab) R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab) R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab) R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [87984 2016-08-24] (AO Kaspersky Lab) R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [110424 2016-08-24] (AO Kaspersky Lab) R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194440 2015-12-02] (AO Kaspersky Lab) R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.) R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-03-25] (Synaptics Incorporated) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows (R) Win 7 DDK provider) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-07 18:34 - 2016-11-07 18:35 - 00015574 _____ C:\Users\Kamila\Desktop\FRST.txt 2016-11-07 18:33 - 2016-11-07 18:33 - 02410496 _____ (Farbar) C:\Users\Kamila\Desktop\FRST64.exe 2016-11-07 18:25 - 2016-11-07 18:25 - 00000090 _____ C:\Users\Kamila\Desktop\Designated Survivor - [s01e05] The Mission - Serial online za darmo.url 2016-11-07 18:25 - 2016-11-07 18:25 - 00000080 _____ C:\Users\Kamila\Desktop\Długa Noc - [s01e01] Odcinek 1 - Serial online za darmo.url 2016-11-07 18:25 - 2016-11-07 18:25 - 00000078 _____ C:\Users\Kamila\Desktop\Jordskott - [s01e05] Odcinek 5 - Serial online za darmo.url 2016-11-07 18:25 - 2016-11-07 18:25 - 00000076 _____ C:\Users\Kamila\Desktop\Westworld - [s01e05] Contrapasso - Serial online za darmo.url 2016-11-07 18:11 - 2016-11-07 18:11 - 00001030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-11-07 18:11 - 2016-11-07 18:11 - 00001018 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2016-11-07 18:11 - 2016-11-07 18:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-11-06 10:29 - 2016-11-06 10:29 - 00768512 _____ C:\Users\Kamila\Desktop\plan-niestacjonarny (12).xls 2016-11-05 08:38 - 2016-11-05 08:38 - 00765952 _____ C:\Users\Kamila\Desktop\plan-niestacjonarny (11).xls 2016-11-04 10:42 - 2016-11-04 10:43 - 00758784 _____ C:\Users\Kamila\Desktop\plan-niestacjonarny (10).xls 2016-11-01 08:50 - 2016-11-01 08:50 - 00000000 ____D C:\Users\Kamila\Exhibeon 2016-10-28 13:52 - 2016-10-28 13:52 - 00050452 _____ C:\Users\Kamila\Desktop\TA_PdfFileTitle_20161028_145239.pdf 2016-10-28 13:20 - 2016-10-28 13:20 - 00757248 _____ C:\Users\Kamila\Desktop\plan-niestacjonarny (9).xls 2016-10-27 07:19 - 2016-10-27 07:19 - 00768000 _____ C:\Users\Kamila\Desktop\plan-niestacjonarny (8).xls 2016-10-26 12:11 - 2016-10-26 12:11 - 00768000 _____ C:\Users\Kamila\Desktop\plan-niestacjonarny (7).xls 2016-10-23 11:34 - 2016-10-23 11:34 - 00768000 _____ C:\Users\Kamila\Desktop\plan-niestacjonarny (6).xls 2016-10-23 08:08 - 2016-10-23 08:08 - 00766464 _____ C:\Users\Kamila\Desktop\plan-niestacjonarny (5).xls 2016-10-21 08:43 - 2016-10-21 08:43 - 00762880 _____ C:\Users\Kamila\Desktop\plan-niestacjonarny (4).xls 2016-10-19 18:31 - 2016-10-19 18:31 - 00759296 _____ C:\Users\Kamila\Desktop\plan-niestacjonarny (3).xls 2016-10-15 08:27 - 2016-10-15 08:27 - 00752640 _____ C:\Users\Kamila\Desktop\plan-niestacjonarny (2).xls 2016-10-11 11:15 - 2016-10-11 11:15 - 00060479 _____ C:\Users\Kamila\Desktop\podaniebug (1).pdf 2016-10-09 08:47 - 2016-10-09 08:47 - 00022467 _____ C:\Users\Kamila\Desktop\Wniosek_o_zwrot_czesnego_2012.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-07 18:34 - 2015-11-01 22:37 - 00000000 ____D C:\FRST 2016-11-07 18:17 - 2016-05-16 20:30 - 00000000 ____D C:\Program Files\ByteFence 2016-11-07 17:48 - 2015-04-16 22:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-11-07 08:33 - 2015-04-17 00:18 - 00001066 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-04 10:37 - 2014-05-08 22:59 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-11-04 10:37 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf 2016-11-04 09:09 - 2015-04-16 19:17 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1284645723-4238519777-3840485311-1001 2016-11-04 08:53 - 2014-08-02 15:56 - 00000000 __RDO C:\Users\Kamila\OneDrive 2016-11-04 08:52 - 2015-04-16 18:36 - 00000000 ____D C:\Users\Kamila 2016-11-04 08:52 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-11-04 07:02 - 2015-04-21 15:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-10-31 23:31 - 2015-04-17 00:18 - 00000000 ____D C:\Users\Kamila\AppData\Local\Google 2016-10-27 06:40 - 2015-06-17 18:13 - 00003842 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1434561205 2016-10-27 06:40 - 2015-06-17 18:13 - 00000000 ____D C:\Program Files (x86)\Opera 2016-10-27 06:39 - 2015-06-17 18:13 - 00001034 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-10-25 23:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-10-25 02:22 - 2015-04-17 00:18 - 00002192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-12 06:02 - 2015-04-21 15:57 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task ==================== Files in the root of some directories ======= 2015-04-20 20:20 - 2015-04-20 20:20 - 0007597 _____ () C:\Users\Kamila\AppData\Local\Resmon.ResmonCfg 2014-07-10 20:53 - 2014-07-10 20:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Kamila\AppData\Local\Temp\{07A1BB7E-B875-490C-BF74-B2E33B5F7376}-51.0.2704.84_50.0.2661.102_chrome_updater.exe C:\Users\Kamila\AppData\Local\Temp\{97082AC3-6791-4711-A7B6-9FB8957062CF}-53.0.2785.116_52.0.2743.116_chrome_updater.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-10-30 01:57 ==================== End of FRST.txt ============================