Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with returning malware - kitty, snare, winsapsvc...


  • This topic is locked This topic is locked
14 replies to this topic

#1 pwlb

pwlb

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 03 May 2017 - 02:09 AM

Hey all,

Around 2 weeks ago I noticed my laptop behaving weird - avast crashes without any warning (noticable cause it disappears from the tray), chrome crashes, and google keeps asking me to confirm my login with my password. I have noticed suspicious programs, scheduled tasks, services and taks in task manager: kitty, snare and winsapsvc. I have followed several different tutorials using several different antimalware programs but to no avail. Viruses keep coming back like cockroaches.

I would be very glad if someone could guide me through the process of making my computer clean again. Please find below FRST log and Addition file enclosed.

Best regards,

Pawel

 

 

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 01-05-2017

Uruchomiony przez Pablo (administrator)  PAWEL (03-05-2017 08:49:37)
Uruchomiony z C:\Users\Pablo\Downloads
Załadowane profile: Pablo & UpdatusUser (Dostępne profile: Pablo & UpdatusUser)
Platform: Windows 8.1 Pro (Update) (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
 
==================== Procesy (filtrowane) =================
 
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Rejestr (filtrowane) ====================
 
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader4.exe [4205056 2016-04-04] (Vitzo)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-10] (AVAST Software)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\MountPoints2: {0f9281a7-0c45-11e6-8256-b888e3b0f769} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\MountPoints2: {6828cfe4-9068-11e6-826c-9c2a701b38dc} - "H:\autoplay.exe" 
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\Run: [BatteryCare] => C:\Program Files (x86)\BatteryCare\BatteryCare.exe
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\MountPoints2: {0f9281a7-0c45-11e6-8256-b888e3b0f769} - "F:\AutoRun.exe" 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
ShellExecuteHooks: Brak nazwy - {770A789A-1B41-11E7-AC4B-64006A5CFC23} -  -> Brak pliku
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-10] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
 
==================== Internet (filtrowane) ====================
 
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
 
Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254
Tcpip\..\Interfaces\{FBC788DB-DFC1-4291-B971-531987B86885}: [DhcpNameServer] 37.8.214.2 31.11.202.254
 
Internet Explorer:
==================
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-04-03] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-10] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-03] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-04-03] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-10] (AVAST Software)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-03] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default [2017-05-03]
CHR Extension: (Dokumenty Google) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-29]
CHR Extension: (Dysk Google) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-29]
CHR Extension: (YouTube) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-29]
CHR Extension: (Avast SafePrice) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-04-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-29]
CHR Extension: (Avast Online Security) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-29]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-29]
CHR Extension: (Gmail) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-29]
CHR HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Usługi (filtrowane) ====================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
R2 AppleCloudSvc; C:\ProgramData\Apple\Common\Cloud\WinHelper.dll [108544 2017-04-26] () [Brak podpisu cyfrowego]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-10] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-10] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-04-03] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego]
S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-06-15] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 Kitty; C:\Users\Pablo\AppData\Local\Kitty\Kitty.dll [X] <==== UWAGA
S2 SNAREA; C:\Users\Pablo\AppData\Local\SNAREA\Snare.dll [X]
S2 WinSAPSvc; C:\Users\Pablo\AppData\Roaming\WinSAPSvc\WinSAP.dll [X] <==== UWAGA
 
===================== Sterowniki (filtrowane) ======================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-10] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-04-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-10] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-10] (AVAST Software)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-07-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-07-25] (Disc Soft Ltd)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
 
==================== NetSvcs (filtrowane) ===================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
 
==================== Jeden miesiąc - utworzone pliki i foldery ========
 
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
 
2017-05-03 08:49 - 2017-05-03 08:49 - 00000000 ____D C:\Users\Pablo\Downloads\FRST-OlderVersion
2017-05-03 08:27 - 2017-05-03 08:27 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-05-03 08:16 - 2017-05-03 08:30 - 00000000 ____D C:\Program Files\MK
2017-05-02 21:55 - 2017-05-02 22:41 - 00000000 ____D C:\Users\Pablo\Downloads\www.Torrenting.com - Silicon.Valley.S04E02.HDTV.x264-SVA
2017-05-02 21:55 - 2017-05-02 22:40 - 00000000 ____D C:\Users\Pablo\Downloads\Silicon.Valley.S04E01.HDTV.x264-FUM[ettv]
2017-05-02 21:41 - 2017-05-02 21:41 - 00000000 ___HD C:\$AV_ASW
2017-04-29 15:46 - 2017-04-29 15:47 - 00646192 _____ C:\Users\Pablo\Downloads\91072313499_2016.pdf
2017-04-29 15:46 - 2017-04-29 15:46 - 00439651 _____ C:\Users\Pablo\Downloads\91072313499_2015.pdf
2017-04-29 15:10 - 2017-05-03 08:23 - 00046464 _____ C:\Users\Pablo\Downloads\Addition.txt
2017-04-29 15:09 - 2017-05-03 08:49 - 00016618 _____ C:\Users\Pablo\Downloads\FRST.txt
2017-04-29 15:08 - 2017-05-03 08:49 - 02428416 _____ (Farbar) C:\Users\Pablo\Downloads\FRST64.exe
2017-04-29 15:08 - 2017-04-29 15:08 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2017-04-29 15:06 - 2017-04-29 15:06 - 00483968 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-29 15:06 - 2017-04-29 15:06 - 00000000 ____D C:\Users\Pablo\AppData\Local\VirtualStore
2017-04-29 15:03 - 2017-04-29 15:03 - 04102600 _____ C:\Users\Pablo\Downloads\adwcleaner_6.046.exe
2017-04-29 15:02 - 2017-05-03 08:49 - 00000000 ____D C:\FRST
2017-04-29 15:00 - 2017-05-03 08:24 - 00000000 ____D C:\AdwCleaner
2017-04-29 14:59 - 2017-04-29 14:59 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 14:59 - 2017-04-29 14:59 - 00003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-29 14:59 - 2017-04-29 14:59 - 00002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-29 14:59 - 2017-04-29 14:59 - 00002285 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-29 14:58 - 2017-04-29 14:58 - 00000000 ____D C:\Users\Pablo\AppData\Local\Apps\2.0
2017-04-27 19:37 - 2017-04-29 15:03 - 00000000 ____D C:\Windows\system32\log
2017-04-27 19:37 - 2017-04-27 19:37 - 00000000 ____D C:\ProgramData\Apple
2017-04-27 19:36 - 2017-04-27 19:36 - 00000000 _____ C:\Windows\SysWOW64\22
2017-04-27 19:36 - 2017-04-27 19:36 - 00000000 _____ C:\Windows\SysWOW64\11
2017-04-27 18:25 - 2017-04-27 18:31 - 00000000 ____D C:\Users\Pablo\Downloads\Billions.S02E10.WEBRip.XviD-FUM[ettv]
2017-04-26 23:57 - 2017-04-26 23:57 - 00031525 _____ C:\Users\Pablo\Desktop\historia_do_analizy.xlsx
2017-04-26 23:49 - 2017-04-26 23:49 - 00039484 _____ C:\Users\Pablo\Downloads\ias-41-en.pdf
2017-04-26 20:28 - 2017-04-26 21:53 - 00001017 _____ C:\Users\Pablo\Desktop\historia_do_analizy.csv
2017-04-26 20:11 - 2017-04-30 12:09 - 00000000 ____D C:\Users\Pablo\Downloads\Pacific, The
2017-04-26 10:33 - 2017-04-26 10:33 - 00000000 ____D C:\Windows\psgo
2017-04-25 15:58 - 2017-04-25 16:08 - 00000000 ____D C:\Users\Pablo\Downloads\13.Reasons.Why.S01E02.720p.WEBRip.X264-DEFLATE[ettv]
2017-04-24 15:53 - 2017-04-24 16:00 - 00000000 ____D C:\Users\Pablo\Downloads\13.Reasons.Why.S01E13.WEB.X264-DEFLATE[ettv]
2017-04-23 15:21 - 2017-04-23 22:25 - 00000000 ____D C:\Users\Pablo\Downloads\13.Reasons.Why.S01E12.WEB.X264-DEFLATE[ettv]
2017-04-23 09:49 - 2017-04-23 09:57 - 00000000 ____D C:\Users\Pablo\Downloads\Demolition Man (1993)
2017-04-20 20:37 - 2017-04-21 18:38 - 00053886 _____ C:\Users\Pablo\Downloads\stejtment (1) (2).xlsx
2017-04-20 07:35 - 2017-04-20 07:35 - 00007258 _____ C:\Users\Pablo\Desktop\history2.csv
2017-04-19 22:06 - 2017-04-19 23:14 - 00054131 _____ C:\Users\Pablo\Downloads\stejtment (1) (1).xlsx
2017-04-19 20:52 - 2017-04-19 20:55 - 00000000 ____D C:\Users\Pablo\Downloads\The.Big.Bang.Theory.S10E20.HDTV.x264-LOL[ettv]
2017-04-17 10:35 - 2017-04-17 10:35 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2017-04-14 22:20 - 2017-04-25 22:58 - 00000000 ____D C:\Users\Pablo\Downloads\Band.Of.Brothers.HBO.Mini-Series.1080p.5.1Ch.BluRay.ReEnc-DeeJayAhmed
2017-04-12 10:42 - 2017-04-12 11:18 - 00000000 ____D C:\Users\Pablo\Downloads\The Office US Season 9 [HDTV]
2017-04-12 10:18 - 2017-03-21 15:11 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-04-12 10:18 - 2017-03-21 15:11 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-04-12 10:18 - 2017-03-21 15:11 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-04-12 10:18 - 2017-03-21 15:11 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-04-12 07:37 - 2017-03-25 21:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 07:37 - 2017-03-25 21:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 07:37 - 2017-03-25 21:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 07:37 - 2017-03-25 20:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 07:37 - 2017-03-25 20:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 07:37 - 2017-03-25 20:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 07:37 - 2017-03-25 20:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 07:37 - 2017-03-25 20:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 07:37 - 2017-03-25 20:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 07:37 - 2017-03-25 20:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 07:37 - 2017-03-25 20:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 07:37 - 2017-03-25 20:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 07:37 - 2017-03-25 20:45 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-04-12 07:37 - 2017-03-25 20:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 07:37 - 2017-03-25 20:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 07:37 - 2017-03-25 20:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 07:37 - 2017-03-25 19:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 07:37 - 2017-03-25 19:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 07:37 - 2017-03-25 19:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 07:37 - 2017-03-25 19:12 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-04-12 07:37 - 2017-03-25 19:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 07:37 - 2017-03-25 19:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 07:37 - 2017-03-25 19:00 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 07:37 - 2017-03-25 18:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 07:37 - 2017-03-25 18:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 07:37 - 2017-03-25 18:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 07:37 - 2017-03-25 18:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 07:37 - 2017-03-25 18:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 07:37 - 2017-03-25 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 07:37 - 2017-03-25 06:43 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 07:37 - 2017-03-24 20:24 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 07:37 - 2017-03-14 21:06 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 07:37 - 2017-03-14 16:26 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 07:37 - 2017-03-14 16:09 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 07:37 - 2017-03-14 16:08 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 07:37 - 2017-03-14 16:06 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 07:37 - 2017-03-13 18:13 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 07:37 - 2017-03-13 18:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 07:37 - 2017-03-13 18:08 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-04-12 07:37 - 2017-03-13 18:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 07:37 - 2017-03-13 17:59 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 07:37 - 2017-03-13 17:59 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 07:37 - 2017-03-13 17:56 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 07:37 - 2017-03-12 17:04 - 00033792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-04-12 07:37 - 2017-03-11 05:59 - 01763888 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-04-12 07:37 - 2017-03-11 05:56 - 01489608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-04-12 07:37 - 2017-03-11 05:49 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 07:37 - 2017-03-11 05:49 - 00388440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 07:37 - 2017-03-11 05:44 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 07:37 - 2017-03-11 05:41 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 07:37 - 2017-03-09 23:13 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 07:37 - 2017-03-09 23:08 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 07:37 - 2017-03-09 21:29 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 07:37 - 2017-03-08 01:25 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 07:37 - 2017-03-08 01:21 - 01212760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 07:37 - 2017-03-04 21:24 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 07:37 - 2017-03-04 21:06 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 07:37 - 2017-03-04 20:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 07:37 - 2017-03-04 18:37 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 07:37 - 2017-03-03 17:11 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 07:37 - 2017-03-03 17:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 07:37 - 2017-03-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 07:37 - 2017-03-03 17:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 07:37 - 2017-02-11 20:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-04-12 07:37 - 2017-02-11 19:00 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 07:37 - 2017-02-11 18:49 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2017-04-12 07:37 - 2017-02-11 18:42 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2017-04-12 07:37 - 2017-02-10 21:06 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 07:37 - 2017-02-10 16:37 - 00046600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2017-04-12 07:37 - 2017-02-04 19:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 07:37 - 2017-02-04 19:51 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 07:37 - 2017-02-04 19:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 07:37 - 2017-02-01 21:44 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 07:37 - 2017-02-01 21:42 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 07:37 - 2017-01-21 21:22 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2017-04-12 07:37 - 2017-01-19 04:18 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-04-12 07:37 - 2017-01-18 16:35 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 07:37 - 2017-01-18 16:34 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 07:37 - 2017-01-14 22:32 - 00955016 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-04-12 07:37 - 2017-01-14 21:18 - 00787688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-04-12 07:37 - 2017-01-14 16:37 - 00447095 _____ C:\Windows\system32\ApnDatabase.xml
2017-04-12 07:37 - 2017-01-12 18:51 - 00274776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2017-04-12 07:37 - 2017-01-12 18:51 - 00117592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2017-04-12 07:37 - 2017-01-12 17:03 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2017-04-12 07:37 - 2017-01-12 17:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2017-04-12 07:37 - 2017-01-12 08:12 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-04-12 07:37 - 2017-01-11 21:12 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-04-12 07:37 - 2017-01-11 19:28 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-04-12 07:37 - 2017-01-11 17:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-04-12 07:37 - 2017-01-11 00:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-04-12 07:37 - 2017-01-10 23:06 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-04-12 07:37 - 2017-01-10 22:46 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-04-12 07:37 - 2017-01-10 21:20 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-04-12 07:37 - 2017-01-10 21:09 - 01108480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-04-12 07:37 - 2017-01-06 19:25 - 02513408 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-04-12 07:37 - 2017-01-06 19:04 - 01495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-04-12 07:37 - 2016-12-25 03:21 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2017-04-12 07:37 - 2016-12-25 03:14 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-04-12 07:37 - 2016-12-25 02:48 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-04-12 07:37 - 2016-12-25 02:19 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-04-12 07:37 - 2016-12-25 01:39 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-04-12 07:37 - 2016-12-09 10:08 - 00379736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-04-12 07:37 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2017-04-12 07:37 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2017-04-11 22:47 - 2017-04-11 22:47 - 00053334 _____ C:\Users\Pablo\Downloads\stejtment (2).xlsx
2017-04-10 22:40 - 2017-04-19 23:14 - 00000000 ____D C:\dbNotowania 4 MAX
2017-04-10 22:40 - 2017-04-10 22:40 - 00000724 _____ C:\Users\Pablo\Desktop\dbNotowania 4 MAX.lnk
2017-04-10 22:40 - 2017-04-10 22:40 - 00000000 ____D C:\Users\Public\Documents\dbNotowania 4 MAX
2017-04-10 22:40 - 2017-04-10 22:40 - 00000000 ____D C:\Users\Pablo\Documents\dbNotowania 4 MAX
2017-04-10 22:40 - 2017-04-10 22:40 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dbNotowania 4 MAX
2017-04-10 22:40 - 2017-04-10 22:40 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\dbNotowania 4 MAX
2017-04-10 22:03 - 2017-04-17 10:35 - 00000000 ____D C:\Users\Pablo\Documents\Notowania 4 MAX
2017-04-10 22:03 - 2017-04-17 10:35 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\Statica
2017-04-10 22:02 - 2017-04-10 22:02 - 00001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Deinstalacja programu PowerTrader Free Edition.lnk
2017-04-10 22:02 - 2017-04-10 22:02 - 00001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PowerTrader Free Edition.lnk
2017-04-10 22:02 - 2017-04-10 22:02 - 00001150 _____ C:\Users\Public\Desktop\PowerTrader Free Edition.lnk
2017-04-10 22:02 - 2017-04-10 22:02 - 00000051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Strona WWW programu PowerTrader Free Edition.url
2017-04-10 22:02 - 2017-04-10 22:02 - 00000000 ____D C:\ProgramData\Sumito Development
2017-04-10 22:02 - 2017-04-10 22:02 - 00000000 ____D C:\Program Files (x86)\PowerTrader Free Edition
2017-04-10 21:43 - 2017-04-10 21:43 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-10 21:43 - 2017-04-10 21:43 - 00003954 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1491853405
2017-04-10 21:43 - 2017-04-10 21:43 - 00001059 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-04-10 21:43 - 2017-04-10 21:43 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-10 21:42 - 2017-04-10 21:42 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-04-10 21:42 - 2017-04-10 21:42 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\AVAST Software
2017-04-10 21:42 - 2017-04-10 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-10 21:41 - 2017-05-03 08:22 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-10 21:41 - 2017-04-29 15:14 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-04-10 21:41 - 2017-04-29 15:14 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-10 21:41 - 2017-04-10 21:41 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-04-10 21:40 - 2017-04-10 21:43 - 00000000 ____D C:\Program Files\AVAST Software
2017-04-10 20:57 - 2017-04-29 14:59 - 00000000 ____D C:\Users\Pablo\AppData\Local\Google
2017-04-10 20:11 - 2017-04-10 20:11 - 00000000 _____ C:\Windows\regset.INI
2017-04-10 20:07 - 1998-10-02 19:00 - 00327168 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2017-04-09 20:54 - 2017-04-17 21:42 - 00000000 ____D C:\Users\Pablo\Downloads\Road Trip (2000)
2017-04-09 10:29 - 2017-04-11 23:13 - 00052909 _____ C:\Users\Pablo\Downloads\stejtment (1).xlsx
2017-04-06 20:56 - 2017-04-06 21:09 - 2787891812 _____ C:\Users\Pablo\Downloads\Rogue.One.A.Star.Wars.Story.2016.1080p.BluRay.6CH.ShAaNiG.mkv
2017-04-04 21:49 - 2017-04-04 22:32 - 00052346 _____ C:\Users\Pablo\Downloads\stejtment.xlsx
 
==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
 
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
 
2017-05-03 08:49 - 2016-03-28 20:17 - 00000000 ____D C:\Users\Pablo\AppData\Local\ClassicShell
2017-05-03 08:29 - 2016-03-28 19:46 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-03 08:29 - 2013-08-23 01:12 - 00807160 _____ C:\Windows\system32\perfh015.dat
2017-05-03 08:29 - 2013-08-23 01:12 - 00163478 _____ C:\Windows\system32\perfc015.dat
2017-05-03 08:29 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-05-03 08:25 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-02 22:18 - 2016-03-28 20:13 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\uTorrent
2017-04-30 10:30 - 2016-03-28 19:48 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1476795145-1944411896-4185569433-1001
2017-04-30 10:18 - 2016-08-16 18:09 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-29 15:14 - 2016-07-28 09:47 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-29 15:13 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-29 15:08 - 2016-03-28 20:13 - 00000000 ____D C:\Users\UpdatusUser
2017-04-29 15:05 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-29 14:59 - 2016-10-09 08:48 - 00000000 ____D C:\Users\Pablo\AppData\Local\Deployment
2017-04-29 14:59 - 2016-03-28 19:45 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-29 14:57 - 2016-03-28 19:43 - 00000000 ____D C:\Users\Pablo\AppData\Local\Packages
2017-04-29 14:53 - 2016-10-15 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2017-04-29 14:53 - 2016-10-07 18:14 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supreme Commander 2
2017-04-29 14:53 - 2016-07-31 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2017-04-24 21:43 - 2016-04-01 17:42 - 00000000 ____D C:\Users\Pablo\Documents\Magisterka
2017-04-23 16:11 - 2016-08-02 15:09 - 00036198 _____ C:\Users\Pablo\Desktop\rachunki.xlsx
2017-04-22 08:42 - 2016-03-28 20:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-17 10:36 - 2016-07-25 21:06 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\DAEMON Tools Lite
2017-04-17 10:31 - 2016-10-25 21:02 - 00000000 ____D C:\Users\Pablo\Desktop\sandisk
2017-04-14 19:23 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-04-13 21:15 - 2016-04-28 20:19 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-13 21:14 - 2016-04-28 20:19 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 13:41 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-04-13 00:17 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2017-04-13 00:17 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-13 00:17 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-12 10:22 - 2016-03-31 09:01 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 10:21 - 2016-03-31 09:01 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-12 10:20 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-04-10 23:01 - 2016-03-28 19:48 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-10 22:41 - 2016-04-28 20:15 - 00000000 ____D C:\ProgramData\Adobe
2017-04-10 21:41 - 2016-03-28 19:50 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-10 21:25 - 2016-03-28 19:43 - 00001454 _____ C:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-10 20:32 - 2016-08-19 10:28 - 00000000 ____D C:\Windows\Minidump
2017-04-08 08:21 - 2017-04-02 18:55 - 00000000 ____D C:\Users\Pablo\Downloads\Harry Potter and the Chamber of Secrets (2002) [1080p]
 
==================== Bamital & volsnap ======================
 
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
 
C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo
 
LastRegBack: 2017-04-29 14:06
 
==================== Koniec  FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 AM

Posted 05 May 2017 - 10:31 AM

Greetings Pawel and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like to get the FRST reports in English so that it is easier for me to review. Please right click on the FRST icon, select Rename, and rename it to FRST64english. Be sure to copy and paste both documents in your reply using multiple posts if necessary. Please don't use the code box.

Edited by Oh My!, 05 May 2017 - 10:32 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 pwlb

pwlb
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 06 May 2017 - 01:57 AM

Hi Gary, thank you so much for your interest and reply. Here are the files that you requested.

 

Best regards,

Pawel

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-05-2017 02
Ran by Pablo (administrator) on PAWEL (06-05-2017 08:52:16)
Running from C:\Users\Pablo\Downloads
Loaded Profiles: Pablo & UpdatusUser (Available Profiles: Pablo & UpdatusUser)
Platform: Windows 8.1 Pro (Update) (X64) Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Zoohair\Application\chrome.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Zoohair\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Zoohair\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Zoohair\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Zoohair\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Zoohair\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Zoohair\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Zoohair\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Zoohair\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Zoohair\Application\chrome.exe
(Farbar) C:\Users\Pablo\Downloads\FRST64english.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader4.exe [4205056 2016-04-04] (Vitzo)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-10] (AVAST Software)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\Run: [background_fault] => "C:\Users\Pablo\AppData\Local\background_fault\aswRD.exe" "C:\Users\Pablo\AppData\Local\background_fault\bf.dll",background_fault_collector <===== ATTENTION
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\MountPoints2: {0f9281a7-0c45-11e6-8256-b888e3b0f769} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\MountPoints2: {6828cfe4-9068-11e6-826c-9c2a701b38dc} - "H:\autoplay.exe" 
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\Run: [BatteryCare] => C:\Program Files (x86)\BatteryCare\BatteryCare.exe
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\MountPoints2: {0f9281a7-0c45-11e6-8256-b888e3b0f769} - "F:\AutoRun.exe" 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
ShellExecuteHooks: No Name - {770A789A-1B41-11E7-AC4B-64006A5CFC23} -  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-10] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254
Tcpip\..\Interfaces\{FBC788DB-DFC1-4291-B971-531987B86885}: [DhcpNameServer] 37.8.214.2 31.11.202.254
 
Internet Explorer:
==================
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-04-03] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-10] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-03] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-04-03] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-10] (AVAST Software)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-03] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default [2017-05-04]
CHR Extension: (Dokumenty Google) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-29]
CHR Extension: (Dysk Google) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-29]
CHR Extension: (YouTube) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-29]
CHR Extension: (Avast SafePrice) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-04-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-29]
CHR Extension: (Avast Online Security) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-29]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-29]
CHR Extension: (Gmail) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-29]
CHR HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AppleCloudSvc; C:\ProgramData\Apple\Common\Cloud\WinHelper.dll [108544 2017-04-26] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-10] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-10] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-04-03] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 IISvr; C:\ProgramData\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisexp.dll [105472 2017-05-04] () [File not signed]
S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-06-15] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S4 SNAREA; C:\Users\Pablo\AppData\Local\SNAREA\Snare.dll [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-10] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-04-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-10] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-10] (AVAST Software)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-07-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-07-25] (Disc Soft Ltd)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-06 08:52 - 2017-05-06 08:52 - 00017197 _____ C:\Users\Pablo\Downloads\FRST.txt
2017-05-06 08:52 - 2017-05-06 08:52 - 00000000 ____D C:\Users\Pablo\Downloads\FRST-OlderVersion
2017-05-06 08:44 - 2017-05-06 08:44 - 00000045 _____ C:\Users\Public\Documents\temp.dat
2017-05-06 08:44 - 2017-05-06 08:44 - 00000000 ____D C:\Users\Pablo\AppData\Local\Zoohair
2017-05-06 08:44 - 2017-05-06 08:44 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-05 22:12 - 2017-05-05 22:39 - 00009139 _____ C:\Users\Pablo\Desktop\zuzycie energii.xlsx
2017-05-04 21:57 - 2017-05-04 21:57 - 00002016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-04 21:57 - 2017-05-04 21:57 - 00001946 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-04 21:57 - 2017-05-04 21:57 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\Mozilla
2017-05-04 21:57 - 2017-05-04 21:57 - 00000000 ____D C:\Users\Pablo\AppData\LocalLow\Mozilla
2017-05-04 21:56 - 2017-05-04 21:56 - 00002095 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-04 21:56 - 2017-05-04 21:56 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-04 21:56 - 2017-05-04 21:56 - 00000000 ____D C:\Program Files (x86)\Zoohair
2017-05-04 21:56 - 2017-05-04 21:56 - 00000000 ____D C:\Program Files (x86)\MIO
2017-05-04 21:54 - 2017-05-04 21:56 - 00000000 ____D C:\Program Files (x86)\AlphaGo
2017-05-03 22:19 - 2017-05-03 22:59 - 00000000 ____D C:\Users\Pablo\Downloads\Rings.2017.720p.BRRip.x264.AAC-ETRG
2017-05-03 15:29 - 2017-05-03 16:30 - 00000000 ____D C:\Users\Pablo\Downloads\The Hangover Part III (2013)
2017-05-03 12:47 - 2017-05-03 12:59 - 00056420 _____ C:\Users\Pablo\Downloads\statement_PM.xlsx
2017-05-03 12:33 - 2017-05-03 12:33 - 00000448 _____ C:\Users\Pablo\Desktop\Komputer.lnk
2017-05-03 12:21 - 2017-05-03 12:21 - 00009122 _____ C:\Users\Pablo\Desktop\rachunek_prad.xlsx
2017-05-03 09:17 - 2017-05-03 09:17 - 00000000 ____D C:\Users\Pablo\AppData\Local\CEF
2017-05-03 08:16 - 2017-05-04 21:56 - 00000000 ____D C:\Program Files\MK
2017-05-02 21:41 - 2017-05-02 21:41 - 00000000 ___HD C:\$AV_ASW
2017-04-29 15:08 - 2017-05-06 08:52 - 02429440 _____ (Farbar) C:\Users\Pablo\Downloads\FRST64english.exe
2017-04-29 15:08 - 2017-04-29 15:08 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2017-04-29 15:06 - 2017-04-29 15:06 - 00483968 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-29 15:06 - 2017-04-29 15:06 - 00000000 ____D C:\Users\Pablo\AppData\Local\VirtualStore
2017-04-29 15:03 - 2017-04-29 15:03 - 04102600 _____ C:\Users\Pablo\Downloads\adwcleaner_6.046.exe
2017-04-29 15:02 - 2017-05-06 08:52 - 00000000 ____D C:\FRST
2017-04-29 15:00 - 2017-05-06 08:41 - 00000000 ____D C:\AdwCleaner
2017-04-29 14:59 - 2017-05-04 21:56 - 00002286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-29 14:59 - 2017-04-29 14:59 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 14:59 - 2017-04-29 14:59 - 00003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-29 14:58 - 2017-04-29 14:58 - 00000000 ____D C:\Users\Pablo\AppData\Local\Apps\2.0
2017-04-27 19:37 - 2017-04-29 15:03 - 00000000 ____D C:\Windows\system32\log
2017-04-27 19:37 - 2017-04-27 19:37 - 00000000 ____D C:\ProgramData\Apple
2017-04-27 19:36 - 2017-04-27 19:36 - 00000000 _____ C:\Windows\SysWOW64\22
2017-04-27 19:36 - 2017-04-27 19:36 - 00000000 _____ C:\Windows\SysWOW64\11
2017-04-27 18:25 - 2017-04-27 18:31 - 00000000 ____D C:\Users\Pablo\Downloads\Billions.S02E10.WEBRip.XviD-FUM[ettv]
2017-04-26 23:57 - 2017-05-03 13:05 - 00033019 _____ C:\Users\Pablo\Desktop\historia_do_analizy.xlsx
2017-04-26 10:33 - 2017-04-26 10:33 - 00000000 ____D C:\Windows\psgo
2017-04-17 10:35 - 2017-04-17 10:35 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2017-04-12 10:42 - 2017-04-12 11:18 - 00000000 ____D C:\Users\Pablo\Downloads\The Office US Season 9 [HDTV]
2017-04-12 10:18 - 2017-03-21 15:11 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-04-12 10:18 - 2017-03-21 15:11 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-04-12 10:18 - 2017-03-21 15:11 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-04-12 10:18 - 2017-03-21 15:11 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-04-12 07:37 - 2017-03-25 21:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 07:37 - 2017-03-25 21:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 07:37 - 2017-03-25 21:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 07:37 - 2017-03-25 20:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 07:37 - 2017-03-25 20:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 07:37 - 2017-03-25 20:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 07:37 - 2017-03-25 20:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 07:37 - 2017-03-25 20:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 07:37 - 2017-03-25 20:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 07:37 - 2017-03-25 20:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 07:37 - 2017-03-25 20:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 07:37 - 2017-03-25 20:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 07:37 - 2017-03-25 20:45 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-04-12 07:37 - 2017-03-25 20:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 07:37 - 2017-03-25 20:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 07:37 - 2017-03-25 20:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 07:37 - 2017-03-25 19:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 07:37 - 2017-03-25 19:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 07:37 - 2017-03-25 19:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 07:37 - 2017-03-25 19:12 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-04-12 07:37 - 2017-03-25 19:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 07:37 - 2017-03-25 19:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 07:37 - 2017-03-25 19:00 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 07:37 - 2017-03-25 18:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 07:37 - 2017-03-25 18:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 07:37 - 2017-03-25 18:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 07:37 - 2017-03-25 18:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 07:37 - 2017-03-25 18:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 07:37 - 2017-03-25 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 07:37 - 2017-03-25 06:43 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 07:37 - 2017-03-24 20:24 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 07:37 - 2017-03-14 21:06 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 07:37 - 2017-03-14 16:26 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 07:37 - 2017-03-14 16:09 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 07:37 - 2017-03-14 16:08 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 07:37 - 2017-03-14 16:06 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 07:37 - 2017-03-13 18:13 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 07:37 - 2017-03-13 18:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 07:37 - 2017-03-13 18:08 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-04-12 07:37 - 2017-03-13 18:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 07:37 - 2017-03-13 17:59 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 07:37 - 2017-03-13 17:59 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 07:37 - 2017-03-13 17:56 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 07:37 - 2017-03-12 17:04 - 00033792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-04-12 07:37 - 2017-03-11 05:59 - 01763888 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-04-12 07:37 - 2017-03-11 05:56 - 01489608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-04-12 07:37 - 2017-03-11 05:49 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 07:37 - 2017-03-11 05:49 - 00388440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 07:37 - 2017-03-11 05:44 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 07:37 - 2017-03-11 05:41 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 07:37 - 2017-03-09 23:13 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 07:37 - 2017-03-09 23:08 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 07:37 - 2017-03-09 21:29 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 07:37 - 2017-03-08 01:25 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 07:37 - 2017-03-08 01:21 - 01212760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 07:37 - 2017-03-04 21:24 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 07:37 - 2017-03-04 21:06 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 07:37 - 2017-03-04 20:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 07:37 - 2017-03-04 18:37 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 07:37 - 2017-03-03 17:11 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 07:37 - 2017-03-03 17:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 07:37 - 2017-03-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 07:37 - 2017-03-03 17:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 07:37 - 2017-02-11 20:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-04-12 07:37 - 2017-02-11 19:00 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 07:37 - 2017-02-11 18:49 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2017-04-12 07:37 - 2017-02-11 18:42 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2017-04-12 07:37 - 2017-02-10 21:06 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 07:37 - 2017-02-10 16:37 - 00046600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2017-04-12 07:37 - 2017-02-04 19:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 07:37 - 2017-02-04 19:51 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 07:37 - 2017-02-04 19:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 07:37 - 2017-02-01 21:44 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 07:37 - 2017-02-01 21:42 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 07:37 - 2017-01-21 21:22 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2017-04-12 07:37 - 2017-01-19 04:18 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-04-12 07:37 - 2017-01-18 16:35 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 07:37 - 2017-01-18 16:34 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 07:37 - 2017-01-14 22:32 - 00955016 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-04-12 07:37 - 2017-01-14 21:18 - 00787688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-04-12 07:37 - 2017-01-14 16:37 - 00447095 _____ C:\Windows\system32\ApnDatabase.xml
2017-04-12 07:37 - 2017-01-12 18:51 - 00274776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2017-04-12 07:37 - 2017-01-12 18:51 - 00117592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2017-04-12 07:37 - 2017-01-12 17:03 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2017-04-12 07:37 - 2017-01-12 17:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2017-04-12 07:37 - 2017-01-12 08:12 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-04-12 07:37 - 2017-01-11 21:12 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-04-12 07:37 - 2017-01-11 19:28 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-04-12 07:37 - 2017-01-11 17:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-04-12 07:37 - 2017-01-11 00:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-04-12 07:37 - 2017-01-10 23:06 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-04-12 07:37 - 2017-01-10 22:46 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-04-12 07:37 - 2017-01-10 21:20 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-04-12 07:37 - 2017-01-10 21:09 - 01108480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-04-12 07:37 - 2017-01-06 19:25 - 02513408 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-04-12 07:37 - 2017-01-06 19:04 - 01495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-04-12 07:37 - 2016-12-25 03:21 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2017-04-12 07:37 - 2016-12-25 03:14 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-04-12 07:37 - 2016-12-25 02:48 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-04-12 07:37 - 2016-12-25 02:19 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-04-12 07:37 - 2016-12-25 01:39 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-04-12 07:37 - 2016-12-09 10:08 - 00379736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-04-12 07:37 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2017-04-12 07:37 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2017-04-10 22:40 - 2017-04-19 23:14 - 00000000 ____D C:\dbNotowania 4 MAX
2017-04-10 22:40 - 2017-04-10 22:40 - 00000724 _____ C:\Users\Pablo\Desktop\dbNotowania 4 MAX.lnk
2017-04-10 22:40 - 2017-04-10 22:40 - 00000000 ____D C:\Users\Public\Documents\dbNotowania 4 MAX
2017-04-10 22:40 - 2017-04-10 22:40 - 00000000 ____D C:\Users\Pablo\Documents\dbNotowania 4 MAX
2017-04-10 22:40 - 2017-04-10 22:40 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dbNotowania 4 MAX
2017-04-10 22:40 - 2017-04-10 22:40 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\dbNotowania 4 MAX
2017-04-10 22:03 - 2017-04-17 10:35 - 00000000 ____D C:\Users\Pablo\Documents\Notowania 4 MAX
2017-04-10 22:03 - 2017-04-17 10:35 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\Statica
2017-04-10 22:02 - 2017-04-10 22:02 - 00001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Deinstalacja programu PowerTrader Free Edition.lnk
2017-04-10 22:02 - 2017-04-10 22:02 - 00001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PowerTrader Free Edition.lnk
2017-04-10 22:02 - 2017-04-10 22:02 - 00001150 _____ C:\Users\Public\Desktop\PowerTrader Free Edition.lnk
2017-04-10 22:02 - 2017-04-10 22:02 - 00000051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Strona WWW programu PowerTrader Free Edition.url
2017-04-10 22:02 - 2017-04-10 22:02 - 00000000 ____D C:\ProgramData\Sumito Development
2017-04-10 22:02 - 2017-04-10 22:02 - 00000000 ____D C:\Program Files (x86)\PowerTrader Free Edition
2017-04-10 21:43 - 2017-04-10 21:43 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-10 21:43 - 2017-04-10 21:43 - 00003954 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1491853405
2017-04-10 21:43 - 2017-04-10 21:43 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-10 21:42 - 2017-04-10 21:42 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-04-10 21:42 - 2017-04-10 21:42 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\AVAST Software
2017-04-10 21:42 - 2017-04-10 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-10 21:41 - 2017-05-03 08:22 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-10 21:41 - 2017-04-29 15:14 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-04-10 21:41 - 2017-04-29 15:14 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-10 21:41 - 2017-04-10 21:41 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-04-10 21:40 - 2017-04-10 21:43 - 00000000 ____D C:\Program Files\AVAST Software
2017-04-10 20:57 - 2017-04-29 14:59 - 00000000 ____D C:\Users\Pablo\AppData\Local\Google
2017-04-10 20:11 - 2017-04-10 20:11 - 00000000 _____ C:\Windows\regset.INI
2017-04-10 20:07 - 1998-10-02 19:00 - 00327168 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2017-04-06 20:56 - 2017-04-06 21:09 - 2787891812 _____ C:\Users\Pablo\Downloads\Rogue.One.A.Star.Wars.Story.2016.1080p.BluRay.6CH.ShAaNiG.mkv
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-06 08:48 - 2016-03-28 19:46 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-06 08:48 - 2013-08-23 01:12 - 00807160 _____ C:\Windows\system32\perfh015.dat
2017-05-06 08:48 - 2013-08-23 01:12 - 00163478 _____ C:\Windows\system32\perfc015.dat
2017-05-06 08:48 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-05-06 08:42 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-05 22:39 - 2016-03-28 20:17 - 00000000 ____D C:\Users\Pablo\AppData\Local\ClassicShell
2017-05-05 22:31 - 2016-08-16 18:09 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-04 22:43 - 2016-03-28 19:48 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1476795145-1944411896-4185569433-1001
2017-05-04 21:56 - 2016-07-28 09:47 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-03 22:59 - 2016-03-28 20:13 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\uTorrent
2017-05-03 12:50 - 2016-08-31 11:21 - 00000000 ____D C:\Users\Pablo\Documents\Książki
2017-05-03 12:50 - 2016-03-28 19:43 - 00000000 ____D C:\Users\Pablo\AppData\Local\Packages
2017-04-29 15:13 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-29 15:08 - 2016-03-28 20:13 - 00000000 ____D C:\Users\UpdatusUser
2017-04-29 15:05 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-29 14:59 - 2016-10-09 08:48 - 00000000 ____D C:\Users\Pablo\AppData\Local\Deployment
2017-04-29 14:59 - 2016-03-28 19:45 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-29 14:53 - 2016-10-15 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2017-04-29 14:53 - 2016-10-07 18:14 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supreme Commander 2
2017-04-29 14:53 - 2016-07-31 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2017-04-24 21:43 - 2016-04-01 17:42 - 00000000 ____D C:\Users\Pablo\Documents\Magisterka
2017-04-23 16:11 - 2016-08-02 15:09 - 00036198 _____ C:\Users\Pablo\Desktop\rachunki.xlsx
2017-04-22 08:42 - 2016-03-28 20:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-17 10:36 - 2016-07-25 21:06 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\DAEMON Tools Lite
2017-04-17 10:31 - 2016-10-25 21:02 - 00000000 ____D C:\Users\Pablo\Desktop\sandisk
2017-04-14 19:23 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-04-13 21:15 - 2016-04-28 20:19 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-13 21:14 - 2016-04-28 20:19 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 13:41 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-04-13 00:17 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2017-04-13 00:17 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-13 00:17 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-12 10:22 - 2016-03-31 09:01 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 10:21 - 2016-03-31 09:01 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-12 10:20 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-04-10 23:01 - 2016-03-28 19:48 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-10 22:41 - 2016-04-28 20:15 - 00000000 ____D C:\ProgramData\Adobe
2017-04-10 21:41 - 2016-03-28 19:50 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-10 21:25 - 2016-03-28 19:43 - 00001454 _____ C:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-10 20:32 - 2016-08-19 10:28 - 00000000 ____D C:\Windows\Minidump
2017-04-08 08:21 - 2017-04-02 18:55 - 00000000 ____D C:\Users\Pablo\Downloads\Harry Potter and the Chamber of Secrets (2002) [1080p]
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-29 14:06
 
==================== End of FRST.txt ============================
 
 
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2017 02
Ran by Pablo (06-05-2017 08:52:36)
Running from C:\Users\Pablo\Downloads
Windows 8.1 Pro (Update) (X64) (2016-03-28 17:43:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1476795145-1944411896-4185569433-500 - Administrator - Disabled)
Gość (S-1-5-21-1476795145-1944411896-4185569433-501 - Limited - Disabled)
Pablo (S-1-5-21-1476795145-1944411896-4185569433-1001 - Administrator - Enabled) => C:\Users\Pablo
UpdatusUser (S-1-5-21-1476795145-1944411896-4185569433-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\uTorrent) (Version: 3.5.0.43534 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\uTorrent) (Version: 3.4.6.42042 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Aktualizacje NVIDIA 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
AlphaGo (HKLM-x32\...\{9CDB618D-4F02-4CAD-B743-89677FE7ADE9}) (Version: 1.2.3 - AlphaGo)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0192 - Disc Soft Ltd)
dbNotowania 4 MAX (HKLM-x32\...\{3004C972-0DFF-4CB6-98AF-9B91E39CE3A9}) (Version: 4.2.126.0 - Statica)
Discord (HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
e5 Secure Download Manager (HKLM-x32\...\{1C0ADCC1-E537-4A87-8F4C-2D2F6FB338DF}) (Version: 3.2.243.0 - Kivuto Solutions Inc.)
e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 9.0.4 - Ministerstwo Finansow)
e-Deklaracje Desktop (x32 Version: 9.0.4 - Ministerstwo Finansow) Hidden
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
K-Lite Mega Codec Pack 12.3.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
MetaTrader FLOAT (HKLM-x32\...\MetaTrader FLOAT) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2076 - Microsoft Corporation)
Microsoft Office 365 ProPlus - pl-pl (HKLM\...\O365ProPlusRetail - pl-pl) (Version: 16.0.7766.2076 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
NVIDIA Oprogramowanie systemu PhysX 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Panel sterowania NVIDIA 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PowerTrader Free Edition (HKLM-x32\...\{8180ECD7-7DFB-4BD5-A596-A34DBC746A7A}_is1) (Version:  - Sumito Development)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VDownloader 4.2.1909 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version:  - Vitzo Limited)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\ChromeHTML: -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.) <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06DC40D9-F8A8-410C-A4BB-B8750327428D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-03] (Microsoft Corporation)
Task: {08A7F0BB-09FB-4644-ABD8-1B42B66F70A9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-04-03] (Microsoft Corporation)
Task: {1494B2C5-E2B5-4B3C-822B-2EF78610A97F} - System32\Tasks\SafeZone scheduled Autoupdate 1491853405 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {28968934-EC70-4604-A44A-E92F56B54338} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {43DE6AD9-E40D-4300-9DB4-187830FE80C3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-04-03] (Microsoft Corporation)
Task: {5CA2732C-9252-43F7-86E8-2E7081032027} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-10] (AVAST Software)
Task: {608F4665-E33B-4DE1-A90D-B342AAE5F9C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {8E6A38BD-0EDC-46E8-9BC5-A3EB555AB81A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-29] (Google Inc.)
Task: {B2B9856D-4583-48BB-A68A-521837E064EB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-03] (Microsoft Corporation)
Task: {BB3C47FC-5419-4F8C-87E9-889F32F49C55} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {C8630EA8-0924-4A57-A1CF-91B178BE6ADE} - \Nufikzejcult -> No File <==== ATTENTION
Task: {CF7BAB5F-6EFC-40CB-ACF1-67B9DD6DDD61} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-04-03] (Microsoft Corporation)
Task: {F76190F3-C69E-4749-A954-01F28AD1A3B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-29] (Google Inc.)
Task: {FF7241FB-76A5-4AE0-A4E5-56EE24B5C28F} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Pablo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Pablo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2016-04-03 10:44 - 2017-01-29 15:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-06-15 22:30 - 2016-06-15 22:30 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-04-10 21:41 - 2017-04-10 21:41 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-10 21:41 - 2017-04-10 21:41 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-10 21:41 - 2017-04-10 21:41 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-10 21:41 - 2017-04-10 21:41 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-10 21:41 - 2017-04-10 21:41 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-27 19:37 - 2017-04-26 05:14 - 00108544 _____ () c:\programdata\apple\common\cloud\winhelper.dll
2017-05-04 21:56 - 2017-05-04 05:41 - 00105472 _____ () c:\programdata\package cache\{59399776-575d-9c54-e861-0d5eab7e707d}v10.1.14393.795\installers\iis\iisexp.dll
2017-05-04 21:56 - 2017-05-04 05:41 - 00105472 _____ () C:\ProgramData\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisexp.dll
2017-05-04 21:56 - 2017-04-19 06:04 - 02864984 _____ () C:\Program Files (x86)\Zoohair\Application\libglesv2.dll
2017-05-04 21:56 - 2017-04-19 06:04 - 00087384 _____ () C:\Program Files (x86)\Zoohair\Application\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:AstInfo [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2017-04-10 20:43 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pablo\Pictures\space_stars_planet_surface_105684_1920x1080.jpg
DNS Servers: 37.8.214.2 - 31.11.202.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "VDownloader"
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\StartupApproved\Run: => "BatteryCare"
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\StartupApproved\Run: => "BatteryCare"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2E0BFC04-6CB7-4368-8961-21ADEE93B736}] => (Allow) C:\Users\Pablo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D77777C1-54CA-497A-828C-D8EC295B4F86}] => (Allow) C:\Users\Pablo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{930DA8E0-B923-44A8-ADA7-895F34FB1BE8}] => (Allow) C:\Users\Pablo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C603E8C0-2602-4C47-BC11-B377D3439E87}] => (Allow) C:\Users\Pablo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0AC2973E-4A36-41DB-8BB1-57EB27320FD7}] => (Allow) C:\Users\Pablo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B76E6B15-A627-427F-832E-0876404FC622}] => (Allow) C:\Users\Pablo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1566E1FB-A977-441C-8EC5-B63893E66939}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{42D619EB-BB15-4338-AAAD-BB4ED53825AC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{857093DF-818F-40FB-B921-D2A0394947F5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F5326892-9682-4AB6-A0EC-4597AE21BC64}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{971B3176-2603-4DE0-93F3-B01C76E25CDD}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{988CF065-06FF-405E-8F53-0877EB599DC4}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{D4616AE7-62E8-4E8C-B45B-FBC4EF26E21E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2D971205-6F39-4176-AFB6-F668D5541B79}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0C6BE676-19DB-435C-BB9A-ABB5FB2E9745}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{60E35D0B-DE84-4DE2-B12D-DBC274E4E5EC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6D709F97-B702-40F1-978D-E1CCAF79968F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{73C4F5CE-172C-4962-9F02-02451DA22D22}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E540FAD1-567E-4981-A799-C7856C0CA104}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4FE01A61-8D4F-422B-82A5-36D8ADA501EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{917F20C0-D717-49EE-895F-7283BCC7058F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ABB5661E-DA07-427C-B7B3-9D5B3FB389B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{E2C8081C-AEE2-41B1-9DA3-A3256F2CF7F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{9A32A37F-6A1A-45BC-BCFF-CD713C28F8E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8DCBD08D-D711-4FF3-A432-EDDBC41C0E47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7305694-9DEE-4EE0-A8E0-739422AB5631}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A34E6D61-7DED-4352-B647-27A49CF09416}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C311196A-D988-45C7-A580-2CD34D4181CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{263AD9D0-2FED-46F9-91E7-1C4FADDB7C05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B1A57F54-55E1-48BF-9B92-011EB2347D69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DFF7A3C8-A429-4E18-96F7-44E768DF68AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{90364D87-6501-47EC-9F9A-DB471767E58E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FDDA5EC2-9670-487C-85D2-4460A1E1B0C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A4BE6D87-756B-4096-8F70-0F174B0F78D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1342E6E4-3C5F-4282-BDF3-7AE163451671}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D8673288-EF81-4497-B30B-5C7EABCAA77D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{604588A1-3C16-4CFE-B640-8575A71CAE78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4E3D654E-6359-4902-B542-BAA36563CB8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1BEFA065-AEFB-4CFF-83C3-B8DBD9A64F4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2FF9179E-A1F3-4E17-89D2-C14FFF468665}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A27A0B28-8093-4323-B484-0EC18EF62ECF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B43A037D-9499-4F8B-A729-BC728B4E5419}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{040F3F08-70D1-4966-B400-87DF0BBB18A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E8B027CE-B5DF-437A-9604-8D712488B10C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{94BE57C0-10FD-49CC-8466-7718553B9399}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FCFA885E-DCE6-4F96-8A27-3712AD561566}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB468832-968C-421C-8969-D2F780872B37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3D8B24B4-6C14-4DD6-89A7-5B7026030EF2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2FD7C821-DD07-47BA-980B-0D60D4E773F7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E9A36DB3-532E-4255-87DA-9838F95C57F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2A9C011C-2B90-455C-9CF5-D8E04AB77178}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7C8D6D95-87DB-4562-B434-44C1639014D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F1787948-7C65-4783-BCF5-DC2D7003390F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4C7A9572-20D3-49AE-B0B0-2DEDA2DDAB5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{80D59F4F-8CC2-4665-A6D4-467AAE8D8C1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B95BFD33-C4BB-4802-AD06-CAA6D23AE869}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{90602EE1-E2BF-4F85-8A26-3AD219E7D38E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0872E0A8-B5BF-4E6A-A2BD-FFE205BCA32E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8170D44C-53F4-4A70-9B01-88E8A1F64551}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{35AF84CF-3A5A-47F0-9076-CA7E6C82E301}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B6B3FBB7-620A-45E6-AAD0-306583E3CA51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3760E260-86C0-43DA-899B-C053E03217B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{41A6D095-E8EE-4AE7-BEF5-BCA062717312}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7E0AC2AD-D197-4A7D-AC08-3C78E8B82C34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{419C2206-BB18-4C54-8A7C-7F17D0F6F62A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A74859C1-D187-4B90-986C-6EAE3B603BBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3012D5F4-03F8-49FF-A491-6AB613DE6799}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3F40458B-3851-496D-8C9A-CF4BD7C473BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9EA4512C-7658-4C36-8E95-E76A5B687BB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E79B4144-526E-405B-B6B4-9ADE591B5216}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F617C328-EC22-4D7C-8E31-AD12667A0868}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7C01FE25-5015-4A6D-A8C2-CEAEF201B1A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1039910A-3DD1-4204-A2DD-845311F0E004}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A5CB3158-C061-453A-85E0-05CC3A00299B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5808237D-58F8-412C-A027-463B1B61AA26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6FEEC3ED-0E1A-41DE-BB45-9D034CE4BB08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{037BC016-86F0-4E81-A737-F03EA74A081A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{968D6B91-140B-4EE9-9215-7A05CE7679D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B070A11A-ED44-47CE-B495-F7FEDF8FDDC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6E198AA0-CBD6-48CB-8C69-539A09F3CED0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9DFFD21B-D18B-4046-8183-9AF737473BDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{C50FB8E1-BE93-4B60-A354-09AC46B22571}C:\users\pablo\appdata\roaming\utorrent\updates\3.4.9_43223.exe] => (Block) C:\users\pablo\appdata\roaming\utorrent\updates\3.4.9_43223.exe
FirewallRules: [UDP Query User{78D8FEB7-9282-4833-8C52-06501A113AD4}C:\users\pablo\appdata\roaming\utorrent\updates\3.4.9_43223.exe] => (Block) C:\users\pablo\appdata\roaming\utorrent\updates\3.4.9_43223.exe
FirewallRules: [{8244B913-6DC0-4769-AB0E-B08B0570D173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5E4EE723-AF52-45D9-9037-16EA6BA086F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8722B56E-A9E7-470F-94CA-872E2ACB4894}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EBA64E4F-5DD8-4484-B7D9-7EEBB6A7C574}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C931C06E-686A-4711-810A-46039AB38480}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F6F72E46-EA49-469C-82AA-B8E9DB261332}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{18913B8F-8788-424D-AA0C-3B7A08455B04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CCE84205-6A69-4594-98D2-2E8952DABCE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0B373095-2A52-41C9-A638-B131B7A5034D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4D765D02-B4B1-4732-8871-BB066BB28FB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B8A4C2DC-EC2E-4D93-9337-48A111A2B38E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DDF256D0-4D0B-4F89-9434-73F50190E402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0AC83D33-E1AE-4B09-9741-DF89D707AB42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E02EDCD0-E04E-4390-AC38-7A1F7B4367BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BC7F9476-5441-4D9F-9DB2-3DBF2CD04F40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{48A3488F-CA52-406B-8D48-1CB364221E49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A07DC1BE-C935-4A02-BBB8-2DA9831F424A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F311AA10-EA8E-439A-B91D-1F974C78EBE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB15ECC0-A89D-4341-B0FB-2792D8907523}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8F8F2EB7-7448-4EEA-BA7C-4696A4B88BB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{633289FB-8FD2-4911-82F3-42848D43D05D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4D313396-04D8-49BA-89F3-220601899517}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A862FFE7-81C5-44BE-847F-58B80EB9E756}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7178C977-BBF3-4D36-9AF4-60C2582AFDB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{054EA87F-9BA2-4BC3-B472-75ADEAFE0059}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FE067CE2-772A-45BD-BD93-5581B0E051BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5AB15CAA-8E14-4E49-99FA-038A69173692}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D79626E7-C90A-4762-B83D-3BE48309E7A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{25CCD65B-9F60-4652-913C-E37C9A37E85C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ADFD0417-BA96-430A-9209-5DFCCBF15AAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CFFE36DF-471B-48DD-A990-4A855716032F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8EFFE6C5-7D2A-4B55-BF80-329A8DCCEF6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AB34104B-87FC-4685-A715-DB105D3A2746}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B1C48135-7CC9-40FF-878E-D04BD71D0DB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{720CC256-8FC2-4BDA-BE1B-CE37AEB4D558}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AFBABA00-2AEA-4810-BE7F-42B0D79B5B7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D6E3FC6F-BBF5-4DCB-AF31-2CD60743C8E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B1B766C1-CB4D-4428-9FB5-9B2A5A48FDF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F8D190F6-07C0-4F37-AB72-5DC74765CF9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B20AAA67-99BF-4C97-BB36-135CD768E369}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5E7B364E-BA5C-45E4-BE63-4CC88E5295C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C5AEA92D-5A9A-496C-9E64-BE6BC04CE2A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F0FC5878-89F5-49DD-839C-17A0EA41F16D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2AE6AF8D-2297-4AD2-8E66-3C5EB951AFF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE7CE4E5-DD8B-4738-81DA-88658202612F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{9462DA15-15EC-42D2-BA8A-ED4F4708374C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2A879427-BF9E-419B-A6D2-6E59815F1657}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0E96FC1F-BDA0-4251-B16F-F3019FBADFD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0508776C-B40A-4FEC-8459-9715F192A5AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7BD45795-CA6C-434C-8BCB-C1514CBE2915}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{498C28FE-7FB3-4BC2-98C7-9AD2B17FFB9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{102965AD-AE89-463A-A8E9-5F1FE77C39D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EFB8A963-C5FC-41AB-B9CD-AC3341227AED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7660B63D-9CDC-43AC-B7C2-4E53E2AB19FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6E003FD2-DD5C-43F1-8195-236707B9E0D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{03C9BD73-0B06-4CA6-B598-B6DADDD4DBD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A0AE0C8B-A355-4B47-B442-411A21434561}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E0C86248-6871-490E-833C-974E0E452685}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1A15388-0F9E-468C-9125-F7637F7DF6F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{81106D8C-CE7F-4554-A7DA-ED2230D06871}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A5B740EC-437D-4B91-80E5-AD7CF093809A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{66C165BE-D6FB-4E06-B2B1-98D9B84C0DDA}] => (Allow) C:\Program Files (x86)\MIO\loader\plextorxpx-128m6pro_p02447110318.dat
FirewallRules: [{FF985168-BBE2-412A-949C-9C02F039869A}] => (Allow) C:\Program Files (x86)\MIO\loader\plextorxpx-128m6pro_p02447110318.dat
FirewallRules: [{8E44E812-13F4-4DD9-A6F5-BF5DFAB0C35C}] => (Allow) C:\Program Files (x86)\Zoohair\Application\chrome.exe
FirewallRules: [{D0EC81EB-456E-4120-883F-CBA0FD82E903}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{BAB04E68-21AB-4B47-A705-29FB1B571B9F}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
 
==================== Restore Points =========================
 
29-04-2017 16:40:05 Zaplanowany punkt kontrolny
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/06/2017 08:45:22 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" w wierszu 1.
Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.
Odwołanie to UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definicja to UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (05/05/2017 10:12:09 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {413ED126-9029-44C6-8647-888083E8037D}
 
Error: (05/05/2017 10:12:09 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {413ED126-9029-44C6-8647-888083E8037D}
 
Error: (05/04/2017 09:56:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: T.exe, wersja: 17.1.3394.0, sygnatura czasowa: 0x5898d678
Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.3.9600.18233, sygnatura czasowa: 0x56bb4e1d
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0001ec22
Identyfikator procesu powodującego błąd: 0x734
Godzina uruchomienia aplikacji powodującej błąd: 0x01d2c5107f9a51e5
Ścieżka aplikacji powodującej błąd: C:\Windows\TEMP\hpB06.tmp\T.exe
Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll
Identyfikator raportu: be6bdd9d-3103-11e7-8282-9c2a701b38dc
Pełna nazwa pakietu powodującego błąd: 
Identyfikator aplikacji względem pakietu powodującego błąd:
 
Error: (05/04/2017 09:56:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: MsiExec.exe, wersja: 5.0.9600.18333, sygnatura czasowa: 0x572b76b0
Nazwa modułu powodującego błąd: deskapp.dll_unloaded, wersja: 0.0.0.0, sygnatura czasowa: 0x590adb79
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00001b58
Identyfikator procesu powodującego błąd: 0x1be0
Godzina uruchomienia aplikacji powodującej błąd: 0x01d2c5103cb823e1
Ścieżka aplikacji powodującej błąd: C:\Windows\syswow64\MsiExec.exe
Ścieżka modułu powodującego błąd: deskapp.dll
Identyfikator raportu: be32745a-3103-11e7-8282-9c2a701b38dc
Pełna nazwa pakietu powodującego błąd: 
Identyfikator aplikacji względem pakietu powodującego błąd:
 
Error: (05/04/2017 08:39:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" w wierszu 1.
Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.
Odwołanie to UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definicja to UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (05/03/2017 08:16:42 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" w wierszu 1.
Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.
Odwołanie to UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definicja to UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (05/02/2017 10:13:09 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Wolumin Odzyskiwanie nie został zoptymalizowany, ponieważ napotkano błąd: Parametr jest niepoprawny. (0x80070057)
 
Error: (05/02/2017 09:41:40 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" w wierszu 1.
Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.
Odwołanie to UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definicja to UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (04/30/2017 12:40:53 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" w wierszu 1.
Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.
Odwołanie to UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definicja to UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
 
System errors:
=============
Error: (05/06/2017 08:42:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi MBAMChameleon z powodu następującego błędu: 
Nie można odnaleźć określonego pliku.
 
Error: (05/06/2017 08:41:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa NVIDIA Update Service Daemon niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (05/06/2017 08:41:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
 
Error: (05/06/2017 08:41:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa PnkBstrA niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (05/06/2017 08:41:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Elan Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (05/06/2017 08:41:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Usługa Szybka instalacja pakietu Microsoft Office niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
 
Error: (05/06/2017 08:41:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Adobe Acrobat Update Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (05/06/2017 08:41:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Bufor wydruku niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
 
Error: (05/06/2017 08:41:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (05/04/2017 09:57:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Internet Information Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
 
CodeIntegrity:
===================================
  Date: 2017-04-27 22:59:27.293
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 25%
Total physical RAM: 8081.27 MB
Available physical RAM: 5987.13 MB
Total Virtual: 9361.27 MB
Available Virtual: 7149.5 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:118.73 GB) (Free:47.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 AM

Posted 06 May 2017 - 11:40 AM

You are very welcome Pawel.

Do you recognize these?

C:\Users\Pablo\Desktop\rachunek_prad.xlsx
C:\Users\Pablo\Desktop\historia_do_analizy.xlsx
C:\Users\Pablo\Desktop\rachunek_prad.xlsx


Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\Run: [background_fault] => "C:\Users\Pablo\AppData\Local\background_fault\aswRD.exe" "C:\Users\Pablo\AppData\Local\background_fault\bf.dll",background_fault_collector <===== ATTENTION
C:\Users\Pablo\AppData\Local\background_fault
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\MountPoints2: {0f9281a7-0c45-11e6-8256-b888e3b0f769} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\MountPoints2: {6828cfe4-9068-11e6-826c-9c2a701b38dc} - "H:\autoplay.exe" 
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\MountPoints2: {0f9281a7-0c45-11e6-8256-b888e3b0f769} - "F:\AutoRun.exe" 
ShellExecuteHooks: No Name - {770A789A-1B41-11E7-AC4B-64006A5CFC23} -  -> No File
S4 SNAREA; C:\Users\Pablo\AppData\Local\SNAREA\Snare.dll [X] 
C:\Users\Pablo\AppData\Local\SNAREA
2017-05-06 08:44 - 2017-05-06 08:44 - 00000045 _____ C:\Users\Public\Documents\temp.dat
2017-05-06 08:44 - 2017-05-06 08:44 - 00000000 ____D C:\Users\Pablo\AppData\Local\Zoohair
2017-05-06 08:44 - 2017-05-06 08:44 - 00000000 ____D C:\ProgramData\SWCUTemp
C:\Program Files (x86)\Zoohair\Application\chrome.exe
2017-05-04 21:56 - 2017-05-04 21:56 - 00002095 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-04 21:56 - 2017-05-04 21:56 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-04 21:56 - 2017-05-04 21:56 - 00000000 ____D C:\Program Files (x86)\Zoohair
2017-05-04 21:56 - 2017-05-04 21:56 - 00000000 ____D C:\Program Files (x86)\MIO
2017-05-04 21:54 - 2017-05-04 21:56 - 00000000 ____D C:\Program Files (x86)\AlphaGo
2017-04-26 10:33 - 2017-04-26 10:33 - 00000000 ____D C:\Windows\psgo
2017-04-17 10:35 - 2017-04-17 10:35 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2017-04-10 20:11 - 2017-04-10 20:11 - 00000000 _____ C:\Windows\regset.INI
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\ChromeHTML: -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.) <==== ATTENTION
C:\Program Files (x86)\Zoohair
Task: {C8630EA8-0924-4A57-A1CF-91B178BE6ADE} - \Nufikzejcult
Shortcut: C:\Users\Pablo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Pablo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.)
AlternateDataStreams: C:\Windows:AstInfo [0]
FirewallRules: [{66C165BE-D6FB-4E06-B2B1-98D9B84C0DDA}] => (Allow) C:\Program Files (x86)\MIO\loader\plextorxpx-128m6pro_p02447110318.dat
FirewallRules: [{FF985168-BBE2-412A-949C-9C02F039869A}] => (Allow) C:\Program Files (x86)\MIO\loader\plextorxpx-128m6pro_p02447110318.dat
FirewallRules: [{8E44E812-13F4-4DD9-A6F5-BF5DFAB0C35C}] => (Allow) C:\Program Files (x86)\Zoohair\Application\chrome.exe
C:\Windows\TEMP\hpB06.tmp\T.exe
C:\Program Files (x86)\Elex-tech
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected
  • Click the Options tab
  • Place a checkmark in the following boxes:

Firefox Look
Chrome Look
Autoclean

  • Verify Scan All Users is selected then click Run Script
  • Do not use your computer while the scan is running
  • When completed a zoek report will be placed in your C: folder
  • Copy and paste the contents of that report in your reply
===================================================

RogueKiller

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize entries?
  • Fixlog
  • Zoek report
  • RogueKiller report
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 pwlb

pwlb
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 06 May 2017 - 04:38 PM

Hi Gary, thanks for your reply. As you requested I haven't made any changes to the computer, just refrained myself from using P2P.

 

1) Yes, the .xlsx files are my working spreadsheets

2) My computer is running just fine until it gets infected. Then the efficiency goes down dramatically, avast and chrome crash and firefox appears on my desktop (and probably bunch of other stuff happens in the background). After few moments it goes back to "normal". Than I clean it, and roughly 2 days after it gets infected again.

I am 95% sure that it got infected few weeks ago, when I was looking for a free trial charting tool software to test (MetaStock). I somehow ended up on some sketchy website and without me doing any downloading it infected my laptop. I am normaly very conscious about the content I am checking and it is my first infection since about 2012.

 

Please find all the request logs below.

Best regards

Pawel

 

FIXLOG--------------------------------

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-05-2017
Ran by Pablo (06-05-2017 20:49:12) Run:1
Running from C:\Users\Pablo\Downloads
Loaded Profiles: Pablo & UpdatusUser (Available Profiles: Pablo & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\Run: [background_fault] => "C:\Users\Pablo\AppData\Local\background_fault\aswRD.exe" "C:\Users\Pablo\AppData\Local\background_fault\bf.dll",background_fault_collector <===== ATTENTION
C:\Users\Pablo\AppData\Local\background_fault
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\MountPoints2: {0f9281a7-0c45-11e6-8256-b888e3b0f769} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\MountPoints2: {6828cfe4-9068-11e6-826c-9c2a701b38dc} - "H:\autoplay.exe" 
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\MountPoints2: {0f9281a7-0c45-11e6-8256-b888e3b0f769} - "F:\AutoRun.exe" 
ShellExecuteHooks: No Name - {770A789A-1B41-11E7-AC4B-64006A5CFC23} -  -> No File
S4 SNAREA; C:\Users\Pablo\AppData\Local\SNAREA\Snare.dll [X] 
C:\Users\Pablo\AppData\Local\SNAREA
2017-05-06 08:44 - 2017-05-06 08:44 - 00000045 _____ C:\Users\Public\Documents\temp.dat
2017-05-06 08:44 - 2017-05-06 08:44 - 00000000 ____D C:\Users\Pablo\AppData\Local\Zoohair
2017-05-06 08:44 - 2017-05-06 08:44 - 00000000 ____D C:\ProgramData\SWCUTemp
C:\Program Files (x86)\Zoohair\Application\chrome.exe
2017-05-04 21:56 - 2017-05-04 21:56 - 00002095 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-04 21:56 - 2017-05-04 21:56 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-04 21:56 - 2017-05-04 21:56 - 00000000 ____D C:\Program Files (x86)\Zoohair
2017-05-04 21:56 - 2017-05-04 21:56 - 00000000 ____D C:\Program Files (x86)\MIO
2017-05-04 21:54 - 2017-05-04 21:56 - 00000000 ____D C:\Program Files (x86)\AlphaGo
2017-04-26 10:33 - 2017-04-26 10:33 - 00000000 ____D C:\Windows\psgo
2017-04-17 10:35 - 2017-04-17 10:35 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2017-04-10 20:11 - 2017-04-10 20:11 - 00000000 _____ C:\Windows\regset.INI
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\ChromeHTML: -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.) <==== ATTENTION
C:\Program Files (x86)\Zoohair
Task: {C8630EA8-0924-4A57-A1CF-91B178BE6ADE} - \Nufikzejcult
Shortcut: C:\Users\Pablo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Pablo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.)
AlternateDataStreams: C:\Windows:AstInfo [0]
FirewallRules: [{66C165BE-D6FB-4E06-B2B1-98D9B84C0DDA}] => (Allow) C:\Program Files (x86)\MIO\loader\plextorxpx-128m6pro_p02447110318.dat
FirewallRules: [{FF985168-BBE2-412A-949C-9C02F039869A}] => (Allow) C:\Program Files (x86)\MIO\loader\plextorxpx-128m6pro_p02447110318.dat
FirewallRules: [{8E44E812-13F4-4DD9-A6F5-BF5DFAB0C35C}] => (Allow) C:\Program Files (x86)\Zoohair\Application\chrome.exe
C:\Windows\TEMP\hpB06.tmp\T.exe
C:\Program Files (x86)\Elex-tech
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\Software\Microsoft\Windows\CurrentVersion\Run\\background_fault => value removed successfully
"C:\Users\Pablo\AppData\Local\background_fault" => not found.
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f9281a7-0c45-11e6-8256-b888e3b0f769} => key removed successfully
HKCR\CLSID\{0f9281a7-0c45-11e6-8256-b888e3b0f769} => key not found. 
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6828cfe4-9068-11e6-826c-9c2a701b38dc} => key removed successfully
HKCR\CLSID\{6828cfe4-9068-11e6-826c-9c2a701b38dc} => key not found. 
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f9281a7-0c45-11e6-8256-b888e3b0f769} => key removed successfully
HKCR\CLSID\{0f9281a7-0c45-11e6-8256-b888e3b0f769} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{770A789A-1B41-11E7-AC4B-64006A5CFC23} => value removed successfully
HKCR\CLSID\{770A789A-1B41-11E7-AC4B-64006A5CFC23} => key not found. 
HKLM\System\CurrentControlSet\Services\SNAREA => key removed successfully
SNAREA => service removed successfully
"C:\Users\Pablo\AppData\Local\SNAREA" => not found.
C:\Users\Public\Documents\temp.dat => moved successfully
"C:\Users\Pablo\AppData\Local\Zoohair" => not found.
"C:\ProgramData\SWCUTemp" => not found.
"C:\Program Files (x86)\Zoohair\Application\chrome.exe" => not found.
"C:\Users\Public\Desktop\Google Chrome.lnk" => not found.
C:\Users\Public\Documents\Google => moved successfully
"C:\Program Files (x86)\Zoohair" => not found.
"C:\Program Files (x86)\MIO" => not found.
"C:\Program Files (x86)\AlphaGo" => not found.
C:\Windows\psgo => moved successfully
C:\Windows\SysWOW64\AI_RecycleBin => moved successfully
C:\Windows\regset.INI => moved successfully
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001_Classes\ChromeHTML => key removed successfully
"C:\Program Files (x86)\Zoohair" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8630EA8-0924-4A57-A1CF-91B178BE6ADE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8630EA8-0924-4A57-A1CF-91B178BE6ADE} => key removed successfully
C:\Users\Pablo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => moved successfully
C:\Users\Pablo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => moved successfully
C:\Users\Public\Desktop\Google Chrome.lnk => not found.
C:\Windows => ":AstInfo" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66C165BE-D6FB-4E06-B2B1-98D9B84C0DDA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF985168-BBE2-412A-949C-9C02F039869A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8E44E812-13F4-4DD9-A6F5-BF5DFAB0C35C} => value removed successfully
"C:\Windows\TEMP\hpB06.tmp\T.exe" => not found.
"C:\Program Files (x86)\Elex-tech" => not found.
 
 
The system needed a reboot.
 
==== End of Fixlog 20:49:24 ====
 
 
ZOEKREPORT--------------------------------
 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Pablo on 2017-05-06 at 21:14:10,08.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Pablo\Desktop\zoek.exe [Scan all users]  [Checkboxes used]
 
==== Older Logs ======================
 
C:\zoek-results2017-05-06-191044.log 7227 bytes
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
"C:\PROGRA~3\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisearch" not deleted
"C:\PROGRA~3\Package Cache" not deleted
"C:\PROGRA~3\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795" not deleted
"C:\PROGRA~3\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers" not deleted
"C:\PROGRA~3\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS" not deleted
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
 
Google Docs - Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Adobe Acrobat - Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
Avast SafePrice - Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Google Docs Offline - Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Avast Online Security - Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Web Store Payments - Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Pablo\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Pablo\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Pablo\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Pablo\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=346 folders=32 139782624 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Pablo\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Pablo\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted
"C:\PROGRA~3\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisearch"  not found
"C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" not found
"C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" not found
"C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" not found
"C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" not found
"C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Cache\index" not found
"C:\PROGRA~3\Package Cache"  not found
"C:\PROGRA~3\Package Cache"  not found
 
==== EOF on 2017-05-06 at 21:28:24,52 ======================
 
 
ROGUEKILLERREPORT--------------------------------
 
RogueKiller V12.10.7.0 (x64) [May  1 2017] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Pablo [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/06/2017 23:23:38 (Duration : 00:13:40)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 9 ¤¤¤
[PUP.Ghokswa] (X86) HKEY_LOCAL_MACHINE\Software\Firefox -> Found
[PUP.Ghokswa] (X64) HKEY_USERS\S-1-5-21-1476795145-1944411896-4185569433-1001\Software\Firefox -> Found
[PUP.Ghokswa] (X86) HKEY_USERS\S-1-5-21-1476795145-1944411896-4185569433-1001\Software\Firefox -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1476795145-1944411896-4185569433-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1476795145-1944411896-4185569433-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D0EC81EB-456E-4120-883F-CBA0FD82E903} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe|Name=Update service| [x] -> Found
[PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BAB04E68-21AB-4B47-A705-29FB1B571B9F} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\Firefox.exe|Name=Firefox browser| [x] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 19 ¤¤¤
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.6_42042\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.7_42286\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.7_42300\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.7_42326\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.8_42358\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.8_42382\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.8_42394\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.8_42400\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.8_42439\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.8_42499\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.8_42586\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.9_42598\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.9_42671\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.9_42951\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.9_43057\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.9_43223\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.5.0_43458\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.5.0_43534\utorrentie.exe -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: PLEXTOR PX-128M6Pro +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 821248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1083392 | Size: 121575 MB
User = LL1 ... OK
User = LL2 ... OK
 
 


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 AM

Posted 06 May 2017 - 07:50 PM

Thank you for the information.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CloseProcesses:
c:\programdata\package cache\{59399776-575d-9c54-e861-0d5eab7e707d}v10.1.14393.795}
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: Bitsadmin /Reset /Allusers
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller Selecting Deletions

--------------------
  • Close any open programs
  • Please disconnect any USB or external drives from the computer before you run the scan
  • Right click on the RogueKiller icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click Scan
  • When the Status box shows Scan Finished place a check mark in the following and select Delete

[PUP.Ghokswa] (X86) HKEY_LOCAL_MACHINE\Software\Firefox -> Found
[PUP.Ghokswa] (X64) HKEY_USERS\S-1-5-21-1476795145-1944411896-4185569433-1001\Software\Firefox -> Found
[PUP.Ghokswa] (X86) HKEY_USERS\S-1-5-21-1476795145-1944411896-4185569433-1001\Software\Firefox -> Found
[PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D0EC81EB-456E-4120-883F-CBA0FD82E903} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe|Name=Update service| [x] -> Found
[PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BAB04E68-21AB-4B47-A705-29FB1B571B9F} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\Firefox.exe|Name=Firefox browser| [x] -> Found

  • Click Report
  • Copy and paste the contents of the report in your reply
===================================================

Run a new FRST scan and copy/paste both reports in your reply.

===================================================
Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • RogueKiller log
  • FRST log
  • Addition log
  • How is your computer running?

Edited by Oh My!, 07 May 2017 - 08:05 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 pwlb

pwlb
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 07 May 2017 - 04:02 AM

Hi Gary,

 

Here are the logs that you requested (several registry lines that you told me to delete were missing from RK):

 

Looking forward for your reply.

 

FIXLOG----------

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-05-2017

Ran by Pablo (07-05-2017 10:28:29) Run:2
Running from C:\Users\Pablo\Downloads
Loaded Profiles: Pablo & UpdatusUser (Available Profiles: Pablo & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
CloseProcesses:
c:\programdata\package cache\{59399776-575d-9c54-e861-0d5eab7e707d}v10.1.14393.795
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: Bitsadmin /Reset /Allusers
 
*****************
 
Processes closed successfully.
"c:\programdata\package cache\{59399776-575d-9c54-e861-0d5eab7e707d}v10.1.14393.795" => not found.
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Odmowa dost©pu.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 10:28:31 ====
 
 
ROUGE KILLER LOG----------
 
RogueKiller V12.10.7.0 (x64) [May  1 2017] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Pablo [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 05/07/2017 10:30:12 (Duration : 00:12:28)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 7 ¤¤¤
[PUP.Ghokswa] (X86) HKEY_LOCAL_MACHINE\Software\Firefox -> Deleted
[PUP.Ghokswa] (X64) HKEY_USERS\S-1-5-21-1476795145-1944411896-4185569433-1001\Software\Firefox -> Deleted
[PUP.Ghokswa] (X86) HKEY_USERS\S-1-5-21-1476795145-1944411896-4185569433-1001\Software\Firefox -> Deleted
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1476795145-1944411896-4185569433-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1476795145-1944411896-4185569433-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 19 ¤¤¤
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.6_42042\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.7_42286\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.7_42300\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.7_42326\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.8_42358\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.8_42382\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.8_42394\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.8_42400\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.8_42439\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.8_42499\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.8_42586\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.9_42598\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.9_42671\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.9_42951\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.9_43057\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.9_43223\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.5.0_43458\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\Pablo\AppData\Roaming\uTorrent\updates\3.5.0_43534\utorrentie.exe -> Not selected
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: PLEXTOR PX-128M6Pro +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 821248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1083392 | Size: 121575 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
FRST LOG----------
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05-2017
Ran by Pablo (administrator) on PAWEL (07-05-2017 10:49:32)
Running from C:\Users\Pablo\Downloads
Loaded Profiles: Pablo & UpdatusUser (Available Profiles: Pablo & UpdatusUser)
Platform: Windows 8.1 Pro (Update) (X64) Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Pablo\Downloads\FRST64english.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader4.exe [4205056 2016-04-04] (Vitzo)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-10] (AVAST Software)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\Run: [BatteryCare] => C:\Program Files (x86)\BatteryCare\BatteryCare.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-10] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254
Tcpip\..\Interfaces\{FBC788DB-DFC1-4291-B971-531987B86885}: [DhcpNameServer] 37.8.214.2 31.11.202.254
 
Internet Explorer:
==================
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1476795145-1944411896-4185569433-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-04-03] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-10] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-03] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-04-03] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-10] (AVAST Software)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-03] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default [2017-05-07]
CHR Extension: (Dokumenty Google) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-29]
CHR Extension: (Dysk Google) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-29]
CHR Extension: (YouTube) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-29]
CHR Extension: (Avast SafePrice) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-04-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-29]
CHR Extension: (Avast Online Security) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-29]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-29]
CHR Extension: (Gmail) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-29]
CHR HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AppleCloudSvc; C:\ProgramData\Apple\Common\Cloud\WinHelper.dll [108544 2017-04-26] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-10] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-10] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-04-03] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-06-15] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 IISvr; C:\ProgramData\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisexp.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-10] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-04-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-10] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-10] (AVAST Software)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-07-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-07-25] (Disc Soft Ltd)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-06 23:22 - 2017-05-07 10:49 - 00008434 _____ C:\Users\Pablo\Desktop\RK.txt
2017-05-06 23:04 - 2017-05-07 10:30 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-05-06 23:04 - 2017-05-06 23:04 - 00000000 ____D C:\ProgramData\RogueKiller
2017-05-06 21:28 - 2017-05-06 21:28 - 00000000 ____D C:\Users\Pablo\AppData\Local\VirtualStore
2017-05-06 21:23 - 2017-05-06 21:14 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-05-06 21:14 - 2017-05-06 21:14 - 00000870 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-05-06 21:14 - 2017-05-06 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-05-06 21:14 - 2017-05-06 21:14 - 00000000 ____D C:\Program Files\RogueKiller
2017-05-06 21:13 - 2017-05-06 21:13 - 35354672 _____ (Adlice Software ) C:\Users\Pablo\Downloads\setup.exe
2017-05-06 20:51 - 2017-05-07 10:31 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-05-06 20:50 - 2017-05-06 21:09 - 00000000 ____D C:\zoek_backup
2017-05-06 20:50 - 2017-05-06 20:50 - 01309184 _____ C:\Users\Pablo\Desktop\zoek.exe
2017-05-06 20:49 - 2017-05-07 10:28 - 00002144 _____ C:\Users\Pablo\Downloads\Fixlog.txt
2017-05-06 17:40 - 2017-05-06 17:40 - 09564764 _____ C:\Users\Pablo\Desktop\akcjonariusz-2-2017-full.pdf
2017-05-06 09:01 - 2017-05-06 09:01 - 00001757 _____ C:\Users\Pablo\Desktop\chrome — skrót.lnk
2017-05-06 08:52 - 2017-05-07 10:49 - 00016316 _____ C:\Users\Pablo\Downloads\FRST.txt
2017-05-06 08:52 - 2017-05-06 20:48 - 00000000 ____D C:\Users\Pablo\Downloads\FRST-OlderVersion
2017-05-06 08:52 - 2017-05-06 08:52 - 00047969 _____ C:\Users\Pablo\Downloads\Addition.txt
2017-05-05 22:12 - 2017-05-06 17:27 - 00009275 _____ C:\Users\Pablo\Desktop\zuzycie energii.xlsx
2017-05-04 21:57 - 2017-05-04 21:57 - 00002016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-04 21:57 - 2017-05-04 21:57 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\Mozilla
2017-05-04 21:57 - 2017-05-04 21:57 - 00000000 ____D C:\Users\Pablo\AppData\LocalLow\Mozilla
2017-05-03 22:19 - 2017-05-03 22:59 - 00000000 ____D C:\Users\Pablo\Downloads\Rings.2017.720p.BRRip.x264.AAC-ETRG
2017-05-03 15:29 - 2017-05-03 16:30 - 00000000 ____D C:\Users\Pablo\Downloads\The Hangover Part III (2013)
2017-05-03 12:47 - 2017-05-07 01:08 - 00055782 _____ C:\Users\Pablo\Downloads\statement_PM.xlsx
2017-05-03 12:33 - 2017-05-03 12:33 - 00000448 _____ C:\Users\Pablo\Desktop\Komputer.lnk
2017-05-03 12:21 - 2017-05-06 10:45 - 00009499 _____ C:\Users\Pablo\Desktop\rachunek_prad.xlsx
2017-05-03 09:17 - 2017-05-03 09:17 - 00000000 ____D C:\Users\Pablo\AppData\Local\CEF
2017-05-02 21:41 - 2017-05-02 21:41 - 00000000 ___HD C:\$AV_ASW
2017-04-29 15:08 - 2017-05-06 20:48 - 02429440 _____ (Farbar) C:\Users\Pablo\Downloads\FRST64english.exe
2017-04-29 15:08 - 2017-04-29 15:08 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2017-04-29 15:06 - 2017-04-29 15:06 - 00483968 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-29 15:03 - 2017-04-29 15:03 - 04102600 _____ C:\Users\Pablo\Downloads\adwcleaner_6.046.exe
2017-04-29 15:02 - 2017-05-07 10:49 - 00000000 ____D C:\FRST
2017-04-29 15:00 - 2017-05-06 08:41 - 00000000 ____D C:\AdwCleaner
2017-04-29 14:59 - 2017-04-29 14:59 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 14:59 - 2017-04-29 14:59 - 00003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-29 14:58 - 2017-04-29 14:58 - 00000000 ____D C:\Users\Pablo\AppData\Local\Apps\2.0
2017-04-27 19:37 - 2017-04-29 15:03 - 00000000 ____D C:\Windows\system32\log
2017-04-27 19:37 - 2017-04-27 19:37 - 00000000 ____D C:\ProgramData\Apple
2017-04-27 19:36 - 2017-04-27 19:36 - 00000000 _____ C:\Windows\SysWOW64\22
2017-04-27 19:36 - 2017-04-27 19:36 - 00000000 _____ C:\Windows\SysWOW64\11
2017-04-27 18:25 - 2017-04-27 18:31 - 00000000 ____D C:\Users\Pablo\Downloads\Billions.S02E10.WEBRip.XviD-FUM[ettv]
2017-04-26 23:57 - 2017-05-03 13:05 - 00033019 _____ C:\Users\Pablo\Desktop\historia_do_analizy.xlsx
2017-04-12 10:42 - 2017-04-12 11:18 - 00000000 ____D C:\Users\Pablo\Downloads\The Office US Season 9 [HDTV]
2017-04-12 10:18 - 2017-03-21 15:11 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-04-12 10:18 - 2017-03-21 15:11 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-04-12 10:18 - 2017-03-21 15:11 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-04-12 10:18 - 2017-03-21 15:11 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-04-12 07:37 - 2017-03-25 21:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 07:37 - 2017-03-25 21:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 07:37 - 2017-03-25 21:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 07:37 - 2017-03-25 20:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 07:37 - 2017-03-25 20:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 07:37 - 2017-03-25 20:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 07:37 - 2017-03-25 20:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 07:37 - 2017-03-25 20:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 07:37 - 2017-03-25 20:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 07:37 - 2017-03-25 20:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 07:37 - 2017-03-25 20:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 07:37 - 2017-03-25 20:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 07:37 - 2017-03-25 20:45 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-04-12 07:37 - 2017-03-25 20:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 07:37 - 2017-03-25 20:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 07:37 - 2017-03-25 20:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 07:37 - 2017-03-25 19:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 07:37 - 2017-03-25 19:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 07:37 - 2017-03-25 19:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 07:37 - 2017-03-25 19:12 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-04-12 07:37 - 2017-03-25 19:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 07:37 - 2017-03-25 19:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 07:37 - 2017-03-25 19:00 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 07:37 - 2017-03-25 18:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 07:37 - 2017-03-25 18:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 07:37 - 2017-03-25 18:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 07:37 - 2017-03-25 18:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 07:37 - 2017-03-25 18:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 07:37 - 2017-03-25 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 07:37 - 2017-03-25 06:43 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 07:37 - 2017-03-24 20:24 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 07:37 - 2017-03-14 21:06 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 07:37 - 2017-03-14 16:26 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 07:37 - 2017-03-14 16:09 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 07:37 - 2017-03-14 16:08 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 07:37 - 2017-03-14 16:06 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 07:37 - 2017-03-13 18:13 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 07:37 - 2017-03-13 18:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 07:37 - 2017-03-13 18:08 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-04-12 07:37 - 2017-03-13 18:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 07:37 - 2017-03-13 17:59 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 07:37 - 2017-03-13 17:59 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 07:37 - 2017-03-13 17:56 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 07:37 - 2017-03-12 17:04 - 00033792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-04-12 07:37 - 2017-03-11 05:59 - 01763888 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-04-12 07:37 - 2017-03-11 05:56 - 01489608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-04-12 07:37 - 2017-03-11 05:49 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 07:37 - 2017-03-11 05:49 - 00388440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 07:37 - 2017-03-11 05:44 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 07:37 - 2017-03-11 05:41 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 07:37 - 2017-03-09 23:13 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 07:37 - 2017-03-09 23:08 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 07:37 - 2017-03-09 21:29 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 07:37 - 2017-03-08 01:25 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 07:37 - 2017-03-08 01:21 - 01212760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 07:37 - 2017-03-04 21:24 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 07:37 - 2017-03-04 21:06 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 07:37 - 2017-03-04 20:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 07:37 - 2017-03-04 18:37 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 07:37 - 2017-03-03 17:11 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 07:37 - 2017-03-03 17:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 07:37 - 2017-03-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 07:37 - 2017-03-03 17:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 07:37 - 2017-02-11 20:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-04-12 07:37 - 2017-02-11 19:00 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 07:37 - 2017-02-11 18:49 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2017-04-12 07:37 - 2017-02-11 18:42 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2017-04-12 07:37 - 2017-02-10 21:06 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 07:37 - 2017-02-10 16:37 - 00046600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2017-04-12 07:37 - 2017-02-04 19:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 07:37 - 2017-02-04 19:51 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 07:37 - 2017-02-04 19:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 07:37 - 2017-02-01 21:44 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 07:37 - 2017-02-01 21:42 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 07:37 - 2017-01-21 21:22 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2017-04-12 07:37 - 2017-01-19 04:18 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-04-12 07:37 - 2017-01-18 16:35 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 07:37 - 2017-01-18 16:34 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 07:37 - 2017-01-14 22:32 - 00955016 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-04-12 07:37 - 2017-01-14 21:18 - 00787688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-04-12 07:37 - 2017-01-14 16:37 - 00447095 _____ C:\Windows\system32\ApnDatabase.xml
2017-04-12 07:37 - 2017-01-12 18:51 - 00274776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2017-04-12 07:37 - 2017-01-12 18:51 - 00117592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2017-04-12 07:37 - 2017-01-12 17:03 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2017-04-12 07:37 - 2017-01-12 17:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2017-04-12 07:37 - 2017-01-12 08:12 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-04-12 07:37 - 2017-01-11 21:12 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-04-12 07:37 - 2017-01-11 19:28 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-04-12 07:37 - 2017-01-11 17:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-04-12 07:37 - 2017-01-11 00:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-04-12 07:37 - 2017-01-10 23:06 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-04-12 07:37 - 2017-01-10 22:46 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-04-12 07:37 - 2017-01-10 21:20 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-04-12 07:37 - 2017-01-10 21:09 - 01108480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-04-12 07:37 - 2017-01-06 19:25 - 02513408 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-04-12 07:37 - 2017-01-06 19:04 - 01495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-04-12 07:37 - 2016-12-25 03:21 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2017-04-12 07:37 - 2016-12-25 03:14 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-04-12 07:37 - 2016-12-25 02:48 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-04-12 07:37 - 2016-12-25 02:19 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-04-12 07:37 - 2016-12-25 01:39 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-04-12 07:37 - 2016-12-09 10:08 - 00379736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-04-12 07:37 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2017-04-12 07:37 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2017-04-10 22:40 - 2017-04-19 23:14 - 00000000 ____D C:\dbNotowania 4 MAX
2017-04-10 22:40 - 2017-04-10 22:40 - 00000724 _____ C:\Users\Pablo\Desktop\dbNotowania 4 MAX.lnk
2017-04-10 22:40 - 2017-04-10 22:40 - 00000000 ____D C:\Users\Public\Documents\dbNotowania 4 MAX
2017-04-10 22:40 - 2017-04-10 22:40 - 00000000 ____D C:\Users\Pablo\Documents\dbNotowania 4 MAX
2017-04-10 22:40 - 2017-04-10 22:40 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dbNotowania 4 MAX
2017-04-10 22:40 - 2017-04-10 22:40 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\dbNotowania 4 MAX
2017-04-10 22:03 - 2017-04-17 10:35 - 00000000 ____D C:\Users\Pablo\Documents\Notowania 4 MAX
2017-04-10 22:03 - 2017-04-17 10:35 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\Statica
2017-04-10 22:02 - 2017-04-10 22:02 - 00001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Deinstalacja programu PowerTrader Free Edition.lnk
2017-04-10 22:02 - 2017-04-10 22:02 - 00001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PowerTrader Free Edition.lnk
2017-04-10 22:02 - 2017-04-10 22:02 - 00001150 _____ C:\Users\Public\Desktop\PowerTrader Free Edition.lnk
2017-04-10 22:02 - 2017-04-10 22:02 - 00000051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Strona WWW programu PowerTrader Free Edition.url
2017-04-10 22:02 - 2017-04-10 22:02 - 00000000 ____D C:\ProgramData\Sumito Development
2017-04-10 22:02 - 2017-04-10 22:02 - 00000000 ____D C:\Program Files (x86)\PowerTrader Free Edition
2017-04-10 21:43 - 2017-04-10 21:43 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-10 21:43 - 2017-04-10 21:43 - 00003954 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1491853405
2017-04-10 21:43 - 2017-04-10 21:43 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-10 21:42 - 2017-04-10 21:42 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-04-10 21:42 - 2017-04-10 21:42 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\AVAST Software
2017-04-10 21:42 - 2017-04-10 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-10 21:41 - 2017-05-03 08:22 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-10 21:41 - 2017-04-29 15:14 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-04-10 21:41 - 2017-04-29 15:14 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-10 21:41 - 2017-04-10 21:41 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-10 21:41 - 2017-04-10 21:41 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-04-10 21:40 - 2017-04-10 21:43 - 00000000 ____D C:\Program Files\AVAST Software
2017-04-10 20:57 - 2017-04-29 14:59 - 00000000 ____D C:\Users\Pablo\AppData\Local\Google
2017-04-10 20:07 - 1998-10-02 19:00 - 00327168 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-07 10:34 - 2016-03-28 19:46 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-07 10:34 - 2013-08-23 01:12 - 00807160 _____ C:\Windows\system32\perfh015.dat
2017-05-07 10:34 - 2013-08-23 01:12 - 00163478 _____ C:\Windows\system32\perfc015.dat
2017-05-07 10:34 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-05-07 10:29 - 2016-03-28 20:17 - 00000000 ____D C:\Users\Pablo\AppData\Local\ClassicShell
2017-05-07 10:28 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-07 01:07 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-05-06 23:45 - 2016-03-28 19:48 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1476795145-1944411896-4185569433-1001
2017-05-06 23:17 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-05-06 20:49 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-06 18:12 - 2016-08-16 18:09 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-06 18:05 - 2016-08-02 15:09 - 00036443 _____ C:\Users\Pablo\Desktop\rachunki.xlsx
2017-05-06 11:09 - 2016-03-28 20:13 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\uTorrent
2017-05-03 12:50 - 2016-08-31 11:21 - 00000000 ____D C:\Users\Pablo\Documents\Książki
2017-05-03 12:50 - 2016-03-28 19:43 - 00000000 ____D C:\Users\Pablo\AppData\Local\Packages
2017-04-29 15:13 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-29 15:08 - 2016-03-28 20:13 - 00000000 ____D C:\Users\UpdatusUser
2017-04-29 14:59 - 2016-10-09 08:48 - 00000000 ____D C:\Users\Pablo\AppData\Local\Deployment
2017-04-29 14:59 - 2016-03-28 19:45 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-29 14:53 - 2016-10-15 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2017-04-29 14:53 - 2016-10-07 18:14 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supreme Commander 2
2017-04-29 14:53 - 2016-07-31 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2017-04-24 21:43 - 2016-04-01 17:42 - 00000000 ____D C:\Users\Pablo\Documents\Magisterka
2017-04-22 08:42 - 2016-03-28 20:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-17 10:36 - 2016-07-25 21:06 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\DAEMON Tools Lite
2017-04-17 10:31 - 2016-10-25 21:02 - 00000000 ____D C:\Users\Pablo\Desktop\sandisk
2017-04-14 19:23 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-04-13 21:15 - 2016-04-28 20:19 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-13 21:14 - 2016-04-28 20:19 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 13:41 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-04-13 00:17 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2017-04-13 00:17 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-13 00:17 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-12 10:22 - 2016-03-31 09:01 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 10:21 - 2016-03-31 09:01 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-10 23:01 - 2016-03-28 19:48 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-10 22:41 - 2016-04-28 20:15 - 00000000 ____D C:\ProgramData\Adobe
2017-04-10 21:41 - 2016-03-28 19:50 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-10 21:25 - 2016-03-28 19:43 - 00001454 _____ C:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-10 20:32 - 2016-08-19 10:28 - 00000000 ____D C:\Windows\Minidump
2017-04-08 08:21 - 2017-04-02 18:55 - 00000000 ____D C:\Users\Pablo\Downloads\Harry Potter and the Chamber of Secrets (2002) [1080p]
 
Some files in TEMP:
====================
2017-05-06 23:04 - 2016-08-13 09:40 - 1737080 _____ (Microsoft Corporation) C:\Users\Pablo\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-29 14:06
 
==================== End of FRST.txt ============================

 

 

ADDITION LOG----------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2017

Ran by Pablo (07-05-2017 10:49:52)
Running from C:\Users\Pablo\Downloads
Windows 8.1 Pro (Update) (X64) (2016-03-28 17:43:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1476795145-1944411896-4185569433-500 - Administrator - Disabled)
Gość (S-1-5-21-1476795145-1944411896-4185569433-501 - Limited - Disabled)
Pablo (S-1-5-21-1476795145-1944411896-4185569433-1001 - Administrator - Enabled) => C:\Users\Pablo
UpdatusUser (S-1-5-21-1476795145-1944411896-4185569433-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\uTorrent) (Version: 3.5.0.43534 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\uTorrent) (Version: 3.4.6.42042 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Aktualizacje NVIDIA 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
AlphaGo (HKLM-x32\...\{9CDB618D-4F02-4CAD-B743-89677FE7ADE9}) (Version: 1.2.3 - AlphaGo)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0192 - Disc Soft Ltd)
dbNotowania 4 MAX (HKLM-x32\...\{3004C972-0DFF-4CB6-98AF-9B91E39CE3A9}) (Version: 4.2.126.0 - Statica)
Discord (HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
e5 Secure Download Manager (HKLM-x32\...\{1C0ADCC1-E537-4A87-8F4C-2D2F6FB338DF}) (Version: 3.2.243.0 - Kivuto Solutions Inc.)
e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 9.0.4 - Ministerstwo Finansow)
e-Deklaracje Desktop (x32 Version: 9.0.4 - Ministerstwo Finansow) Hidden
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
K-Lite Mega Codec Pack 12.3.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
MetaTrader FLOAT (HKLM-x32\...\MetaTrader FLOAT) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2076 - Microsoft Corporation)
Microsoft Office 365 ProPlus - pl-pl (HKLM\...\O365ProPlusRetail - pl-pl) (Version: 16.0.7766.2076 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
NVIDIA Oprogramowanie systemu PhysX 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Panel sterowania NVIDIA 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PowerTrader Free Edition (HKLM-x32\...\{8180ECD7-7DFB-4BD5-A596-A34DBC746A7A}_is1) (Version:  - Sumito Development)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
RogueKiller version 12.10.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.7.0 - Adlice Software)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VDownloader 4.2.1909 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version:  - Vitzo Limited)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06DC40D9-F8A8-410C-A4BB-B8750327428D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-03] (Microsoft Corporation)
Task: {08A7F0BB-09FB-4644-ABD8-1B42B66F70A9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-04-03] (Microsoft Corporation)
Task: {1494B2C5-E2B5-4B3C-822B-2EF78610A97F} - System32\Tasks\SafeZone scheduled Autoupdate 1491853405 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {28968934-EC70-4604-A44A-E92F56B54338} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {5CA2732C-9252-43F7-86E8-2E7081032027} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-10] (AVAST Software)
Task: {608F4665-E33B-4DE1-A90D-B342AAE5F9C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {8E6A38BD-0EDC-46E8-9BC5-A3EB555AB81A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-29] (Google Inc.)
Task: {B2B9856D-4583-48BB-A68A-521837E064EB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-03] (Microsoft Corporation)
Task: {BB3C47FC-5419-4F8C-87E9-889F32F49C55} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {CF7BAB5F-6EFC-40CB-ACF1-67B9DD6DDD61} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-04-03] (Microsoft Corporation)
Task: {D480403F-DB75-40F7-81D6-FE08A0EA8F3E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-04-03] (Microsoft Corporation)
Task: {F76190F3-C69E-4749-A954-01F28AD1A3B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-29] (Google Inc.)
Task: {FF7241FB-76A5-4AE0-A4E5-56EE24B5C28F} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2016-04-03 10:44 - 2017-01-29 15:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-06-15 22:30 - 2016-06-15 22:30 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-04-29 14:59 - 2017-04-19 07:03 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libglesv2.dll
2017-04-29 14:59 - 2017-04-19 07:03 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libegl.dll
2017-04-29 15:18 - 2017-03-31 11:50 - 31113816 _____ () C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\PepperFlash\25.0.0.148\pepflashplayer.dll
2017-04-10 21:41 - 2017-04-10 21:41 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-10 21:41 - 2017-04-10 21:41 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-10 21:41 - 2017-04-10 21:41 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-10 21:41 - 2017-04-10 21:41 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-10 21:41 - 2017-04-10 21:41 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-27 19:37 - 2017-04-26 05:14 - 00108544 _____ () c:\programdata\apple\common\cloud\winhelper.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2017-04-10 20:43 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pablo\Pictures\space_stars_planet_surface_105684_1920x1080.jpg
DNS Servers: 37.8.214.2 - 31.11.202.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "VDownloader"
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\StartupApproved\Run: => "BatteryCare"
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1476795145-1944411896-4185569433-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1476795145-1944411896-4185569433-1003\...\StartupApproved\Run: => "BatteryCare"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{20398F27-E8F4-4699-BE04-26C52321100C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{536FF659-1FAE-42B2-B2E7-0A4D4C95C1AD}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
 
==================== Restore Points =========================
 
29-04-2017 16:40:05 Zaplanowany punkt kontrolny
06-05-2017 20:49:13 Restore Point Created by FRST
06-05-2017 20:52:31 zoek.exe restore point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/07/2017 10:44:14 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Wolumin Odzyskiwanie nie został zoptymalizowany, ponieważ napotkano błąd: Parametr jest niepoprawny. (0x80070057)
 
Error: (05/07/2017 10:42:40 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (05/07/2017 10:42:40 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (05/07/2017 10:39:27 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" w wierszu 1.
Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.
Odwołanie to UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definicja to UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (05/06/2017 11:37:18 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (05/06/2017 11:37:18 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (05/06/2017 11:17:52 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (05/06/2017 11:17:52 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (05/06/2017 09:14:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" w wierszu 1.
Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.
Odwołanie to UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definicja to UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (05/06/2017 09:08:39 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" w wierszu 1.
Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.
Odwołanie to UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definicja to UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
 
System errors:
=============
Error: (05/07/2017 10:45:13 AM) (Source: DCOM) (EventID: 10010) (User: Pawel)
Description: Serwer {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} nie zarejestrował się w modelu DCOM w wymaganym czasie.
 
Error: (05/07/2017 10:44:43 AM) (Source: DCOM) (EventID: 10010) (User: Pawel)
Description: Serwer {1B1F472E-3221-4826-97DB-2C2324D389AE} nie zarejestrował się w modelu DCOM w wymaganym czasie.
 
Error: (05/07/2017 10:31:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Usługa Internet Information Service zakończyła działanie; wystąpił następujący błąd: 
Nie można odnaleźć określonego modułu.
 
Error: (05/07/2017 10:28:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi MBAMChameleon z powodu następującego błędu: 
Nie można odnaleźć określonego pliku.
 
Error: (05/07/2017 10:28:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa NVIDIA Update Service Daemon niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (05/07/2017 10:28:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
 
Error: (05/07/2017 10:28:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Apple Cloud Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (05/07/2017 10:28:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa PnkBstrA niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (05/07/2017 10:28:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Usługa Szybka instalacja pakietu Microsoft Office niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
 
Error: (05/07/2017 10:28:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Elan Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
 
CodeIntegrity:
===================================
  Date: 2017-04-27 22:59:27.293
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 37%
Total physical RAM: 8081.27 MB
Available physical RAM: 5051.93 MB
Total Virtual: 9361.27 MB
Available Virtual: 7323.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:118.73 GB) (Free:45.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 AM

Posted 07 May 2017 - 08:20 AM

Thank you. How is your computer running?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CloseProcesses:
S2 IISvr; C:\ProgramData\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisexp.dll [X]
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 pwlb

pwlb
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 07 May 2017 - 02:37 PM

Hi Gary,

The computer is running fine, I haven't noticed any suspicious activity lately, but as I've said it happens every few days.

 

Here are the logs that you requested,

Best regards,

Pawel

 

FIXLOG---------

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-05-2017
Ran by Pablo (07-05-2017 20:55:33) Run:3
Running from C:\Users\Pablo\Downloads
Loaded Profiles: Pablo & UpdatusUser (Available Profiles: Pablo & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
CloseProcesses:
S2 IISvr; C:\ProgramData\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisexp.dll [X]
emptytemp:
 
*****************
 
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\IISvr => key removed successfully
IISvr => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14447821 B
Java, Flash, Steam htmlcache => 475098393 B
Windows/system/drivers => 385690 B
Edge => 0 B
Chrome => 539392921 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 5951 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 6383 B
LocalService => 2898 B
NetworkService => 0 B
Pablo => 7151792 B
UpdatusUser => 0 B
UpdatusUser => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 988.5 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:55:39 ====
 
 
ESET LOG----------
 

C:\Users\All Users\Apple\Common\Cloud\WinHelper.dll Win32/Adware.ELEX.MR application
C:\AdwCleaner\quarantine\files\kewxmfckwcpboxpivgtkcxowyuowizkw.back a variant of Win32/Adware.ELEX.PCC application cleaned by deleting
C:\AdwCleaner\quarantine\files\ctozurpozmgjhagaynwejgydrrgcsusu\WinSAP.dll a variant of Win32/Adware.ELEX.JC application cleaned by deleting
C:\AdwCleaner\quarantine\files\euvxyycdktnmkrzgzorwfnozmdojbumj\WinSAP.dll a variant of Win32/Adware.ELEX.MC application cleaned by deleting
C:\AdwCleaner\quarantine\files\gvhqbgqxtlbwyregetmgnbyonrjecich\Kitty.dll Win32/Adware.ELEX.NC application cleaned by deleting
C:\AdwCleaner\quarantine\files\gzefslacbmditrgghavmxaabpbcocxug\bin\FirefoxUpdate.exe a variant of Win32/Adware.ELEX.NI application cleaned by deleting
C:\AdwCleaner\quarantine\files\jakgfewtlglcxejfbcdooihlovhycaoy\WinSAP.dll a variant of Win32/Adware.ELEX.JC application cleaned by deleting
C:\AdwCleaner\quarantine\files\rorkvjtnzgvjjljyqscqsfvuwzogqjue\Firefox\Profiles\6bp8xu6l.default\extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi JS/Adware.Agent.O application deleted
C:\AdwCleaner\quarantine\files\vztpdtdqkiqekrljcwkwqcwrdyfhknum\WinSAP.dll a variant of Win32/Adware.ELEX.MC application cleaned by deleting
C:\ProgramData\Apple\Common\Cloud\WinHelper.dll Win32/Adware.ELEX.MR application cleaned by deleting
C:\zoek_backup\C_PROGRA~3_Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisearch a variant of Win32/Adware.ELEX.ND application cleaned by deleting
C:\zoek_backup\C_PROGRA~3_Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisexp.dll a variant of Win32/Adware.ELEX.ND application cleaned by deleting
 

 
SECURITY CHECK LOG-----------
 
Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avast Antivirus    
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (58.0.3029.81) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 NVIDIA Corporation PhysX Common AvastSvc.exe -?- 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 AM

Posted 07 May 2017 - 05:52 PM

Let's run one more scan while we monitor your computer. Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Right click on the icon and select Run as administrator
  • Click 1. Update now!
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click Scanner settings at the bottom
  • Select Quarantine detected objects and leave the other default settings
  • Click Scan now
  • Click Malware Scan
  • Click Quarantine selected
  • Once completed click View Report
  • Copy and paste the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 pwlb

pwlb
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 08 May 2017 - 12:18 PM

Hi Gary, the computer is running fine no sign of any suspicious activity yet. Below is the log file that you requested.

Best regards,

Pawel

 

Emsisoft Emergency Kit - Version 2017.2
Last update: 2017-05-08 19:12:27
User account: Pawel\Pablo
Computer name: PAWEL
OS version: Windows 8.1x64 
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
 
Scan start: 2017-05-08 19:15:18
 
Scanned 74950
Found 0
 
Scan end: 2017-05-08 19:15:48
Scan time: 0:00:30
 


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 AM

Posted 08 May 2017 - 01:03 PM

That looks fantastic.

Looks like we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 pwlb

pwlb
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 09 May 2017 - 11:46 AM

Hey Gary,

 

Thank you very much for your time and your help, I am really grateful that you took me through this process. I'll be sure to check the links and articles that you posted.

Once again thank you so much.

Best regards,

Pawel



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 AM

Posted 09 May 2017 - 01:08 PM

It was my pleasure. I am glad things worked out well.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 AM

Posted 09 May 2017 - 01:08 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users