Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-09-2016 ([color=red]ATTENTION: ====> FRSTversion is 1325 days old and could be outdated[/color]) Ran by Rafal (administrator) on RAFAL-PC (15-05-2020 13:17:04) Running from C:\Users\Rafal\Downloads Loaded Profiles: Rafal & UpdatusUser (Available Profiles: Rafal & UpdatusUser) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe () C:\ProgramData\MobileBrServ\mbbService.exe (Valve Corporation) E:\Steam\steam.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Discord Inc.) C:\Users\Rafal\AppData\Local\Discord\app-0.0.306\Discord.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe (Discord Inc.) C:\Users\Rafal\AppData\Local\Discord\app-0.0.306\Discord.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe (Discord Inc.) C:\Users\Rafal\AppData\Local\Discord\app-0.0.306\Discord.exe (Discord Inc.) C:\Users\Rafal\AppData\Local\Discord\app-0.0.306\Discord.exe (Discord Inc.) C:\Users\Rafal\AppData\Local\Discord\app-0.0.306\Discord.exe (Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Discord Inc.) C:\Users\Rafal\AppData\Local\Discord\app-0.0.306\Discord.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation) HKLM\...\Run: [IAStorIcon] => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-03-04] (ELAN Microelectronics Corp.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [277664 2020-02-25] (AVAST Software) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [62620472 2020-03-18] (Discord Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1193567628-3741132159-961158197-1000\...\Run: [DAEMON Tools Lite] => E:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1193567628-3741132159-961158197-1000\...\Run: [Steam] => E:\Steam\steam.exe [3372832 2020-04-28] (Valve Corporation) HKU\S-1-5-21-1193567628-3741132159-961158197-1000\...\Run: [Discord] => C:\Users\Rafal\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc.) HKU\S-1-5-21-1193567628-3741132159-961158197-1000\...\MountPoints2: {1dfcf80b-7e2c-11ea-a3a5-54271e251c25} - H:\Lenovo_Suite.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-15] (Microsoft Corporation) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170688 2016-10-22] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2016-10-22] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Updater.lnk [2014-12-20] ShortcutTarget: Windows Updater.lnk -> C:\Program Files (x86)\Windows Updater\Win_Updater.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.55.1 Tcpip\..\Interfaces\{0BB45136-EB35-4031-AC8F-38BC4BEEC8AA}: [NameServer] 193.41.112.14 193.41.112.18 Tcpip\..\Interfaces\{0BC8CA51-D28F-4757-A5DC-3220937AB807}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{0D6C964A-665F-4E01-ADF9-6B5BBCEA6784}: [DhcpNameServer] 192.168.55.1 Tcpip\..\Interfaces\{2AE1FEB4-C346-4D53-BD75-70B3D8C16E6F}: [NameServer] 193.41.112.14 193.41.112.18 Tcpip\..\Interfaces\{4DFCEAF1-D653-48F0-91FF-39FD8AD4D5E5}: [NameServer] 193.41.112.14 193.41.112.18 Tcpip\..\Interfaces\{62DD25DE-078E-4E77-B168-B0018272E603}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120150423 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120150423 HKU\S-1-5-21-1193567628-3741132159-961158197-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120150423 BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-04-21] (McAfee, LLC) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-17] (Oracle Corporation) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-04-21] (McAfee, LLC) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-17] (Oracle Corporation) FireFox: ======== FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-17] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1193567628-3741132159-961158197-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-09-12] () FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-04-21] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi Chrome: ======= CHR Profile: C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default [2020-05-15] CHR Extension: (Prezentacje) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (Dokumenty) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Dysk Google) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (Arkusze) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (LoungeDestroyer) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2018-09-11] CHR Extension: (Dokumenty Google offline) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21] CHR Extension: (Hola Free VPN, unblock any site!) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2020-05-14] CHR Extension: (Avast Online Security) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-02-29] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-09] CHR Extension: (e-pity - dodatek) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofoeigeaodhbjogdigckajfhjbonaofg [2020-02-29] CHR Extension: (Gmail) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30] CHR Extension: (Chrome Media Router) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-16] CHR Profile: C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-04-16] CHR Extension: (Prezentacje) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-16] CHR Extension: (Dokumenty) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-16] CHR Extension: (Dysk Google) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-16] CHR Extension: (YouTube) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-16] CHR Extension: (Adobe Acrobat) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-04-16] CHR Extension: (Avast SafePrice Porównania, promocje, kupony) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-04-16] CHR Extension: (Arkusze) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-16] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-04-16] CHR Extension: (Dokumenty Google offline) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-16] CHR Extension: (Avast Online Security) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-04-16] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-16] CHR Extension: (e-pity - dodatek) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ofoeigeaodhbjogdigckajfhjbonaofg [2020-04-16] CHR Extension: (Gmail) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-16] CHR Extension: (Chrome Media Router) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-16] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6046624 2020-02-25] (AVAST Software) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [413472 2020-02-25] (AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software) S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\81.0.4053.113\elevation_service.exe [954600 2020-04-19] (AVAST Software) R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-04-02] (Realtek Semiconductor Corporation) [File not signed] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-12-06] () R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [File not signed] S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\elevation_service.exe [1095664 2020-05-02] (Google LLC) S2 Hkhlp; C:\Program Files (x86)\Common Files\Apps\Hkhlp.dll [280576 2016-09-27] () [File not signed] R2 Huawei E3272; C:\ProgramData\MobileBrServ\mbbservice.exe [240720 2013-12-03] () R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [678480 2013-12-19] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [916712 2020-04-21] (McAfee, LLC) R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [52152 2017-06-06] (Microsoft) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-22] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2466608 2019-11-19] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3344176 2019-11-19] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-01-09] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] () R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37864 2020-02-25] (AVAST Software) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205576 2020-02-25] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [271120 2020-02-25] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206608 2020-02-25] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [64272 2020-02-25] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [279360 2020-02-25] (AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42976 2020-02-25] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175400 2020-02-25] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110560 2020-02-25] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84056 2020-02-25] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848672 2020-02-25] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [458584 2020-03-14] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [235184 2020-02-25] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316256 2020-02-25] (AVAST Software) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-24] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [121728 2013-12-19] (Huawei Technologies Co., Ltd.) S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [376448 2013-12-19] (Huawei Technologies Co., Ltd.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.) R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [535624 2013-03-28] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation ) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-05-15 13:17 - 2020-05-15 13:17 - 00024293 _____ C:\Users\Rafal\Downloads\FRST.txt 2020-05-15 13:16 - 2020-05-15 13:17 - 00000000 ____D C:\FRST 2020-05-15 12:32 - 2020-05-15 12:42 - 425640724 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e07.exe 2020-05-15 12:32 - 2020-05-15 12:41 - 431038276 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e08.exe 2020-05-15 12:32 - 2020-05-15 12:41 - 427011476 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e05.exe 2020-05-15 12:32 - 2020-05-15 12:41 - 426365796 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e02.exe 2020-05-15 12:32 - 2020-05-15 12:41 - 423835044 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e06.exe 2020-05-15 12:32 - 2020-05-15 12:41 - 423179028 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e04.exe 2020-05-15 12:32 - 2020-05-15 12:40 - 429411636 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e01.exe 2020-05-15 12:32 - 2020-05-15 12:40 - 426831332 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e03.exe 2020-05-13 14:15 - 2020-05-13 14:19 - 00000000 ____D C:\Users\Rafal\Desktop\cfg cs go 2020 2020-05-12 20:27 - 2020-05-12 20:27 - 00358391 _____ C:\Users\Rafal\Downloads\Krzysztofik_Hubert-.pdf 2020-05-09 18:42 - 2020-05-09 18:42 - 00492188 _____ C:\Users\Rafal\Downloads\Ćwiczenia ORSiZGRiZ_SN_Jan Bodziarczyk.pdf 2020-04-30 16:40 - 2020-04-30 16:40 - 01123731 _____ C:\Users\Rafal\Downloads\wykład 3 NM.pdf 2020-04-28 16:54 - 2020-04-28 16:54 - 03308394 _____ C:\Users\Rafal\Downloads\wykład 2 NM.pdf 2020-04-25 12:05 - 2020-04-25 12:05 - 00376927 _____ C:\Users\Rafal\Downloads\wykład 1 NM (2).pdf 2020-04-25 08:39 - 2020-04-25 08:39 - 00376927 _____ C:\Users\Rafal\Downloads\wykład 1 NM (1).pdf 2020-04-21 18:01 - 2020-04-21 18:01 - 00176353 _____ C:\Users\Rafal\Downloads\Sprawozdanie-Hubert Krzysztofik-Gr B2-skonwertowany.pdf 2020-04-21 16:47 - 2020-04-21 17:14 - 00028048 ____H C:\Users\Rafal\Desktop\~WRL2826.tmp 2020-04-20 12:45 - 2020-04-20 12:45 - 16569356 _____ C:\Users\Rafal\Downloads\Ochrona rzadkich siedlisk 2020 w2.pdf 2020-04-20 12:40 - 2020-04-20 12:40 - 15921368 _____ C:\Users\Rafal\Downloads\Ochrona rzadkich siedlisk 2020 w1 (1).pdf 2020-04-20 12:37 - 2020-04-20 12:37 - 00376927 _____ C:\Users\Rafal\Downloads\wykład 1 NM.pdf 2020-04-18 09:16 - 2020-04-18 09:16 - 01498930 _____ C:\Users\Rafal\Downloads\Ćwiczenie_zielarka_Prezentacja.pptx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-05-15 13:16 - 2016-12-23 13:30 - 00000000 ____D C:\Users\Rafal\AppData\Roaming\uTorrent 2020-05-15 13:13 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2020-05-15 12:59 - 2020-03-18 18:34 - 00000000 ____D C:\Users\Rafal\AppData\Roaming\discord 2020-05-15 12:37 - 2016-10-11 11:10 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller 2020-05-15 12:28 - 2020-03-18 18:34 - 00000000 ____D C:\Program Files (x86)\bookingDesktopApp 2020-05-15 12:06 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-05-15 12:06 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-05-15 11:56 - 2014-07-12 14:35 - 00000000 ____D C:\ProgramData\Realtek 2020-05-15 11:56 - 2014-07-12 14:33 - 00000000 ____D C:\ProgramData\NVIDIA 2020-05-15 11:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2020-05-14 22:29 - 2020-02-29 13:24 - 00003972 _____ C:\Windows\System32\Tasks\e-pity2019a_kwiecien 2020-05-14 22:29 - 2020-02-29 13:24 - 00003972 _____ C:\Windows\System32\Tasks\e-pity2019_styczen 2020-05-14 22:29 - 2017-09-23 15:43 - 00002946 _____ C:\Windows\System32\Tasks\{FE5DC747-7FC3-4FB8-B95F-A60BF79D35BF} 2020-05-14 22:29 - 2015-12-04 20:18 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2020-05-14 22:29 - 2015-06-25 19:52 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2020-05-14 22:29 - 2014-12-13 17:55 - 00003058 _____ C:\Windows\System32\Tasks\{FF071DC6-D034-4177-ACA1-113CC46BA027} 2020-05-14 22:29 - 2014-09-22 22:25 - 00003118 _____ C:\Windows\System32\Tasks\{E8A2A072-A991-47FA-9E86-46647E0ADAAB} 2020-05-14 22:29 - 2014-07-16 00:57 - 00003484 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2020-05-14 22:29 - 2014-07-16 00:57 - 00003356 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2020-05-13 13:57 - 2019-04-11 22:13 - 00003732 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) 2020-05-13 13:57 - 2019-04-11 22:13 - 00003150 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) 2020-05-13 13:57 - 2018-03-26 23:11 - 00002429 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk 2020-05-13 13:57 - 2018-03-26 23:11 - 00002386 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk 2020-05-12 20:21 - 2018-09-24 13:07 - 00002059 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2020-05-12 19:59 - 2016-11-04 18:13 - 00000000 ____D C:\Users\Rafal\AppData\Local\CrashDumps 2020-05-06 18:28 - 2020-04-10 14:21 - 00000204 _____ C:\Users\Rafal\Desktop\ruletki daily.txt 2020-05-06 13:55 - 2014-07-20 12:29 - 00002224 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-05-06 13:55 - 2014-07-20 12:29 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-04-26 13:34 - 2017-08-17 12:28 - 00004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2020-04-17 16:51 - 2014-07-12 15:19 - 00741694 _____ C:\Windows\system32\perfh015.dat 2020-04-17 16:51 - 2014-07-12 15:19 - 00156734 _____ C:\Windows\system32\perfc015.dat 2020-04-17 16:51 - 2009-07-14 07:13 - 01673940 _____ C:\Windows\system32\PerfStringBackup.INI 2020-04-17 16:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf ==================== Files in the root of some directories ======= 2014-07-12 14:36 - 2020-05-15 11:58 - 0049659 _____ () C:\Users\Rafal\AppData\Local\BTServer.log Some files in TEMP: ==================== C:\Users\Rafal\AppData\Local\Temp\DllMonoCtrl.dll C:\Users\Rafal\AppData\Local\Temp\h-ckambn.dll C:\Users\Rafal\AppData\Local\Temp\ipl1766.tmp.exe C:\Users\Rafal\AppData\Local\Temp\libeay32.dll C:\Users\Rafal\AppData\Local\Temp\msvcr120.dll C:\Users\Rafal\AppData\Local\Temp\ntdll.dll C:\Users\Rafal\AppData\Local\Temp\SHELL32.dll C:\Users\Rafal\AppData\Local\Temp\sqlite3.dll C:\Users\Rafal\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2020-05-07 19:49 ==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-09-2016 ([color=red]ATTENTION: ====> FRSTversion is 1325 days old and could be outdated[/color]) Ran by Rafal (administrator) on RAFAL-PC (15-05-2020 13:17:04) Running from C:\Users\Rafal\Downloads Loaded Profiles: Rafal & UpdatusUser (Available Profiles: Rafal & UpdatusUser) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe () C:\ProgramData\MobileBrServ\mbbService.exe (Valve Corporation) E:\Steam\steam.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Discord Inc.) C:\Users\Rafal\AppData\Local\Discord\app-0.0.306\Discord.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe (Discord Inc.) C:\Users\Rafal\AppData\Local\Discord\app-0.0.306\Discord.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe (Discord Inc.) C:\Users\Rafal\AppData\Local\Discord\app-0.0.306\Discord.exe (Discord Inc.) C:\Users\Rafal\AppData\Local\Discord\app-0.0.306\Discord.exe (Discord Inc.) C:\Users\Rafal\AppData\Local\Discord\app-0.0.306\Discord.exe (Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Discord Inc.) C:\Users\Rafal\AppData\Local\Discord\app-0.0.306\Discord.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation) HKLM\...\Run: [IAStorIcon] => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-03-04] (ELAN Microelectronics Corp.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [277664 2020-02-25] (AVAST Software) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [62620472 2020-03-18] (Discord Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1193567628-3741132159-961158197-1000\...\Run: [DAEMON Tools Lite] => E:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1193567628-3741132159-961158197-1000\...\Run: [Steam] => E:\Steam\steam.exe [3372832 2020-04-28] (Valve Corporation) HKU\S-1-5-21-1193567628-3741132159-961158197-1000\...\Run: [Discord] => C:\Users\Rafal\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc.) HKU\S-1-5-21-1193567628-3741132159-961158197-1000\...\MountPoints2: {1dfcf80b-7e2c-11ea-a3a5-54271e251c25} - H:\Lenovo_Suite.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-15] (Microsoft Corporation) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170688 2016-10-22] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2016-10-22] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Updater.lnk [2014-12-20] ShortcutTarget: Windows Updater.lnk -> C:\Program Files (x86)\Windows Updater\Win_Updater.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.55.1 Tcpip\..\Interfaces\{0BB45136-EB35-4031-AC8F-38BC4BEEC8AA}: [NameServer] 193.41.112.14 193.41.112.18 Tcpip\..\Interfaces\{0BC8CA51-D28F-4757-A5DC-3220937AB807}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{0D6C964A-665F-4E01-ADF9-6B5BBCEA6784}: [DhcpNameServer] 192.168.55.1 Tcpip\..\Interfaces\{2AE1FEB4-C346-4D53-BD75-70B3D8C16E6F}: [NameServer] 193.41.112.14 193.41.112.18 Tcpip\..\Interfaces\{4DFCEAF1-D653-48F0-91FF-39FD8AD4D5E5}: [NameServer] 193.41.112.14 193.41.112.18 Tcpip\..\Interfaces\{62DD25DE-078E-4E77-B168-B0018272E603}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120150423 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120150423 HKU\S-1-5-21-1193567628-3741132159-961158197-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120150423 BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-04-21] (McAfee, LLC) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-17] (Oracle Corporation) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-04-21] (McAfee, LLC) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-17] (Oracle Corporation) FireFox: ======== FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-17] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1193567628-3741132159-961158197-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-09-12] () FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-04-21] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi Chrome: ======= CHR Profile: C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default [2020-05-15] CHR Extension: (Prezentacje) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (Dokumenty) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Dysk Google) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (Arkusze) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (LoungeDestroyer) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2018-09-11] CHR Extension: (Dokumenty Google offline) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21] CHR Extension: (Hola Free VPN, unblock any site!) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2020-05-14] CHR Extension: (Avast Online Security) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-02-29] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-09] CHR Extension: (e-pity - dodatek) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofoeigeaodhbjogdigckajfhjbonaofg [2020-02-29] CHR Extension: (Gmail) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30] CHR Extension: (Chrome Media Router) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-16] CHR Profile: C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-04-16] CHR Extension: (Prezentacje) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-16] CHR Extension: (Dokumenty) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-16] CHR Extension: (Dysk Google) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-16] CHR Extension: (YouTube) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-16] CHR Extension: (Adobe Acrobat) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-04-16] CHR Extension: (Avast SafePrice Porównania, promocje, kupony) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-04-16] CHR Extension: (Arkusze) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-16] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-04-16] CHR Extension: (Dokumenty Google offline) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-16] CHR Extension: (Avast Online Security) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-04-16] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-16] CHR Extension: (e-pity - dodatek) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ofoeigeaodhbjogdigckajfhjbonaofg [2020-04-16] CHR Extension: (Gmail) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-16] CHR Extension: (Chrome Media Router) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-16] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6046624 2020-02-25] (AVAST Software) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [413472 2020-02-25] (AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software) S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\81.0.4053.113\elevation_service.exe [954600 2020-04-19] (AVAST Software) R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-04-02] (Realtek Semiconductor Corporation) [File not signed] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-12-06] () R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [File not signed] S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\elevation_service.exe [1095664 2020-05-02] (Google LLC) S2 Hkhlp; C:\Program Files (x86)\Common Files\Apps\Hkhlp.dll [280576 2016-09-27] () [File not signed] R2 Huawei E3272; C:\ProgramData\MobileBrServ\mbbservice.exe [240720 2013-12-03] () R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [678480 2013-12-19] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [916712 2020-04-21] (McAfee, LLC) R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [52152 2017-06-06] (Microsoft) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-22] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2466608 2019-11-19] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3344176 2019-11-19] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-01-09] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] () R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37864 2020-02-25] (AVAST Software) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205576 2020-02-25] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [271120 2020-02-25] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206608 2020-02-25] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [64272 2020-02-25] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [279360 2020-02-25] (AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42976 2020-02-25] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175400 2020-02-25] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110560 2020-02-25] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84056 2020-02-25] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848672 2020-02-25] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [458584 2020-03-14] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [235184 2020-02-25] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316256 2020-02-25] (AVAST Software) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-24] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [121728 2013-12-19] (Huawei Technologies Co., Ltd.) S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [376448 2013-12-19] (Huawei Technologies Co., Ltd.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.) R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [535624 2013-03-28] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation ) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-05-15 13:17 - 2020-05-15 13:17 - 00024293 _____ C:\Users\Rafal\Downloads\FRST.txt 2020-05-15 13:16 - 2020-05-15 13:17 - 00000000 ____D C:\FRST 2020-05-15 12:32 - 2020-05-15 12:42 - 425640724 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e07.exe 2020-05-15 12:32 - 2020-05-15 12:41 - 431038276 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e08.exe 2020-05-15 12:32 - 2020-05-15 12:41 - 427011476 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e05.exe 2020-05-15 12:32 - 2020-05-15 12:41 - 426365796 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e02.exe 2020-05-15 12:32 - 2020-05-15 12:41 - 423835044 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e06.exe 2020-05-15 12:32 - 2020-05-15 12:41 - 423179028 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e04.exe 2020-05-15 12:32 - 2020-05-15 12:40 - 429411636 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e01.exe 2020-05-15 12:32 - 2020-05-15 12:40 - 426831332 _____ C:\Users\Rafal\Downloads\Ex Na Plaży s02e03.exe 2020-05-13 14:15 - 2020-05-13 14:19 - 00000000 ____D C:\Users\Rafal\Desktop\cfg cs go 2020 2020-05-12 20:27 - 2020-05-12 20:27 - 00358391 _____ C:\Users\Rafal\Downloads\Krzysztofik_Hubert-.pdf 2020-05-09 18:42 - 2020-05-09 18:42 - 00492188 _____ C:\Users\Rafal\Downloads\Ćwiczenia ORSiZGRiZ_SN_Jan Bodziarczyk.pdf 2020-04-30 16:40 - 2020-04-30 16:40 - 01123731 _____ C:\Users\Rafal\Downloads\wykład 3 NM.pdf 2020-04-28 16:54 - 2020-04-28 16:54 - 03308394 _____ C:\Users\Rafal\Downloads\wykład 2 NM.pdf 2020-04-25 12:05 - 2020-04-25 12:05 - 00376927 _____ C:\Users\Rafal\Downloads\wykład 1 NM (2).pdf 2020-04-25 08:39 - 2020-04-25 08:39 - 00376927 _____ C:\Users\Rafal\Downloads\wykład 1 NM (1).pdf 2020-04-21 18:01 - 2020-04-21 18:01 - 00176353 _____ C:\Users\Rafal\Downloads\Sprawozdanie-Hubert Krzysztofik-Gr B2-skonwertowany.pdf 2020-04-21 16:47 - 2020-04-21 17:14 - 00028048 ____H C:\Users\Rafal\Desktop\~WRL2826.tmp 2020-04-20 12:45 - 2020-04-20 12:45 - 16569356 _____ C:\Users\Rafal\Downloads\Ochrona rzadkich siedlisk 2020 w2.pdf 2020-04-20 12:40 - 2020-04-20 12:40 - 15921368 _____ C:\Users\Rafal\Downloads\Ochrona rzadkich siedlisk 2020 w1 (1).pdf 2020-04-20 12:37 - 2020-04-20 12:37 - 00376927 _____ C:\Users\Rafal\Downloads\wykład 1 NM.pdf 2020-04-18 09:16 - 2020-04-18 09:16 - 01498930 _____ C:\Users\Rafal\Downloads\Ćwiczenie_zielarka_Prezentacja.pptx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-05-15 13:16 - 2016-12-23 13:30 - 00000000 ____D C:\Users\Rafal\AppData\Roaming\uTorrent 2020-05-15 13:13 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2020-05-15 12:59 - 2020-03-18 18:34 - 00000000 ____D C:\Users\Rafal\AppData\Roaming\discord 2020-05-15 12:37 - 2016-10-11 11:10 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller 2020-05-15 12:28 - 2020-03-18 18:34 - 00000000 ____D C:\Program Files (x86)\bookingDesktopApp 2020-05-15 12:06 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-05-15 12:06 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-05-15 11:56 - 2014-07-12 14:35 - 00000000 ____D C:\ProgramData\Realtek 2020-05-15 11:56 - 2014-07-12 14:33 - 00000000 ____D C:\ProgramData\NVIDIA 2020-05-15 11:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2020-05-14 22:29 - 2020-02-29 13:24 - 00003972 _____ C:\Windows\System32\Tasks\e-pity2019a_kwiecien 2020-05-14 22:29 - 2020-02-29 13:24 - 00003972 _____ C:\Windows\System32\Tasks\e-pity2019_styczen 2020-05-14 22:29 - 2017-09-23 15:43 - 00002946 _____ C:\Windows\System32\Tasks\{FE5DC747-7FC3-4FB8-B95F-A60BF79D35BF} 2020-05-14 22:29 - 2015-12-04 20:18 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2020-05-14 22:29 - 2015-06-25 19:52 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2020-05-14 22:29 - 2014-12-13 17:55 - 00003058 _____ C:\Windows\System32\Tasks\{FF071DC6-D034-4177-ACA1-113CC46BA027} 2020-05-14 22:29 - 2014-09-22 22:25 - 00003118 _____ C:\Windows\System32\Tasks\{E8A2A072-A991-47FA-9E86-46647E0ADAAB} 2020-05-14 22:29 - 2014-07-16 00:57 - 00003484 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2020-05-14 22:29 - 2014-07-16 00:57 - 00003356 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2020-05-13 13:57 - 2019-04-11 22:13 - 00003732 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) 2020-05-13 13:57 - 2019-04-11 22:13 - 00003150 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) 2020-05-13 13:57 - 2018-03-26 23:11 - 00002429 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk 2020-05-13 13:57 - 2018-03-26 23:11 - 00002386 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk 2020-05-12 20:21 - 2018-09-24 13:07 - 00002059 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2020-05-12 19:59 - 2016-11-04 18:13 - 00000000 ____D C:\Users\Rafal\AppData\Local\CrashDumps 2020-05-06 18:28 - 2020-04-10 14:21 - 00000204 _____ C:\Users\Rafal\Desktop\ruletki daily.txt 2020-05-06 13:55 - 2014-07-20 12:29 - 00002224 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-05-06 13:55 - 2014-07-20 12:29 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-04-26 13:34 - 2017-08-17 12:28 - 00004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2020-04-17 16:51 - 2014-07-12 15:19 - 00741694 _____ C:\Windows\system32\perfh015.dat 2020-04-17 16:51 - 2014-07-12 15:19 - 00156734 _____ C:\Windows\system32\perfc015.dat 2020-04-17 16:51 - 2009-07-14 07:13 - 01673940 _____ C:\Windows\system32\PerfStringBackup.INI 2020-04-17 16:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf ==================== Files in the root of some directories ======= 2014-07-12 14:36 - 2020-05-15 11:58 - 0049659 _____ () C:\Users\Rafal\AppData\Local\BTServer.log Some files in TEMP: ==================== C:\Users\Rafal\AppData\Local\Temp\DllMonoCtrl.dll C:\Users\Rafal\AppData\Local\Temp\h-ckambn.dll C:\Users\Rafal\AppData\Local\Temp\ipl1766.tmp.exe C:\Users\Rafal\AppData\Local\Temp\libeay32.dll C:\Users\Rafal\AppData\Local\Temp\msvcr120.dll C:\Users\Rafal\AppData\Local\Temp\ntdll.dll C:\Users\Rafal\AppData\Local\Temp\SHELL32.dll C:\Users\Rafal\AppData\Local\Temp\sqlite3.dll C:\Users\Rafal\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2020-05-07 19:49 ==================== End of FRST.txt ============================