Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018 Ran by Łukasz (administrator) on JARVIS (29-01-2018 10:03:35) Running from C:\Users\Łukasz\Desktop Loaded Profiles: Łukasz (Available Profiles: Łukasz) Platform: Windows 8.1 Connected (Update) (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe (Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe (Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files\Lenovo\iMController\AutoUpdate.exe () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe () C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation) HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-12-07] (Lenovo) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-12-07] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-12-07] (Lenovo(beijing) Limited) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [Windows Mobile Device Center] => C:\windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-04] (AVAST Software) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (CANON INC.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.) HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.) HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3101984 2017-10-17] (Valve Corporation) HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2105728 2017-05-31] (Sony) HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\Run: [Łukasz] => explorer.exe hxxp://ozirizsoos.info <==== ATTENTION HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {09df87c7-50c3-11e5-826e-7429af2c1710} - "J:\SETUP.EXE" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {28bb8f77-3392-11e5-826b-7429af2c1710} - "G:\startme.exe" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {3ce6438f-6321-11e7-82c4-7429af2c1710} - "G:\startme.exe" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {51640575-0407-11e7-82b0-7429af2c1710} - "I:\startme.exe" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {8086c471-23dd-11e5-826b-7429af2c1710} - "G:\setup.exe" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {9a3eda61-3e8f-11e5-826b-7429af2c1710} - "H:\setup.exe" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {9a3edabd-3e8f-11e5-826b-7429af2c1710} - "I:\SETUP.EXE" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {a6452ef5-64a0-11e7-82c4-7429af2c1710} - "G:\startme.exe" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {fc6db86f-c85c-11e6-82a7-7429af2c1710} - "H:\startme.exe" HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\bridge.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\capture.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\connect.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\coreldrw.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\corelpp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\devicecentral.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\dtagent.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\dtlauncher.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\extendscript toolkit 2.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\fontnav.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\lu.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\photoshop.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\poptoastprocess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\vfconfig.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\xperiacompanion.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-01-04] ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software) GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{02D35631-8C2C-48B6-AD92-78DAB20EE014}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{02D35631-8C2C-48B6-AD92-78DAB20EE014}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{22742F91-50B8-4E9F-AFB6-6600C319A61E}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{22742F91-50B8-4E9F-AFB6-6600C319A61E}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{47FE507A-7A14-44AB-8BBF-C48627335C11}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{645ACDD0-5744-49DB-868B-EECFBB43C8A9}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{D9BB08CA-6728-4344-98F3-313D716E8FA1}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{D9BB08CA-6728-4344-98F3-313D716E8FA1}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{F9DFBAB1-24A6-4218-AF00-55051DA28128}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{F9DFBAB1-24A6-4218-AF00-55051DA28128}: [DhcpNameServer] 8.8.8.8 ManualProxies: Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-560449224-3561805689-3965242287-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190 HKU\S-1-5-21-560449224-3561805689-3965242287-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-560449224-3561805689-3965242287-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = SearchScopes: HKU\S-1-5-21-560449224-3561805689-3965242287-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-560449224-3561805689-3965242287-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-560449224-3561805689-3965242287-1001 -> {5015E38D-A252-4453-84DB-13C6D198372A} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-09] (AVAST Software) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> H:\Flash\prog\BitComet\tools\BitCometBHO_1.5.4.11.dll => No File BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-09] (AVAST Software) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: [General] AutoLogin=1 Default=Tożsamość1 [Identities] Tożsamość1=C:\Users\Łukasz\Documents\Draco Organizer\Tożsamość1\ [not found] <==== ATTENTION FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-13] (CANON INC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-560449224-3561805689-3965242287-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File] Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.google.pl/ CHR StartupUrls: Default -> "hxxp://www.gazeta.pl/0,0.html?p=190" CHR Profile: C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default [2018-01-29] CHR Extension: (Prezentacje) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Dokumenty) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Dysk Google) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Arkusze) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Dokumenty Google offline) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AntiGameOrigin v6) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfaofnlkooiapdmkbppmpgmjmhkolaeb [2017-09-13] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Chrome Media Router) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14] CHR Profile: C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-27] CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-04] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-04] (AVAST Software) S4 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-08-18] (BitRaider, LLC) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed] R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] () R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L) R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [7650600 2018-01-26] (AVAST Software) S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-06-30] (Macrovision Europe Ltd.) [File not signed] R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation) S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [387144 2016-02-04] () R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation) S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo) R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.) R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-12-07] (Lenovo(beijing) Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-04] () S4 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-12-07] (Lenovo) S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-12-07] (Lenovo) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] () S4 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-12-07] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S4 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2017-05-31] (Sony) S3 BITCOMET_HELPER_SERVICE; H:\Flash\prog\BitComet\tools\BitCometService.exe -service [X] S2 Update Special Box; "C:\Program Files (x86)\Special Box\updateSpecialBox.exe" [X] S2 Util Special Box; "C:\Program Files (x86)\Special Box\bin\utilSpecialBox.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [185096 2018-01-04] (AVAST Software) R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-04] (AVAST Software) R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [199448 2018-01-04] (AVAST Software) R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [343768 2018-01-04] (AVAST Software) R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [57696 2018-01-04] (AVAST Software) R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [149344 2018-01-04] (AVAST Software) S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46976 2018-01-04] (AVAST Software) R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [41832 2017-09-13] (AVAST Software) R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [146648 2018-01-11] (AVAST Software) R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [110336 2018-01-04] (AVAST Software) R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84384 2018-01-04] (AVAST Software) R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1025176 2018-01-04] (AVAST Software) R1 aswSP; C:\windows\System32\drivers\aswSP.sys [457896 2018-01-11] (AVAST Software) R2 aswStm; C:\windows\System32\drivers\aswStm.sys [204456 2018-01-04] (AVAST Software) R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [358672 2018-01-04] (AVAST Software) R2 atksgt; C:\windows\System32\DRIVERS\atksgt.sys [314016 2015-09-01] () S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-08-18] (BitRaider) R1 CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) R3 dtlitescsibus; C:\windows\System32\drivers\dtlitescsibus.sys [30264 2015-07-09] (Disc Soft Ltd) R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77432 2017-12-12] () R2 lirsgt; C:\windows\System32\DRIVERS\lirsgt.sys [43680 2015-09-01] () R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [193968 2017-12-12] (Malwarebytes) R3 MBAMFarflt; C:\windows\system32\DRIVERS\farflt.sys [110016 2018-01-29] (Malwarebytes) R0 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-12] (Malwarebytes) R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [94144 2018-01-29] (Malwarebytes) R0 MBI; C:\windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation) S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 RtkBtFilter; C:\windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-14] (Realtek Semiconductor Corporation) R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [2599128 2014-09-11] (Realtek Semiconductor Corp.) R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [3558104 2014-08-15] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-24] (Synaptics Incorporated) R3 TXEIx64; C:\windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink) S3 xhunter1; \??\C:\windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-29 10:03 - 2018-01-29 10:05 - 000024030 _____ C:\Users\Łukasz\Desktop\FRST.txt 2018-01-29 10:02 - 2018-01-29 10:03 - 000000000 ____D C:\FRST 2018-01-29 10:01 - 2018-01-29 10:02 - 002393088 _____ (Farbar) C:\Users\Łukasz\Desktop\FRST64.exe 2018-01-29 09:57 - 2018-01-29 09:57 - 000000000 ____D C:\ProgramData\SWCUTemp 2018-01-29 09:24 - 2018-01-29 09:54 - 000000000 ____D C:\AdwCleaner 2018-01-29 09:24 - 2018-01-29 09:24 - 008206624 _____ (Malwarebytes) C:\Users\Łukasz\Desktop\adwcleaner_7.0.7.0.exe 2018-01-28 11:35 - 2018-01-28 11:35 - 002409024 _____ C:\windows\system32\FNTCACHE.DAT 2018-01-27 18:57 - 2018-01-29 09:57 - 000110016 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys 2018-01-27 18:48 - 2018-01-28 10:14 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\Avast Tuneup 2018-01-09 16:38 - 2018-01-09 16:38 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\AC3Filter 2018-01-09 10:33 - 2018-01-09 17:16 - 000003488 _____ C:\windows\System32\Tasks\Łukasz 2018-01-04 17:28 - 2018-01-04 17:28 - 000000000 ____D C:\Users\Łukasz\AppData\LocalLow\Games Farm s_r_o_ 2018-01-04 16:11 - 2018-01-04 17:01 - 000000000 ____D C:\Users\Łukasz\Documents\GTA Vice City User Files 2018-01-04 11:24 - 2018-01-12 23:25 - 000004194 _____ C:\windows\System32\Tasks\Avast TUNEUP Update 2018-01-04 11:23 - 2018-01-04 11:23 - 000000000 ____D C:\Program Files (x86)\AVAST Software 2018-01-04 11:22 - 2018-01-04 11:17 - 000149344 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys 2018-01-04 11:21 - 2018-01-04 11:20 - 000365680 _____ (AVAST Software) C:\windows\system32\aswBoot.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-29 09:59 - 2015-03-16 13:22 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\ClassicShell 2018-01-29 09:57 - 2017-12-12 16:50 - 000094144 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys 2018-01-29 09:56 - 2013-08-22 15:45 - 000000006 ____H C:\windows\Tasks\SA.DAT 2018-01-29 09:40 - 2017-10-02 11:33 - 000000000 ____D C:\Users\Łukasz\AppData\Local\Last.fm 2018-01-28 12:12 - 2015-02-20 07:47 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-560449224-3561805689-3965242287-1001 2018-01-28 10:28 - 2013-08-22 14:36 - 000000000 ____D C:\windows\Inf 2018-01-28 10:25 - 2014-12-07 17:33 - 000004608 _____ C:\windows\system32\VfService.trf 2018-01-28 10:21 - 2015-06-24 10:07 - 000004478 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task 2018-01-28 10:19 - 2015-03-16 13:55 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\Skype 2018-01-28 10:19 - 2014-04-02 18:34 - 000000000 ____D C:\windows\Panther 2018-01-28 10:19 - 2013-08-22 16:36 - 000000000 ____D C:\windows\LiveKernelReports 2018-01-28 10:18 - 2017-03-30 19:08 - 000000000 ____D C:\Users\Łukasz\AppData\Local\Microsoft Help 2018-01-28 10:18 - 2017-03-09 16:05 - 000000000 ____D C:\Program Files (x86)\Steam 2018-01-28 10:18 - 2017-01-05 14:26 - 000000000 ___HD C:\ProgramData\{0ADFD9B5-DE61-4915-9B79-1B8FF79919DC} 2018-01-28 10:18 - 2015-09-10 16:15 - 000000000 ____D C:\Users\Łukasz\Desktop\Gry 2018-01-28 10:18 - 2014-12-07 17:26 - 000000000 ____D C:\ProgramData\install_clap 2018-01-27 23:34 - 2015-02-20 07:40 - 000000000 ____D C:\Users\Łukasz 2018-01-27 19:19 - 2015-06-24 18:22 - 000001279 _____ C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk 2018-01-27 19:19 - 2014-12-07 17:43 - 000000000 ____D C:\ProgramData\LU 2018-01-27 14:36 - 2017-10-03 12:28 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\foobar2000 2018-01-26 22:11 - 2017-04-05 15:43 - 000000000 ____D C:\Users\Łukasz\Desktop\Komiksy 2018-01-26 21:55 - 2017-01-28 21:58 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\CDisplayEx 2018-01-22 10:04 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps 2018-01-22 10:04 - 2013-08-22 16:36 - 000000000 ____D C:\windows\AppReadiness 2018-01-12 18:02 - 2017-11-16 08:40 - 000000000 ____D C:\Users\Łukasz\Desktop\Trening 2018-01-11 17:10 - 2017-02-09 10:47 - 000000000 ____D C:\ProgramData\CanonIJPLM 2018-01-11 11:22 - 2015-03-09 11:56 - 000457896 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2018-01-11 11:22 - 2015-03-09 11:56 - 000146648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2018-01-09 17:16 - 2017-12-27 20:09 - 000004572 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-01-09 17:16 - 2017-12-27 20:09 - 000004424 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2018-01-09 17:16 - 2016-03-28 13:05 - 000003480 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-01-09 17:16 - 2015-03-09 11:57 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software 2018-01-09 17:16 - 2015-03-09 11:48 - 000003352 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-01-09 15:10 - 2013-08-22 16:36 - 000000000 ____D C:\windows\SysWOW64\Macromed 2018-01-09 15:10 - 2013-08-22 16:36 - 000000000 ____D C:\windows\system32\Macromed 2018-01-07 11:22 - 2017-02-07 21:23 - 000004172 _____ C:\windows\System32\Tasks\Avast Emergency Update 2018-01-04 19:45 - 2016-03-28 13:06 - 000002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-01-04 19:45 - 2016-03-28 13:06 - 000002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-01-04 17:04 - 2015-07-09 18:53 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\BitTorrent 2018-01-04 11:36 - 2013-08-22 14:25 - 000262144 ___SH C:\windows\system32\config\BBI 2018-01-04 11:24 - 2015-03-09 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2018-01-04 11:23 - 2015-03-09 11:54 - 000000000 ____D C:\ProgramData\AVAST Software 2018-01-04 11:20 - 2017-11-09 19:31 - 000185096 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys 2018-01-04 11:20 - 2015-03-09 11:56 - 000358672 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys 2018-01-04 11:20 - 2015-03-09 11:56 - 000204456 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2018-01-04 11:20 - 2015-03-09 11:56 - 000110336 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2018-01-04 11:20 - 2015-03-09 11:56 - 000084384 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys 2018-01-04 11:20 - 2015-03-09 11:56 - 000046976 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys 2018-01-04 11:17 - 2017-02-07 21:23 - 000343768 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys 2018-01-04 11:17 - 2017-02-07 21:23 - 000321512 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys 2018-01-04 11:17 - 2017-02-07 21:23 - 000199448 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys 2018-01-04 11:17 - 2017-02-07 21:23 - 000057696 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys 2018-01-04 11:17 - 2015-03-09 11:56 - 001025176 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2018-01-03 20:07 - 2017-03-30 19:08 - 000000000 ____D C:\Users\Łukasz\Documents\Visual Studio 2008 2018-01-02 17:01 - 2015-04-17 15:13 - 000000000 ____D C:\Users\Łukasz\Desktop\Tel ==================== Files in the root of some directories ======= 2015-03-19 00:47 - 2016-01-13 14:50 - 000000243 _____ () C:\Users\Łukasz\AppData\Roaming\WB.CFG 2015-02-20 07:42 - 2018-01-29 09:16 - 006840594 _____ () C:\Users\Łukasz\AppData\Local\BTServer.log 2015-03-23 09:54 - 2015-03-23 09:54 - 000274045 _____ () C:\Users\Łukasz\AppData\Local\dsi1.dat 2015-03-23 09:55 - 2015-03-23 09:55 - 000161916 _____ () C:\Users\Łukasz\AppData\Local\dsi2.dat 2015-07-27 17:48 - 2017-03-08 15:50 - 049685376 _____ (Sony) C:\Users\Łukasz\AppData\Local\pcc.exe 2017-03-20 20:12 - 2017-03-20 20:12 - 000016556 _____ () C:\Users\Łukasz\AppData\Local\recently-used.xbel ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-06 12:27 ==================== End of FRST.txt ============================