Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 08-09-2017 Uruchomiony przez Simek (administrator) SIMEK-PC (10-09-2017 12:25:24) Uruchomiony z D:\gry\neverwinter Załadowane profile: Simek (Dostępne profile: Simek) Platform: Windows 7 Home Premium (X64) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe () C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Solid Documents Limited) C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe (ASRock) C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe (Official homepage: hxxp://www.republika.pl/lanchat) C:\Users\Simek\Desktop\LANChat.exe (AVAST Software) C:\Users\Simek\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_151.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_151.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor) HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH) HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Smart File Advisor] => "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.) HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [6311104 2016-03-24] (FNet Co., Ltd.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.) HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/pl.special-uninstallation-feedback-app?lic=OE1FSC1STlpMTC0yWTRRWC03OVBQQS1NMlBGRi1BRU1CUg"&"inst=NzYtNzA4MTM1MTg0LUQzODFMKzYtU1AxKzEtU1VQKzMtVFVHKzMtU1AxUzIrMS1DSVA (dane wartości zawierają 83 znaków więcej). Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3853154925-1102989141-3211563624-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.) HKU\S-1-5-21-3853154925-1102989141-3211563624-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7744568 2015-10-17] (GOG.com) HKU\S-1-5-21-3853154925-1102989141-3211563624-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] () HKU\S-1-5-21-3853154925-1102989141-3211563624-1000\...\Run: [ASRockXTU] => [X] HKU\S-1-5-21-3853154925-1102989141-3211563624-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [896912 2016-05-23] (BitTorrent, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-10-17] ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{1A760FC4-43BD-440E-A12E-D24F7543ED44}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{1D473A0D-1BDD-4C52-A9A1-A0127700B0E4}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{31A8580F-5E55-4F9C-B50B-43E24EBB6D0D}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{9EC9BE0D-0238-467A-8BAC-D563A8321567}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{E1CB675C-51A7-47BB-90BA-279B09B540DA}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-23] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-23] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13] (Safer-Networking Ltd.) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-08-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-08-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-08-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-08-20] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Simek\AppData\Roaming\Mozilla\Firefox\Profiles\bkpyr9th.default [2017-09-10] FF Homepage: Mozilla\Firefox\Profiles\bkpyr9th.default -> google.com FF Extension: (mp3it) - C:\Users\Simek\AppData\Roaming\Mozilla\Firefox\Profiles\bkpyr9th.default\Extensions\info@mp3it.eu.xpi [2016-04-27] FF HKU\S-1-5-21-3853154925-1102989141-3211563624-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Simek\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => nie znaleziono FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] () FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-03] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-23] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation) FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll [2011-08-30] ( ) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-26] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3853154925-1102989141-3211563624-1000: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\Simek\AppData\Roaming\ACEStream\player\npace_plugin.dll [Brak pliku] FF Plugin HKU\S-1-5-21-3853154925-1102989141-3211563624-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-11-27] (Ubisoft) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll [2011-08-30] ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) Chrome: ======= CHR HKU\S-1-5-21-3853154925-1102989141-3211563624-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH) R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.) S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-17] (GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-10-17] (GOG.com) R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Brak podpisu cyfrowego] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2017-02-27] (LogMeIn, Inc.) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2157456 2017-06-10] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3127192 2017-06-10] (Electronic Arts) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [Brak podpisu cyfrowego] R2 SPDFCreatorReadSpool; C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe [262576 2015-12-29] (Solid Documents Limited) R3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2011-05-24] (Microsoft Corporation) [Brak podpisu cyfrowego] S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2014-07-30] (ASRock Inc.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-04-17] () R3 AxtuDrv; C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [21768 2016-03-25] (RW-Everything) S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2009-12-22] (Devguru Co., Ltd) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2016-03-24] (FNet Co., Ltd.) S3 L6GX; C:\Windows\System32\Drivers\L6GX64.sys [772864 2015-08-01] (Line 6) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-04-17] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-09-08] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.) S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation ) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-06-21] () [Brak podpisu cyfrowego] S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation) U3 astrp8c4; C:\Windows\System32\Drivers\astrp8c4.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder) R3 ArdDrv; \??\C:\Windows\SysWOW64\Drivers\ArdDrv.sys [X] S3 cpuz143; \??\C:\Users\Simek\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [X] <==== UWAGA ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-09-10 11:52 - 2017-09-10 12:25 - 000000000 ____D C:\FRST 2017-09-08 22:42 - 2017-09-08 22:49 - 000007241 _____ C:\Users\Simek\Desktop\ZHPCleaner.txt 2017-09-08 22:30 - 2017-09-08 22:49 - 000000000 ____D C:\Users\Simek\AppData\Roaming\ZHP 2017-09-08 22:30 - 2017-09-08 22:30 - 000000792 _____ C:\Users\Simek\Desktop\ZHPCleaner.lnk 2017-09-08 22:30 - 2017-09-08 22:30 - 000000000 ____D C:\Users\Simek\AppData\Local\ZHP 2017-09-08 22:06 - 2017-09-10 12:10 - 000001850 _____ C:\Users\Simek\Desktop\sc-cleaner.txt 2017-09-08 21:59 - 2017-09-08 21:59 - 000004232 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-3853154925-1102989141-3211563624-1000 2017-09-08 21:59 - 2017-09-08 21:59 - 000003294 _____ C:\Windows\System32\Tasks\avastBCLS-1-5-21-3853154925-1102989141-3211563624-1000 2017-09-08 21:59 - 2017-09-08 21:59 - 000001065 _____ C:\Users\Simek\Desktop\Avast Browser Cleanup.lnk 2017-09-08 21:59 - 2017-09-08 21:59 - 000000000 ____D C:\Users\Simek\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup 2017-09-08 21:59 - 2017-09-08 21:59 - 000000000 ____D C:\Users\Simek\AppData\Roaming\AVAST Software 2017-09-08 21:15 - 2017-09-08 21:15 - 000047304 _____ C:\Users\Simek\Documents\cc_20170908_211510.reg 2017-09-05 19:28 - 2017-09-05 19:28 - 000000000 ____D C:\Users\Simek\AppData\LocalLow\AMD 2017-09-04 21:33 - 2017-09-04 21:33 - 000000029 _____ C:\Users\Simek\Desktop\xpserial.txt 2017-09-04 06:25 - 2017-09-04 06:25 - 000036966 _____ C:\Users\Simek\Desktop\Potwierdzenie_transakcji_nr_0010780510_040917.pdf 2017-09-04 06:25 - 2017-09-04 06:25 - 000036515 _____ C:\Users\Simek\Desktop\Potwierdzenie_transakcji_nr_0010780524_040917.pdf 2017-09-02 13:25 - 2017-09-10 09:33 - 000003026 _____ C:\Windows\System32\Tasks\asrRd 2017-08-30 18:57 - 2017-08-30 23:25 - 000000000 ____D C:\Users\Simek\Desktop\Football Manager 2018 v.2 2017-08-20 13:37 - 2017-08-20 11:32 - 000051573 _____ C:\Users\Simek\Desktop\Channel_list_T-HKMFDEUC-15011.3.zip 2017-08-20 13:31 - 2017-08-20 10:11 - 000051303 _____ C:\Users\Simek\Desktop\Channel_list_T-HKMFDEUC-1501.3.zip ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-09-10 12:25 - 2011-02-15 13:03 - 000000000 ____D C:\Users\Simek\AppData\Roaming\uTorrent 2017-09-10 11:51 - 2015-08-22 23:37 - 000000000 ____D C:\Users\Simek\AppData\Local\LogMeIn Hamachi 2017-09-10 11:41 - 2016-11-19 18:39 - 000000000 ____D C:\Users\Simek\AppData\LocalLow\Mozilla 2017-09-10 11:35 - 2009-07-14 06:45 - 000009808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-10 11:35 - 2009-07-14 06:45 - 000009808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-10 09:33 - 2016-08-21 13:26 - 000000000 ____D C:\ProgramData\Foxit Software 2017-09-10 09:33 - 2016-03-25 21:50 - 000002960 _____ C:\Windows\System32\Tasks\AsrXTU 2017-09-10 09:33 - 2015-10-17 19:56 - 000001010 _____ C:\Windows\Tasks\YlOOqEqYHplMfZba4Oe.job 2017-09-10 09:33 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-09 14:28 - 2017-08-04 19:07 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2017-09-09 12:31 - 2011-10-21 18:09 - 000000000 ____D C:\Program Files (x86)\Steam 2017-09-08 22:59 - 2015-10-17 23:38 - 000000000 ____D C:\AdwCleaner 2017-09-08 22:15 - 2015-10-17 23:20 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-08 22:00 - 2011-02-15 12:50 - 000000000 ____D C:\Users\Simek\AppData\Roaming\foobar2000 2017-09-08 21:27 - 2011-03-20 12:50 - 001807360 ___SH C:\Users\Simek\Desktop\Thumbs.db 2017-09-08 21:26 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2017-09-08 21:16 - 2013-05-06 21:40 - 000000000 ____D C:\Windows\Minidump 2017-09-08 21:09 - 2015-10-16 22:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-09-07 21:46 - 2011-02-15 13:05 - 000000000 ____D C:\Users\Simek\Downloads\uTorrent pobrane 2017-09-01 22:14 - 2011-05-10 15:47 - 000000000 ____D C:\Users\Simek\AppData\Roaming\XnView 2017-09-01 22:08 - 2011-04-18 12:28 - 000000000 ____D C:\Users\Simek\Desktop\Krystian 2017-08-18 17:34 - 2017-03-31 20:23 - 000000088 _____ C:\Users\Simek\Desktop\21864 60.txt 2017-08-17 18:01 - 2009-07-14 07:08 - 000032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-08-11 18:10 - 2017-08-10 17:56 - 000008715 _____ C:\Users\Simek\Desktop\Nowy OpenDocument Dokument tekstowy.odt ==================== Pliki w katalogu głównym wybranych folderów ======= 2013-12-26 12:31 - 2013-12-26 12:31 - 000009028 _____ () C:\Users\Simek\AppData\Roaming\.freeciv-client-rc-2.4 2015-04-14 18:28 - 2015-04-14 18:28 - 000004387 _____ () C:\Users\Simek\AppData\Roaming\YlOOqEqYHplMfZba4Oe 2011-02-20 13:32 - 2011-02-20 13:32 - 000000093 _____ () C:\Users\Simek\AppData\Local\fusioncache.dat 2011-10-29 16:39 - 2017-07-18 18:21 - 000007598 _____ () C:\Users\Simek\AppData\Local\Resmon.ResmonCfg 2012-03-06 15:17 - 2012-03-06 15:17 - 002371152 _____ (DownVision ) C:\Users\Simek\AppData\Local\setup.exe 2016-10-23 14:04 - 2016-10-23 14:04 - 000000112 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe [2011-02-10 11:16] - [2011-03-13 01:19] - 000389632 _____ (Microsoft Corporation) 87A00ED70FEC36D0DD968E5058C29AA1 C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll [2009-07-14 01:38] - [2009-07-14 03:41] - 001008640 _____ (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E C:\Windows\SysWOW64\User32.dll [2011-02-10 11:05] - [2011-02-10 11:05] - 000833024 _____ (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356 C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-09-10 10:42 ==================== Koniec FRST.txt ============================