Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 08-09-2017
Uruchomiony przez Simek (administrator)  SIMEK-PC (10-09-2017 12:25:24)
Uruchomiony z D:\gry\neverwinter
Załadowane profile: Simek (Dostępne profile: Simek)
Platform: Windows 7 Home Premium (X64) Język: Polski (Polska)
Internet Explorer Wersja 8 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
() C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Solid Documents Limited) C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(ASRock) C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
(Official homepage: hxxp://www.republika.pl/lanchat) C:\Users\Simek\Desktop\LANChat.exe
(AVAST Software) C:\Users\Simek\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_151.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_151.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Smart File Advisor] => "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [6311104 2016-03-24] (FNet Co., Ltd.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/pl.special-uninstallation-feedback-app?lic=OE1FSC1STlpMTC0yWTRRWC03OVBQQS1NMlBGRi1BRU1CUg"&"inst=NzYtNzA4MTM1MTg0LUQzODFMKzYtU1AxKzEtU1VQKzMtVFVHKzMtU1AxUzIrMS1DSVA (dane wartości zawierają 83 znaków więcej).
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3853154925-1102989141-3211563624-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-3853154925-1102989141-3211563624-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7744568 2015-10-17] (GOG.com)
HKU\S-1-5-21-3853154925-1102989141-3211563624-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-3853154925-1102989141-3211563624-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-3853154925-1102989141-3211563624-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [896912 2016-05-23] (BitTorrent, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-10-17]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1A760FC4-43BD-440E-A12E-D24F7543ED44}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1D473A0D-1BDD-4C52-A9A1-A0127700B0E4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{31A8580F-5E55-4F9C-B50B-43E24EBB6D0D}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9EC9BE0D-0238-467A-8BAC-D563A8321567}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E1CB675C-51A7-47BB-90BA-279B09B540DA}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-23] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13] (Safer-Networking Ltd.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-08-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-08-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-08-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-08-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Simek\AppData\Roaming\Mozilla\Firefox\Profiles\bkpyr9th.default [2017-09-10]
FF Homepage: Mozilla\Firefox\Profiles\bkpyr9th.default -> google.com
FF Extension: (mp3it) - C:\Users\Simek\AppData\Roaming\Mozilla\Firefox\Profiles\bkpyr9th.default\Extensions\info@mp3it.eu.xpi [2016-04-27]
FF HKU\S-1-5-21-3853154925-1102989141-3211563624-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Simek\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => nie znaleziono
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation)
FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll [2011-08-30] ( )
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3853154925-1102989141-3211563624-1000: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\Simek\AppData\Roaming\ACEStream\player\npace_plugin.dll [Brak pliku]
FF Plugin HKU\S-1-5-21-3853154925-1102989141-3211563624-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-11-27] (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll [2011-08-30] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKU\S-1-5-21-3853154925-1102989141-3211563624-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego]
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-17] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-10-17] (GOG.com)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Brak podpisu cyfrowego]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2017-02-27] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2157456 2017-06-10] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3127192 2017-06-10] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [Brak podpisu cyfrowego]
R2 SPDFCreatorReadSpool; C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe [262576 2015-12-29] (Solid Documents Limited)
R3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2011-05-24] (Microsoft Corporation) [Brak podpisu cyfrowego]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2014-07-30] (ASRock Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-04-17] ()
R3 AxtuDrv; C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [21768 2016-03-25] (RW-Everything)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2009-12-22] (Devguru Co., Ltd)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2016-03-24] (FNet Co., Ltd.)
S3 L6GX; C:\Windows\System32\Drivers\L6GX64.sys [772864 2015-08-01] (Line 6)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-04-17] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-09-08] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-06-21] () [Brak podpisu cyfrowego]
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation)
U3 astrp8c4; C:\Windows\System32\Drivers\astrp8c4.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
R3 ArdDrv; \??\C:\Windows\SysWOW64\Drivers\ArdDrv.sys [X]
S3 cpuz143; \??\C:\Users\Simek\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [X] <==== UWAGA

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-09-10 11:52 - 2017-09-10 12:25 - 000000000 ____D C:\FRST
2017-09-08 22:42 - 2017-09-08 22:49 - 000007241 _____ C:\Users\Simek\Desktop\ZHPCleaner.txt
2017-09-08 22:30 - 2017-09-08 22:49 - 000000000 ____D C:\Users\Simek\AppData\Roaming\ZHP
2017-09-08 22:30 - 2017-09-08 22:30 - 000000792 _____ C:\Users\Simek\Desktop\ZHPCleaner.lnk
2017-09-08 22:30 - 2017-09-08 22:30 - 000000000 ____D C:\Users\Simek\AppData\Local\ZHP
2017-09-08 22:06 - 2017-09-10 12:10 - 000001850 _____ C:\Users\Simek\Desktop\sc-cleaner.txt
2017-09-08 21:59 - 2017-09-08 21:59 - 000004232 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-3853154925-1102989141-3211563624-1000
2017-09-08 21:59 - 2017-09-08 21:59 - 000003294 _____ C:\Windows\System32\Tasks\avastBCLS-1-5-21-3853154925-1102989141-3211563624-1000
2017-09-08 21:59 - 2017-09-08 21:59 - 000001065 _____ C:\Users\Simek\Desktop\Avast Browser Cleanup.lnk
2017-09-08 21:59 - 2017-09-08 21:59 - 000000000 ____D C:\Users\Simek\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2017-09-08 21:59 - 2017-09-08 21:59 - 000000000 ____D C:\Users\Simek\AppData\Roaming\AVAST Software
2017-09-08 21:15 - 2017-09-08 21:15 - 000047304 _____ C:\Users\Simek\Documents\cc_20170908_211510.reg
2017-09-05 19:28 - 2017-09-05 19:28 - 000000000 ____D C:\Users\Simek\AppData\LocalLow\AMD
2017-09-04 21:33 - 2017-09-04 21:33 - 000000029 _____ C:\Users\Simek\Desktop\xpserial.txt
2017-09-04 06:25 - 2017-09-04 06:25 - 000036966 _____ C:\Users\Simek\Desktop\Potwierdzenie_transakcji_nr_0010780510_040917.pdf
2017-09-04 06:25 - 2017-09-04 06:25 - 000036515 _____ C:\Users\Simek\Desktop\Potwierdzenie_transakcji_nr_0010780524_040917.pdf
2017-09-02 13:25 - 2017-09-10 09:33 - 000003026 _____ C:\Windows\System32\Tasks\asrRd
2017-08-30 18:57 - 2017-08-30 23:25 - 000000000 ____D C:\Users\Simek\Desktop\Football Manager 2018 v.2
2017-08-20 13:37 - 2017-08-20 11:32 - 000051573 _____ C:\Users\Simek\Desktop\Channel_list_T-HKMFDEUC-15011.3.zip
2017-08-20 13:31 - 2017-08-20 10:11 - 000051303 _____ C:\Users\Simek\Desktop\Channel_list_T-HKMFDEUC-1501.3.zip

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-09-10 12:25 - 2011-02-15 13:03 - 000000000 ____D C:\Users\Simek\AppData\Roaming\uTorrent
2017-09-10 11:51 - 2015-08-22 23:37 - 000000000 ____D C:\Users\Simek\AppData\Local\LogMeIn Hamachi
2017-09-10 11:41 - 2016-11-19 18:39 - 000000000 ____D C:\Users\Simek\AppData\LocalLow\Mozilla
2017-09-10 11:35 - 2009-07-14 06:45 - 000009808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-10 11:35 - 2009-07-14 06:45 - 000009808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-10 09:33 - 2016-08-21 13:26 - 000000000 ____D C:\ProgramData\Foxit Software
2017-09-10 09:33 - 2016-03-25 21:50 - 000002960 _____ C:\Windows\System32\Tasks\AsrXTU
2017-09-10 09:33 - 2015-10-17 19:56 - 000001010 _____ C:\Windows\Tasks\YlOOqEqYHplMfZba4Oe.job
2017-09-10 09:33 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-09 14:28 - 2017-08-04 19:07 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-09-09 12:31 - 2011-10-21 18:09 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-08 22:59 - 2015-10-17 23:38 - 000000000 ____D C:\AdwCleaner
2017-09-08 22:15 - 2015-10-17 23:20 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-08 22:00 - 2011-02-15 12:50 - 000000000 ____D C:\Users\Simek\AppData\Roaming\foobar2000
2017-09-08 21:27 - 2011-03-20 12:50 - 001807360 ___SH C:\Users\Simek\Desktop\Thumbs.db
2017-09-08 21:26 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-09-08 21:16 - 2013-05-06 21:40 - 000000000 ____D C:\Windows\Minidump
2017-09-08 21:09 - 2015-10-16 22:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-07 21:46 - 2011-02-15 13:05 - 000000000 ____D C:\Users\Simek\Downloads\uTorrent pobrane
2017-09-01 22:14 - 2011-05-10 15:47 - 000000000 ____D C:\Users\Simek\AppData\Roaming\XnView
2017-09-01 22:08 - 2011-04-18 12:28 - 000000000 ____D C:\Users\Simek\Desktop\Krystian
2017-08-18 17:34 - 2017-03-31 20:23 - 000000088 _____ C:\Users\Simek\Desktop\21864 60.txt
2017-08-17 18:01 - 2009-07-14 07:08 - 000032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-11 18:10 - 2017-08-10 17:56 - 000008715 _____ C:\Users\Simek\Desktop\Nowy OpenDocument Dokument tekstowy.odt

==================== Pliki w katalogu głównym wybranych folderów =======

2013-12-26 12:31 - 2013-12-26 12:31 - 000009028 _____ () C:\Users\Simek\AppData\Roaming\.freeciv-client-rc-2.4
2015-04-14 18:28 - 2015-04-14 18:28 - 000004387 _____ () C:\Users\Simek\AppData\Roaming\YlOOqEqYHplMfZba4Oe
2011-02-20 13:32 - 2011-02-20 13:32 - 000000093 _____ () C:\Users\Simek\AppData\Local\fusioncache.dat
2011-10-29 16:39 - 2017-07-18 18:21 - 000007598 _____ () C:\Users\Simek\AppData\Local\Resmon.ResmonCfg
2012-03-06 15:17 - 2012-03-06 15:17 - 002371152 _____ (DownVision                                                  ) C:\Users\Simek\AppData\Local\setup.exe
2016-10-23 14:04 - 2016-10-23 14:04 - 000000112 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe
[2011-02-10 11:16] - [2011-03-13 01:19] - 000389632 _____ (Microsoft Corporation) 87A00ED70FEC36D0DD968E5058C29AA1

C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll
[2009-07-14 01:38] - [2009-07-14 03:41] - 001008640 _____ (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E

C:\Windows\SysWOW64\User32.dll
[2011-02-10 11:05] - [2011-02-10 11:05] - 000833024 _____ (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356

C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

LastRegBack: 2017-09-10 10:42

==================== Koniec  FRST.txt ============================