Anonim / 2 lata, 11 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by Grzesio (administrator) on GRZESIO-KOMP on 25-05-2015 05:59:47
Running from D:\instalki
Loaded Profiles: Grzesio (Available Profiles: Grzesio)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Flux Software LLC) C:\Users\Grzesio\AppData\Local\FluxSoftware\Flux\flux.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) D:\instalki\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [560760 2015-01-22] (Murray Hurps Software Pty Ltd)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2890488347-3686516966-887082497-1000\...\Run: [F.lux] => C:\Users\Grzesio\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2890488347-3686516966-887082497-1000\...\MountPoints2: {0b3a66e6-e14f-11e4-9d7e-92796cf3b9b7} - E:\DPFMate.exe
HKU\S-1-5-21-2890488347-3686516966-887082497-1000\...\MountPoints2: {10f1a4e4-ce4e-11e4-8e4c-f3968be0b1c1} - E:\Autorun.exe
HKU\S-1-5-21-2890488347-3686516966-887082497-1000\...\MountPoints2: {496c7069-e1b9-11e4-84b7-d863a10c25c8} - E:\DPFMate.exe
HKU\S-1-5-21-2890488347-3686516966-887082497-1000\...\MountPoints2: {739a660e-d87c-11e4-9ce1-ab0ba91aeacd} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2890488347-3686516966-887082497-1000\...\MountPoints2: {dafef06b-ce4a-11e4-a250-ac21b8b207c2} - E:\hdclone.exe
HKU\S-1-5-21-2890488347-3686516966-887082497-1000\...\MountPoints2: {fccd63f2-a25b-11e4-abd7-b7c742bc31d5} - E:\hdclone.exe
HKU\S-1-5-21-2890488347-3686516966-887082497-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
IFEO\adwcleaner_4.204.exe: [Debugger] svchost.exe
IFEO\AnVir.exe: [Debugger] svchost.exe
IFEO\AutoLogger.exe: [Debugger] svchost.exe
IFEO\avz.exe: [Debugger] svchost.exe
IFEO\CCleaner.exe: [Debugger] svchost.exe
IFEO\CCleaner64.exe: [Debugger] svchost.exe
IFEO\FRST.exe: [Debugger] svchost.exe
IFEO\FRST64.exe: [Debugger] svchost.exe
IFEO\HiJackThis.exe: [Debugger] svchost.exe
IFEO\regedit.exe: [Debugger] svchost.exe
IFEO\RegWorks.exe: [Debugger] svchost.exe
IFEO\RSIT.exe: [Debugger] svchost.exe
IFEO\RSITx64.exe: [Debugger] svchost.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2890488347-3686516966-887082497-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2890488347-3686516966-887082497-1000 -> {AFA46E59-B3FF-400A-99B5-2623EB992EB1} URL = https://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Grzesio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Grzesio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-13]
CHR Extension: (Google Docs) - C:\Users\Grzesio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-13]
CHR Extension: (Google Drive) - C:\Users\Grzesio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-13]
CHR Extension: (YouTube) - C:\Users\Grzesio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-13]
CHR Extension: (Google Search) - C:\Users\Grzesio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-13]
CHR Extension: (Google Sheets) - C:\Users\Grzesio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-13]
CHR Extension: (Bookmark Manager) - C:\Users\Grzesio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-13]
CHR Extension: (Google Wallet) - C:\Users\Grzesio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
CHR Extension: (Gmail) - C:\Users\Grzesio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe [94832 2015-03-02] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-05-11] (Foxit Software Inc.)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) []
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [164600 2015-05-05] (RaMMicHaeL)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-19] (Disc Soft Ltd)
S2 Kmm4xNT; C:\Windows\SysWow64\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [524800 2007-03-14] (PixArt Imaging Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-03-19] (Duplex Secure Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 05:59 - 2015-05-25 05:59 - 00000000 ____D () C:\FRST
2015-05-25 05:44 - 2015-05-25 05:45 - 00000000 ____D () C:\AdwCleaner
2015-05-21 16:22 - 2015-05-21 16:22 - 00001955 _____ () C:\Users\Public\Desktop\The Witcher® 3 - Wild Hunt.lnk
2015-05-21 16:22 - 2015-05-21 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-05-21 16:09 - 2015-05-21 16:09 - 00000000 ____D () C:\GOG Games
2015-05-20 21:04 - 2015-05-21 21:58 - 00000000 ____D () C:\Users\Grzesio\Documents\The Witcher 3
2015-05-17 13:59 - 2014-03-18 04:44 - 00906968 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-05-17 13:59 - 2014-03-18 04:44 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-05-17 13:59 - 2014-03-18 04:44 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-05-14 12:23 - 2015-05-14 12:23 - 00000000 ____D () C:\Users\Grzesio\AppData\Roaming\OpenOffice.org
2015-05-14 12:16 - 2015-05-14 12:16 - 00000000 ____D () C:\Users\Grzesio\AppData\Local\Icecream
2015-05-14 12:16 - 2015-05-14 12:16 - 00000000 ____D () C:\Users\Grzesio\.Icecream PDF Converter
2015-05-14 09:04 - 2015-05-20 19:54 - 00000063 _____ () C:\Users\Grzesio\Desktop\5 rat opłaconych.txt
2015-05-13 21:45 - 2015-05-13 21:45 - 00046130 ____R () C:\Users\Grzesio\Downloads\SteamAchievementManager63_hotfix.zip
2015-05-13 18:11 - 2015-05-25 05:45 - 00002106 _____ () C:\Windows\setupact.log
2015-05-13 18:11 - 2015-05-13 18:11 - 00000320 _____ () C:\Windows\PFRO.log
2015-05-13 18:11 - 2015-05-13 18:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-13 18:04 - 2015-05-13 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-13 18:03 - 2015-05-25 05:45 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-13 18:03 - 2015-05-24 23:15 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-13 18:03 - 2015-05-16 00:10 - 00004044 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-13 18:03 - 2015-05-16 00:10 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 18:03 - 2015-05-13 18:03 - 00000000 ____D () C:\Users\Grzesio\AppData\Local\Deployment
2015-05-13 18:03 - 2015-05-13 18:03 - 00000000 ____D () C:\Users\Grzesio\AppData\Local\Apps\2.0
2015-05-10 22:06 - 2015-05-10 22:06 - 00546464 _____ () C:\Users\Grzesio\Downloads\Autoruns.zip
2015-05-10 15:59 - 2015-05-09 20:14 - 530907216 ____N () C:\Users\Grzesio\Desktop\WP_20150509_003.mp4
2015-05-08 12:09 - 2015-05-08 12:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
2015-05-08 09:33 - 2015-05-08 09:33 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-05-08 09:33 - 2015-05-08 09:33 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-05-07 23:00 - 2015-05-07 23:00 - 00004096 _____ () C:\Windows\d3dx.dat
2015-05-07 23:00 - 2015-05-07 23:00 - 00000000 ____D () C:\Users\Grzesio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-07 22:58 - 1998-10-07 12:54 - 00327168 _____ (InstallShield Software Corporation) C:\Windows\IsUn0415.exe
2015-05-07 18:56 - 2015-05-19 22:03 - 00000000 ____D () C:\Users\Grzesio\AppData\Roaming\AIMP3
2015-05-07 18:56 - 2015-05-07 18:56 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2015-05-07 18:22 - 2015-05-07 18:22 - 00081303 _____ () C:\Users\Grzesio\Documents\Bez_nazwy.wma
2015-05-05 23:09 - 2015-05-05 23:09 - 00000000 ____D () C:\Windows\Options
2015-05-05 23:09 - 2015-05-05 23:09 - 00000000 ____D () C:\Program Files (x86)\Atheros
2015-05-05 23:09 - 2011-06-18 10:38 - 03223040 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athurx.sys
2015-05-05 23:09 - 2011-06-18 10:38 - 03223040 _____ (Atheros Communications, Inc.) C:\Windows\system32\athurx.sys
2015-05-05 23:09 - 2011-06-18 00:27 - 00008424 _____ () C:\Windows\system32\athurextx.cat
2015-05-05 23:08 - 2015-05-05 23:09 - 00000000 ____D () C:\ProgramData\Atheros
2015-05-03 15:56 - 2015-05-02 18:49 - 306406930 ____N () C:\Users\Grzesio\Desktop\WP_20150502_006.mp4
2015-04-28 19:38 - 2015-04-28 19:38 - 00806816 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\Grzesio\Desktop\rufus-2.1.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 05:50 - 2011-04-12 15:21 - 00739694 _____ () C:\Windows\system32\perfh015.dat
2015-05-25 05:50 - 2011-04-12 15:21 - 00155268 _____ () C:\Windows\system32\perfc015.dat
2015-05-25 05:50 - 2009-07-14 07:13 - 01668226 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 05:48 - 2015-02-05 20:09 - 01300173 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 05:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-22 16:24 - 2015-01-23 23:48 - 00000000 ____D () C:\Users\Grzesio\AppData\Roaming\BitTorrent
2015-05-22 16:15 - 2015-01-22 20:13 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-22 06:07 - 2015-01-22 23:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-21 20:01 - 2015-01-22 21:22 - 00000000 ____D () C:\Users\Grzesio\AppData\Roaming\TS3Client
2015-05-21 16:23 - 2015-01-22 19:23 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-21 16:23 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-20 20:31 - 2015-01-22 19:18 - 00000000 ____D () C:\Users\Grzesio\AppData\Roaming\vlc
2015-05-20 20:30 - 2015-01-22 19:36 - 00000000 ____D () C:\Users\Grzesio\AppData\Roaming\Skype
2015-05-20 20:30 - 2015-01-22 19:35 - 00000000 ____D () C:\ProgramData\Skype
2015-05-18 19:43 - 2015-02-25 18:00 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-17 23:57 - 2009-07-14 06:45 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 23:57 - 2009-07-14 06:45 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-17 13:59 - 2015-01-22 19:03 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-17 13:59 - 2015-01-22 18:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-15 05:36 - 2015-02-24 19:52 - 00000408 __RSH () C:\ProgramData\ntuser.pol
2015-05-14 12:16 - 2015-01-22 18:47 - 00000000 ____D () C:\Users\Grzesio
2015-05-13 20:08 - 2015-02-25 18:00 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-05-13 20:08 - 2015-02-25 18:00 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-13 18:07 - 2015-02-27 00:20 - 00000000 ____D () C:\Users\Grzesio\AppData\Roaming\KeePass
2015-05-13 18:04 - 2015-03-26 18:42 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-13 17:43 - 2015-01-22 19:30 - 00000000 ____D () C:\Users\Grzesio\AppData\Roaming\DAEMON Tools Lite
2015-05-10 22:06 - 2015-01-22 19:19 - 00000000 ____D () C:\ProgramData\Unchecky
2015-05-08 09:33 - 2015-01-22 19:17 - 00000000 ____D () C:\Users\Grzesio\AppData\Roaming\Foxit Software
2015-05-05 16:06 - 2015-01-22 19:19 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2015-05-04 21:19 - 2015-03-15 13:48 - 00000000 ____D () C:\Windows\Minidump

==================== Files in the root of some directories =======

2015-02-08 13:50 - 2015-02-08 15:10 - 1065984 _____ () C:\Users\Grzesio\AppData\Local\file__0.localstorage

Some files in TEMP:
====================
C:\Users\Grzesio\AppData\Local\Temp\Quarantine.exe
C:\Users\Grzesio\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Grzesio\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 19:18

==================== End of log ============================