Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 21-12-2016 Uruchomiony przez Radziu (administrator) RADZIUPC (30-12-2016 17:34:15) Uruchomiony z C:\Users\Radziu\Desktop\Pobrania Załadowane profile: Radziu (Dostępne profile: Radziu) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Spotify Ltd) C:\Users\Radziu\AppData\Roaming\Spotify\SpotifyWebHelper.exe (EIZO Corporation) C:\Program Files (x86)\EIZO\G-Ignition\Gignition.exe () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe () C:\Program Files (x86)\EIZO\G-Ignition\QtWebProcess.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573720 2014-05-06] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2016-03-20] (Intel Corporation) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-12-14] (Malwarebytes Corporation) HKU\S-1-5-21-1451781482-2208398875-1600285123-1000\...\Run: [Spotify Web Helper] => C:\Users\Radziu\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-11-10] (Spotify Ltd) HKU\S-1-5-21-1451781482-2208398875-1600285123-1000\...\MountPoints2: {5da4b930-c4f7-11e4-9ae9-7824af36ff6e} - F:\LGAutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\G-Ignition Ver3.0.0.lnk [2015-12-18] ShortcutTarget: G-Ignition Ver3.0.0.lnk -> C:\Program Files (x86)\EIZO\G-Ignition\Gignition.exe (EIZO Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-01-07] ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe () ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\..\Interfaces\{65098963-62C1-4E9C-B4EF-2F22909601CF}: [NameServer] 8.8.8.8,8.8.8.4 Internet Explorer: ================== HKU\S-1-5-21-1451781482-2208398875-1600285123-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1451781482-2208398875-1600285123-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FireFox: ======== FF DefaultProfile: f374nbkl.default-1418558639056 FF ProfilePath: C:\Users\Radziu\AppData\Roaming\Mozilla\Firefox\Profiles\f374nbkl.default-1418558639056 [2016-12-30] FF Homepage: Mozilla\Firefox\Profiles\f374nbkl.default-1418558639056 -> hxxp://niezalezna.pl/ FF Extension: (Firefox Hotfix) - C:\Users\Radziu\AppData\Roaming\Mozilla\Firefox\Profiles\f374nbkl.default-1418558639056\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-02] FF Extension: (NoScript) - C:\Users\Radziu\AppData\Roaming\Mozilla\Firefox\Profiles\f374nbkl.default-1418558639056\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-11-30] FF Extension: (WOT) - C:\Users\Radziu\AppData\Roaming\Mozilla\Firefox\Profiles\f374nbkl.default-1418558639056\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-10] FF Extension: (Adblock Plus) - C:\Users\Radziu\AppData\Roaming\Mozilla\Firefox\Profiles\f374nbkl.default-1418558639056\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] FF SearchPlugin: C:\Users\Radziu\AppData\Roaming\Mozilla\Firefox\Profiles\f374nbkl.default-1418558639056\searchplugins\youtube.xml [2014-12-18] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation) ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2016-12-14] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-13] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] () R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-12-14] () R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [38912 2014-10-30] (SteelSeries ApS) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-12-30 17:33 - 2016-12-30 17:34 - 00000000 ____D C:\FRST 2016-12-24 03:10 - 2016-12-24 03:10 - 02430975 _____ C:\Users\Radziu\Desktop\Documents\all.fpl 2016-12-17 17:02 - 2016-12-17 17:02 - 00000992 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk 2016-12-17 17:02 - 2016-12-17 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm 2016-12-17 16:26 - 2016-12-28 11:06 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm 2016-12-17 16:26 - 2016-12-17 17:20 - 00000000 ____D C:\Users\Radziu\Desktop\Documents\Heroes of the Storm 2016-12-17 16:23 - 2016-12-28 11:26 - 00000000 ____D C:\Users\Radziu\AppData\Local\Battle.net 2016-12-17 16:23 - 2016-12-17 17:17 - 00000000 ____D C:\ProgramData\Blizzard Entertainment 2016-12-17 16:23 - 2016-12-17 16:23 - 00000928 _____ C:\Users\Public\Desktop\Battle.net.lnk 2016-12-17 16:23 - 2016-12-17 16:23 - 00000000 ____D C:\Users\Radziu\AppData\Local\Blizzard Entertainment 2016-12-17 16:23 - 2016-12-17 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2016-12-17 16:22 - 2016-12-28 11:06 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-12-17 16:21 - 2016-12-17 16:25 - 00000000 ____D C:\Users\Radziu\AppData\Roaming\Battle.net 2016-12-17 16:21 - 2016-12-17 16:21 - 00000000 ____D C:\ProgramData\Battle.net 2016-12-13 01:54 - 2016-12-13 01:54 - 00000000 ____D C:\Users\Radziu\AppData\Local\Chromium ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-12-30 17:34 - 2016-11-16 02:43 - 00000000 ____D C:\Users\Radziu\AppData\LocalLow\Mozilla 2016-12-30 17:34 - 2015-01-10 08:52 - 00000000 ____D C:\Users\Radziu\Desktop\Pobrania 2016-12-30 17:31 - 2009-07-14 05:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-30 17:31 - 2009-07-14 05:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-30 17:28 - 2011-04-12 14:21 - 00737730 _____ C:\Windows\system32\perfh015.dat 2016-12-30 17:28 - 2011-04-12 14:21 - 00154418 _____ C:\Windows\system32\perfc015.dat 2016-12-30 17:28 - 2009-07-14 06:13 - 01662556 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-30 17:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-12-30 17:24 - 2014-11-23 23:15 - 00000000 ____D C:\ProgramData\NVIDIA 2016-12-30 17:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-28 14:46 - 2014-11-30 01:16 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-27 20:19 - 2014-11-24 22:42 - 00000000 ____D C:\Program Files\Steam 2016-12-25 12:21 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-12-24 03:12 - 2016-08-22 23:39 - 00000000 ____D C:\Users\Radziu\AppData\Roaming\foobar2000 2016-12-23 13:44 - 2016-07-16 09:39 - 00000000 ____D C:\Users\Radziu\AppData\Roaming\Skype 2016-12-17 02:42 - 2014-12-29 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-12-17 02:42 - 2014-12-29 20:22 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-12-17 02:42 - 2014-12-29 20:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2016-12-17 01:11 - 2016-11-16 02:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-17 01:11 - 2014-11-23 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-12-13 15:46 - 2014-11-30 01:16 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-12-13 15:46 - 2014-11-24 00:53 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-12-13 15:46 - 2014-11-24 00:53 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-12-13 15:46 - 2014-11-24 00:53 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-12-13 15:46 - 2014-11-24 00:53 - 00000000 ____D C:\Windows\system32\Macromed 2016-12-13 01:54 - 2015-02-19 21:52 - 00000000 ____D C:\Users\Radziu\AppData\Local\Steam 2016-12-02 13:05 - 2016-11-20 13:46 - 00000000 ____D C:\Users\Radziu\Desktop\dixit ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-08-04 14:46 - 2016-08-13 11:25 - 0161821 _____ () C:\Program Files\changelog.txt 2013-11-13 13:36 - 2016-08-13 11:25 - 0375336 _____ () C:\Program Files\createfileassoc.exe 2014-08-04 14:46 - 2016-08-13 11:25 - 0433944 _____ (TeamSpeak Systems GmbH) C:\Program Files\error_report.exe 2014-06-05 14:35 - 2016-04-12 20:27 - 1262592 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Program Files\libeay32.dll 2015-08-19 20:37 - 2015-08-19 20:37 - 0455328 _____ (Microsoft Corporation) C:\Program Files\msvcp120.dll 2015-08-19 20:37 - 2015-08-19 20:37 - 0970912 _____ (Microsoft Corporation) C:\Program Files\msvcr120.dll 2014-08-04 14:46 - 2016-08-13 11:25 - 0459032 _____ (TeamSpeak Systems GmbH) C:\Program Files\package_inst.exe 2014-08-04 09:21 - 2015-08-19 20:37 - 0000313 _____ () C:\Program Files\plugin_sdk.html 2014-02-27 14:42 - 2016-04-12 20:27 - 4734464 _____ (The Qt Company Ltd) C:\Program Files\Qt5Core.dll 2014-02-27 14:43 - 2016-05-05 19:34 - 3169792 _____ (The Qt Company Ltd) C:\Program Files\Qt5Gui.dll 2014-02-27 14:42 - 2016-05-05 19:34 - 0848896 _____ (The Qt Company Ltd) C:\Program Files\Qt5Network.dll 2014-02-27 14:42 - 2016-04-12 20:27 - 0164864 _____ (The Qt Company Ltd) C:\Program Files\Qt5Sql.dll 2014-02-27 14:45 - 2016-04-12 20:27 - 4406784 _____ (The Qt Company Ltd) C:\Program Files\Qt5Widgets.dll 2014-02-28 14:33 - 2016-08-13 11:25 - 0149272 _____ () C:\Program Files\quazip.dll 2014-06-05 14:35 - 2016-04-12 20:27 - 0272896 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Program Files\ssleay32.dll 2014-08-04 14:45 - 2016-08-13 11:25 - 9894680 _____ (TeamSpeak Systems GmbH) C:\Program Files\ts3client_win32.exe 2015-03-17 22:07 - 2015-03-17 22:07 - 0126303 _____ (TeamSpeak Systems GmbH) C:\Program Files\Uninstall.exe 2014-08-04 14:45 - 2016-08-13 11:25 - 1313560 _____ (TeamSpeak Systems GmbH) C:\Program Files\update.exe 2014-06-20 08:44 - 2016-04-12 20:27 - 0579975 _____ () C:\Program Files\usb.ids Niektóre pliki w TEMP: ==================== C:\Users\Radziu\AppData\Local\Temp\Quarantine.exe C:\Users\Radziu\AppData\Local\Temp\sqlite3.dll C:\Users\Radziu\AppData\Local\Temp\vcredist9_x86.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-11-06 11:05 ==================== Koniec FRST.txt ============================