Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 15-03-2017 Uruchomiony przez Radziu (administrator) RADZIUPC (18-03-2017 11:24:06) Uruchomiony z C:\Users\Radziu\Desktop\Nowy folder Załadowane profile: Radziu (Dostępne profile: Radziu) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Spotify Ltd) C:\Users\Radziu\AppData\Roaming\Spotify\SpotifyWebHelper.exe (EIZO Corporation) C:\Program Files (x86)\EIZO\G-Ignition\Gignition.exe () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe () C:\Program Files (x86)\EIZO\G-Ignition\QtWebProcess.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573720 2014-05-06] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2016-03-20] (Intel Corporation) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2017-02-08] (Malwarebytes Corporation) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKU\S-1-5-21-1451781482-2208398875-1600285123-1000\...\Run: [Spotify Web Helper] => C:\Users\Radziu\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-17] (Spotify Ltd) HKU\S-1-5-21-1451781482-2208398875-1600285123-1000\...\MountPoints2: {5da4b930-c4f7-11e4-9ae9-7824af36ff6e} - F:\LGAutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\G-Ignition Ver3.0.0.lnk [2015-12-18] ShortcutTarget: G-Ignition Ver3.0.0.lnk -> C:\Program Files (x86)\EIZO\G-Ignition\Gignition.exe (EIZO Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-01-07] ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe () ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\..\Interfaces\{65098963-62C1-4E9C-B4EF-2F22909601CF}: [NameServer] 8.8.8.8,8.8.8.4 Internet Explorer: ================== HKU\S-1-5-21-1451781482-2208398875-1600285123-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1451781482-2208398875-1600285123-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: f374nbkl.default-1418558639056 FF ProfilePath: C:\Users\Radziu\AppData\Roaming\Mozilla\Firefox\Profiles\f374nbkl.default-1418558639056 [2017-03-18] FF Homepage: Mozilla\Firefox\Profiles\f374nbkl.default-1418558639056 -> hxxp://niezalezna.pl/ FF Extension: (NoScript) - C:\Users\Radziu\AppData\Roaming\Mozilla\Firefox\Profiles\f374nbkl.default-1418558639056\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-17] FF Extension: (WOT) - C:\Users\Radziu\AppData\Roaming\Mozilla\Firefox\Profiles\f374nbkl.default-1418558639056\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-10] FF Extension: (Adblock Plus) - C:\Users\Radziu\AppData\Roaming\Mozilla\Firefox\Profiles\f374nbkl.default-1418558639056\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] FF SearchPlugin: C:\Users\Radziu\AppData\Roaming\Mozilla\Firefox\Profiles\f374nbkl.default-1418558639056\searchplugins\youtube.xml [2014-12-18] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2017-02-08] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-13] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] () R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2017-02-08] () R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [38912 2014-10-30] (SteelSeries ApS) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-03-18 11:22 - 2017-03-18 11:24 - 00000000 ____D C:\Users\Radziu\Desktop\Nowy folder 2017-03-18 11:21 - 2017-03-18 11:21 - 00000218 _____ C:\Users\Radziu\Desktop\Nowy dokument tekstowy.txt 2017-03-07 13:35 - 2017-03-07 13:35 - 00226846 _____ C:\Users\Radziu\Desktop\CV-MAGDALENA-MORON.pdf 2017-02-28 16:59 - 2017-02-28 16:59 - 00187329 _____ C:\Users\Radziu\Desktop\CV_R.Wroblewski.pdf 2017-02-24 14:22 - 2017-02-24 14:22 - 00000000 ____D C:\Users\Radziu\Desktop\Documents\Niestandardowe szablony pakietu Office 2017-02-24 13:24 - 2017-02-24 13:24 - 00000000 ____D C:\Windows\PCHEALTH 2017-02-24 13:24 - 2017-02-24 13:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-02-24 13:24 - 2017-02-24 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2017-02-24 13:24 - 2017-02-24 13:24 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2017-02-24 13:24 - 2017-02-24 13:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2017-02-24 13:23 - 2017-02-24 13:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-02-24 13:23 - 2017-02-24 13:23 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2017-02-24 13:23 - 2017-02-24 13:23 - 00000000 ____D C:\Users\Radziu\AppData\Local\Microsoft Help 2017-02-24 13:23 - 2017-02-24 13:23 - 00000000 ____D C:\Program Files\Microsoft Office 2017-02-24 13:22 - 2017-02-24 13:22 - 00000000 __RHD C:\MSOCache 2017-02-24 13:17 - 2017-02-24 13:17 - 00002562 _____ C:\Windows\diagwrn.xml 2017-02-24 13:17 - 2017-02-24 13:17 - 00001908 _____ C:\Windows\diagerr.xml 2017-02-24 13:04 - 2017-02-24 13:04 - 00002990 _____ C:\Windows\System32\Tasks\elbyExecuteWithUAC 2017-02-24 13:04 - 2017-02-24 13:04 - 00001254 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk 2017-02-24 13:03 - 2017-02-24 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2017-02-24 13:03 - 2017-02-24 13:03 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2017-02-19 19:32 - 2017-03-03 13:07 - 00000000 ____D C:\Users\Radziu\AppData\Local\PokerStars.EU 2017-02-19 19:32 - 2017-03-03 13:06 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU 2017-02-19 19:32 - 2017-02-19 19:32 - 00001980 _____ C:\Users\Radziu\Desktop\PokerStars.eu.lnk 2017-02-19 19:32 - 2017-02-19 19:32 - 00000000 ____D C:\Users\Radziu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.EU 2017-02-19 19:32 - 2017-02-19 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-03-18 11:24 - 2016-12-30 17:33 - 00000000 ____D C:\FRST 2017-03-18 11:24 - 2016-11-16 02:43 - 00000000 ____D C:\Users\Radziu\AppData\LocalLow\Mozilla 2017-03-18 11:16 - 2015-01-10 08:52 - 00000000 ____D C:\Users\Radziu\Desktop\Pobrania 2017-03-18 10:42 - 2016-11-16 02:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-03-18 09:49 - 2009-07-14 05:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-18 09:49 - 2009-07-14 05:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-18 09:45 - 2011-04-12 14:21 - 00737730 _____ C:\Windows\system32\perfh015.dat 2017-03-18 09:45 - 2011-04-12 14:21 - 00154418 _____ C:\Windows\system32\perfc015.dat 2017-03-18 09:45 - 2009-07-14 06:13 - 01662556 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-18 09:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2017-03-18 09:41 - 2014-11-23 23:15 - 00000000 ____D C:\ProgramData\NVIDIA 2017-03-18 09:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-17 23:03 - 2016-12-17 16:23 - 00000000 ____D C:\Users\Radziu\AppData\Local\Battle.net 2017-03-17 20:52 - 2016-12-17 16:22 - 00000000 ____D C:\Program Files (x86)\Battle.net 2017-03-17 19:01 - 2016-12-17 16:26 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm 2017-03-17 18:34 - 2015-05-29 20:14 - 00000000 ____D C:\Users\Radziu\AppData\Roaming\Spotify 2017-03-17 17:40 - 2015-05-29 20:15 - 00000000 ____D C:\Users\Radziu\AppData\Local\Spotify 2017-03-17 07:14 - 2016-08-22 23:39 - 00000000 ____D C:\Users\Radziu\AppData\Roaming\foobar2000 2017-03-17 00:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2017-03-16 20:11 - 2017-01-28 15:44 - 00004608 _____ C:\Users\Radziu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-03-15 17:46 - 2014-11-30 01:16 - 00004412 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-03-15 17:46 - 2014-11-24 00:53 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-03-15 17:46 - 2014-11-24 00:53 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-03-15 17:46 - 2014-11-24 00:53 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-03-15 17:46 - 2014-11-24 00:53 - 00000000 ____D C:\Windows\system32\Macromed 2017-03-12 14:52 - 2014-12-29 20:22 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2017-03-08 02:33 - 2014-11-23 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-24 23:33 - 2015-01-07 12:15 - 00000000 ____D C:\Users\Radziu\AppData\Local\SteelSeries Engine 3 Client 2017-02-24 13:39 - 2009-07-14 05:45 - 00433152 _____ C:\Windows\system32\FNTCACHE.DAT 2017-02-24 13:26 - 2014-11-23 22:34 - 00111536 _____ C:\Users\Radziu\AppData\Local\GDIPFONTCACHEV1.DAT 2017-02-24 13:24 - 2011-04-12 14:32 - 00000000 ____D C:\Windows\ShellNew 2017-02-24 13:24 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini 2017-02-24 13:23 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2017-02-20 16:00 - 2014-11-24 22:42 - 00000000 ____D C:\Program Files\Steam 2017-02-16 14:00 - 2016-07-16 09:39 - 00000000 ____D C:\Users\Radziu\AppData\Roaming\Skype 2017-02-16 13:17 - 2014-12-29 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2017-02-16 13:17 - 2014-12-29 20:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-08-04 14:46 - 2016-08-13 11:25 - 0161821 _____ () C:\Program Files\changelog.txt 2013-11-13 13:36 - 2016-08-13 11:25 - 0375336 _____ () C:\Program Files\createfileassoc.exe 2014-08-04 14:46 - 2016-08-13 11:25 - 0433944 _____ (TeamSpeak Systems GmbH) C:\Program Files\error_report.exe 2014-06-05 14:35 - 2016-04-12 20:27 - 1262592 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Program Files\libeay32.dll 2015-08-19 20:37 - 2015-08-19 20:37 - 0455328 _____ (Microsoft Corporation) C:\Program Files\msvcp120.dll 2015-08-19 20:37 - 2015-08-19 20:37 - 0970912 _____ (Microsoft Corporation) C:\Program Files\msvcr120.dll 2014-08-04 14:46 - 2016-08-13 11:25 - 0459032 _____ (TeamSpeak Systems GmbH) C:\Program Files\package_inst.exe 2014-08-04 09:21 - 2015-08-19 20:37 - 0000313 _____ () C:\Program Files\plugin_sdk.html 2014-02-27 14:42 - 2016-04-12 20:27 - 4734464 _____ (The Qt Company Ltd) C:\Program Files\Qt5Core.dll 2014-02-27 14:43 - 2016-05-05 19:34 - 3169792 _____ (The Qt Company Ltd) C:\Program Files\Qt5Gui.dll 2014-02-27 14:42 - 2016-05-05 19:34 - 0848896 _____ (The Qt Company Ltd) C:\Program Files\Qt5Network.dll 2014-02-27 14:42 - 2016-04-12 20:27 - 0164864 _____ (The Qt Company Ltd) C:\Program Files\Qt5Sql.dll 2014-02-27 14:45 - 2016-04-12 20:27 - 4406784 _____ (The Qt Company Ltd) C:\Program Files\Qt5Widgets.dll 2014-02-28 14:33 - 2016-08-13 11:25 - 0149272 _____ () C:\Program Files\quazip.dll 2014-06-05 14:35 - 2016-04-12 20:27 - 0272896 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Program Files\ssleay32.dll 2014-08-04 14:45 - 2016-08-13 11:25 - 9894680 _____ (TeamSpeak Systems GmbH) C:\Program Files\ts3client_win32.exe 2015-03-17 22:07 - 2015-03-17 22:07 - 0126303 _____ (TeamSpeak Systems GmbH) C:\Program Files\Uninstall.exe 2014-08-04 14:45 - 2016-08-13 11:25 - 1313560 _____ (TeamSpeak Systems GmbH) C:\Program Files\update.exe 2014-06-20 08:44 - 2016-04-12 20:27 - 0579975 _____ () C:\Program Files\usb.ids 2017-01-28 15:44 - 2017-03-16 20:11 - 0004608 _____ () C:\Users\Radziu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Niektóre pliki w TEMP: ==================== 2012-11-03 04:02 - 2012-11-03 04:02 - 0150616 ____R (Microsoft Corporation) C:\Users\Radziu\AppData\Local\Temp\ose00000.exe 2014-11-08 09:33 - 2014-12-08 23:35 - 0601088 _____ () C:\Users\Radziu\AppData\Local\Temp\Quarantine.exe 2014-11-08 09:47 - 2014-10-17 12:39 - 0665682 _____ (SQLite Development Team) C:\Users\Radziu\AppData\Local\Temp\sqlite3.dll 2014-09-12 00:44 - 2014-09-12 00:44 - 4216840 _____ (Microsoft Corporation) C:\Users\Radziu\AppData\Local\Temp\vcredist9_x86.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-11-06 11:05 ==================== Koniec FRST.txt ============================