Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 15-01-2017 Uruchomiony przez Marian (administrator) MARIAN-KOMPUTER (17-01-2017 10:01:47) Uruchomiony z C:\Users\Marian\Desktop\ZZZ Załadowane profile: Marian (Dostępne profile: Marian) Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.0\EMET_Service.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.0\EMET_Agent.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-05] (Conexant Systems, Inc.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1023104 2012-10-15] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-10-15] (Atheros Commnucations) HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508144 2012-08-31] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-27] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 Tcpip\..\Interfaces\{688A44A8-4E7D-4AA3-A569-2D82A9D7C830}: [DhcpNameServer] 62.179.1.62 62.179.1.63 Tcpip\..\Interfaces\{C6939167-DAD6-429A-95B5-3624E85FAE7F}: [DhcpNameServer] 62.179.1.62 62.179.1.63 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKU\S-1-5-21-2972724368-3198871822-230166581-1000 -> DefaultScope {A2BFB1E0-5C35-4208-A4D8-37492F13A8C7} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2972724368-3198871822-230166581-1000 -> {6BBBE2D6-46AB-41C9-BA75-13F8C870B0A5} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2972724368-3198871822-230166581-1000 -> {A2BFB1E0-5C35-4208-A4D8-37492F13A8C7} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-03] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-03] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-10-15] (Atheros Commnucations) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) Toolbar: HKU\S-1-5-21-2972724368-3198871822-230166581-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) FireFox: ======== FF ProfilePath: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\tp3t66kz.default [2017-01-17] FF Homepage: Mozilla\Firefox\Profiles\tp3t66kz.default -> www.google.pl FF Extension: (filelogging_seleniumideSamitBadle) - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\tp3t66kz.default\Extensions\file-logging_selenium-ide@Samit.Badle [2014-10-08] [Brak podpisu cyfrowego] FF Extension: (uBlock Origin) - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\tp3t66kz.default\Extensions\uBlock0@raymondhill.net.xpi [2015-11-06] FF Extension: (Brak nazwy) - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\tp3t66kz.default\Extensions\veggy@veggyAddon.com [2017-01-17] [Brak podpisu cyfrowego] FF Extension: (Web Helper Lite) - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\tp3t66kz.default\Extensions\{53ecb410-cb6c-474d-8ce2-8f9e2c15a4a7} [2015-11-06] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] () FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2014-10-03] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-03] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default [2017-01-17] CHR Extension: (Dokumenty Google) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Dysk Google) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (Google Search) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01] CHR Extension: (Dokumenty Google offline) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-17] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-17] CHR Extension: (Gmail) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06] CHR Extension: (Chrome Media Router) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-09] Opera: ======= OPR Extension: (uBlock Origin) - C:\Users\Marian\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-12-16] OPR Extension: (videosMediaPlayers ++) - C:\Users\Marian\AppData\Roaming\Opera Software\Opera Stable\Extensions\kjpifmjicccpbkfjdkehimhgklfkbanh [2015-11-06] OPR Extension: (Pogoda) - C:\Users\Marian\AppData\Roaming\Opera Software\Opera Stable\Extensions\lnejmennopimdkhecilfhkmmjolebocd [2016-09-28] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [219776 2012-10-15] (Atheros Commnucations) [Brak podpisu cyfrowego] R2 EMET_Service; C:\Program Files (x86)\EMET 5.0\EMET_Service.exe [31880 2014-07-30] (Microsoft Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation) S2 LanmanServer; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 LanmanServer; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-10-15] (Atheros) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-11-19] (Qualcomm Atheros Co., Ltd.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) U5 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] (Microsoft Corporation) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-17 09:58 - 2017-01-17 10:01 - 00000000 ____D C:\FRST 2017-01-17 09:57 - 2017-01-17 10:01 - 00000000 ____D C:\Users\Marian\Desktop\ZZZ 2017-01-17 09:16 - 2017-01-17 09:16 - 00253443 _____ C:\Users\Marian\Desktop\uslugi.reg 2017-01-17 07:25 - 2017-01-17 07:25 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2017-01-16 09:31 - 2017-01-16 09:31 - 00000358 _____ C:\DelFix.txt 2017-01-16 09:29 - 2017-01-16 09:29 - 00000000 ____H C:\ProgramData\DP45977C.lfl 2016-12-30 19:57 - 2016-12-30 19:57 - 00000000 ___DL C:\Users\Marian\AppData\LocalLow\PlayReady 2016-12-18 15:42 - 2016-12-18 18:55 - 00070144 _____ C:\Users\Marian\Desktop\PROTOK NR2_ 13_06.12.2016.doc ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-17 09:29 - 2009-07-14 05:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-17 09:29 - 2009-07-14 05:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-17 09:04 - 2011-04-12 14:21 - 00741710 _____ C:\Windows\system32\perfh015.dat 2017-01-17 09:04 - 2011-04-12 14:21 - 00156750 _____ C:\Windows\system32\perfc015.dat 2017-01-17 09:04 - 2009-07-14 06:13 - 01673940 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-17 09:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2017-01-17 08:52 - 2014-10-03 09:25 - 00000000 ____D C:\Users\Marian 2017-01-17 07:55 - 2014-10-03 18:47 - 00000000 ____D C:\Bridge Base Online 2017-01-17 07:55 - 2014-10-03 11:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-17 07:55 - 2014-10-03 11:00 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-17 07:55 - 2014-10-03 10:19 - 00000000 ____D C:\ProgramData\Atheros 2017-01-17 07:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2017-01-17 07:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2017-01-17 07:54 - 2014-10-03 11:00 - 00000000 ____D C:\Users\Marian\AppData\Local\Mozilla 2017-01-16 16:14 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2017-01-11 18:05 - 2014-10-07 15:23 - 00000000 ____D C:\Windows\system32\MRT 2017-01-01 18:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-30 23:07 - 2014-10-03 11:01 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-30 19:57 - 2014-10-03 09:25 - 00000000 ____D C:\Users\Marian\AppData\LocalLow 2016-12-25 09:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Microsoft.NET 2016-12-22 18:36 - 2014-10-03 18:45 - 00000000 ____D C:\Program Files (x86)\Opera 2016-12-22 18:35 - 2014-10-03 18:45 - 00003902 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1412358343 2016-12-18 15:26 - 2016-12-13 17:44 - 00058880 _____ C:\Users\Marian\Desktop\PROTOK NR 13_06.12.2016.doc ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-01-16 09:29 - 2017-01-16 09:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Niektóre pliki w TEMP: ==================== C:\Users\Marian\AppData\Local\Temp\DefaultPack.EXE C:\Users\Marian\AppData\Local\Temp\sqlite3.dll C:\Users\Marian\AppData\Local\Temp\ZoomIt64.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-01-04 20:04 ==================== Koniec FRST.txt ============================