Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 25-01-2017
Uruchomiony przez ZJ (administrator)  BIURO-ZJ (25-01-2017 19:14:35)
Uruchomiony z C:\Users\ZJ\Downloads
Załadowane profile: ZJ (Dostępne profile: ZJ & ZJ Nowe)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Comarch S.A.) C:\Program Files\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe
(Comarch S.A.) C:\Program Files\Comarch\Comarch ERP Menadżer Kluczy\ComarchML.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(iComarch24 S.A.) C:\Program Files\iBard24\iBard24Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.OPTIMA\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\22.8.1.14\n360.exe
(iComarch24 S.A.) C:\Program Files\iBard24\3.3.1.25040\iBard24.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\22.8.1.14\n360.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CryptoTech Sp. z o.o.) C:\Program Files\CryptoTech\CryptoCard\CCMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Comarch) C:\Program Files\Comarch\Comarch ERP Menadżer Kluczy\ComarchMLTray.exe
(iComarch24 S.A.) C:\Program Files\iBard24\IBardClient.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(COMARCH S.A.) C:\Program Files\Serwer wydruków graficznych dla Comarch Klasyka\RpWinKla.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8452640 2010-01-19] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [CryptoCard Suite Cert Monitor] => C:\Program Files\CryptoTech\CryptoCard\CCMonitor.exe [947440 2015-07-27] (CryptoTech Sp. z o.o.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-4257520033-690917670-2516962991-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-4257520033-690917670-2516962991-1000\...\Run: [COLS] => C:\Program Files\Comarch\Comarch ERP Menadżer Kluczy\ComarchMLTray.exe [313032 2015-09-28] (Comarch)
HKU\S-1-5-21-4257520033-690917670-2516962991-1000\...\Run: [iBard24] => C:\Program Files\iBard24\IBardClient.exe [333824 2016-10-26] (iComarch24 S.A.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [IB24SynchronizationPending] -> {08ad9864-e486-4cdb-8781-d507026cf5d6} => C:\Program Files\iBard24\\3.3.0.24948\IB24VirtualDrive.dll -> Brak pliku
ShellIconOverlayIdentifiers: [IB24Synchronized] -> {08ad9864-e486-4cdb-8781-d507026cf5d7} => C:\Program Files\iBard24\\3.3.0.24948\IB24VirtualDrive.dll -> Brak pliku
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-08-19]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Serwer wydruków graficznych dla Comarch Klasyka.lnk [2011-02-16]
ShortcutTarget: Serwer wydruków graficznych dla Comarch Klasyka.lnk -> C:\Program Files\Serwer wydruków graficznych dla Comarch Klasyka\RpWinKla.exe (COMARCH S.A.)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AAC9F8AA-AAC6-41F6-987F-2F0C0C03FB58}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4257520033-690917670-2516962991-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.komputronik.pl/office
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
BHO: Brak nazwy -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> Brak pliku
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-21] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-4257520033-690917670-2516962991-1000 -> Brak nazwy - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  Brak pliku
Toolbar: HKU\S-1-5-21-4257520033-690917670-2516962991-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-4257520033-690917670-2516962991-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ZJ\AppData\Roaming\Mozilla\Firefox\Profiles\q8g8sjyw.default-1447342678826 [2017-01-25]
FF Homepage: Mozilla\Firefox\Profiles\q8g8sjyw.default-1447342678826 -> hxxp://www.wp.pl/
FF Extension: (ADB Helper) - C:\Users\ZJ\AppData\Roaming\Mozilla\Firefox\Profiles\q8g8sjyw.default-1447342678826\Extensions\adbhelper@mozilla.org [2017-01-20]
FF Extension: (Valence) - C:\Users\ZJ\AppData\Roaming\Mozilla\Firefox\Profiles\q8g8sjyw.default-1447342678826\Extensions\fxdevtools-adapters@mozilla.org [2017-01-20]
FF Extension: (Skype) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-19] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2017-01-03]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono
FF HKU\S-1-5-21-4257520033-690917670-2516962991-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-19] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-17]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S2 AktualizujPP; C:\Program Files\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe [35152 2016-07-07] (Asseco Poland S.A.)
S3 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ComarchAutomatSynchronizacji; C:\Program Files\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe [178552 2016-12-09] (Comarch S.A.)
R2 ComarchML; C:\Program Files\Comarch\Comarch ERP Menadżer Kluczy\ComarchML.exe [3014856 2015-09-28] (Comarch S.A.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-23] (SafeNet Inc.)
R2 IB24Service; C:\Program Files\iBard24\iBard24Service.exe [45568 2016-10-26] (iComarch24 S.A.) [Brak podpisu cyfrowego]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSSQL$OPTIMA; C:\Program Files\Microsoft SQL Server\MSSQL10_50.OPTIMA\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego]
S3 RBMS_OptimaBI; C:\Program Files\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe [31744 2016-10-28] (Comarch S.A.) [Brak podpisu cyfrowego]
S3 RBSS_OptimaBI; C:\Program Files\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe [112640 2016-10-28] (Comarch S.A.) [Brak podpisu cyfrowego]
S4 SQLAgent$OPTIMA; C:\Program Files\Microsoft SQL Server\MSSQL10_50.OPTIMA\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [438640 2015-09-23] (SafeNet Inc.)
R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [261464 2015-09-23] (SafeNet Inc.)
R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [70616 2015-09-23] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [313624 2015-09-23] (SafeNet Inc.)
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20170123.001\BHDrvx86.sys [1378520 2016-11-07] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1608010.00E\ccSetx86.sys [137456 2016-06-02] (Symantec Corporation)
R3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [131064 2014-04-05] (HID Global Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2015-11-24] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [39992 2015-11-24] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388824 2016-10-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [124632 2016-10-15] (Symantec Corporation)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [618352 2015-09-23] (SafeNet Inc.)
R2 Haspnt; C:\Windows\system32\drivers\Haspnt.sys [47616 2015-11-28] (Aladdin Knowledge Systems) [Brak podpisu cyfrowego]
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20170124.001\IDSvix86.sys [798928 2017-01-13] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [63104 2015-02-17] (Identiv)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1608010.00E\SRTSP.SYS [634096 2016-11-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1608010.00E\SRTSPX.SYS [43248 2016-11-12] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360\1608010.00E\SYMEFASI.SYS [1292504 2016-11-12] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [87792 2016-10-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1608010.00E\Ironx86.SYS [229616 2016-11-12] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1608010.00E\SYMNETS.SYS [423640 2016-11-12] (Symantec Corporation)
S3 NAVENG; \??\C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160712.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160712.001\NAVEX15.SYS [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-25 19:14 - 2017-01-25 19:16 - 00018302 _____ C:\Users\ZJ\Downloads\FRST.txt
2017-01-25 19:12 - 2017-01-25 19:14 - 00000000 ____D C:\FRST
2017-01-25 19:11 - 2017-01-25 19:11 - 01762816 _____ (Farbar) C:\Users\ZJ\Downloads\FRST.exe
2017-01-25 10:30 - 2017-01-25 10:30 - 00000000 ____D C:\Users\ZJ\AppData\Local\{5E762989-1100-45DF-B5B8-C4513076EE43}
2017-01-24 18:18 - 2017-01-24 18:18 - 36930200 _____ (Wydawnictwo Podatkowe GOFIN sp. z o.o.) C:\Users\ZJ Nowe\Downloads\DrukiGofin_3.0.62.0.exe
2017-01-24 18:16 - 2017-01-24 18:21 - 00000000 ____D C:\Users\ZJ Nowe\AppData\Roaming\GofinDruki
2017-01-24 18:16 - 2017-01-24 18:16 - 00000000 ____D C:\Users\ZJ Nowe\Documents\DRUKI Gofin
2017-01-24 12:12 - 2017-01-24 12:12 - 00000000 ____D C:\Users\ZJ\AppData\Local\{546975D0-A002-4D04-9C4A-F42DB669A3A9}
2017-01-24 00:15 - 2017-01-24 00:15 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\ZJ Nowe\Downloads\flashplayer24au_ga_install.exe
2017-01-23 10:56 - 2017-01-23 10:56 - 00000000 ____D C:\Users\ZJ\AppData\Local\{FE862874-F4C8-44AE-BCAB-B8AD53EE2905}
2017-01-22 10:15 - 2017-01-22 10:15 - 00000000 ____D C:\Users\ZJ\AppData\Local\{EB5598AA-C165-4DEE-A1BA-7ECC8DB35D84}
2017-01-21 15:27 - 2017-01-21 15:27 - 00000000 ____D C:\Users\ZJ\AppData\Local\{BCB20AC1-B1EE-4BF4-B62C-7CB2C33A5748}
2017-01-20 16:56 - 2017-01-20 16:56 - 00000000 ____D C:\Users\ZJ\AppData\Local\{B11E0607-A025-4889-A3FF-1A0B26F58A18}
2017-01-19 09:54 - 2017-01-19 09:54 - 00000000 ____D C:\Users\ZJ\AppData\Local\{2FAB3C6D-D928-4A31-8B17-5E9441A063CF}
2017-01-18 21:03 - 2017-01-18 21:03 - 00000000 ____D C:\Users\ZJ\AppData\Local\{6F81BB12-B32F-48F5-AD9A-A0FF3D62731A}
2017-01-18 09:02 - 2017-01-18 09:02 - 00000000 ____D C:\Users\ZJ\AppData\Local\{63E89048-A01C-4A1E-8207-2DE08AEE31E1}
2017-01-17 17:36 - 2017-01-17 17:36 - 03294189 _____ C:\Users\ZJ\Desktop\Zdjęć pare z muzeum.eml
2017-01-17 09:14 - 2017-01-17 09:14 - 00000000 ____D C:\Users\ZJ\AppData\Local\{F4450951-CCE7-4345-9041-E852F65242B1}
2017-01-16 10:12 - 2017-01-16 10:12 - 00000000 ____D C:\Users\ZJ\AppData\Local\{F743EFBD-4F11-48A4-A939-C5ADB6AFDEB9}
2017-01-15 20:31 - 2017-01-15 20:31 - 00000000 ____D C:\Users\ZJ\AppData\Local\{C610349B-9F1D-401E-B2B1-42428B326BBE}
2017-01-13 14:30 - 2017-01-13 14:30 - 00000000 ____D C:\Users\ZJ\AppData\Local\{77D7BB1D-5CF0-4615-900C-D34AD8CC6006}
2017-01-12 15:16 - 2017-01-12 15:17 - 00134635 _____ C:\Users\ZJ\Downloads\kopia zapasowa danych dla programu e-pity2016.epityDB
2017-01-12 13:59 - 2017-01-12 13:59 - 00000000 ____D C:\Users\ZJ\AppData\Local\{5F29C8C4-927C-4781-9778-02C4E3E85216}
2017-01-12 11:43 - 2017-01-23 13:42 - 00000000 ____D C:\Users\ZJ\Documents\efile-backup
2017-01-12 10:42 - 2017-01-12 10:42 - 24265000 _____ (e-file sp. z o.o. sp.k. ) C:\Users\ZJ\Downloads\setup_e-pity2016_adgedek(4).exe
2017-01-12 10:41 - 2017-01-12 10:41 - 24265000 _____ (e-file sp. z o.o. sp.k. ) C:\Users\ZJ\Downloads\setup_e-pity2016_adgedek(3).exe
2017-01-12 10:37 - 2017-01-12 10:37 - 00001089 _____ C:\Users\ZJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-pity 2016 - program, pity roczne, e-deklaracje.lnk
2017-01-12 10:37 - 2017-01-12 10:37 - 00001059 _____ C:\Users\ZJ\Desktop\e-pity 2016 - program, pity roczne, e-deklaracje.lnk
2017-01-12 10:37 - 2017-01-12 10:37 - 00000000 ____D C:\Users\ZJ\Documents\efile
2017-01-12 10:37 - 2017-01-12 10:37 - 00000000 ____D C:\Users\ZJ\AppData\Roaming\com.efile.epity
2017-01-12 10:37 - 2017-01-12 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-pity
2017-01-12 10:36 - 2017-01-12 10:36 - 00000000 ____D C:\Users\ZJ\AppData\Roaming\fillUp
2017-01-12 10:36 - 2017-01-12 10:36 - 00000000 ____D C:\Program Files\e-file
2017-01-12 10:34 - 2017-01-12 10:39 - 24265000 _____ (e-file sp. z o.o. sp.k. ) C:\Users\ZJ\Downloads\setup_e-pity2016_adgedek(2).exe
2017-01-12 10:34 - 2017-01-12 10:34 - 24265000 _____ (e-file sp. z o.o. sp.k. ) C:\Users\ZJ\Downloads\setup_e-pity2016_adgedek(1).exe
2017-01-12 10:33 - 2017-01-12 10:33 - 24265000 _____ (e-file sp. z o.o. sp.k. ) C:\Users\ZJ\Downloads\setup_e-pity2016_adgedek.exe
2017-01-11 13:46 - 2017-01-05 18:46 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 13:46 - 2017-01-05 18:46 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 13:46 - 2017-01-05 18:43 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 13:46 - 2017-01-05 18:43 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 13:46 - 2017-01-05 18:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 13:46 - 2017-01-05 18:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 13:46 - 2017-01-05 18:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 13:46 - 2017-01-05 18:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 13:46 - 2017-01-05 18:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 13:46 - 2017-01-05 18:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 13:46 - 2017-01-05 18:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 13:46 - 2017-01-05 18:43 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 13:46 - 2017-01-05 18:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 13:46 - 2017-01-05 18:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 13:46 - 2017-01-05 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 13:46 - 2017-01-05 18:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 13:46 - 2017-01-05 18:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 13:46 - 2017-01-05 18:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 13:46 - 2017-01-05 18:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 13:46 - 2017-01-05 18:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 13:46 - 2017-01-05 18:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 13:46 - 2017-01-05 18:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 13:46 - 2017-01-05 18:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 13:46 - 2017-01-05 18:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 13:46 - 2017-01-05 18:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-11 09:07 - 2017-01-11 09:07 - 00000000 ____D C:\Users\ZJ\AppData\Local\{46C9E420-CA50-4184-866C-7B4C625162F3}
2017-01-10 13:28 - 2017-01-10 13:28 - 00000000 ____D C:\Users\ZJ\AppData\Local\{C80FB028-DFE2-468C-B9E8-3738E1805A7F}
2017-01-09 11:30 - 2017-01-09 11:30 - 00000000 ____D C:\Users\ZJ\AppData\Local\{BE710207-132C-43DF-A24F-27B6D6B00E44}
2017-01-08 20:42 - 2017-01-08 20:42 - 31668120 _____ (Adobe Systems Incorporated) C:\Users\ZJ Nowe\Downloads\AdbeRdr950_pl_PL.exe
2017-01-08 20:31 - 2017-01-08 20:31 - 10769864 _____ (Adobe Systems Inc.) C:\Users\ZJ Nowe\Downloads\AdobeAIRInstaller.exe
2017-01-08 20:30 - 2017-01-08 20:30 - 02100361 _____ C:\Users\ZJ Nowe\Desktop\e-DeklaracjeDesktop.air
2017-01-07 10:48 - 2017-01-07 10:48 - 00000000 ____D C:\Users\ZJ\AppData\Local\{28EA203B-D284-4863-9FAA-48E84352F5CF}
2017-01-06 11:50 - 2017-01-06 11:51 - 00000000 ____D C:\Users\ZJ\AppData\Local\{9B36789D-1B20-4B0D-9ECF-0A4325035C2C}
2017-01-05 10:07 - 2017-01-05 10:07 - 00000000 ____D C:\Users\ZJ\AppData\Local\{3B3FDAAC-6279-4B7C-8027-048064D7FDD1}
2017-01-04 12:14 - 2017-01-04 12:14 - 00000000 ____D C:\Users\ZJ\AppData\Local\{D141B468-1782-43B5-9D80-E7BA08FDD2F1}
2017-01-03 17:14 - 2017-01-03 17:14 - 00000000 ____D C:\Users\ZJ\AppData\Local\{44ED1E8D-89E3-43A8-93DE-DD0A4E285A3B}
2017-01-02 17:03 - 2017-01-02 17:03 - 00000000 ____D C:\Users\ZJ\AppData\Local\{8445669D-3F07-49F8-9FE0-0F06DCE399B5}
2016-12-27 23:28 - 2016-12-27 23:28 - 00000000 ____D C:\Users\ZJ\AppData\Local\{7ECA6467-894D-4A84-8A13-B9B9392618F5}
2016-12-27 09:14 - 2016-12-27 09:14 - 00000000 ____D C:\Users\ZJ\AppData\Local\{EF963D6C-22C4-4AA4-B69B-5DA6078384BE}

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-25 19:15 - 2015-08-19 17:56 - 00000324 ____H C:\Windows\Tasks\iBard24_5bd0dc625667c745c40e4f061d100667_1.job
2017-01-25 19:11 - 2009-07-14 05:34 - 00022272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-25 19:11 - 2009-07-14 05:34 - 00022272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-25 19:02 - 2016-11-30 15:05 - 00000000 ____D C:\Users\ZJ\AppData\LocalLow\Mozilla
2017-01-25 19:02 - 2011-09-09 21:27 - 00000000 ____D C:\ProgramData\iBard24
2017-01-25 19:01 - 2016-06-19 20:28 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-25 19:01 - 2014-01-16 18:50 - 00318821 _____ C:\Windows\system32\HaspLogDetailed.txt
2017-01-25 19:01 - 2012-01-30 20:18 - 00476524 _____ C:\Windows\system32\HASPLog.txt
2017-01-25 19:01 - 2010-02-08 15:53 - 00000000 ____D C:\Program Files\Intel
2017-01-25 19:01 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-25 18:59 - 2016-01-07 16:08 - 00000000 ____D C:\ProgramData\McAfee
2017-01-25 18:34 - 2009-07-14 05:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-25 13:50 - 2015-08-19 17:56 - 00000324 ____H C:\Windows\Tasks\iBard24_5bd0dc625667c745c40e4f061d100667_2.job
2017-01-24 20:49 - 2016-12-03 15:26 - 00000000 ____D C:\Users\ZJ Nowe\AppData\LocalLow\Mozilla
2017-01-24 15:50 - 2012-01-03 14:18 - 00000000 ____D C:\Users\ZJ\AppData\Local\CrashDumps
2017-01-22 09:30 - 2011-01-21 17:18 - 00000000 ____D C:\Users\ZJ\AppData\Local\ElevatedDiagnostics
2017-01-21 16:30 - 2015-12-09 10:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-21 15:04 - 2015-01-11 18:35 - 00000000 ____D C:\Program Files\iBard24
2017-01-18 21:25 - 2016-07-05 16:49 - 00000000 ____D C:\Users\ZJ Nowe\Desktop\Delegacje
2017-01-12 14:36 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2017-01-11 20:53 - 2013-07-19 20:37 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 20:46 - 2010-02-08 15:59 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-09 16:10 - 2016-07-04 19:28 - 00110880 _____ C:\Users\ZJ Nowe\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-08 20:36 - 2011-01-21 19:21 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-01-08 20:29 - 2016-07-06 12:40 - 00000000 ____D C:\Users\ZJ Nowe\AppData\Local\Adobe
2017-01-08 20:29 - 2016-07-03 18:21 - 00000000 ____D C:\Users\ZJ Nowe\AppData\Roaming\Adobe
2017-01-03 17:12 - 2011-09-08 20:42 - 00000000 ____D C:\Users\ZJ\Documents\Moje skanowanie

==================== Pliki w katalogu głównym wybranych folderów =======

2014-09-28 11:29 - 2014-09-28 11:29 - 0000530 _____ () C:\Users\ZJ\AppData\Local\rbUsersData.config
2016-03-21 11:48 - 2016-03-21 11:48 - 0000530 _____ () C:\Users\ZJ\AppData\Local\rbUsersData_OptimaBI.config
2011-08-09 15:51 - 2014-04-02 19:27 - 0006621 _____ () C:\Users\ZJ\AppData\Local\unins000.dat
2014-04-02 19:27 - 2014-04-02 19:27 - 0707504 _____ () C:\Users\ZJ\AppData\Local\unins000.exe
2014-04-02 19:27 - 2014-04-02 19:27 - 0011761 _____ () C:\Users\ZJ\AppData\Local\unins000.msg
2011-12-21 22:21 - 2011-12-21 22:21 - 0000000 _____ () C:\Users\ZJ\AppData\Local\{8D78F827-313E-4F33-9A7E-F1F1B745FA07}
2011-07-26 20:03 - 2011-07-26 20:03 - 0000000 _____ () C:\Users\ZJ\AppData\Local\{9F2F4B04-E6AF-4FC0-8341-7528FD15D7AB}
2011-07-27 22:18 - 2011-07-27 22:19 - 0000000 _____ () C:\Users\ZJ\AppData\Local\{B929F60E-3448-4EEB-A61D-3CFC6065B5E0}
2011-12-19 22:30 - 2011-12-19 22:31 - 0000000 _____ () C:\Users\ZJ\AppData\Local\{E89CE002-8A03-41A5-A41E-9F5BB22E5F65}
2011-01-21 17:51 - 2011-11-23 11:28 - 0004605 _____ () C:\ProgramData\hpzinstall.log

Niektóre pliki w TEMP:
====================
2017-01-25 18:58 - 2016-03-02 15:13 - 0922152 _____ (McAfee, Inc.) C:\Users\ZJ\AppData\Local\Temp\0025901485367135McInst.exe

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

LastRegBack: 2017-01-23 15:56

==================== Koniec  FRST.txt ============================