Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015 Ran by ja (administrator) on THEBLACKGUARD on 07-02-2015 23:30:52 Running from C:\Documents and Settings\ja\Moje dokumenty\AntyVir i podobne\FRST Loaded Profiles: ja (Available profiles: ja & Administrator & Gość) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE (Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (OptionNV) C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtDetectSc.exe (Option) C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtFlashSwitch.exe () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe () C:\Documents and Settings\All Users\Dane aplikacji\Internet Manager\OnlineUpdate\ouc.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (HP) C:\WINDOWS\system32\HPZipm12.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Western Digital) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [ISUSPM Startup] => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup HKLM\...\Run: [ISUSScheduler] => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-12] (Kaspersky Lab ZAO) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital) HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-12-02] (Western Digital Technologies, Inc.) Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\OneCard: C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-3955640507-3710774182-547434246-1006\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung) HKU\S-1-5-21-3955640507-3710774182-547434246-1006\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung) HKU\S-1-5-21-3955640507-3710774182-547434246-1006\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-12-01] (Microsoft Corporation) HKU\S-1-5-21-3955640507-3710774182-547434246-1006\...\Policies\Explorer: [ClassicShell] 0 HKU\S-1-5-21-3955640507-3710774182-547434246-1006\...\MountPoints2: ##Bartu#OFFICE12 (J) - Z:\Setup.exe HKU\S-1-5-21-3955640507-3710774182-547434246-1006\...\MountPoints2: D - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 HKU\S-1-5-21-3955640507-3710774182-547434246-1006\...\MountPoints2: {95808da2-9220-11e2-99dd-001a73039f96} - "G:\WD Drive Unlock.exe" autoplay=true HKU\S-1-5-21-3955640507-3710774182-547434246-1006\...\MountPoints2: {b3c919e8-894a-11e4-ba9a-001a73039f96} - G:\AutoRun.exe HKU\S-1-5-21-3955640507-3710774182-547434246-1006\...\MountPoints2: {b3c919eb-894a-11e4-ba9a-001a73039f96} - G:\AutoRun.exe HKU\S-1-5-21-3955640507-3710774182-547434246-1006\...\MountPoints2: {fbf6420a-a217-11e4-a9d4-001a73039f96} - G:\LG_PC_Programs.exe HKU\S-1-5-21-3955640507-3710774182-547434246-1006\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [1035264 2008-04-14] (Microsoft Corporation) <==== ATTENTION Lsa: [Notification Packages] scecli AsWlnPkg Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [Document Manager] -> {666C7833-A9B6-4AB4-94ED-DC238C81E925} => C:\Program Files\HPQ\IAM\Bin\SFSShell.dll (Cognizance Corporation) ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-3955640507-3710774182-547434246-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKU\S-1-5-21-3955640507-3710774182-547434246-1006\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 URLSearchHook: [S-1-5-21-3955640507-3710774182-547434246-1006] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3955640507-3710774182-547434246-1006 -> Backup.Old.DefaultScope {CADA9BA8-2536-49B9-AE56-E750AB4E4510} SearchScopes: HKU\S-1-5-21-3955640507-3710774182-547434246-1006 -> {2938196A-B50E-0EF7-B9E2-66F5414F0DF7} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPNN_enPL344 SearchScopes: HKU\S-1-5-21-3955640507-3710774182-547434246-1006 -> {34C9434B-387C-4037-A0DB-340B3007F4E1} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} SearchScopes: HKU\S-1-5-21-3955640507-3710774182-547434246-1006 -> {3F0F086F-7640-5F95-AD43-23EBDC85C2F7} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPNN_enPL344 SearchScopes: HKU\S-1-5-21-3955640507-3710774182-547434246-1006 -> {CADA9BA8-2536-49B9-AE56-E750AB4E4510} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPNN_enPL344 BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Credential Manager for ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKU\S-1-5-21-3955640507-3710774182-547434246-1006 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File Toolbar: HKU\S-1-5-21-3955640507-3710774182-547434246-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/pi/components/SignActivX.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\SafeBrowser\S-1-5-21-3955640507-3710774182-547434246-1006\FireFox FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pandasecurity.com/activescan -> C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSignPlugin.dll () FF Extension: BPH Sign Plugin - C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\SafeBrowser\S-1-5-21-3955640507-3710774182-547434246-1006\FireFox\Extensions\SignPlugin@bph.pl [2014-10-19] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17] FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-08-28] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-28] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF Extension: Gevaarlijke websiteblokkering - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-08-28] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-08-28] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-08-28] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-26] CHR Extension: (Dysk Google) - C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-26] CHR Extension: (YouTube) - C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-26] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-26] CHR Extension: (Kaspersky URL Advisor) - C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-01-26] CHR Extension: (Bezpieczne pieniądze) - C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2015-01-26] CHR Extension: (Content Blocker) - C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2015-01-26] CHR Extension: (Virtual Keyboard) - C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2015-01-26] CHR Extension: (Gmail) - C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-26] CHR Extension: (Blokowanie banerów) - C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-01-26] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-12] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-12] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-12] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-12] CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-12] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASChannel; C:\Program Files\HPQ\IAM\Bin\ASChnl.dll [117248 2005-06-01] (Cognizance Corporation) [File not signed] R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-12] (Kaspersky Lab ZAO) R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed] R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch) R2 GtDetectSc; C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe [204800 2007-07-09] (OptionNV) [File not signed] R2 GtFlashSwitch; C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe [204800 2007-07-09] (Option) [File not signed] R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [98304 2006-01-12] (Hewlett-Packard Development Company, L.P.) [File not signed] R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [276048 2014-01-15] () S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S2 Internet Manager. RunOuc; C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [682064 2014-04-26] () R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-16] (Oracle Corporation) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-06-20] (Hewlett-Packard Company) [File not signed] R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [294912 2006-01-12] (SoftThinks) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed] S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed] R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-12-02] (Western Digital Technologies, Inc.) S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] S2 svcgdp; C:\Program Files\Software Plate\svcgdp.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [152960 2005-06-07] (Andrea Electronics Corporation) R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424320 2006-01-19] (Broadcom Corporation) S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [556200 2009-11-18] (Broadcom Corporation.) R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2010-01-14] (Broadcom Corporation.) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [911400 2010-03-31] (Broadcom Corporation.) S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [59688 2009-11-18] (Broadcom Corporation.) S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2010-01-14] (Broadcom Corporation.) S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47656 2009-11-18] (Broadcom Corporation.) R0 CSCrySec; C:\WINDOWS\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch) R1 CSVirtualDiskDrv; C:\WINDOWS\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch) S2 E4LOADER; C:\WINDOWS\System32\Drivers\e4ldr.sys [69656 2007-01-04] (Analog Deivces) S3 e4usbaw; C:\WINDOWS\System32\DRIVERS\e4usbaw.sys [104344 2007-01-04] (Analog Devices Inc.) R1 eabfiltr; C:\WINDOWS\System32\DRIVERS\eabfiltr.sys [7808 2005-09-19] (Hewlett-Packard Development Company, L.P.) S3 eabusb; C:\WINDOWS\System32\DRIVERS\eabusb.sys [5760 2005-09-19] (Hewlett-Packard Development Company, L.P.) S3 filtertdidriver; C:\WINDOWS\System32\drivers\ewfiltertdidriver.sys [7552 2013-08-16] (Huawei Technologies Co., Ltd.) [File not signed] S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [42112 2011-01-05] () S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-13] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-13] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP) S3 hwusb_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_cdcacm.sys [110976 2014-06-11] (Huawei Technologies Co., Ltd.) S3 hwusb_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_cdcecm.sys [117888 2014-04-14] (Huawei Technologies Co., Ltd.) S3 k750bus; C:\WINDOWS\System32\DRIVERS\k750bus.sys [55216 2005-07-07] (MCCI) S3 k750mdfl; C:\WINDOWS\System32\DRIVERS\k750mdfl.sys [6576 2005-07-07] (MCCI) S3 k750mdm; C:\WINDOWS\System32\DRIVERS\k750mdm.sys [89872 2005-07-07] (MCCI) S3 k750mgmt; C:\WINDOWS\System32\DRIVERS\k750mgmt.sys [81728 2005-07-07] (MCCI) S3 k750obex; C:\WINDOWS\System32\DRIVERS\k750obex.sys [79488 2005-07-07] (MCCI) R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2014-08-29] (Kaspersky Lab ZAO) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [595008 2014-08-29] (Kaspersky Lab ZAO) R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO) R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24160 2013-11-12] (Kaspersky Lab ZAO) R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-11-12] (Kaspersky Lab ZAO) R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [44000 2013-11-12] (Kaspersky Lab ZAO) R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [145040 2013-11-12] (Kaspersky Lab ZAO) R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.) S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation) R0 pavboot; C:\WINDOWS\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.) S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) S3 SEM43XX; C:\WINDOWS\System32\DRIVERS\semwl5.sys [368896 2007-07-09] (Broadcom Corporation) S3 SEMWModem; C:\WINDOWS\System32\DRIVERS\GCXX.sys [114944 2007-07-09] (Broadcom Corporation) S3 SEMWWNIC; C:\WINDOWS\System32\DRIVERS\GCXXNet.sys [53248 2005-08-25] (Broadcom Corporation) S3 Ser2pl; C:\WINDOWS\System32\DRIVERS\ser2pl.sys [43264 2004-02-18] (Prolific Technology Inc.) [File not signed] S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [36425 2001-10-26] (SMC) S3 Sony_EricssonWWSC; C:\WINDOWS\System32\DRIVERS\GCXXSC.sys [21888 2007-07-09] (Broadcom Corporation) S3 ssudobex; C:\WINDOWS\System32\DRIVERS\ssudobex.sys [184192 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2006-01-19] (Intel® Corporation) S3 Ad-Watch Connect Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys [X] S3 Ad-Watch Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys [X] S3 Ad-Watch Registry Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys [X] S3 AthDfu; System32\Drivers\AthDfu.sys [X] S3 Atheros_btAudio; system32\drivers\btathsco.sys [X] S3 btatha2dp; system32\drivers\btatha2dp.sys [X] S3 btathPan; system32\DRIVERS\btathpan.sys [X] S3 BTATHPROT; system32\DRIVERS\btathprot.sys [X] S3 btathrcp; system32\DRIVERS\btathrcp.sys [X] S3 btathspp; system32\DRIVERS\btathspp.sys [X] S3 BTATHUSB; system32\DRIVERS\btathusb.sys [X] S3 btfilter; system32\DRIVERS\btfilter.sys [X] U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249856 2014-02-07] (Huawei Technologies Co., Ltd.) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2014-08-29] (Kaspersky Lab ZAO) S3 NPF; system32\drivers\npf.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-07 16:51 - 2015-02-07 16:51 - 00044335 _____ () C:\WINDOWS\Regdelnull.zip 2015-02-04 21:53 - 2015-02-04 21:53 - 00185255 _____ () C:\Documents and Settings\ja\Pulpit\placowki_BZ_WBK-2015-02-04.csv 2015-02-01 14:33 - 2015-02-07 23:30 - 00000000 ____D () C:\FRST 2015-01-31 13:06 - 2015-02-02 21:37 - 00000000 ____D () C:\Documents and Settings\ja\Moje dokumenty\AntyVir i podobne 2015-01-30 21:54 - 2015-01-30 22:02 - 00000000 ____D () C:\UsbFix 2015-01-26 23:55 - 2015-01-26 23:55 - 00000000 _____ () C:\autoexec.bat 2015-01-26 23:38 - 2015-01-26 23:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-26 23:17 - 2015-02-07 17:39 - 00008192 _____ () C:\WINDOWS\system32\WDPABKP.dat 2015-01-26 08:26 - 2015-01-26 23:16 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software 2015-01-26 08:26 - 2015-01-26 08:26 - 00000000 ____D () C:\Program Files\AVAST Software 2015-01-23 15:33 - 2015-01-23 15:33 - 00037141 _____ () C:\Documents and Settings\ja\Pulpit\Menu kontekstowe (menu podręczne) – termin stosowany w informatyce.htm 2015-01-23 15:33 - 2015-01-23 15:33 - 00000000 ____D () C:\Documents and Settings\ja\Pulpit\Menu kontekstowe (menu podręczne) – termin stosowany w informatyce_pliki 2015-01-22 20:20 - 2015-01-22 20:20 - 00000850 _____ () C:\WINDOWS\setupact.log 2015-01-22 20:20 - 2015-01-22 20:20 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-22 10:21 - 2015-02-07 18:27 - 00411401 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-21 23:43 - 2015-01-21 23:44 - 00000403 _____ () C:\WINDOWS\wmsetup.log 2015-01-21 22:59 - 2015-01-21 22:59 - 00059331 _____ () C:\Documents and Settings\ja\Pulpit\Sklep internetowy Morele.net.htm 2015-01-21 22:59 - 2015-01-21 22:59 - 00000000 ____D () C:\Documents and Settings\ja\Pulpit\Sklep internetowy Morele.net_pliki 2015-01-21 22:07 - 2015-01-21 22:07 - 00289665 _____ () C:\Documents and Settings\ja\Pulpit\Report Everest.htm 2015-01-21 22:04 - 2015-01-21 22:04 - 00000000 ____D () C:\Program Files\Lavalys 2015-01-21 22:02 - 2015-01-21 22:02 - 04179293 _____ (Lavalys, Inc. ) C:\Documents and Settings\ja\Moje dokumenty\everesthome220(dobreprogramy.pl).exe 2015-01-17 06:53 - 2015-01-17 06:53 - 00000000 ____D () C:\Documents and Settings\ja\Dane aplikacji\MPC-HC 2015-01-16 15:26 - 2015-01-16 15:26 - 00000654 _____ () C:\Documents and Settings\All Users\Pulpit\Winamp.lnk 2015-01-16 15:26 - 2015-01-16 15:26 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Winamp 2015-01-16 15:25 - 2015-01-16 15:30 - 00000000 ____D () C:\Documents and Settings\ja\Dane aplikacji\Winamp 2015-01-16 15:25 - 2015-01-16 15:26 - 00000000 ____D () C:\Program Files\Winamp 2015-01-14 16:57 - 2015-01-14 16:59 - 00000000 ____D () C:\Documents and Settings\ja\Pulpit\Trompka Pompka 2015-01-14 16:56 - 2015-01-14 16:57 - 00000000 ____D () C:\Documents and Settings\ja\Pulpit\ANTENA 2015-01-14 16:56 - 2015-01-14 16:56 - 00000000 ____D () C:\Documents and Settings\ja\Pulpit\23 songs 2015-01-09 22:34 - 2015-01-09 22:34 - 00000000 ____D () C:\Analytics 2015-01-09 21:36 - 2015-01-09 22:24 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Western Digital 2015-01-09 21:35 - 2015-01-09 22:24 - 00000000 ____D () C:\Program Files\Common Files\Western Digital ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-07 23:31 - 2007-03-03 11:01 - 00000000 ____D () C:\Documents and Settings\ja\Ustawienia lokalne\Temp 2015-02-07 23:30 - 2007-03-03 11:01 - 00000000 ____D () C:\Documents and Settings\ja\Pulpit 2015-02-07 23:23 - 2009-07-09 09:37 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-07 22:50 - 2013-06-01 13:58 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2015-02-07 22:44 - 2012-04-22 12:27 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-07 17:44 - 2004-09-20 09:31 - 00032518 _____ () C:\WINDOWS\SchedLgU.Txt 2015-02-07 17:38 - 2014-03-27 16:20 - 00000216 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-02-07 17:38 - 2009-07-09 09:37 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-07 17:38 - 2004-09-20 09:31 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl 2015-02-07 17:31 - 2006-08-20 19:12 - 00100980 _____ () C:\WINDOWS\system32\lsass.log 2015-02-07 17:31 - 2004-09-20 11:12 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-02-07 17:31 - 2004-09-20 11:12 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-02-07 17:31 - 2004-09-20 09:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-07 17:30 - 2014-05-01 11:32 - 01434488 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-3955640507-3710774182-547434246-1006-0.dat 2015-02-07 17:30 - 2014-05-01 11:32 - 00283694 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat 2015-02-07 17:30 - 2007-03-03 11:01 - 00000188 ___SH () C:\Documents and Settings\ja\ntuser.ini 2015-02-07 17:30 - 2006-08-20 19:07 - 00524288 _____ () C:\WINDOWS\system32\config\Credenti.evt 2015-02-07 17:29 - 2007-02-22 16:37 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2015-02-07 11:18 - 2007-05-17 15:36 - 00002513 _____ () C:\Documents and Settings\ja\Pulpit\Microsoft Office Word 2007.lnk 2015-02-07 02:23 - 2007-03-03 11:01 - 00000000 ___HD () C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji 2015-02-07 01:03 - 2007-09-09 23:35 - 00000000 ____D () C:\Documents and Settings\ja\Dane aplikacji\Skype 2015-02-06 20:18 - 2014-03-27 20:25 - 00002267 _____ () C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2015-02-04 21:44 - 2012-04-22 12:27 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-02-04 21:44 - 2011-11-22 06:53 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-02-02 14:50 - 2014-06-27 18:45 - 00000000 ____D () C:\Documents and Settings\ja\Moje dokumenty\Pobrane 2015-02-01 13:20 - 2014-12-21 22:29 - 00201473 _____ () C:\WINDOWS\setupapi.log 2015-01-31 13:18 - 2007-03-03 11:01 - 00000000 ___RD () C:\Documents and Settings\ja\Moje dokumenty 2015-01-31 13:12 - 2009-10-22 13:55 - 00000000 ____D () C:\Documents and Settings\ja\Moje dokumenty\Banki 2015-01-31 13:11 - 2010-08-11 15:33 - 00000000 ____D () C:\Documents and Settings\ja\Moje dokumenty\ERA 2015-01-31 13:09 - 2014-01-26 17:26 - 00000000 ____D () C:\Documents and Settings\ja\Moje dokumenty\Sport 2015-01-31 12:05 - 2012-05-15 17:27 - 00000000 ____D () C:\Documents and Settings\ja\Pulpit\kasa 2015-01-31 12:00 - 2007-05-17 15:36 - 00002507 _____ () C:\Documents and Settings\ja\Pulpit\Excel 2007.lnk 2015-01-30 20:31 - 2007-09-27 16:48 - 00000000 ___HD () C:\Documents and Settings\Gość\Ustawienia lokalne\Dane aplikacji 2015-01-30 20:31 - 2007-03-03 11:01 - 00000000 __RHD () C:\Documents and Settings\ja\Dane aplikacji 2015-01-30 20:31 - 2007-03-03 11:01 - 00000000 ___RD () C:\Documents and Settings\ja\Menu Start\Programy 2015-01-30 20:31 - 2007-02-22 16:37 - 00000000 ___HD () C:\Documents and Settings\All Users\Dane aplikacji 2015-01-30 19:16 - 2013-06-01 13:58 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2015-01-30 00:17 - 2007-03-04 21:56 - 00230400 _____ () C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-29 20:51 - 2013-09-09 18:53 - 00000000 ____D () C:\Documents and Settings\ja\Pulpit\Stare dane programu Firefox 2015-01-29 20:49 - 2007-02-22 16:37 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-01-29 20:49 - 2007-02-22 07:46 - 00000000 ____D () C:\Program Files\InterVideo 2015-01-27 20:05 - 2009-11-06 09:13 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Freez software 2015-01-27 20:00 - 2010-01-13 21:24 - 00000000 ____D () C:\Program Files\NAPI-PROJEKT 2015-01-27 19:56 - 2007-02-22 16:37 - 00000000 ____D () C:\Program Files\Common Files\Sonic Shared 2015-01-27 19:56 - 2007-02-22 16:37 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2015-01-27 19:55 - 2007-02-22 16:37 - 00000000 ____D () C:\Program Files\Sonic 2015-01-27 19:49 - 2007-09-23 13:33 - 00000000 ____D () C:\Program Files\Common Files\Ahead 2015-01-27 19:40 - 2009-04-25 19:55 - 00000000 ____D () C:\Program Files\Free FLV to AVI Converter 2015-01-27 19:39 - 2012-07-27 12:35 - 00000000 ____D () C:\Program Files\Audacity 2015-01-27 17:56 - 2012-04-25 22:58 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-27 00:34 - 2007-03-03 11:01 - 00001599 _____ () C:\Documents and Settings\ja\Menu Start\Programy\Pomoc zdalna.lnk 2015-01-27 00:31 - 2007-03-03 11:01 - 00000000 ____D () C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google 2015-01-27 00:25 - 2007-03-21 20:06 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Google 2015-01-27 00:25 - 2007-02-22 07:50 - 00000000 ____D () C:\Program Files\Google 2015-01-27 00:18 - 2007-09-27 16:48 - 00001599 _____ () C:\Documents and Settings\Gość\Menu Start\Programy\Pomoc zdalna.lnk 2015-01-27 00:18 - 2004-09-20 09:18 - 00001599 _____ () C:\Documents and Settings\Default User\Menu Start\Programy\Pomoc zdalna.lnk 2015-01-27 00:18 - 2004-09-20 09:18 - 00001507 _____ () C:\Documents and Settings\All Users\Menu Start\Windows Update.lnk 2015-01-27 00:17 - 2004-09-20 09:18 - 00001563 _____ () C:\Documents and Settings\All Users\Menu Start\Określ dostęp do programów i ich ustawienia domyślne.lnk 2015-01-27 00:11 - 2007-02-22 16:37 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-01-27 00:07 - 2013-05-08 00:30 - 00001599 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Pomoc zdalna.lnk 2015-01-26 23:55 - 2007-03-03 11:01 - 00000000 ____D () C:\Documents and Settings\ja 2015-01-26 23:22 - 2013-09-22 12:51 - 00001024 ____H () C:\WINDOWS\system32\config\elam.LOG 2015-01-26 10:51 - 2009-07-09 09:37 - 00000000 ____D () C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Temp 2015-01-23 16:14 - 2007-07-08 21:29 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2015-01-17 19:04 - 2013-03-14 15:23 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2015-01-17 19:04 - 2007-02-22 16:37 - 00000000 ____D () C:\WINDOWS\Registration 2015-01-16 15:30 - 2007-09-23 16:55 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini 2015-01-16 14:44 - 2014-10-20 07:22 - 00000000 ____D () C:\Documents and Settings\ja\Dane aplikacji\foobar2000 2015-01-16 13:37 - 2012-07-27 13:27 - 00000000 ____D () C:\Documents and Settings\ja\Dane aplikacji\GoPlayer 2015-01-16 13:37 - 2012-07-27 12:34 - 00000000 ____D () C:\Program Files\GoPlayer 2015-01-14 19:47 - 2013-04-28 18:50 - 00000000 ____D () C:\Documents and Settings\ja\dwhelper 2015-01-14 00:48 - 2013-08-15 07:13 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 00:42 - 2007-03-21 20:41 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-11 18:22 - 2013-07-14 19:14 - 00000000 ____D () C:\Documents and Settings\ja\Pulpit\MUZ GIT 2015-01-11 17:15 - 2013-02-03 16:15 - 00001486 _____ () C:\Documents and Settings\ja\Pulpit\Kalkulator (2).lnk 2015-01-09 22:26 - 2013-05-27 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Package Cache 2015-01-09 22:24 - 2013-11-26 17:01 - 00110864 _____ () C:\WINDOWS\DPINST.LOG 2015-01-09 22:24 - 2013-02-16 21:49 - 00000000 ____D () C:\Program Files\Western Digital 2015-01-09 22:23 - 2013-02-16 22:10 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Western Digital 2015-01-09 22:11 - 2014-11-16 15:31 - 00000000 ____D () C:\Documents and Settings\ja\Pulpit\Skróty do WD 2015-01-08 15:00 - 2014-03-27 16:20 - 00000210 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job ==================== Files in the root of some directories ======= 2013-02-24 11:30 - 2013-02-24 11:30 - 0000272 _____ () C:\Documents and Settings\ja\Dane aplikacji\.backup.dm 2007-07-17 03:24 - 2007-07-17 10:42 - 1117045 _____ () C:\Documents and Settings\ja\Dane aplikacji\Install.xat 2013-05-24 22:27 - 2013-05-24 22:28 - 0000004 _____ () C:\Documents and Settings\ja\Dane aplikacji\skype.ini 2007-03-03 11:01 - 2006-08-20 19:14 - 0000000 ____C () C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\AtStart.txt 2007-03-04 21:56 - 2015-01-30 00:17 - 0230400 _____ () C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2007-03-03 11:01 - 2006-08-20 19:14 - 0000000 ____C () C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\DSwitch.txt 2008-01-06 21:39 - 2008-01-06 21:39 - 0000000 ____C () C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\FnF4.txt 2007-03-03 11:01 - 2008-08-25 13:17 - 0000127 _____ () C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2007-03-03 11:01 - 2006-08-20 19:14 - 0000000 ____C () C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\QSwitch.txt Files to move or delete: ==================== C:\Documents and Settings\ja\PulpitBda4Cx_save2pc.exe C:\Documents and Settings\ja\PulpitKaO7Np_save2pc.exe Some content of TEMP: ==================== C:\Documents and Settings\ja\Ustawienia lokalne\Temp\bandoffer.exe C:\Documents and Settings\ja\Ustawienia lokalne\Temp\bandoffer[1].exe C:\Documents and Settings\ja\Ustawienia lokalne\Temp\SkypeSetup.exe C:\Documents and Settings\ja\Ustawienia lokalne\Temp\SoftonicAssistant_v0-1-6.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================