Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014 Ran by Acer (administrator) on BLACKV8 on 13-12-2014 11:22:23 Running from D:\Software\@Security\@odsyfianie Loaded Profile: Acer (Available profiles: Acer) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE () C:\WINDOWS\PLFSetI.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (FreeDownloadManager.ORG) C:\Program Files\Free Download Manager\fdm.exe (Dropbox, Inc.) C:\Documents and Settings\Acer\Dane aplikacji\Dropbox\bin\Dropbox.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe () C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonChromeOcrExt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe () C:\DOCUME~1\Acer\USTAWI~1\Temp\Rar$EXa0.925\m57g1hli.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Don HO don.h@free.fr) C:\WINDOWS\system32\notepad.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18085888 2009-02-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.) HKLM\...\Run: [PLFSetI] => C:\WINDOWS\PLFSetI.exe [200704 2008-07-29] () HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [3117344 2014-09-14] (ESET) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.) HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1 HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-20\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-20\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-57989841-630328440-1801674531-1002\...\Run: [Free Download Manager] => C:\Program Files\Free Download Manager\fdm.exe [7012352 2014-11-14] (FreeDownloadManager.ORG) HKU\S-1-5-21-57989841-630328440-1801674531-1002\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-57989841-630328440-1801674531-1002\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-57989841-630328440-1801674531-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-57989841-630328440-1801674531-1002\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-21-57989841-630328440-1801674531-1002\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-57989841-630328440-1801674531-1002\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-57989841-630328440-1801674531-1002\...\MountPoints2: {1977a40a-5161-11e4-9bc0-0026225cf4e3} - D:\AutoRun.exe HKU\S-1-5-21-57989841-630328440-1801674531-1002\...\MountPoints2: {1977a40d-5161-11e4-9bc0-0026225cf4e3} - D:\AutoRun.exe HKU\S-1-5-21-57989841-630328440-1801674531-1002\...\MountPoints2: {1977a40f-5161-11e4-9bc0-0026225cf4e3} - D:\AutoRun.exe HKU\S-1-5-21-57989841-630328440-1801674531-1002\...\MountPoints2: {d2d9accc-498c-11e4-9bb1-0026225cf4e3} - D:\DTLplus_Launcher.exe HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-18\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1 IFEO\bonus.screenshotreader.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\finecmd.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\finereader.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\javaw.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\javaws.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\lec cliptrans.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\lec dictionary.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\lec filetrans.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\lec logotrans.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\lec mirrortrans.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\lec power translator 15.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\lec quickstart.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\lec transit.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\softwareupdate.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" Startup: C:\Documents and Settings\Acer\Menu Start\Programy\Autostart\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Acer\Dane aplikacji\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\Acer\Menu Start\Programy\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\Acer\Menu Start\Programy\Autostart\Styler.lnk ShortcutTarget: Styler.lnk -> C:\Documents and Settings\Acer\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe () Startup: C:\Documents and Settings\Default User\Menu Start\Programy\Autostart\Styler.lnk ShortcutTarget: Styler.lnk -> C:\Documents and Settings\Acer\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-57989841-630328440-1801674531-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xpblackedition.ubf.pl/ HKU\S-1-5-21-57989841-630328440-1801674531-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie_rsearch.html BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Babylon IE plugin -> {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} -> C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist) Toolbar: HKLM - No Name - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 172.20.10.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Acer\Dane aplikacji\Mozilla\Firefox\Profiles\erzan1k9.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-57989841-630328440-1801674531-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-57989841-630328440-1801674531-1002: @Google.com/GoogleEarthPlugin -> C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Google Earth\plugin\npgeplugin.dll (Google) FF user.js: detected! => C:\Documents and Settings\Acer\Dane aplikacji\Mozilla\Firefox\Profiles\erzan1k9.default\user.js FF Extension: FireShot - C:\Documents and Settings\Acer\Dane aplikacji\Mozilla\Firefox\Profiles\erzan1k9.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-09-17] FF Extension: Apollo Sync for Firefox - C:\Documents and Settings\Acer\Dane aplikacji\Mozilla\Firefox\Profiles\erzan1k9.default\Extensions\ffsync@apollobrowser.com.xpi [2014-10-29] FF Extension: Gmail Notifier (restartless) - C:\Documents and Settings\Acer\Dane aplikacji\Mozilla\Firefox\Profiles\erzan1k9.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2014-09-17] FF Extension: NoPremium.pl - C:\Documents and Settings\Acer\Dane aplikacji\Mozilla\Firefox\Profiles\erzan1k9.default\Extensions\jid1-MVBjD3PCN9WVIR@jetpack.xpi [2014-09-17] FF Extension: Open In Chrome - C:\Documents and Settings\Acer\Dane aplikacji\Mozilla\Firefox\Profiles\erzan1k9.default\Extensions\openinchrome@griffeltavla.wordpress.com.xpi [2014-11-12] FF Extension: FlashGot - C:\Documents and Settings\Acer\Dane aplikacji\Mozilla\Firefox\Profiles\erzan1k9.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-09-17] FF Extension: MeasureIt - C:\Documents and Settings\Acer\Dane aplikacji\Mozilla\Firefox\Profiles\erzan1k9.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-09-17] FF Extension: SoundCloud Downloader - Technowise - C:\Documents and Settings\Acer\Dane aplikacji\Mozilla\Firefox\Profiles\erzan1k9.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2014-09-17] FF Extension: DownThemAll! - C:\Documents and Settings\Acer\Dane aplikacji\Mozilla\Firefox\Profiles\erzan1k9.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-09-17] FF Extension: Adblock Edge - C:\Documents and Settings\Acer\Dane aplikacji\Mozilla\Firefox\Profiles\erzan1k9.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-09-17] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-09-13] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2014-09-13] FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Plugins\ocr@babylon.com FF Extension: Babylon Translation Activation - C:\Program Files\Babylon\Babylon-Pro\Plugins\ocr@babylon.com [2014-10-04] FF HKLM\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files\Free Download Manager\Firefox\Extension FF Extension: Free Download Manager plugin - C:\Program Files\Free Download Manager\Firefox\Extension [2014-12-08] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-09-14] FF Extension: No Name - fdm_ffext@freedownloadmanager.org [Not Found] Chrome: ======= CHR Profile: C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-02] CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-02] CHR Extension: (Dysk Google) - C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-02] CHR Extension: (YouTube) - C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-02] CHR Extension: (Adblock Plus) - C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-08] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-02] CHR Extension: (Arkusze Google) - C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-02] CHR Extension: (Downloads) - C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2014-12-08] CHR Extension: (NoPremium.pl) - C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\kfjkakeeljjehllbdjjamgabdjpmdogc [2014-12-08] CHR Extension: (Downloaders) - C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj [2014-12-08] CHR Extension: (Babylon Translator) - C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ljcdopdmbcpndfopibbkmijkhmbdgpjj [2014-10-04] CHR Extension: (Google Wallet) - C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-02] CHR Extension: (Checker Plus for Gmail™) - C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2014-12-09] CHR Extension: (Gmail) - C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-02] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-09-24] (Adobe Systems) [File not signed] S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [43008 2010-01-17] (Microsoft Corporation) [File not signed] R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [913144 2012-03-07] (ESET) R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2014-09-13] (Sun Microsystems, Inc.) S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [30720 2010-01-17] (Microsoft Corporation) [File not signed] S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [99840 2009-12-24] (Microsoft Corporation) [File not signed] R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699680 2012-09-19] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative) R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [2158848 2013-11-27] (Atheros Communications, Inc.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [160816 2012-03-14] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET) R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [148504 2012-03-14] (ESET) R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [40336 2012-03-14] (ESET) R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61936 2012-03-14] (ESET) S4 exFat; C:\WINDOWS\system32\Drivers\exFat.sys [136192 2008-01-21] (Microsoft Corporation) [File not signed] S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [96000 2012-08-20] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [70272 2012-12-22] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [27520 2012-08-20] (Huawei Technologies Co., Ltd.) S3 igfx; C:\WINDOWS\System32\DRIVERS\igdkmd32.sys [2476544 2008-10-28] (Intel Corporation) [File not signed] R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [38912 2009-01-15] (Atheros Communications, Inc.) S3 libusb0; C:\WINDOWS\System32\DRIVERS\libusb0.sys [35776 2011-07-22] (http://libusb-win32.sourceforge.net) R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed] S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.) S3 MotioninJoyXFilter; C:\WINDOWS\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy) [File not signed] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R0 Si3112; C:\WINDOWS\system32\Drivers\Si3112.sys [62208 2010-01-17] (Silicon Image, Inc.) [File not signed] S3 SIUSBXP; C:\WINDOWS\System32\drivers\SiUSBXp.sys [14592 2014-05-06] (Silicon Laboratories) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-18] (TuneUp Software) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249472 2012-04-20] (Huawei Technologies Co., Ltd.) S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath U3 uxddqpog; \??\C:\DOCUME~1\Acer\USTAWI~1\Temp\uxddqpog.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-13 11:18 - 2014-12-13 11:22 - 00000000 ____D () C:\FRST 2014-12-13 08:54 - 2014-12-13 08:54 - 00000000 _____ () C:\Documents and Settings\Acer\defogger_reenable 2014-12-08 09:41 - 2014-12-08 20:05 - 00000000 ____D () C:\Documents and Settings\Acer\Dane aplikacji\Free Download Manager 2014-12-08 09:40 - 2014-12-08 09:40 - 00000742 _____ () C:\Documents and Settings\Acer\Pulpit\Free Download Manager.lnk 2014-12-08 09:40 - 2014-12-08 09:40 - 00000000 ____D () C:\Program Files\Free Download Manager 2014-12-08 09:40 - 2014-12-08 09:40 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Free Download Manager 2014-12-07 13:24 - 2014-12-07 13:29 - 00000000 ____D () C:\Documents and Settings\Acer\Pulpit\re 2014-12-01 19:07 - 2014-12-01 19:07 - 00000666 _____ () C:\Documents and Settings\All Users\Pulpit\PicPick.lnk 2014-12-01 19:07 - 2014-12-01 19:07 - 00000000 ____D () C:\Program Files\PicPick 2014-12-01 19:07 - 2014-12-01 19:07 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\PicPick 2014-12-01 19:07 - 2014-12-01 19:07 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\PicPick 2014-12-01 19:07 - 2014-12-01 19:07 - 00000000 ____D () C:\Documents and Settings\Acer\Dane aplikacji\PicPick 2014-11-23 16:35 - 2014-11-23 16:35 - 00000000 ____D () C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji\GHISLER 2014-11-23 16:33 - 2014-11-23 16:33 - 00000708 _____ () C:\Documents and Settings\All Users\Pulpit\Total Commander.lnk 2014-11-23 16:33 - 2014-11-23 16:33 - 00000000 ____D () C:\Program Files\totalcmd 2014-11-23 16:33 - 2014-11-23 16:33 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Total Commander 2014-11-23 16:33 - 2014-11-23 16:33 - 00000000 ____D () C:\Documents and Settings\Acer\Dane aplikacji\GHISLER 2014-11-23 16:33 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\UC.PIF 2014-11-23 16:33 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\RAR.PIF 2014-11-23 16:33 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\PKZIP.PIF 2014-11-23 16:33 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\PKUNZIP.PIF 2014-11-23 16:33 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\LHA.PIF 2014-11-23 16:33 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\ARJ.PIF 2014-11-15 12:01 - 2014-11-15 12:01 - 00000000 ____D () C:\Program Files\Dropbox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-13 11:22 - 2014-09-13 22:39 - 00000000 ____D () C:\Documents and Settings\Acer\Ustawienia lokalne\Temp 2014-12-13 10:25 - 2014-10-02 18:08 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-13 09:30 - 2014-09-13 22:27 - 01570449 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-13 09:27 - 2014-10-02 18:10 - 00001819 _____ () C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2014-12-13 09:25 - 2014-10-02 18:08 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-13 09:08 - 2014-09-14 00:22 - 01116342 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-13 09:08 - 2001-10-26 20:15 - 00501212 _____ () C:\WINDOWS\system32\perfh015.dat 2014-12-13 09:08 - 2001-10-26 20:15 - 00088770 _____ () C:\WINDOWS\system32\perfc015.dat 2014-12-13 09:05 - 2014-09-17 18:44 - 00000000 ____D () C:\Documents and Settings\Acer\Dane aplikacji\Dropbox 2014-12-13 09:04 - 2014-09-17 18:41 - 00000220 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-12-13 09:04 - 2014-09-14 00:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-12-13 09:04 - 2014-09-14 00:23 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-12-13 09:04 - 2014-09-13 22:39 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-13 09:03 - 2014-09-28 10:04 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt 2014-12-13 09:03 - 2014-09-13 22:39 - 00032470 _____ () C:\WINDOWS\SchedLgU.Txt 2014-12-13 09:03 - 2014-09-13 22:39 - 00000188 ___SH () C:\Documents and Settings\Acer\ntuser.ini 2014-12-13 08:54 - 2014-09-13 22:39 - 00000000 ____D () C:\Documents and Settings\Acer 2014-12-13 08:51 - 2010-05-26 16:55 - 00090934 _____ () C:\WINDOWS\system32\langs.xml 2014-12-12 20:59 - 2014-09-13 22:39 - 00000000 ____D () C:\Documents and Settings\Acer\Pulpit 2014-12-11 23:04 - 2014-09-14 12:49 - 00010006 _____ () C:\WINDOWS\KB2686509.log 2014-12-11 23:04 - 2014-09-14 12:49 - 00000094 _____ () C:\WINDOWS\faultykeyboard.log 2014-12-11 23:04 - 2014-09-13 22:34 - 00969102 _____ () C:\WINDOWS\setupapi.log 2014-12-11 21:35 - 2014-09-13 23:42 - 00021617 _____ () C:\WINDOWS\KB2481109.log 2014-12-11 21:33 - 2001-07-22 02:17 - 00002184 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-09 20:46 - 2014-09-14 09:56 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2014-12-09 20:44 - 2014-09-13 22:39 - 00000000 ___RD () C:\Documents and Settings\Acer\Menu Start\Programy\Autostart 2014-12-08 18:30 - 2014-09-14 10:00 - 00002473 _____ () C:\Documents and Settings\Acer\Pulpit\Microsoft Office Excel 2007.lnk 2014-12-08 15:59 - 2014-09-14 10:00 - 00002515 _____ () C:\Documents and Settings\Acer\Pulpit\Microsoft Office Word 2007.lnk 2014-12-08 15:00 - 2014-09-17 18:41 - 00000214 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-12-08 11:39 - 2014-09-14 10:00 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Office 2014-12-08 09:41 - 2014-09-13 22:39 - 00000000 __RHD () C:\Documents and Settings\Acer\Dane aplikacji 2014-12-08 09:40 - 2014-09-14 00:22 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-12-08 09:22 - 2014-10-04 16:47 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Babylon 2014-12-01 19:07 - 2014-09-14 00:22 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-12-01 19:07 - 2014-09-14 00:22 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-11-30 21:32 - 2014-09-13 22:39 - 00000788 _____ () C:\Documents and Settings\Acer\Menu Start\Programy\Windows Media Player.lnk 2014-11-30 21:32 - 2014-09-13 22:39 - 00000000 ___RD () C:\Documents and Settings\Acer\Menu Start\Programy 2014-11-30 21:32 - 2014-09-13 22:27 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM 2014-11-30 21:32 - 2014-09-13 22:26 - 00006424 _____ () C:\WINDOWS\wmsetup.log 2014-11-23 22:55 - 2014-10-30 22:17 - 00000000 ____D () C:\Documents and Settings\Acer\Dane aplikacji\uTorrent 2014-11-23 16:35 - 2014-09-13 22:39 - 00000000 ___HD () C:\Documents and Settings\Acer\Ustawienia lokalne\Dane aplikacji 2014-11-22 22:55 - 2014-09-23 17:52 - 00000000 ____D () C:\Documents and Settings\Acer\Dane aplikacji\Skype 2014-11-22 20:57 - 2014-09-23 17:52 - 00002267 _____ () C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2014-11-16 13:24 - 2014-09-14 00:21 - 00455072 _____ () C:\WINDOWS\setupact.log 2014-11-16 00:43 - 2014-09-13 22:59 - 00000000 ____D () C:\temp 2014-11-15 12:01 - 2014-09-17 18:47 - 00000989 _____ () C:\Documents and Settings\Acer\Pulpit\Dropbox.lnk 2014-11-15 12:01 - 2014-09-17 18:44 - 00000000 ____D () C:\Documents and Settings\Acer\Menu Start\Programy\Dropbox 2014-11-15 11:34 - 2014-09-13 22:39 - 00000000 ___RD () C:\Documents and Settings\Acer\Menu Start Files to move or delete: ==================== C:\Documents and Settings\Acer\ytb.exe C:\Documents and Settings\Default User\ytb.exe Some content of TEMP: ==================== C:\Documents and Settings\Acer\Ustawienia lokalne\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpujlyob.dll C:\Documents and Settings\Acer\Ustawienia lokalne\Temp\RtkBtMnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe [2009-12-09 14:40] - [2009-12-09 14:40] - 1705984 ____A (Microsoft Corporation) a9bd5f368966ea709a4bff992f583f07 C:\WINDOWS\system32\winlogon.exe [2010-01-17 15:29] - [2010-01-17 15:29] - 0549888 ____A (Microsoft Corporation) 335813eacd16e84f3047a3326f6e5473 C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll [2009-06-26 09:30] - [2009-06-26 09:30] - 0642560 ____A (Microsoft Corporation) 946665fa0cc98f57e1023cd21f149d8b C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================