OTL logfile created on: 2013-02-12 17:10:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ROBERT\Downloads\Programs 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,71 Gb Total Physical Memory | 5,43 Gb Available Physical Memory | 70,48% Memory free 15,41 Gb Paging File | 12,85 Gb Available in Paging File | 83,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 117,09 Gb Total Space | 52,23 Gb Free Space | 44,60% Space Free | Partition Type: NTFS Drive D: | 1745,83 Gb Total Space | 924,67 Gb Free Space | 52,96% Space Free | Partition Type: NTFS Computer Name: RSPC | User Name: ROBERT | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-02-12 17:04:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ROBERT\Downloads\Programs\OTL.exe PRC - [2013-02-12 16:32:19 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 PRC - [2013-02-09 15:13:04 | 001,808,240 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe PRC - [2013-02-06 02:10:46 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013-02-04 16:03:34 | 003,565,432 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe PRC - [2012-12-31 15:40:00 | 008,866,816 | ---- | M] (AQQ Sp. z o.o.) -- C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe PRC - [2012-12-19 21:50:23 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe PRC - [2012-12-18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-12-14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012-12-12 14:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe PRC - [2012-11-26 13:34:12 | 001,329,304 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2012-11-07 14:50:52 | 002,172,864 | ---- | M] (IVONA Software Sp. z o.o.) -- C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe PRC - [2012-10-03 15:15:16 | 000,246,112 | ---- | M] () -- C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe PRC - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-09-11 13:51:42 | 000,365,344 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012-09-11 13:51:42 | 000,277,792 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012-08-30 09:44:28 | 001,429,504 | ---- | M] (IVONA Software Sp. z o.o.) -- C:\Program Files (x86)\IVONA\IVONA Reader\IVONA Reader.exe PRC - [2012-07-19 16:18:38 | 002,568,120 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010-09-17 11:14:50 | 000,098,304 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe PRC - [2010-09-17 11:14:42 | 003,735,552 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe PRC - [2010-05-20 15:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe PRC - [2009-07-08 15:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe PRC - [2009-02-23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2008-09-24 13:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008-08-04 18:04:40 | 000,772,096 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe PRC - [2008-08-01 15:55:28 | 000,143,467 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe PRC - [2004-12-13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-02-12 16:32:22 | 000,592,896 | ---- | M] () -- C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0129\~de6248.tmp MOD - [2013-02-12 16:32:19 | 000,697,884 | ---- | M] () -- C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0129\~df394b.tmp MOD - [2013-02-09 15:13:03 | 014,586,736 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll MOD - [2013-02-06 02:10:45 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012-12-31 15:44:24 | 001,060,864 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\SMS.dll MOD - [2012-12-30 23:42:20 | 001,375,232 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\GGNet.dll MOD - [2012-12-30 08:09:22 | 000,054,784 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\Contact.dll MOD - [2012-12-18 14:43:18 | 000,587,776 | ---- | M] () -- C:\Users\ROBERT\WapSter\AQQ Folder\Profiles\robsonp\Plugins\SayAQQ.dll MOD - [2012-12-13 01:28:50 | 000,060,416 | ---- | M] () -- C:\Users\ROBERT\WapSter\AQQ Folder\Profiles\robsonp\Plugins\SpellChecker.dll MOD - [2012-12-13 01:28:50 | 000,060,416 | ---- | M] () -- C:\Users\ROBERT\WapSter\AQQ Folder\Profiles\robi500\Plugins\SpellChecker.dll MOD - [2012-12-10 09:13:54 | 000,590,848 | ---- | M] () -- C:\Users\ROBERT\WapSter\AQQ Folder\Profiles\robsonp\Plugins\AQQRadio.dll MOD - [2012-08-30 09:46:42 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\IVONA\IVONA Reader\IvonaIntegration.dll MOD - [2012-02-07 13:25:52 | 006,599,528 | ---- | M] () -- C:\Program Files (x86)\IVONA\IVONA 2 Voice\voices\voice_pl_jacek.dll MOD - [2011-11-01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011-11-01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011-10-07 07:04:24 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\IVONA\IVONA 2 Voice\Qt_4_6_3_1\x86\QtSolutions_MFCMigrationFramework-2.8_IVONA.dll MOD - [2011-10-06 14:26:36 | 008,179,712 | ---- | M] () -- C:\Program Files (x86)\IVONA\IVONA 2 Voice\Qt_4_6_3_1\x86\QtGuiIVONA4.dll MOD - [2011-10-06 14:15:50 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\IVONA\IVONA 2 Voice\Qt_4_6_3_1\x86\QtCoreIVONA4.dll MOD - [2011-06-14 15:40:28 | 000,073,728 | ---- | M] () -- C:\Users\ROBERT\AppData\Roaming\Mozilla\Firefox\Profiles\3z0toqm2.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll MOD - [2011-03-17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-11-26 13:34:12 | 001,329,304 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2012-08-09 19:25:50 | 000,207,872 | ---- | M] () [Auto | Running] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio) SRV:[b]64bit:[/b] - [2012-06-19 19:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2011-02-17 22:51:10 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV:[b]64bit:[/b] - [2010-05-20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp) SRV - [2013-02-09 15:13:05 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-02-06 02:10:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-01-08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-12-19 21:52:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012-12-19 21:51:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012-12-19 21:50:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service) SRV - [2012-12-18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-12-14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012-12-14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012-10-03 15:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012-10-03 15:15:16 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe -- (PLAY ONLINE. RunOuc) SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-09-11 13:51:42 | 000,365,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012-09-11 13:51:42 | 000,277,792 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012-07-19 16:18:38 | 002,568,120 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe) SRV - [2011-11-14 10:16:38 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\ROBERT\AppData\Local\Temp\7zS4DDA\hpslpsvc64.dll -- (HPSLPSVC) SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010-09-17 11:14:50 | 000,098,304 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2010-09-17 11:14:42 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-07-14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-02-23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008-09-24 13:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008-08-04 18:04:40 | 000,772,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS) SRV - [2008-08-01 16:00:18 | 000,141,824 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS) SRV - [2008-08-01 15:55:28 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS) SRV - [2004-12-13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-12-14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2012-11-28 09:07:58 | 000,057,904 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2012-11-22 01:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP) DRV:[b]64bit:[/b] - [2012-10-08 08:21:08 | 000,189,208 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:[b]64bit:[/b] - [2012-10-08 08:21:08 | 000,149,592 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2012-10-08 08:21:08 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF) DRV:[b]64bit:[/b] - [2012-10-08 08:21:06 | 000,211,344 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2012-10-03 15:15:21 | 000,223,744 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm) DRV:[b]64bit:[/b] - [2012-10-03 15:15:21 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:[b]64bit:[/b] - [2012-10-03 15:15:21 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:[b]64bit:[/b] - [2012-10-03 15:15:21 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2012-10-03 15:15:21 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:[b]64bit:[/b] - [2012-10-03 15:15:21 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:[b]64bit:[/b] - [2012-09-28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2012-09-20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudobex.sys -- (ssudobex) DRV:[b]64bit:[/b] - [2012-09-20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2012-09-20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2012-08-23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012-08-23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2012-08-23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2012-08-21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2012-07-02 10:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2012-06-27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:[b]64bit:[/b] - [2012-06-11 14:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:[b]64bit:[/b] - [2012-06-11 14:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:[b]64bit:[/b] - [2012-06-11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:[b]64bit:[/b] - [2012-06-11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-08-23 21:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-02-17 22:51:06 | 002,153,072 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:[b]64bit:[/b] - [2011-01-26 17:11:06 | 000,023,048 | ---- | M] (ASRock Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsrVDrive.sys -- (AsrVDrive) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-10-15 00:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2010-07-01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV:[b]64bit:[/b] - [2010-07-01 12:09:50 | 000,224,488 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV:[b]64bit:[/b] - [2010-07-01 12:09:50 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV:[b]64bit:[/b] - [2010-06-11 14:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:[b]64bit:[/b] - [2010-05-20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000) DRV:[b]64bit:[/b] - [2010-04-21 06:02:00 | 000,005,632 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rminiv3.sys -- (mirrorv3) DRV:[b]64bit:[/b] - [2009-10-05 14:22:20 | 000,044,320 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008-07-31 20:45:44 | 000,024,328 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus) DRV:[b]64bit:[/b] - [2008-07-02 14:58:50 | 000,031,624 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV:[b]64bit:[/b] - [2008-07-02 14:58:38 | 000,038,536 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VCommMgr.sys -- (VcommMgr) DRV:[b]64bit:[/b] - [2008-07-02 14:58:28 | 000,047,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb) DRV:[b]64bit:[/b] - [2008-01-21 19:28:14 | 000,016,904 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT) DRV:[b]64bit:[/b] - [2008-01-21 19:27:52 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm) DRV - [2009-10-26 03:43:18 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009-10-26 03:43:16 | 000,117,152 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2009-10-05 14:22:20 | 000,044,320 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009-03-30 00:00:00 | 000,024,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 -- (EverestDriver) DRV - [2006-10-09 15:29:22 | 000,032,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys -- (BTNetFilter) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2766988740-1519155283-1291775414-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2766988740-1519155283-1291775414-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-2766988740-1519155283-1291775414-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2766988740-1519155283-1291775414-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2766988740-1519155283-1291775414-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: IplextoALL%40ALLPlayer.org:0.7.0 FF - prefs.js..extensions.enabledAddons: SignPlugin%40bph.pl:1.4.0.7 FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.18 FF - prefs.js..extensions.enabledAddons: %7B49f3fc85-dcfe-4e42-9301-226ebe658509%7D:0.6.7 FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8 FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.10 FF - prefs.js..extensions.enabledAddons: %7B7E7165E2-0767-448c-852F-5FA8714F2C37%7D:1.2 FF - prefs.js..extensions.enabledAddons: %7B3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d%7D:1.9 FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.34 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-02-06 02:10:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-01-11 16:13:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013-01-23 13:10:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-02-06 20:28:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\ROBERT\AppData\Roaming\IDM\idmmzcc5 [2013-01-27 01:23:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\ROBERT\AppData\Roaming\IDM\idmmzcc5 [2013-01-27 01:23:46 | 000,000,000 | ---D | M] [2012-02-10 19:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROBERT\AppData\Roaming\mozilla\Extensions [2013-01-31 17:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROBERT\AppData\Roaming\mozilla\Firefox\Profiles\3z0toqm2.default\extensions [2012-09-10 01:02:17 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\ROBERT\AppData\Roaming\mozilla\Firefox\Profiles\3z0toqm2.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012-02-14 19:56:04 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Users\ROBERT\AppData\Roaming\mozilla\Firefox\Profiles\3z0toqm2.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37} [2012-11-06 12:30:57 | 000,000,000 | ---D | M] (Iplex to ALLPlayer) -- C:\Users\ROBERT\AppData\Roaming\mozilla\Firefox\Profiles\3z0toqm2.default\extensions\IplextoALL@ALLPlayer.org [2012-09-17 13:05:04 | 000,000,000 | ---D | M] ("Ivona Firefox Toolbar") -- C:\Users\ROBERT\AppData\Roaming\mozilla\Firefox\Profiles\3z0toqm2.default\extensions\IvonaFirefoxToolbar@ivona.com [2012-09-19 18:08:09 | 000,000,000 | ---D | M] (BPH Sign Plugin) -- C:\Users\ROBERT\AppData\Roaming\mozilla\Firefox\Profiles\3z0toqm2.default\extensions\SignPlugin@bph.pl [2012-12-13 15:13:35 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\ROBERT\AppData\Roaming\mozilla\firefox\profiles\3z0toqm2.default\extensions\firebug@software.joehewitt.com.xpi [2012-02-18 18:40:18 | 000,010,043 | ---- | M] () (No name found) -- C:\Users\ROBERT\AppData\Roaming\mozilla\firefox\profiles\3z0toqm2.default\extensions\IplextoALL@ALLPlayer.org.xpi [2012-12-16 15:20:52 | 000,013,745 | ---- | M] () (No name found) -- C:\Users\ROBERT\AppData\Roaming\mozilla\firefox\profiles\3z0toqm2.default\extensions\YouTubetoALL@ALLPlayer.org.xpi [2012-09-10 01:02:16 | 000,455,379 | ---- | M] () (No name found) -- C:\Users\ROBERT\AppData\Roaming\mozilla\firefox\profiles\3z0toqm2.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2013-01-16 17:34:11 | 000,048,844 | ---- | M] () (No name found) -- C:\Users\ROBERT\AppData\Roaming\mozilla\firefox\profiles\3z0toqm2.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2012-02-14 19:05:42 | 000,037,966 | ---- | M] () (No name found) -- C:\Users\ROBERT\AppData\Roaming\mozilla\firefox\profiles\3z0toqm2.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}.xpi [2012-06-01 16:09:12 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\ROBERT\AppData\Roaming\mozilla\firefox\profiles\3z0toqm2.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012-03-27 00:09:05 | 001,739,835 | ---- | M] () (No name found) -- C:\Users\ROBERT\AppData\Roaming\mozilla\firefox\profiles\3z0toqm2.default\extensions\{7759e3e1-9dbe-4a77-b37a-308a8cfba0ea}.xpi [2012-12-12 15:11:33 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\ROBERT\AppData\Roaming\mozilla\firefox\profiles\3z0toqm2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013-01-31 17:55:37 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\ROBERT\AppData\Roaming\mozilla\firefox\profiles\3z0toqm2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-09 21:20:12 | 001,669,514 | ---- | M] () (No name found) -- C:\Users\ROBERT\AppData\Roaming\mozilla\firefox\profiles\3z0toqm2.default\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}.xpi [2013-02-06 02:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013-02-06 02:10:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-01-27 01:23:46 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ROBERT\APPDATA\ROAMING\IDM\IDMMZCC5 [2013-02-06 02:10:46 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-09-06 03:57:09 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-09-06 03:57:10 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-09-06 03:57:10 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-09-06 03:57:10 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-09-06 03:57:10 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-09-06 03:57:09 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-12-22 21:47:40 | 000,001,798 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O2:[b]64bit:[/b] - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVONA Software Sp. z o.o.) O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVONA Software Sp. z o.o.) O3 - HKLM\..\Toolbar: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2766988740-1519155283-1291775414-1000..\Run: [AQQ] C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe (AQQ Sp. z o.o.) O4 - HKU\S-1-5-21-2766988740-1519155283-1291775414-1000..\Run: [ASRockXTU] File not found O4 - HKU\S-1-5-21-2766988740-1519155283-1291775414-1000..\Run: [IVONA ControlCenter] C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe (IVONA Software Sp. z o.o.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\ROBERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2766988740-1519155283-1291775414-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:[b]64bit:[/b] - Extra context menu item: Ściągnij przez IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O8:[b]64bit:[/b] - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B8DA181-5E34-43FF-B24A-571A1176CC96}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A7EFBB9-AA56-4A43-984D-9B324E5123C4}: NameServer = 193.41.112.14 193.41.112.18 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43CEF2A8-CF7B-43EB-94BE-618A38430799}: NameServer = 193.41.112.14 193.41.112.18 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{940EE3E2-3100-48AB-BF5B-478D912BC3AF}: NameServer = 193.41.112.14 193.41.112.18 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D697838-6542-4DAE-8AA5-4D1E6F0D915D}: NameServer = 193.41.112.14 193.41.112.18 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF386ADF-4017-47E5-8763-A4C10CE887D5}: NameServer = 193.41.112.14 193.41.112.18 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F36F8378-99A5-4192-8B85-C04D8643E932}: NameServer = 193.41.112.14 193.41.112.18 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1713ad28-63e8-11e2-b894-101111111111}\Shell - "" = AutoRun O33 - MountPoints2\{1713ad28-63e8-11e2-b894-101111111111}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{23a815a5-969c-11e1-ab46-101111111111}\Shell - "" = AutoRun O33 - MountPoints2\{23a815a5-969c-11e1-ab46-101111111111}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{2858517e-5edf-11e1-ba46-101111111111}\Shell - "" = AutoRun O33 - MountPoints2\{2858517e-5edf-11e1-ba46-101111111111}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{3b641568-6d64-11e2-9c51-101111111111}\Shell - "" = AutoRun O33 - MountPoints2\{3b641568-6d64-11e2-9c51-101111111111}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9402d112-1533-11e2-a244-101111111111}\Shell - "" = AutoRun O33 - MountPoints2\{9402d112-1533-11e2-a244-101111111111}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9d40bf08-0e0a-11e2-9f6f-101111111111}\Shell - "" = AutoRun O33 - MountPoints2\{9d40bf08-0e0a-11e2-9f6f-101111111111}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a5d6be2a-0d54-11e2-8694-101111111111}\Shell - "" = AutoRun O33 - MountPoints2\{a5d6be2a-0d54-11e2-8694-101111111111}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a5d6be38-0d54-11e2-8694-101111111111}\Shell - "" = AutoRun O33 - MountPoints2\{a5d6be38-0d54-11e2-8694-101111111111}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ab90e059-6d03-11e2-8cde-101111111111}\Shell - "" = AutoRun O33 - MountPoints2\{ab90e059-6d03-11e2-8cde-101111111111}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2052-10-20 15:39:03 | 000,000,000 | ---D | C] -- C:\Users\ROBERT\AppData\Local\CrashDumps [2013-02-12 13:13:06 | 000,000,000 | ---D | C] -- C:\Users\ROBERT\Documents\Notesy programu OneNote [2013-02-06 20:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2013-02-06 20:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2013-02-06 20:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013-02-06 02:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-02-05 15:13:52 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013-02-05 15:13:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013-02-05 15:13:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013-02-05 15:13:48 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013-02-05 15:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013-02-05 15:09:57 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013-02-05 15:09:50 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013-02-05 15:09:50 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013-02-05 15:09:50 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013-02-04 22:54:17 | 000,565,352 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013-02-04 22:54:17 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll [2013-02-04 17:30:29 | 000,000,000 | ---D | C] -- C:\Users\ROBERT\Desktop\Testwy [2013-02-04 16:14:45 | 000,023,048 | ---- | C] (ASRock Inc.) -- C:\Windows\SysNative\drivers\AsrVDrive.sys [2013-02-04 16:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM [2013-02-04 15:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013-02-04 15:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013-02-04 15:58:11 | 000,062,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys [2013-02-04 15:56:10 | 001,632,128 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys [2013-02-04 15:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock [2013-02-01 18:28:28 | 000,000,000 | ---D | C] -- C:\Intel [2013-01-30 19:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013-01-30 19:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013-01-30 01:38:35 | 000,000,000 | ---D | C] -- C:\Users\ROBERT\Desktop\Nowy folder [2013-01-29 13:03:10 | 000,165,112 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys [2013-01-29 12:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2013-01-20 22:34:54 | 000,000,000 | ---D | C] -- C:\Users\ROBERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013-01-20 21:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICeQ [2013-01-18 21:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ File Recovery [2013-01-18 19:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ontrack [2013-01-15 17:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-02-12 16:39:17 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-02-12 16:39:17 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-02-12 16:35:49 | 000,959,704 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-02-12 16:35:49 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-02-12 16:35:49 | 000,154,630 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-02-12 16:35:49 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-02-12 16:35:49 | 000,038,014 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-02-12 16:31:54 | 000,000,110 | ---- | M] () -- C:\.dir [2013-02-12 16:31:39 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock [2013-02-12 16:31:36 | 000,004,756 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI [2013-02-12 16:31:36 | 000,001,083 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini [2013-02-12 16:31:36 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI [2013-02-12 16:31:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-02-12 16:31:18 | 1911,394,303 | -HS- | M] () -- C:\hiberfil.sys [2013-02-12 15:34:07 | 000,321,781 | ---- | M] () -- C:\Users\ROBERT\Desktop\b6c7f4e55e5e46a58665_1600x1200_cropromiar-niestandardowy.jpg [2013-02-12 13:13:10 | 000,001,302 | ---- | M] () -- C:\Users\ROBERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk [2013-02-10 13:30:12 | 000,271,960 | ---- | M] () -- C:\Users\ROBERT\Desktop\viewebilling.pdf [2013-02-10 12:42:33 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-02-09 15:13:04 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-02-09 15:13:04 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-02-09 00:23:50 | 000,383,562 | ---- | M] () -- C:\Users\ROBERT\BOOTMGR [2013-02-09 00:23:36 | 000,081,685 | ---- | M] () -- C:\Users\ROBERT\Bez tytułu.png [2013-02-07 18:08:59 | 000,010,986 | ---- | M] () -- C:\Users\ROBERT\Desktop\beata-7022013_2.jpg [2013-02-07 15:39:44 | 006,368,542 | ---- | M] () -- C:\Users\ROBERT\Desktop\Windows_Loader_v2.1.7.zip [2013-02-07 14:15:44 | 319,411,626 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013-02-06 23:33:52 | 000,081,132 | ---- | M] () -- C:\Users\ROBERT\Desktop\45376613@plugin.gg.aqq.eu_20130206_1_13a732a000013cec.jpg [2013-02-06 12:01:52 | 002,979,328 | ---- | M] () -- C:\Users\ROBERT\Desktop\Rocznica.pps [2013-02-05 15:13:44 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013-02-05 15:13:41 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013-02-05 15:13:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013-02-05 15:13:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013-02-05 15:13:40 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013-02-05 15:13:40 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013-02-05 15:09:47 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013-02-05 15:09:44 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013-02-05 15:09:44 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013-02-05 15:09:43 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013-02-05 15:09:43 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013-02-05 15:09:42 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013-02-04 15:56:11 | 000,000,003 | ---- | M] () -- C:\Users\ROBERT\AppData\Local\user_data.ini [2013-02-03 22:44:24 | 000,000,068 | ---- | M] () -- C:\Users\ROBERT\Desktop\MMS.pls [2013-02-01 01:47:12 | 000,658,963 | ---- | M] () -- C:\Users\ROBERT\Desktop\IMG_0103.JPG [2013-01-30 21:44:22 | 000,000,600 | ---- | M] () -- C:\Users\ROBERT\winscp.RND [2013-01-30 19:17:17 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013-01-29 12:31:26 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2013-01-25 18:43:15 | 000,001,016 | ---- | M] () -- C:\Users\ROBERT\Desktop\Dropbox.lnk [2013-01-20 21:39:03 | 000,001,001 | ---- | M] () -- C:\Users\ROBERT\Desktop\ICeQ.lnk [2013-01-16 21:04:59 | 000,002,030 | ---- | M] () -- C:\Users\ROBERT\Desktop\SAM Broadcaster.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-02-12 16:31:39 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock [2013-02-12 15:34:05 | 000,321,781 | ---- | C] () -- C:\Users\ROBERT\Desktop\b6c7f4e55e5e46a58665_1600x1200_cropromiar-niestandardowy.jpg [2013-02-12 13:13:10 | 000,001,302 | ---- | C] () -- C:\Users\ROBERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk [2013-02-10 13:30:12 | 000,271,960 | ---- | C] () -- C:\Users\ROBERT\Desktop\viewebilling.pdf [2013-02-09 00:23:28 | 000,383,562 | ---- | C] () -- C:\Users\ROBERT\BOOTMGR [2013-02-09 00:23:28 | 000,081,685 | ---- | C] () -- C:\Users\ROBERT\Bez tytułu.png [2013-02-07 18:08:59 | 000,010,986 | ---- | C] () -- C:\Users\ROBERT\Desktop\beata-7022013_2.jpg [2013-02-07 17:35:28 | 000,081,132 | ---- | C] () -- C:\Users\ROBERT\Desktop\45376613@plugin.gg.aqq.eu_20130206_1_13a732a000013cec.jpg [2013-02-07 16:40:24 | 006,368,542 | ---- | C] () -- C:\Users\ROBERT\Desktop\Windows_Loader_v2.1.7.zip [2013-02-06 16:44:27 | 064,235,520 | ---- | C] () -- C:\Users\ROBERT\Desktop\ess_nt64_plk.msi [2013-02-06 12:01:50 | 002,979,328 | ---- | C] () -- C:\Users\ROBERT\Desktop\Rocznica.pps [2013-02-05 17:34:07 | 000,000,110 | ---- | C] () -- C:\.dir [2013-02-04 22:54:17 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2013-02-04 15:56:11 | 000,000,003 | ---- | C] () -- C:\Users\ROBERT\AppData\Local\user_data.ini [2013-02-03 22:44:23 | 000,000,068 | ---- | C] () -- C:\Users\ROBERT\Desktop\MMS.pls [2013-02-01 01:47:02 | 000,658,963 | ---- | C] () -- C:\Users\ROBERT\Desktop\IMG_0103.JPG [2013-01-31 01:39:23 | 000,750,082 | ---- | C] () -- C:\Users\ROBERT\Desktop\969.gif [2013-01-29 12:31:26 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2013-01-20 21:39:03 | 000,001,001 | ---- | C] () -- C:\Users\ROBERT\Desktop\ICeQ.lnk [2012-12-19 21:53:15 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2012-12-19 21:53:15 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2012-12-19 21:53:15 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini [2012-12-19 21:52:49 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012-12-19 21:52:49 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012-12-17 20:02:26 | 000,000,132 | ---- | C] () -- C:\Users\ROBERT\AppData\Roaming\Preferencje Adobe CS5 dla formatu GIF [2012-12-15 20:26:42 | 000,004,608 | ---- | C] () -- C:\Users\ROBERT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-12-14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012-11-07 21:03:04 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2012-11-06 12:31:01 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012-11-06 12:31:01 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2012-10-29 14:47:41 | 000,000,000 | ---- | C] () -- C:\Users\ROBERT\AppData\Roaming\downloads.m3u [2012-10-20 11:58:13 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2012-10-15 20:46:11 | 000,000,163 | ---- | C] () -- C:\Users\ROBERT\AppData\Roaming\default.rss [2012-10-15 17:58:02 | 000,000,600 | ---- | C] () -- C:\Users\ROBERT\winscp.RND [2012-10-10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012-10-10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012-09-26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012-09-26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012-09-26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012-09-26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012-09-26 12:21:06 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012-06-19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2012-05-20 00:09:32 | 000,000,600 | ---- | C] () -- C:\Users\ROBERT\AppData\Local\PUTTY.RND [2012-03-19 20:50:14 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini [2012-03-17 16:09:09 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2012-02-26 00:24:14 | 000,934,906 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-02-24 16:40:35 | 000,073,832 | ---- | C] () -- C:\Windows\SysWow64\SuperFrameSplitter.dll [2012-02-24 16:40:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RTKDABMWare.dll [2012-02-18 17:06:45 | 000,007,605 | ---- | C] () -- C:\Users\ROBERT\AppData\Local\Resmon.ResmonCfg [2012-02-17 15:01:07 | 000,005,262 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI [2012-02-17 15:00:56 | 000,000,259 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI [2012-02-17 14:59:03 | 000,004,756 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI [2012-02-17 14:59:02 | 000,000,085 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI [2012-02-17 14:45:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI [2012-02-14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012-02-14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012-02-09 17:29:42 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-08-21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012-08-21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-08-21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-12-14 13:06:48 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\.wtw [2013-02-12 12:23:17 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\AIMP3 [2013-02-11 15:53:40 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\BESTplayer [2012-09-25 10:52:35 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Canneverbe Limited [2012-02-26 02:50:54 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012-05-02 18:46:06 | 000,000,000 | -HSD | M] -- C:\Users\ROBERT\AppData\Roaming\Common [2012-12-19 22:24:01 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\DeviceVm [2013-02-12 16:30:32 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\DMCache [2012-11-06 12:13:08 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\driveridentifier [2013-01-30 21:41:49 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Dropbox [2012-04-02 18:16:31 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\DVDVideoSoft [2012-04-02 17:21:18 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\DVDVideoSoftIEHelpers [2012-02-10 18:51:16 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\ESET [2012-09-10 19:47:10 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\EurekaLog [2012-09-24 19:00:45 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\GHISLER [2013-02-04 16:02:33 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\IDM [2012-05-12 00:18:13 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\ImgBurn [2012-02-14 14:56:00 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\IrfanView [2012-12-12 21:18:13 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\IsolatedStorage [2012-03-24 11:59:12 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\IVONA ControlCenter [2012-05-13 12:09:29 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\IVONA Reader [2012-02-14 22:37:14 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\jAlbum [2012-04-06 16:43:34 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\NapiProjekt [2012-06-11 16:27:14 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Nokia [2012-04-01 17:04:18 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Nokia Suite [2013-01-20 22:34:54 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Notepad++ [2012-04-01 16:49:03 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\PC Suite [2012-12-19 22:30:23 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\PhotoFiltre 7 [2012-02-29 15:41:17 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Radmin [2012-11-14 19:47:40 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Samsung [2012-10-23 15:18:58 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Software Informer [2012-03-04 22:11:05 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013-02-11 16:16:31 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\TeamViewer [2012-02-13 15:04:46 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Thunderbird [2013-01-22 13:27:59 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\uTorrent [2013-02-12 12:35:28 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\XBMC [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9E00596C @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:28AE6654 < End of report >