OTL logfile created on: 2014-12-08 14:12:16 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KT\Desktop\CZYSZCZENIE_SYSTEMU\OTL Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,25 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 35,95% Memory free 6,50 Gb Paging File | 3,97 Gb Available in Paging File | 61,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,31 Gb Total Space | 38,59 Gb Free Space | 19,76% Space Free | Partition Type: NTFS Drive D: | 750,06 Gb Total Space | 126,23 Gb Free Space | 16,83% Space Free | Partition Type: NTFS Drive E: | 270,45 Gb Total Space | 41,98 Gb Free Space | 15,52% Space Free | Partition Type: NTFS Drive H: | 97,65 Gb Total Space | 67,31 Gb Free Space | 68,93% Space Free | Partition Type: NTFS Drive I: | 433,20 Gb Total Space | 87,68 Gb Free Space | 20,24% Space Free | Partition Type: NTFS Drive J: | 433,20 Gb Total Space | 36,84 Gb Free Space | 8,50% Space Free | Partition Type: NTFS Drive K: | 433,20 Gb Total Space | 84,43 Gb Free Space | 19,49% Space Free | Partition Type: NTFS Drive M: | 2044,34 Gb Total Space | 759,56 Gb Free Space | 37,15% Space Free | Partition Type: NTFS Drive V: | 2794,49 Gb Total Space | 932,73 Gb Free Space | 33,38% Space Free | Partition Type: NTFS Computer Name: KT-PC | User Name: KT | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- PRC - [2014-12-08 12:08:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KT\Desktop\CZYSZCZENIE_SYSTEMU\OTL\OTL.exe PRC - [2014-12-08 12:01:49 | 001,111,040 | ---- | M] (Farbar) -- C:\Users\KT\Desktop\CZYSZCZENIE_SYSTEMU\FRST\FRST.exe PRC - [2014-12-01 20:39:08 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files\_do_syst_i_komputera\Mozilla Firefox\firefox.exe PRC - [2014-10-02 20:52:27 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe PRC - [2014-10-02 20:52:20 | 000,296,520 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2014-10-01 14:40:28 | 001,349,576 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2014-10-01 14:40:14 | 005,088,456 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe PRC - [2014-09-26 14:14:22 | 000,031,344 | ---- | M] () -- C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe PRC - [2014-09-26 09:18:24 | 000,039,568 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2014-09-23 13:54:16 | 000,551,488 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\downloader2.exe PRC - [2014-08-07 14:52:54 | 002,216,752 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe PRC - [2014-08-07 14:52:54 | 000,070,448 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe PRC - [2014-08-07 14:52:50 | 002,246,448 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe PRC - [2014-07-03 05:31:35 | 001,322,832 | ---- | M] (BitTorrent Inc.) -- C:\Users\KT\AppData\Roaming\uTorrent\uTorrent.exe PRC - [2014-07-01 14:14:02 | 000,242,728 | ---- | M] (Foxit Corporation) -- C:\Program Files\_INNE\Foxit Reader\Foxit Cloud\FCUpdateService.exe PRC - [2014-07-01 13:12:26 | 005,099,872 | ---- | M] () -- C:\Program Files\_do_syst_i_komputera\SpyShelter Personal Free\SpyShelter.exe PRC - [2014-06-24 13:36:26 | 000,481,304 | ---- | M] (Sony Corporation) -- C:\Program Files\_grafika_multimedia\SONY\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2014-06-24 13:30:34 | 002,557,976 | ---- | M] (Sony Corporation) -- C:\Program Files\_grafika_multimedia\SONY\PlayMemories Home\PMBVolumeWatcher.exe PRC - [2014-06-11 00:51:56 | 000,508,232 | ---- | M] (QFX Software Corporation) -- C:\Program Files\_do_syst_i_komputera\KeyScrambler\KeyScrambler.exe PRC - [2014-01-23 09:59:38 | 001,499,136 | ---- | M] (Nenad Hrg (SoftwareOK.com)) -- J:\Programy_od_2010-11-15\_do_systemu_i_kompa\pulpit\zegar_TheAeroClock\TheAeroClock\TheAeroClock.exe PRC - [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2013-09-02 10:14:02 | 000,179,976 | ---- | M] (cyberlink) -- C:\Program Files\Cyberlink\Shared files\brs.exe PRC - [2013-08-28 16:28:54 | 014,516,392 | ---- | M] (Efficient Software) -- J:\Programy_od_2010-11-15\pamiętniki-elektroniczne\Efficient Man's Organizer Free_portable\EfficientMansOrganizerFree-Port\EfficientMansOrganizerFree.exe PRC - [2013-07-30 22:07:46 | 000,139,264 | ---- | M] (Nenad Hrg SoftwareOK) -- J:\Programy_od_2010-11-15\_do_systemu_i_kompa\pulpit\zapisywanie_ustawienia_ikon-na-pulpicie\DesktopOK 3.59\DesktopOK\DesktopOK.exe PRC - [2013-03-08 14:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Cyberlink\PowerDVD10\PDVD10Serv.exe PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012-06-14 10:04:26 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe PRC - [2012-06-14 10:04:24 | 001,151,424 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe PRC - [2012-06-14 09:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe PRC - [2012-06-14 09:57:20 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe PRC - [2011-11-17 22:02:32 | 001,975,296 | ---- | M] (Alexander Nikiforov) -- C:\Program Files\_INNE\MP3 Skype Recorder\MP3 Skype Recorder.exe PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-08-18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009-08-18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009-03-27 16:22:08 | 000,339,968 | ---- | M] () -- C:\Program Files\_INNE\Plustek_Skaner\OpticFilm 8200i\QuickScan.exe PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\_do_syst_i_komputera\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008-10-31 11:26:22 | 001,153,936 | ---- | M] (Innovative Solutions GRUP SRL) -- C:\Program Files\_do_syst_i_komputera\Advanced Uninstaller PRO - Version 9\Monitor.exe PRC - [2008-05-20 11:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-04-30 00:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0420Mon.exe PRC - [2006-03-04 17:40:30 | 000,882,176 | ---- | M] () -- C:\Program Files\_INNE\Kalendarz XP\Kalendarz.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-12-01 20:39:07 | 003,758,192 | ---- | M] () -- C:\Program Files\_do_syst_i_komputera\Mozilla Firefox\mozjs.dll MOD - [2014-10-15 23:00:08 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e061f6a174e85fd3a61fc1093384ed5c\System.Windows.Forms.ni.dll MOD - [2014-10-15 22:59:52 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll MOD - [2014-10-15 22:59:38 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll MOD - [2014-10-15 22:59:33 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll MOD - [2014-10-15 22:58:51 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll MOD - [2014-10-11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2014-09-23 13:54:26 | 000,064,064 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\dtvhooks.dll MOD - [2014-09-23 13:54:16 | 000,551,488 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\downloader2.exe MOD - [2014-09-23 13:05:00 | 001,382,048 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\cpprest100_1_2.dll MOD - [2014-09-10 18:53:35 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll MOD - [2014-09-06 17:44:46 | 000,035,328 | ---- | M] () -- C:\Program Files\_INNE\_do_stron_internetowych\FileZilla FTP Client\fzshellext.dll MOD - [2014-07-01 13:12:52 | 000,310,112 | ---- | M] () -- C:\Program Files\_do_syst_i_komputera\SpyShelter Personal Free\klhelper.dll MOD - [2014-07-01 13:12:26 | 005,099,872 | ---- | M] () -- C:\Program Files\_do_syst_i_komputera\SpyShelter Personal Free\SpyShelter.exe MOD - [2014-06-18 23:44:56 | 000,033,632 | ---- | M] () -- C:\Windows\System32\SpyShelterShellExt.dll MOD - [2014-05-24 17:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files\_INNE\_do_stron_internetowych\FileZilla FTP Client\libstdc++-6.dll MOD - [2014-05-24 17:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files\_INNE\_do_stron_internetowych\FileZilla FTP Client\libgcc_s_sjlj-1.dll MOD - [2014-01-20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013-12-04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll MOD - [2013-12-04 03:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll MOD - [2013-12-04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll MOD - [2013-12-04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll MOD - [2013-12-04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll MOD - [2013-12-04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll MOD - [2013-07-10 17:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL MOD - [2011-11-02 16:21:42 | 000,411,024 | ---- | M] () -- C:\Program Files\_do_syst_i_komputera\Perfect Uninstaller\Contextmenu.dll MOD - [2011-10-13 11:52:50 | 000,943,616 | ---- | M] () -- C:\Program Files\_INNE\Plustek_Skaner\OpticFilm 8200i\Scndrvu.drv MOD - [2011-06-22 10:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll MOD - [2010-11-13 02:57:46 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2009-03-27 16:22:08 | 000,339,968 | ---- | M] () -- C:\Program Files\_INNE\Plustek_Skaner\OpticFilm 8200i\QuickScan.exe MOD - [2009-02-26 12:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll MOD - [2008-05-28 13:55:10 | 000,086,016 | ---- | M] () -- C:\Program Files\_INNE\Plustek_Skaner\OpticFilm 8200i\plkcom32.dll MOD - [2008-03-30 15:22:42 | 000,070,144 | ---- | M] () -- C:\Program Files\_INNE\_do_stron_internetowych\PSPad editor\PSPadShell.dll MOD - [2006-03-04 17:40:30 | 000,882,176 | ---- | M] () -- C:\Program Files\_INNE\Kalendarz XP\Kalendarz.exe MOD - [2004-04-06 18:45:46 | 000,040,960 | ---- | M] () -- C:\Program Files\_INNE\Plustek_Skaner\OpticFilm 8200i\DetectSession.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - File not found [Auto | Running] -- C:\Program Files\_do_syst_i_komputera\Spybot -- (SBSDWSCService) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - File not found [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2014-12-01 20:39:08 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-11-30 01:40:34 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-10-02 20:52:27 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Start_Pending] -- C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service) SRV - [2014-10-01 14:40:28 | 001,349,576 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2014-09-26 14:14:22 | 000,031,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc) SRV - [2014-09-26 09:18:24 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2014-08-07 14:52:54 | 002,216,752 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent) SRV - [2014-08-07 14:52:50 | 002,246,448 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine) SRV - [2014-07-01 14:14:02 | 000,242,728 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files\_INNE\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService) SRV - [2014-06-26 17:25:58 | 001,771,560 | ---- | M] (pdfforge GmbH) [On_Demand | Stopped] -- C:\Program Files\PDF Architect 2\ws.exe -- (PDF Architect 2) SRV - [2014-06-26 17:25:58 | 000,861,736 | ---- | M] (pdfforge GmbH) [On_Demand | Stopped] -- C:\Program Files\PDF Architect 2\crash-handler-ws.exe -- (pdfforge CrashHandler) SRV - [2014-06-24 13:36:26 | 000,481,304 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\_grafika_multimedia\SONY\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2014-04-03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-09-02 17:14:04 | 000,243,464 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_B91CB6D3) SRV - [2013-05-27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012-10-26 19:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService) SRV - [2012-06-14 10:04:26 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService) SRV - [2012-06-14 10:04:24 | 001,151,424 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup) SRV - [2012-06-14 09:57:20 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService) SRV - [2011-01-01 21:20:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-11-20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010-11-20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010-11-20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2009-09-25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service) SRV - [2009-08-18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2008-08-08 10:28:12 | 000,053,032 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\_do_syst_i_komputera\NERO_Essentials\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv) SRV - [2008-08-08 10:28:10 | 001,442,088 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\_do_syst_i_komputera\NERO_Essentials\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192cu.sys -- (RTL8192cu) DRV - [2014-10-10 08:59:12 | 000,191,928 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2014-10-10 08:59:12 | 000,176,448 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw) DRV - [2014-10-10 08:59:12 | 000,135,296 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2014-10-10 08:59:12 | 000,051,288 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp) DRV - [2014-10-10 08:59:12 | 000,037,928 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF) DRV - [2014-09-03 12:14:58 | 000,190,240 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2014-09-03 12:14:56 | 000,088,352 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv) DRV - [2014-09-02 21:31:44 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2014-09-02 21:31:39 | 000,130,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tib_mounter.sys -- (tib_mounter) DRV - [2014-09-02 21:31:38 | 000,736,192 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tib.sys -- (tib) DRV - [2014-09-02 21:31:31 | 000,116,000 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr) DRV - [2014-09-02 21:31:28 | 000,085,280 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vidsflt.sys -- (vidsflt) DRV - [2014-07-01 13:13:34 | 000,344,928 | ---- | M] (SpyShelter) [Kernel | System | Running] -- C:\Program Files\_do_syst_i_komputera\SpyShelter Personal Free\SpyShelter.sys -- (Spyshelter) DRV - [2013-10-02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2013-05-31 15:53:18 | 000,209,016 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler) DRV - [2012-09-11 14:24:06 | 000,104,088 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS) DRV - [2012-08-23 16:56:24 | 000,069,016 | R--- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PDFsFilter.sys -- (PDFSFilter) DRV - [2012-08-23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012-06-15 14:04:20 | 000,092,160 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TPLINKUDSMBus.sys -- (TPLINKUDSMBus) DRV - [2012-06-15 14:03:26 | 000,151,296 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TPLINKUDSTcpBus.sys -- (TPLINKUDSTcpBus) DRV - [2012-06-11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012-05-28 21:56:29 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32) DRV - [2012-01-09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012-01-09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2012-01-09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2012-01-09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011-02-16 15:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2010-12-22 15:31:36 | 000,109,328 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2010-12-22 15:31:34 | 000,158,736 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2010-12-22 15:31:34 | 000,120,208 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2010-12-22 15:31:34 | 000,042,960 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-16 11:49:30 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2010-04-12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009-11-20 19:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2009-11-20 19:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009-09-28 01:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\_do_syst_i_komputera\_OCHRONA\PeerBlock\pbfilter.sys -- (pbfilter) DRV - [2009-09-23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009-08-18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009-07-13 23:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) DRV - [2009-03-26 19:55:02 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2008-08-08 10:28:00 | 000,128,424 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2008-08-08 10:28:00 | 000,040,488 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2008-08-08 10:28:00 | 000,038,952 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) DRV - [2008-06-10 11:33:10 | 000,150,568 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mv61xx.sys -- (mv61xx) DRV - [2007-12-17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2007-11-07 22:18:54 | 000,007,936 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\inidvd.sys -- (INIDVD) DRV - [2007-05-31 08:32:34 | 000,099,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0420Vid.sys -- (V0420VID) DRV - [2007-02-12 16:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2006-10-18 14:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll () IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll () IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-914425102-3480758743-2583445526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 10 A8 F0 C4 27 CA 01 [binary data] IE - HKU\S-1-5-21-914425102-3480758743-2583445526-1000\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll () IE - HKU\S-1-5-21-914425102-3480758743-2583445526-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-914425102-3480758743-2583445526-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-914425102-3480758743-2583445526-1000\..\SearchScopes\{12FCEB20-321C-4327-8F7B-7AECB58DEAC2}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms} IE - HKU\S-1-5-21-914425102-3480758743-2583445526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-914425102-3480758743-2583445526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@cuminas.jp/DjVuPlugin: C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll (Cuminas Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\_INNE\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\_INNE\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\_grafika_multimedia\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.14.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.14: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.14.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\PDF Architect 2: C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-02 21:04:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4642CD99-8FDF-4550-94E1-63360972C326}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014-10-02 21:04:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0\extensions\\Components: C:\Program Files\_do_syst_i_komputera\Mozilla Firefox\components [2014-11-10 19:39:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0\extensions\\Plugins: C:\Program Files\_do_syst_i_komputera\Mozilla Firefox\plugins [2014-11-10 19:39:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0\extensions\\Components: C:\Program Files\_do_syst_i_komputera\Mozilla Firefox\components [2014-11-10 19:39:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0\extensions\\Plugins: C:\Program Files\_do_syst_i_komputera\Mozilla Firefox\plugins [2014-11-10 19:39:34 | 000,000,000 | ---D | M] [2011-12-29 21:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KT\AppData\Roaming\mozilla\Extensions [2011-12-29 21:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KT\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2014-09-16 20:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KT\AppData\Roaming\mozilla\Firefox\Profiles\o2ppibi8.default-1410895102096\extensions [2014-09-20 22:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KT\AppData\Roaming\mozilla\Firefox\Profiles\v2qm88vw.default\extensions [2013-06-07 10:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KT\AppData\Roaming\mozilla\Firefox\Profiles\v2qm88vw.default\extensions\{8e9008b4-ec7c-4c2a-828e-007d5d2dad22} [2013-06-07 10:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KT\AppData\Roaming\mozilla\Firefox\Profiles\v2qm88vw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2014-12-06 13:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KT\AppData\Roaming\mozilla\Firefox\Profiles\wrlcr19s.default-1417869811665\extensions [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\KT\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\_do_syst_i_komputera\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\_do_syst_i_komputera\Mozilla Firefox\plugins\npdjvu.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\_do_syst_i_komputera\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files\_grafika_multimedia\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files\_grafika_multimedia\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files\_grafika_multimedia\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files\_grafika_multimedia\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files\_grafika_multimedia\QuickTime\plugins\npqtplugin5.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\_INNE\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\_grafika_multimedia\Picasa3\npPicasa3.dll CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\_grafika_multimedia\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\_grafika_multimedia\realplayer\Netscape6\nprpplugin.dll CHR - Extension: Google Wallet = C:\Users\KT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ O1 HOSTS File: ([2011-10-14 15:53:40 | 000,000,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 secure.tune-up.com O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll () O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Tłumaczenie) - {2F7DB8D7-9BE7-4666-901E-F380555BCAC7} - C:\Program Files\_językowe\Russkij Translator\InternetTranslatorRusPol.dll (Techland) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [KeyScrambler] C:\Program Files\_do_syst_i_komputera\KeyScrambler\keyscrambler.exe (QFX Software Corporation) O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\_grafika_multimedia\SONY\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [RealDownloader] C:\Program Files\RealNetworks\RealDownloader\downloader2.exe () O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SpyShelter] C:\Program Files\_do_syst_i_komputera\SpyShelter Personal Free\SpyShelter.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TP-LINK USB Printer Controller] C:\Program Files\_do_syst_i_komputera\_zarządzanie-komputerem\TP-LINK\USB Printer Controller\USB Printer Controller.exe () O4 - HKLM..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.) O4 - HKU\.DEFAULT..\Run: [MP3 Skype Recorder] C:\Program Files\_INNE\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov) O4 - HKU\S-1-5-18..\Run: [MP3 Skype Recorder] C:\Program Files\_INNE\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov) O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-914425102-3480758743-2583445526-1000..\Run: [Advanced Uninstaller PRO Installation Monitor] C:\Program Files\_do_syst_i_komputera\Advanced Uninstaller PRO - Version 9\monitor.exe (Innovative Solutions GRUP SRL) O4 - HKU\S-1-5-21-914425102-3480758743-2583445526-1000..\Run: [DesktopOK] J:\Programy_od_2010-11-15\_do_systemu_i_kompa\pulpit\zapisywanie_ustawienia_ikon-na-pulpicie\DesktopOK 3.59\DesktopOK\DesktopOK.exe (Nenad Hrg SoftwareOK) O4 - HKU\S-1-5-21-914425102-3480758743-2583445526-1000..\Run: [MP3 Skype Recorder] C:\Program Files\_INNE\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov) O4 - HKU\S-1-5-21-914425102-3480758743-2583445526-1000..\Run: [PeerBlock] C:\Program Files\_do_syst_i_komputera\_OCHRONA\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKU\S-1-5-21-914425102-3480758743-2583445526-1000..\Run: [TheAeroClock] J:\Programy_od_2010-11-15\_do_systemu_i_kompa\pulpit\zegar_TheAeroClock\TheAeroClock\TheAeroClock.exe (Nenad Hrg (SoftwareOK.com)) O4 - HKU\S-1-5-21-914425102-3480758743-2583445526-1000..\Run: [uTorrent] C:\Users\KT\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) O4 - HKLM..\RunOnce: [MONITOR] C:\Program Files\_do_syst_i_komputera\Advanced Uninstaller PRO - Version 9\LoaderRunOnce.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\KT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Man's Organizer Free.lnk = J:\Programy_od_2010-11-15\pamiętniki-elektroniczne\Efficient Man's Organizer Free_portable\EfficientMansOrganizerFree-Port\EfficientMansOrganizerFree.exe (Efficient Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 0 O7 - HKU\S-1-5-21-914425102-3480758743-2583445526-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data] O7 - HKU\S-1-5-21-914425102-3480758743-2583445526-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\_językowe\Russkij Translator\InternetTranslatorRusPol.dll,-103 - {94C70A96-012C-4171-98FC-C1971511F20D} - C:\Program Files\_językowe\Russkij Translator\InternetTranslatorRusPol.dll (Techland) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.204.204.204 62.233.233.233 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5579551D-B375-4FBE-A430-57EDFCF6E1F6}: DhcpNameServer = 87.204.204.204 62.233.233.233 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010-02-21 00:31:29 | 000,008,422 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O33 - MountPoints2\{c35fa8b7-013d-11e1-ace3-002215808149}\Shell - "" = AutoRun O33 - MountPoints2\{c35fa8b7-013d-11e1-ace3-002215808149}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\NeroSecurDiscViewer.exe auto O34 - HKLM BootExecute: (PDBoot.exe) O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (autocheck turegopt) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-12-08 13:48:29 | 000,000,000 | ---D | C] -- C:\FRST [2014-11-20 16:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2014-11-20 16:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2014-11-20 16:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2009-10-12 09:59:33 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Program Files\notepad.exe [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-12-08 08:39:46 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-12-08 08:39:46 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-12-08 08:29:43 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2014-12-08 08:29:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-12-07 21:40:01 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-12-03 23:59:29 | 329,759,933 | ---- | M] () -- C:\Windows\MEMORY.DMP [2014-11-30 11:45:11 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2014-11-30 01:40:16 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014-11-30 01:40:16 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014-11-28 00:45:08 | 000,001,740 | ---- | M] () -- C:\Users\KT\Desktop\Ahnblatt_2.83.lnk [2014-11-12 11:12:54 | 085,761,506 | ---- | M] () -- C:\Users\KT\Desktop\COMPONENTS.reg [2014-11-09 19:41:20 | 000,001,321 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-11-27 20:23:43 | 000,001,740 | ---- | C] () -- C:\Users\KT\Desktop\Ahnblatt_2.83.lnk [2014-11-12 11:12:50 | 085,761,506 | ---- | C] () -- C:\Users\KT\Desktop\COMPONENTS.reg [2014-11-09 19:41:20 | 000,001,321 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014-11-09 19:41:19 | 000,001,333 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2014-09-05 20:14:22 | 003,397,120 | ---- | C] () -- C:\Windows\System32\Osklauncher.exe [2014-09-05 20:14:22 | 000,054,784 | ---- | C] () -- C:\Windows\System32\inject_logon_dll.dll [2014-09-05 20:14:22 | 000,033,632 | ---- | C] () -- C:\Windows\System32\SpyShelterShellExt.dll [2014-02-16 23:39:05 | 000,000,001 | -H-- | C] () -- C:\ProgramData\T23J7 [2014-02-16 23:33:08 | 000,000,128 | -H-- | C] () -- C:\ProgramData\V93GE [2014-02-16 21:41:26 | 000,015,360 | ---- | C] () -- C:\Windows\System32\GetInst32.dll [2014-02-16 21:41:20 | 000,025,600 | R--- | C] () -- C:\Windows\System32\PkImgFilter.dll [2014-02-16 21:41:20 | 000,009,216 | R--- | C] () -- C:\Windows\System32\PkSegFilter.dll [2014-02-16 21:41:08 | 000,000,141 | ---- | C] () -- C:\Windows\A2FU.INI [2014-02-02 10:09:00 | 000,009,360 | ---- | C] () -- C:\Users\KT\AppData\Roaming\Wartości oddzielone przecinkami (Windows).EML [2013-09-30 22:28:23 | 000,004,096 | -H-- | C] () -- C:\Users\KT\AppData\Local\keyfile3.drm [2013-05-02 10:52:07 | 000,009,362 | ---- | C] () -- C:\Users\KT\AppData\Roaming\Microsoft Excel 97-2003.EML [2013-01-05 20:00:54 | 000,002,198 | ---- | C] () -- C:\Users\KT\AppData\Local\Adobe Zapisz dla Internetu 12.0 Prefs [2012-12-18 23:40:20 | 000,000,174 | ---- | C] () -- C:\Users\KT\AppData\Local\Images.fl [2011-10-26 20:37:33 | 000,007,608 | ---- | C] () -- C:\Users\KT\AppData\Local\Resmon.ResmonCfg [2011-07-11 14:17:59 | 000,000,008 | ---- | C] () -- C:\ProgramData\extras.lib [2011-05-22 22:52:15 | 000,036,864 | ---- | C] () -- C:\Users\KT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-05-02 23:07:34 | 000,000,051 | ---- | C] () -- C:\Users\KT\.jalbum-recent-projects.properties [2011-01-01 20:40:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010-08-17 13:27:15 | 000,009,405 | ---- | C] () -- C:\Users\KT\AppData\Roaming\Wartości oddzielone tabulatorami (Windows).EML [2010-08-17 13:24:07 | 000,038,484 | ---- | C] () -- C:\Users\KT\AppData\Roaming\Microsoft Excel 97-2003.ADR [2010-03-18 10:24:27 | 000,000,458 | ---- | C] () -- C:\Users\KT\.jalbum-ftp-accounts.xml [2009-09-26 23:40:02 | 000,017,962 | ---- | C] () -- C:\Users\KT\AppData\Roaming\mainhst.zgh [2009-09-05 23:23:08 | 000,000,095 | ---- | C] () -- C:\Users\KT\AppData\Roaming\default.pls [2009-06-09 19:21:49 | 000,001,024 | ---- | C] () -- C:\Users\KT\.rnd [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014-06-25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012-05-10 15:51:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET [2011-01-05 20:21:14 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\3049164D-2998-42BA-876D-337F6EADEE08 [2011-01-01 20:09:57 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Acronis [2011-09-08 17:43:12 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Ahnenblatt [2014-11-06 21:14:02 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Audacity [2014-06-28 17:49:22 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\AVG [2011-01-01 20:09:59 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Canneverbe Limited [2011-01-01 20:09:59 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Canon [2014-03-02 21:39:48 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\chc [2012-08-20 18:06:51 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012-01-28 19:38:56 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\ChessBase [2011-01-01 20:10:05 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011-01-01 20:10:05 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\COWON [2014-09-25 19:06:08 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\D402CF46-128A-42BC-BC18-07DCAB23E7BE [2014-11-02 07:21:10 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\DVDVideoSoft [2011-03-29 16:11:09 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2014-08-29 13:55:42 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Efficient Software [2013-04-01 11:23:30 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\ESET [2014-11-26 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\FileZilla [2011-10-02 23:15:15 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\FireShot [2014-03-02 18:57:44 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Foxit Software [2011-12-05 15:06:11 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Free MP3 WMA OGG Converter [2014-06-28 18:23:39 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\FreeFileSync [2013-04-18 15:33:14 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\GARMIN [2012-05-12 15:54:32 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Get from YouTube [2014-09-02 10:52:21 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\GHISLER [2013-01-07 17:01:03 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\gtk-2.0 [2011-01-27 16:52:40 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Gzegzolka XP [2014-09-03 13:15:08 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\HD Tune Pro [2011-01-01 20:10:05 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\HDRsoft [2011-12-01 22:41:23 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Import Audio from Video [2014-09-15 15:27:53 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\inkscape [2012-08-29 23:40:32 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\JAlbum [2011-01-01 20:10:21 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Jalbum AB [2013-10-24 14:21:32 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\JAM Software [2010-10-20 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\JPEGsnoop [2014-02-16 23:33:08 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\LaserSoft Imaging [2011-01-01 20:10:21 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Leadertech [2011-01-01 20:10:41 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\mkvtoolnix [2011-07-03 08:52:46 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\MP3SkypeRecorder [2011-01-01 20:10:44 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\muvee Technologies [2012-04-17 09:44:56 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\MyHeritage [2013-12-27 20:24:57 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Nokia [2011-01-01 20:10:45 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Opera [2014-04-17 16:17:50 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Oracle [2014-04-18 09:04:18 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\PDF Architect [2014-10-14 14:21:28 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\PDF Architect 2 [2014-10-14 13:38:48 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\pdfforge [2014-03-16 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Power Sound Editor Free [2014-10-26 12:54:12 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\PTGui [2014-09-30 20:40:27 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\QFX Software [2011-01-01 20:10:47 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Scribus [2014-09-30 20:40:27 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\SpyShelter [2012-04-18 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011-01-01 20:10:59 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Sync App Settings [2011-11-14 16:59:25 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\The Complete Genealogy Reporter [2009-09-15 11:07:23 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\The Complete Genealogy Reporter - FTB [2011-12-27 14:18:07 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Thinstall [2013-11-09 12:20:29 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Thunderbird [2011-01-01 20:11:02 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\TrueCrypt [2014-09-29 23:08:24 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\TuneUp Software [2014-07-18 23:16:58 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Two Pilots [2014-12-08 14:19:42 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\uTorrent [2014-07-14 17:11:13 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\VSO [2013-07-30 23:01:06 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\WebApp [2014-11-28 22:29:31 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\XnView [2014-09-18 09:57:13 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\XnViewMP [2011-01-01 20:11:02 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\ZipGenius [2011-01-01 20:11:02 | 000,000,000 | ---D | M] -- C:\Users\KT\AppData\Roaming\Zoner [2011-12-15 22:55:19 | 000,000,000 | ---D | M] -- C:\Users\Masia\AppData\Roaming\ESET [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 143 bytes -> C:\Users\KT\AppData\Roaming\Wartości oddzielone tabulatorami (Windows).EML:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\KT\AppData\Roaming\Wartości oddzielone przecinkami (Windows).EML:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\KT\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ECE4A64B @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C43ED645 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5F64C164 < End of report >