OTL logfile created on: 05-08-2013 13:13:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tokaj\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: dd-MM-yyyy 2,75 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 66,18% Memory free 5,50 Gb Paging File | 4,30 Gb Available in Paging File | 78,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 54,63 Gb Total Space | 4,52 Gb Free Space | 8,27% Space Free | Partition Type: NTFS Drive E: | 29,49 Gb Total Space | 12,81 Gb Free Space | 43,45% Space Free | Partition Type: NTFS Drive F: | 213,87 Gb Total Space | 81,29 Gb Free Space | 38,01% Space Free | Partition Type: NTFS Drive Z: | 100,00 Mb Total Space | 64,91 Mb Free Space | 64,92% Space Free | Partition Type: NTFS Computer Name: TOKAJ-KOMPUTER | User Name: tokaj | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-08-05 13:10:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tokaj\Downloads\OTL.exe PRC - [2013-08-02 12:00:05 | 000,362,312 | ---- | M] (Woodtale Technology Inc) -- C:\Program Files\iSafe\iSafeTray.exe PRC - [2013-08-02 12:00:03 | 000,472,392 | ---- | M] (Woodtale Technology Inc) -- C:\Program Files\iSafe\iSafeSvc2.exe PRC - [2013-08-02 12:00:02 | 000,324,936 | ---- | M] (Woodtale Technology Inc) -- C:\Program Files\iSafe\iSafeSvc.exe PRC - [2013-07-16 09:19:00 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe PRC - [2013-06-18 16:21:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013-05-24 07:11:58 | 000,762,440 | ---- | M] (Qihu 360 Software Co., Ltd.) -- C:\Program Files\360\360 Internet Security\safemon\360Tray.exe PRC - [2013-05-23 09:54:04 | 002,459,568 | ---- | M] (Qihu 360 Software Co., Ltd.) -- C:\Program Files\360\360 Internet Security\360sd.exe PRC - [2013-05-23 09:54:01 | 000,166,320 | ---- | M] (Qihu 360 Software Co., Ltd.) -- C:\Program Files\360\360 Internet Security\360rp.exe PRC - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-04-18 20:38:38 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe PRC - [2013-04-18 16:58:08 | 000,574,272 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe PRC - [2013-04-08 19:02:16 | 000,720,192 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe PRC - [2013-03-27 05:49:14 | 000,288,192 | ---- | M] (Qihu 360 Software Co., Ltd.) -- C:\Program Files\360\360 Internet Security\deepscan\ZhuDongFangYu.exe PRC - [2012-11-23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012-10-23 18:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2010-11-20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-08-24 11:53:12 | 000,080,384 | ---- | M] () -- C:\Program Files\Tlen7\tlen7.exe PRC - [2009-08-18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2006-11-02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-08-02 12:00:16 | 000,187,208 | ---- | M] () -- C:\Program Files\iSafe\libpng.dll MOD - [2013-07-16 09:19:00 | 016,166,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_94.dll MOD - [2013-06-18 16:21:30 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013-01-15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl MOD - [2013-01-15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl MOD - [2013-01-15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl MOD - [2013-01-15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\webres.dll MOD - [2010-08-24 11:55:14 | 000,146,432 | ---- | M] () -- C:\Program Files\Tlen7\plugins\tlen_updater.o2x MOD - [2010-08-24 11:55:02 | 000,051,712 | ---- | M] () -- C:\Program Files\Tlen7\plugins\tlen_sms_era.o2x MOD - [2010-08-24 11:54:56 | 000,063,488 | ---- | M] () -- C:\Program Files\Tlen7\plugins\tlen_sms_orange.o2x MOD - [2010-08-24 11:54:48 | 000,068,096 | ---- | M] () -- C:\Program Files\Tlen7\plugins\tlen_sms_plus.o2x MOD - [2010-08-24 11:54:44 | 000,131,584 | ---- | M] () -- C:\Program Files\Tlen7\plugins\tlen_sms.o2x MOD - [2010-08-24 11:54:38 | 000,111,616 | ---- | M] () -- C:\Program Files\Tlen7\plugins\screen_sender.o2x MOD - [2010-08-24 11:54:16 | 000,251,904 | ---- | M] () -- C:\Program Files\Tlen7\plugins\tlen_xmpp.o2x MOD - [2010-08-24 11:54:08 | 000,450,048 | ---- | M] () -- C:\Program Files\Tlen7\plugins\tlen_gadu.o2x MOD - [2010-08-24 11:53:36 | 000,130,560 | ---- | M] () -- C:\Program Files\Tlen7\plugins\tlen_blocker_plugin.o2x MOD - [2010-08-24 11:53:30 | 001,990,656 | ---- | M] () -- C:\Program Files\Tlen7\plugins\tlenofonclientNG.o2x MOD - [2010-08-24 11:53:12 | 000,080,384 | ---- | M] () -- C:\Program Files\Tlen7\tlen7.exe MOD - [2010-08-24 11:53:10 | 000,113,152 | ---- | M] () -- C:\Program Files\Tlen7\plugins\tlen_picture.o2x MOD - [2010-08-24 11:53:04 | 000,288,768 | ---- | M] () -- C:\Program Files\Tlen7\plugins\tlen_protocol_plugin_p2p_video_voip.o2x MOD - [2010-08-24 11:52:34 | 000,175,104 | ---- | M] () -- C:\Program Files\Tlen7\plugins\tlen_protocol_plugin_p2p_file.o2x MOD - [2010-08-24 11:52:26 | 000,958,976 | ---- | M] () -- C:\Program Files\Tlen7\plugins\tlen_protocol_plugin_p2p.o2x MOD - [2010-08-24 11:50:20 | 000,050,688 | ---- | M] () -- C:\Program Files\Tlen7\tlen_message_logger.dll MOD - [2010-08-24 11:50:16 | 001,872,384 | ---- | M] () -- C:\Program Files\Tlen7\tlen_application.dll MOD - [2010-08-24 11:50:00 | 000,068,096 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_profiles.dll MOD - [2010-08-24 11:49:54 | 000,087,552 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_editor.dll MOD - [2010-08-24 11:49:48 | 000,355,840 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_main_window.dll MOD - [2010-08-24 11:49:30 | 000,045,056 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gemius.dll MOD - [2010-08-24 11:49:26 | 000,361,984 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_settings_manager.dll MOD - [2010-08-24 11:49:12 | 000,291,328 | ---- | M] () -- C:\Program Files\Tlen7\tlen_video.dll MOD - [2010-08-24 11:48:46 | 000,045,056 | ---- | M] () -- C:\Program Files\Tlen7\tlen_language.dll MOD - [2010-08-24 11:48:44 | 000,120,320 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_roster_filters_tab.dll MOD - [2010-08-24 11:48:34 | 000,093,696 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_notifications_tab.dll MOD - [2010-08-24 11:48:28 | 000,565,248 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_plugin.dll MOD - [2010-08-24 11:48:08 | 000,065,536 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_extensions.dll MOD - [2010-08-24 11:48:02 | 000,117,760 | ---- | M] () -- C:\Program Files\Tlen7\quazip.dll MOD - [2010-08-24 11:47:52 | 000,125,440 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_status_window.dll MOD - [2010-08-24 11:47:46 | 000,067,584 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_login_window.dll MOD - [2010-08-24 11:47:36 | 000,106,496 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_registration_wizard.dll MOD - [2010-08-24 11:47:30 | 000,584,704 | ---- | M] () -- C:\Program Files\Tlen7\tlen_archive_importer_plugin.dll MOD - [2010-08-24 11:47:14 | 000,163,328 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_archive.dll MOD - [2010-08-24 11:47:06 | 000,117,248 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_pubdir_search.dll MOD - [2010-08-24 11:47:02 | 000,209,408 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_notification.dll MOD - [2010-08-24 11:46:44 | 000,056,320 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_tray.dll MOD - [2010-08-24 11:46:38 | 000,135,680 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_accounts_tab.dll MOD - [2010-08-24 11:46:32 | 000,269,824 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_roster.dll MOD - [2010-08-24 11:46:06 | 000,175,616 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_roster_filter.dll MOD - [2010-08-24 11:46:00 | 000,065,024 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_tooltip.dll MOD - [2010-08-24 11:45:58 | 000,097,280 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_buddy_dialog.dll MOD - [2010-08-24 11:45:52 | 000,124,928 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_avatar.dll MOD - [2010-08-24 11:45:28 | 001,223,680 | ---- | M] () -- C:\Program Files\Tlen7\tlen_protocol_plugin.dll MOD - [2010-08-24 11:43:40 | 000,124,416 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_transfers.dll MOD - [2010-08-24 11:43:30 | 000,148,992 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_chat_manager.dll MOD - [2010-08-24 11:43:16 | 000,537,088 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_chat_window.dll MOD - [2010-08-24 11:42:36 | 000,069,120 | ---- | M] () -- C:\Program Files\Tlen7\tlen_archive.dll MOD - [2010-08-24 11:42:32 | 000,144,896 | ---- | M] () -- C:\Program Files\Tlen7\tlen_archive_module.dll MOD - [2010-08-24 11:42:22 | 000,406,016 | ---- | M] () -- C:\Program Files\Tlen7\tlen_db_module.dll MOD - [2010-08-24 11:42:16 | 000,046,080 | ---- | M] () -- C:\Program Files\Tlen7\tlen_archive_backend.dll MOD - [2010-08-24 11:42:12 | 000,051,200 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_context_menu.dll MOD - [2010-08-24 11:42:06 | 000,907,264 | ---- | M] () -- C:\Program Files\Tlen7\tlen_uigenerator.dll MOD - [2010-08-24 11:41:56 | 000,073,728 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_utils.dll MOD - [2010-08-24 11:41:50 | 000,060,928 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_message_box.dll MOD - [2010-08-24 11:41:46 | 000,230,400 | ---- | M] () -- C:\Program Files\Tlen7\tlen_gui_widgets.dll MOD - [2010-08-24 11:41:06 | 000,107,008 | ---- | M] () -- C:\Program Files\Tlen7\tlen_audio.dll MOD - [2010-08-24 11:40:56 | 000,213,504 | ---- | M] () -- C:\Program Files\Tlen7\tlen_roster.dll MOD - [2010-08-24 11:40:52 | 000,441,344 | ---- | M] () -- C:\Program Files\Tlen7\tlen_plugin.dll MOD - [2010-08-24 11:40:18 | 000,093,184 | ---- | M] () -- C:\Program Files\Tlen7\tlen_network.dll MOD - [2010-08-24 11:40:06 | 000,157,184 | ---- | M] () -- C:\Program Files\Tlen7\tlen_settings.dll MOD - [2010-08-24 11:39:56 | 000,265,728 | ---- | M] () -- C:\Program Files\Tlen7\tlen_data.dll MOD - [2010-08-24 11:39:32 | 000,044,032 | ---- | M] () -- C:\Program Files\Tlen7\tlen_xml.dll MOD - [2010-08-24 11:39:28 | 000,052,224 | ---- | M] () -- C:\Program Files\Tlen7\tlen_core.dll MOD - [2010-06-10 10:55:42 | 002,147,328 | ---- | M] () -- C:\Program Files\Tlen7\QtCore4.dll MOD - [2010-06-02 07:09:04 | 000,184,832 | ---- | M] () -- C:\Program Files\Tlen7\phonon_backend\phonon_ds94.dll MOD - [2010-06-02 07:06:16 | 000,027,648 | ---- | M] () -- C:\Program Files\Tlen7\imageformats\qico4.dll MOD - [2010-06-02 07:06:08 | 000,278,528 | ---- | M] () -- C:\Program Files\Tlen7\imageformats\qtiff4.dll MOD - [2010-06-02 07:05:42 | 000,220,672 | ---- | M] () -- C:\Program Files\Tlen7\imageformats\qmng4.dll MOD - [2010-06-02 07:05:28 | 000,025,600 | ---- | M] () -- C:\Program Files\Tlen7\imageformats\qgif4.dll MOD - [2010-06-02 07:05:22 | 000,119,808 | ---- | M] () -- C:\Program Files\Tlen7\imageformats\qjpeg4.dll MOD - [2010-06-02 06:38:40 | 009,837,568 | ---- | M] () -- C:\Program Files\Tlen7\QtWebKit4.dll MOD - [2010-06-02 04:59:26 | 000,232,960 | ---- | M] () -- C:\Program Files\Tlen7\phonon4.dll MOD - [2010-06-02 04:57:42 | 002,530,816 | ---- | M] () -- C:\Program Files\Tlen7\QtXmlPatterns4.dll MOD - [2010-06-02 04:44:54 | 007,982,592 | ---- | M] () -- C:\Program Files\Tlen7\QtGui4.dll MOD - [2010-06-02 04:32:02 | 000,934,912 | ---- | M] () -- C:\Program Files\Tlen7\QtNetwork4.dll MOD - [2010-06-02 04:30:38 | 000,335,360 | ---- | M] () -- C:\Program Files\Tlen7\QtXml4.dll MOD - [2010-01-05 20:00:00 | 003,565,056 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe -- (vToolbarUpdater12.1.3) SRV - [2013-08-02 12:00:02 | 000,324,936 | ---- | M] (Woodtale Technology Inc) [Auto | Running] -- C:\Program Files\iSafe\iSafeSvc.exe -- (iSafeService) SRV - [2013-07-16 09:19:00 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-07-02 22:54:48 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-04-28 13:41:50 | 000,291,248 | ---- | M] (Qihu 360 Software Co., Ltd.) [Auto | Stopped] -- C:\Program Files\360\360 Internet Security\360rps.exe -- (360rp) SRV - [2013-04-18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6) SRV - [2013-03-27 05:49:14 | 000,288,192 | ---- | M] (Qihu 360 Software Co., Ltd.) [Auto | Running] -- C:\Program Files\360\360 Internet Security\deepscan\ZhuDongFangYu.exe -- (ZhuDongFangYu) SRV - [2012-10-23 18:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2012-09-19 15:16:54 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012-04-26 12:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV - [2011-02-12 22:36:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011-01-18 16:19:36 | 000,333,144 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\360\360 Internet Security\scan.dll -- (scan) SRV - [2009-10-13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006-11-02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing) SRV - [2005-09-23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2013-08-02 12:00:31 | 000,038,256 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\iSafe\npf.sys -- (NPF) DRV - [2013-08-02 12:00:30 | 000,139,120 | ---- | M] (Woodtale Technology Inc) [File_System | On_Demand | Running] -- C:\Program Files\iSafe\iSafeKrnl.sys -- (iSafeKrnl) DRV - [2013-06-26 16:50:28 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2013-06-21 16:17:18 | 000,188,176 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2013-06-21 16:16:58 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2013-06-21 16:16:02 | 000,115,984 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2013-06-21 16:16:02 | 000,094,480 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2013-04-26 10:14:52 | 000,171,704 | ---- | M] (Qihu 360 Software Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\BAPIDRV.SYS -- (BAPIDRV) DRV - [2013-04-26 09:50:44 | 000,039,096 | ---- | M] (Qihu 360 Software Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\qutmipc.sys -- (qutmipc) DRV - [2013-04-26 09:50:38 | 000,219,064 | ---- | M] (Qihu 360 Software Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\qutmdrv.sys -- (qutmdserv) DRV - [2013-04-26 07:22:13 | 000,022,584 | ---- | M] (Qihu 360 Software Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\efimon.sys -- (EfiMon) DRV - [2013-04-26 07:22:00 | 000,160,592 | ---- | M] (Qihu 360 Software Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\360SelfProtection.sys -- (360SelfProtection) DRV - [2013-04-26 05:17:16 | 000,057,544 | ---- | M] (Qihu 360 Software Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\360AntiHacker.sys -- (360AntiHacker) DRV - [2013-04-26 05:16:53 | 000,035,008 | ---- | M] (Qihu 360 Software Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\360Camera.sys -- (360Camera) DRV - [2013-03-28 15:33:40 | 000,082,752 | ---- | M] (Qihu 360 Software Co., Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hookport.sys -- (HookPort) DRV - [2013-03-28 04:11:37 | 000,056,512 | ---- | M] (Qihu 360 Software Co., Ltd.) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\360AvFlt.sys -- (360AvFlt) DRV - [2013-03-18 00:36:16 | 000,026,248 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk) DRV - [2013-01-10 21:41:34 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6) DRV - [2013-01-05 13:05:51 | 000,049,528 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt) DRV - [2012-10-23 18:40:32 | 000,062,688 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD) DRV - [2011-12-15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2011-03-18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-07-13 23:34:53 | 000,024,904 | ---- | M] (America Online) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atwpkt2.sys -- (ATWPKT2) DRV - [2010-07-04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010-05-11 13:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133) DRV - [2009-08-18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009-03-30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103) DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=147 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=b986533f-306a-4ff7-91eb-2a7944fd6413&searchtype=ds&q={searchTerms}&installDate=05/08/2013 IE - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=b986533f-306a-4ff7-91eb-2a7944fd6413&searchtype=ds&q={searchTerms}&installDate=05/08/2013 IE - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com IE - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=b986533f-306a-4ff7-91eb-2a7944fd6413&searchtype=hp&installDate=05/08/2013 IE - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=b986533f-306a-4ff7-91eb-2a7944fd6413&searchtype=ds&q={searchTerms}&installDate=05/08/2013 IE - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=b986533f-306a-4ff7-91eb-2a7944fd6413&searchtype=ds&q={searchTerms}&installDate=05/08/2013 IE - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl/0,0.html?p=147" FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 FF - prefs.js..keyword.URL: "" FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1" FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.type: FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@IObit.com/np_Asc_Plugin: C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\tokaj\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\tokaj\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012-08-23 12:16:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2013-03-27 13:37:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-02 22:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-02 22:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-02 22:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-02 22:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-02 22:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-02 22:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-02 22:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-02 22:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-02 22:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-02 22:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-02 22:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-02 22:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-02 22:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-02 22:54:42 | 000,000,000 | ---D | M] [2010-08-10 22:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tokaj\AppData\Roaming\mozilla\Extensions [2010-02-28 09:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tokaj\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013-08-05 11:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tokaj\AppData\Roaming\mozilla\Firefox\Profiles\ga7chqv9.default\extensions [2012-10-17 10:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tokaj\AppData\Roaming\mozilla\Firefox\Profiles\ga7chqv9.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2013-06-22 13:06:41 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\tokaj\AppData\Roaming\mozilla\Firefox\Profiles\ga7chqv9.default\extensions\ascsurfingprotection@iobit.com [2013-08-05 12:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tokaj\AppData\Roaming\mozilla\Firefox\Profiles\hzrwlvm4.default-1350462632093\extensions [2013-04-06 13:10:28 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\tokaj\AppData\Roaming\mozilla\Firefox\Profiles\hzrwlvm4.default-1350462632093\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013-07-26 17:17:15 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\tokaj\AppData\Roaming\mozilla\Firefox\Profiles\hzrwlvm4.default-1350462632093\extensions\flashfirebug@o-minds.com [2013-06-13 08:43:11 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\tokaj\AppData\Roaming\mozilla\firefox\profiles\hzrwlvm4.default-1350462632093\extensions\firebug@software.joehewitt.com.xpi [2013-05-13 11:09:22 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\tokaj\AppData\Roaming\mozilla\firefox\profiles\hzrwlvm4.default-1350462632093\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2013-08-05 12:11:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013-08-05 12:11:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Delta Search (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=b986533f-306a-4ff7-91eb-2a7944fd6413&searchtype=hp&installDate=05/08/2013 CHR - plugin: Pierwszy uĹĽytkownik (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Error reading preferences file CHR - Extension: Chrome Refresh = C:\Users\tokaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aifhnlnghddfdaccgbbpbhjfkmncekmn\1.7_0\ CHR - Extension: Freemake Video Converter = C:\Users\tokaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\ CHR - Extension: IDM Integration = C:\Users\tokaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.9.1_0\ CHR - Extension: No name found = C:\Users\tokaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ CHR - Extension: Chrome Refresh = C:\Users\tokaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aifhnlnghddfdaccgbbpbhjfkmncekmn\1.7_0\ CHR - Extension: Freemake Video Converter = C:\Users\tokaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\ CHR - Extension: IDM Integration = C:\Users\tokaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.9.1_0\ CHR - Extension: No name found = C:\Users\tokaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ O1 HOSTS File: ([2012-04-17 19:03:53 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\PZU SA\PZU Symulator\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [Corel Graphics Suite 1117] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation) O4 - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000..\Run: [360sd] C:\Program Files\360\360 Internet Security\360sdrun.exe (Qihu 360 Software Co., Ltd.) O4 - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit) O4 - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000..\Run: [Tlen.pl] C:\Program Files\Tlen7\tlen7.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3947307290-2269647741-2606122387-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D793FA0-0028-45DD-9DF0-9C0B88E7199A}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{675BA5E1-8686-41FB-92AE-1F6FC539B664}: DhcpNameServer = 79.141.167.14 79.141.160.23 67.221.255.31 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\ADAX1.JPG O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\ADAX1.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{e085fd11-30fc-11e0-b945-406186120a37}\Shell - "" = AutoRun O33 - MountPoints2\{e085fd11-30fc-11e0-b945-406186120a37}\Shell\AutoRun\command - "" = G:\Kurs_AutoCAD_2010_PL.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-08-05 12:31:20 | 000,000,000 | ---D | C] -- C:\Users\tokaj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013-08-05 12:31:18 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013-08-05 12:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013-08-05 12:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013-08-05 12:09:47 | 022,603,488 | ---- | C] (Mozilla) -- C:\Users\tokaj\Desktop\Firefox-Setup-22-0.exe [2013-08-05 11:50:48 | 000,000,000 | ---D | C] -- C:\Users\tokaj\AppData\Roaming\eCyber [2013-08-05 11:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSafe [2013-08-05 11:48:45 | 000,000,000 | ---D | C] -- C:\Users\tokaj\AppData\Roaming\iSafe [2013-08-05 11:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\iSafe [2013-07-30 23:19:06 | 000,000,000 | ---D | C] -- C:\Users\tokaj\Desktop\Archi obrazy [2013-07-26 19:28:59 | 000,000,000 | ---D | C] -- C:\Users\tokaj\Desktop\do zwrotu [2013-07-25 11:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes [2013-07-25 11:17:25 | 000,000,000 | ---D | C] -- C:\Games [2013-07-24 17:31:02 | 000,000,000 | ---D | C] -- C:\Users\tokaj\Desktop\wp2 [2013-07-24 08:15:12 | 000,000,000 | ---D | C] -- C:\Users\tokaj\Desktop\wphckteam [2013-07-20 21:22:36 | 000,000,000 | ---D | C] -- C:\Users\tokaj\Desktop\UT pod seo [2013-07-20 09:32:53 | 000,000,000 | ---D | C] -- C:\Users\tokaj\Desktop\AA-pack [2013-07-18 23:43:05 | 000,000,000 | ---D | C] -- C:\Users\tokaj\AppData\Roaming\vlc [2013-07-18 23:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013-07-18 23:25:55 | 000,000,000 | ---D | C] -- C:\Users\tokaj\AppData\Local\FastStone [2013-07-18 23:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture [2013-07-18 23:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Capture [2013-07-18 09:17:44 | 000,000,000 | -H-D | C] -- C:\Users\tokaj\Documents\Freemake_do_not_remove_this_folder635097358645728707 [2013-07-17 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\tokaj\AppData\Local\gtk-2.0 [2013-07-17 10:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2013-07-17 07:30:40 | 000,000,000 | ---D | C] -- C:\Windows\Corel [2013-07-16 19:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 12 [2013-07-16 19:44:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013-07-15 18:25:37 | 000,000,000 | ---D | C] -- C:\Users\tokaj\Desktop\LiveStream [2013-07-09 10:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Share YouTube Videos [2013-07-09 10:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Share YouTube Videos [2013-07-08 15:19:21 | 000,000,000 | -H-D | C] -- C:\Users\tokaj\Documents\Freemake_do_not_remove_this_folder635088935617899246 [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-08-05 13:10:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3947307290-2269647741-2606122387-1000UA.job [2013-08-05 12:43:09 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\schedule!3036567561.job [2013-08-05 12:42:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-08-05 12:42:09 | 2214,043,648 | -HS- | M] () -- C:\hiberfil.sys [2013-08-05 12:31:20 | 000,002,206 | ---- | M] () -- C:\Users\tokaj\Desktop\SpyHunter.lnk [2013-08-05 12:30:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-08-05 12:25:19 | 000,033,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-08-05 12:25:19 | 000,033,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-08-05 12:11:14 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013-08-05 12:10:35 | 022,603,488 | ---- | M] (Mozilla) -- C:\Users\tokaj\Desktop\Firefox-Setup-22-0.exe [2013-08-05 11:49:00 | 000,002,283 | ---- | M] () -- C:\Users\tokaj\Desktop\Search.lnk [2013-08-05 11:48:58 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\iSafe.lnk [2013-08-01 20:10:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3947307290-2269647741-2606122387-1000Core.job [2013-07-28 15:48:10 | 000,003,852 | ---- | M] () -- C:\Users\tokaj\AppData\Local\recently-used.xbel [2013-07-26 20:36:56 | 000,007,168 | ---- | M] () -- C:\Users\tokaj\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-07-26 19:16:13 | 000,049,930 | ---- | M] () -- C:\Users\tokaj\Desktop\UP.png [2013-07-26 17:16:00 | 000,000,000 | ---- | M] () -- C:\Users\tokaj\mm_backup.cfg [2013-07-22 23:54:58 | 000,030,141 | ---- | M] () -- C:\Users\tokaj\Desktop\konta.odt [2013-07-22 09:48:38 | 000,803,292 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-07-22 09:48:38 | 000,717,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-07-22 09:48:38 | 000,179,038 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-07-22 09:48:38 | 000,145,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-07-20 18:11:15 | 000,768,352 | ---- | M] () -- C:\Users\tokaj\Desktop\1.cdr [2013-07-20 11:27:19 | 000,507,392 | ---- | M] () -- C:\Windows\System32\diantzu.dll [2013-07-16 20:25:08 | 000,405,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013-07-16 18:18:56 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013-07-16 09:19:00 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-07-16 09:19:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013-07-09 10:39:49 | 000,001,073 | ---- | M] () -- C:\Users\tokaj\Desktop\Share YouTube Videos.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-08-05 12:25:01 | 000,002,206 | ---- | C] () -- C:\Users\tokaj\Desktop\SpyHunter.lnk [2013-08-05 12:11:14 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013-08-05 11:48:58 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\iSafe.lnk [2013-08-05 10:58:18 | 000,002,381 | ---- | C] () -- C:\Users\tokaj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk [2013-08-05 10:58:18 | 000,002,283 | ---- | C] () -- C:\Users\tokaj\Desktop\Search.lnk [2013-07-28 15:48:10 | 000,003,852 | ---- | C] () -- C:\Users\tokaj\AppData\Local\recently-used.xbel [2013-07-26 19:16:10 | 000,049,930 | ---- | C] () -- C:\Users\tokaj\Desktop\UP.png [2013-07-26 17:16:00 | 000,000,000 | ---- | C] () -- C:\Users\tokaj\mm_backup.cfg [2013-07-20 11:27:19 | 000,507,392 | ---- | C] () -- C:\Windows\System32\diantzu.dll [2013-07-19 10:38:48 | 000,768,352 | ---- | C] () -- C:\Users\tokaj\Desktop\1.cdr [2013-07-17 10:31:49 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2013-07-16 18:18:29 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013-07-09 10:39:49 | 000,001,073 | ---- | C] () -- C:\Users\tokaj\Desktop\Share YouTube Videos.lnk [2013-07-02 17:36:52 | 000,001,660 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin [2013-06-16 22:38:49 | 000,003,726 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml [2013-06-14 12:49:51 | 000,217,317 | ---- | C] () -- C:\ProgramData\1371206690.bdinstall.bin [2013-06-14 12:44:49 | 000,083,837 | ---- | C] () -- C:\ProgramData\1371206684.bdinstall.bin [2013-05-22 19:25:28 | 000,000,000 | ---- | C] () -- C:\Windows\SUFDesign.INI [2013-04-30 18:51:22 | 000,765,093 | ---- | C] () -- C:\ProgramData\1367339236.bdinstall.bin [2013-04-29 08:05:29 | 000,000,408 | ---- | C] () -- C:\Windows\System32\iolo.ini [2013-04-12 13:31:12 | 000,022,528 | ---- | C] ( ) -- C:\Windows\System32\drivers\gt680x.sys [2013-03-27 13:37:07 | 000,769,144 | ---- | C] () -- C:\Windows\BDTSupport.dll [2013-02-14 17:21:40 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2013-02-14 17:21:40 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\DDE9B96F21.sys [2013-01-04 19:15:38 | 000,005,504 | ---- | C] () -- C:\Users\tokaj\raw32.lc [2012-09-25 19:44:43 | 000,003,676 | ---- | C] () -- C:\Users\tokaj\papkie.class.php [2012-09-25 19:44:43 | 000,003,519 | ---- | C] () -- C:\Users\tokaj\cookie [2012-09-25 19:44:43 | 000,001,830 | ---- | C] () -- C:\Users\tokaj\bot.php [2012-09-25 19:44:43 | 000,000,350 | ---- | C] () -- C:\Users\tokaj\config.php [2012-09-19 22:35:36 | 000,000,000 | ---- | C] () -- C:\Users\tokaj\AppData\Local\Temptable.xml [2012-09-19 15:31:52 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2012-06-22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys [2012-05-15 18:15:32 | 000,007,168 | ---- | C] () -- C:\Users\tokaj\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-04-02 19:06:26 | 000,000,010 | ---- | C] () -- C:\Windows\msoffice.ini [2012-04-01 12:59:17 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2012-04-01 12:30:56 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini [2011-02-13 20:48:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011-01-21 22:39:58 | 000,000,995 | ---- | C] () -- C:\Users\tokaj\pcmscan.cfg [2010-11-14 09:58:52 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010-02-28 15:44:51 | 000,000,193 | ---- | C] () -- C:\Users\tokaj\AppData\Roaming\default.rss [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013-06-11 14:16:52 | 000,000,000 | ---D | M] -- C:\Users\dakota25\AppData\Roaming\Bitdefender [2013-03-30 12:23:50 | 000,000,000 | ---D | M] -- C:\Users\dakota25\AppData\Roaming\iolo [2012-07-31 09:17:43 | 000,000,000 | -HSD | M] -- C:\Users\tokaj\AppData\Roaming\.# [2013-08-05 13:10:44 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\360safe [2013-06-14 12:59:04 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\360SD [2012-06-22 16:53:39 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\3D Button Visual Editor [2013-06-24 13:55:41 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Affilorama [2012-07-23 12:47:51 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\AnvSoft [2011-02-11 19:23:58 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Autodesk [2013-04-26 16:50:17 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Awesomium Technologies LLC [2013-05-22 23:20:23 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Bytessence [2012-09-27 21:42:25 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013-07-03 09:34:44 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\com.dailymotion.massuploader [2010-08-10 22:39:02 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Cream Software [2012-12-07 17:02:22 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\DAEMON Tools Lite [2012-10-04 20:56:57 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\DassaultSystemes [2013-05-27 14:02:44 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\DMCache [2013-01-05 16:01:53 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Dropbox [2012-02-09 19:03:54 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2012-02-23 20:57:50 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\e-pity [2013-08-05 11:50:48 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\eCyber [2013-04-29 21:42:26 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\efile.epity2012 [2010-08-10 22:39:02 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\ESET [2013-07-04 12:43:44 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\EurekaLog [2013-08-05 12:17:29 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\FileZilla [2012-10-15 11:20:55 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Firefly Studios [2013-05-31 13:36:04 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Gadu-Gadu 10 [2013-08-05 01:43:41 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\GG [2012-08-11 21:01:51 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\GHISLER [2013-04-22 21:29:23 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\GSA Search Engine Ranker [2012-09-11 11:35:12 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\gtk-2.0 [2012-02-22 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\HateML [2012-05-07 20:33:31 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\HellShare Upload Manager [2013-06-22 13:06:38 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\IObit [2010-08-10 22:39:51 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\ipla [2013-08-05 12:40:02 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\iSafe [2012-09-03 21:04:59 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Kalydo [2012-09-05 22:22:43 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Notepad++ [2010-10-19 11:07:21 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\OpenFM [2010-08-10 22:40:05 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\OpenOffice.org [2011-12-30 18:16:53 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Opera [2012-07-23 13:45:30 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Publish Providers [2013-07-19 22:43:57 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\PZU_Symulator [2013-04-30 18:34:31 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\QuickScan [2013-02-13 13:17:53 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\S.A.D [2013-04-05 18:59:18 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Sony [2010-09-11 20:14:34 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\SWiSH Max3 [2010-05-25 19:48:35 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\SystemUp [2013-07-02 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Systweak [2010-10-17 00:04:40 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\TeamViewer [2013-03-21 18:46:48 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\TechSmith [2013-03-27 13:25:23 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\TestApp [2010-12-27 18:52:20 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Thinstall [2010-08-10 22:40:08 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Thunderbird [2010-10-15 23:23:36 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Tlen.pl [2013-06-24 13:58:05 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\Traffic Travis v4 [2012-09-28 09:45:19 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\TuneUp Software [2013-08-05 12:17:29 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\uTorrent [2013-07-25 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\wargaming.net [2010-11-16 21:09:34 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\WinBatch [2010-12-02 23:43:22 | 000,000,000 | ---D | M] -- C:\Users\tokaj\AppData\Roaming\XnView [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 143 bytes -> C:\Users\tokaj\AppData\Roaming\default.rss:OECustomProperty @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:DEDEE4A9 < End of report >