OTL logfile created on: 2014-11-11 11:37:59 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\leszek\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17358) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,75 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 62,23% Memory free 5,50 Gb Paging File | 4,08 Gb Available in Paging File | 74,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 227,88 Gb Total Space | 152,09 Gb Free Space | 66,74% Space Free | Partition Type: NTFS Drive D: | 227,88 Gb Total Space | 142,99 Gb Free Space | 62,75% Space Free | Partition Type: NTFS Computer Name: JOLA-KOMPUTER | User Name: leszek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-11-11 11:35:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\leszek\Desktop\OTL.exe PRC - [2014-09-04 13:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2014-07-25 09:42:26 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2014-07-14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe PRC - [2014-07-14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe PRC - [2014-06-09 11:01:17 | 001,229,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pakiet Bezpieczenstwa UPC\apps\ComputerSecurity\Anti-Virus\fssm32.exe PRC - [2014-06-09 11:01:17 | 000,681,000 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pakiet Bezpieczenstwa UPC\apps\ComputerSecurity\Anti-Virus\fsgk32.exe PRC - [2014-05-01 11:47:57 | 000,060,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pakiet Bezpieczenstwa UPC\apps\CCF_Reputation\fsorsp.exe PRC - [2013-08-14 13:23:06 | 000,216,000 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pakiet Bezpieczenstwa UPC\apps\ComputerSecurity\Common\FSMA32.EXE PRC - [2013-05-15 15:05:58 | 000,191,424 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pakiet Bezpieczenstwa UPC\fshoster32.exe PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-12-17 18:12:56 | 000,332,288 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe PRC - [2009-08-24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\DfSdkS.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-05-01 11:23:29 | 000,593,464 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll MOD - [2010-12-17 18:13:00 | 000,049,664 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll MOD - [2010-12-17 18:12:56 | 000,332,288 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2014-10-05 08:41:12 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-09-19 01:50:15 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2014-09-04 13:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014-07-14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc) SRV - [2014-07-14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc) SRV - [2014-05-01 11:47:57 | 000,060,352 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Pakiet Bezpieczenstwa UPC\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient) SRV - [2014-04-03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-08-14 13:23:06 | 000,216,000 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Pakiet Bezpieczenstwa UPC\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA) SRV - [2013-05-27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013-05-15 15:05:58 | 000,191,424 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Pakiet Bezpieczenstwa UPC\fshoster32.exe -- (fshoster) SRV - [2012-10-06 18:28:12 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) SRV - [2012-07-03 04:49:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-08-24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\DfSdkS.exe -- (DfSdkS) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2007-05-31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nvhda32v.sys -- (NVHDA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2014-06-23 19:57:30 | 000,073,896 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Pakiet Bezpieczenstwa UPC\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2014-06-19 17:12:06 | 000,070,184 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Pakiet Bezpieczenstwa UPC\apps\CCF_Scanning\fsni32.sys -- (fsni) DRV - [2014-06-16 07:01:38 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2014-06-16 07:01:38 | 000,089,856 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2014-06-16 07:01:30 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2014-06-16 07:01:30 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2014-06-16 07:01:30 | 000,130,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2014-06-16 07:01:30 | 000,032,064 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2014-06-16 07:01:30 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2014-06-09 11:03:52 | 000,146,472 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Pakiet Bezpieczenstwa UPC\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2014-05-01 12:00:09 | 000,044,240 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts) DRV - [2014-04-01 07:47:10 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2013-08-14 13:22:44 | 000,012,736 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Pakiet Bezpieczenstwa UPC\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista) DRV - [2012-11-22 10:00:00 | 003,081,216 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2012-08-23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012-08-23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011-03-14 07:36:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT) DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-08-13 07:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp) DRV - [2009-07-28 06:26:00 | 009,791,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-07-14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009-07-14 01:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2009-07-14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009-06-12 09:50:50 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2009-06-02 16:04:46 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2005-09-23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type=avastbcl IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=3219913727_67194_E4491345&ts=3145797 IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = http://pl.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type=avastbcl&p={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3924117992-576461840-467304932-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://pl.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type=avastbcl IE - HKU\S-1-5-21-3924117992-576461840-467304932-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://pl.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type=avastbcl&p={searchTerms} IE - HKU\S-1-5-21-3924117992-576461840-467304932-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ IE - HKU\S-1-5-21-3924117992-576461840-467304932-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.pl/ IE - HKU\S-1-5-21-3924117992-576461840-467304932-1003\..\SearchScopes,DefaultScope = {EE787C3C-9781-4F60-9144-867CF372E02C} IE - HKU\S-1-5-21-3924117992-576461840-467304932-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-3924117992-576461840-467304932-1003\..\SearchScopes\{083B013B-BC06-4A46-8F86-5C8FCC449C95}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3176921&CUI=UN26636382493222292&UM=2 IE - HKU\S-1-5-21-3924117992-576461840-467304932-1003\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = http://pl.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type=avastbcl&p={searchTerms} IE - HKU\S-1-5-21-3924117992-576461840-467304932-1003\..\SearchScopes\{EE787C3C-9781-4F60-9144-867CF372E02C}: "URL" = https://www.google.com/search?q={searchTerms} IE - HKU\S-1-5-21-3924117992-576461840-467304932-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) [2014-09-14 08:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leszek\AppData\Roaming\mozilla\Extensions [2013-10-10 18:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [color=#E56717]========== Chrome ==========[/color] CHR - plugin: Error reading preferences file CHR - Extension: Docs = C:\Users\leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Bookmark Manager = C:\Users\leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Bookmark Manager = C:\Users\leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\4.9.0.0_0\ CHR - Extension: No name found = C:\Users\leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_0\ CHR - Extension: No name found = C:\Users\leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh\10.14.370.24_0\ CHR - Extension: No name found = C:\Users\leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidmhllhjmmmnpbiaihafgchacpmokof\1.133\ CHR - Extension: Cloud Print = C:\Users\leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\ CHR - Extension: No name found = C:\Users\leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla\2.0_0\ CHR - Extension: Pierwszy uĹĽytkownik = C:\Users\leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: Pierwszy uĹĽytkownik = C:\Users\leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2014-05-30 06:42:13 | 000,000,355 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - No CLSID value found. O2 - BHO: (no name) - {e6efad0c-2d79-4b0d-8996-3e759a9c7914} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found O4 - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart File not found O4 - HKLM..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe File not found O4 - HKLM..\Run: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h File not found O4 - HKLM..\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe File not found O4 - HKU\S-1-5-21-3924117992-576461840-467304932-1003..\Run: [MyCuteBuddy] "C:\Program Files\My Cute Buddy\myCuteBuddy.exe" "file:///C:/Program Files/My Cute Buddy/Content/Cute Kitty/piticho.buddy" /m /u File not found O4 - Startup: C:\Users\leszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-3924117992-576461840-467304932-1003\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites) O15 - HKU\S-1-5-21-3924117992-576461840-467304932-1003\..Trusted Domains: wp.pl ([czat] http in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 62.179.1.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BF538B0-3B30-4F9A-8DAA-7B97DE03BF83}: DhcpNameServer = 62.179.1.62 62.179.1.63 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2013-05-15 11:36:22 | 000,032,155 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O32 - AutoRun File - [2013-05-10 19:41:26 | 000,000,000 | ---D | M] - D:\AUTO MAPA -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-11-11 11:35:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\leszek\Desktop\OTL.exe [2014-11-02 19:59:52 | 334,149,416 | ---- | C] (Microsoft) -- C:\Users\leszek\Desktop\PinnacleStudio_Patch_17_5_0.exe [2014-10-26 17:46:11 | 000,000,000 | ---D | C] -- C:\Users\leszek\kółko i krzyżyk [2014-10-26 14:14:13 | 000,000,000 | ---D | C] -- C:\Users\leszek\Documents\Nowy folder (4) [2014-10-26 12:59:42 | 000,000,000 | ---D | C] -- C:\Users\leszek\Documents\win3 [2014-10-24 17:30:32 | 000,000,000 | ---D | C] -- C:\Users\leszek\Desktop\Nowy folder (2) [2014-10-22 19:09:10 | 000,000,000 | ---D | C] -- C:\Users\leszek\Documents\Nowy folder (2) [2014-10-19 19:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2014-10-19 19:53:05 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2014-10-19 19:52:52 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2014-10-19 19:52:52 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2014-10-19 19:52:52 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2014-10-19 19:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014-10-15 13:55:13 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll [2014-10-15 13:55:12 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2014-10-15 13:55:11 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll [2014-10-15 13:55:09 | 002,379,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014-10-15 13:54:44 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll [2014-10-15 13:54:43 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2014-10-15 13:54:43 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe [2014-10-15 13:54:43 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll [2014-10-15 13:54:42 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014-10-15 13:54:42 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014-10-15 13:54:41 | 000,365,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2014-10-15 13:54:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll [2014-10-15 13:54:39 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014-10-15 13:54:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2014-10-15 13:54:38 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2014-10-15 13:54:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll [2014-10-15 13:54:35 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll [2014-10-15 13:54:33 | 004,201,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014-10-15 13:54:27 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2014-10-15 13:54:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2014-10-15 13:54:25 | 000,331,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2014-10-15 13:54:24 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014-10-15 13:54:24 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2014-10-15 13:54:24 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014-10-15 13:54:22 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014-10-15 13:54:22 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2014-10-15 13:54:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2014-10-15 13:54:12 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2014-10-15 13:54:11 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2014-10-15 13:53:59 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2014-10-15 13:53:59 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2014-10-15 13:53:52 | 002,744,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2014-10-15 13:53:10 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2014-10-15 13:51:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2014-10-15 13:51:19 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll [2014-10-15 13:51:18 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll [2014-10-15 13:51:17 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll [2014-10-15 13:51:08 | 003,208,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2014-10-15 13:51:08 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll [2014-10-15 13:51:07 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll [2014-10-15 13:51:07 | 000,409,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2014-10-15 13:51:06 | 000,521,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2014-10-15 13:51:06 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll [2014-10-15 13:51:05 | 000,455,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2014-10-15 13:51:04 | 003,970,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2014-10-15 13:51:04 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll [2014-10-15 13:51:02 | 003,914,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2014-10-15 13:51:02 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2014-10-15 13:51:02 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll [2014-10-15 13:50:59 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2014-10-15 13:50:58 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll [2014-10-15 13:50:57 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll [2014-10-15 13:50:57 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll [2014-10-15 13:50:57 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe [2014-10-15 13:50:57 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe [2014-10-15 13:50:56 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2014-10-15 13:50:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidpolicyconverter.exe [2014-10-15 13:50:56 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidapi.dll [2014-10-15 13:50:54 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll [2014-10-15 13:50:54 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe [2014-10-15 13:50:54 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidcertstorecheck.exe [2014-10-15 13:50:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2014-10-15 13:50:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2014-10-15 13:50:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2014-10-15 13:50:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll [2014-10-15 13:50:47 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-11-11 11:35:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\leszek\Desktop\OTL.exe [2014-11-11 11:33:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-11-11 11:33:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\DSite.job [2014-11-11 11:05:25 | 000,023,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-11-11 11:05:25 | 000,023,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-11-11 11:01:26 | 000,740,672 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2014-11-11 11:01:26 | 000,654,464 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014-11-11 11:01:26 | 000,156,214 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2014-11-11 11:01:26 | 000,122,336 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014-11-11 10:57:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-11-11 10:56:58 | 2213,351,424 | -HS- | M] () -- C:\hiberfil.sys [2014-11-10 11:26:47 | 558,177,864 | ---- | M] () -- C:\Users\leszek\Desktop\MAKBET.Macbeth.1983.BBC.LEKTOR.avi [2014-11-09 15:13:37 | 1172,302,845 | ---- | M] () -- C:\Users\leszek\Desktop\Polsat Boxing Night 3 Gala cz.2 (2014) Komentarz PL.DVBRip.XviD.avi [2014-11-09 13:41:06 | 450,000,806 | ---- | M] () -- C:\Users\leszek\Desktop\Tomasz Adamek - Artur Szpilka (2014) Komentarz PL DVBRip XviD-TROD4T.avi [2014-11-08 00:09:16 | 002,811,224 | ---- | M] () -- C:\Users\leszek\Desktop\awantura - czerwone skurwysyny.mp3 [2014-11-02 20:11:19 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2014-11-02 20:11:03 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Studio 17.lnk [2014-11-02 20:00:42 | 334,149,416 | ---- | M] (Microsoft) -- C:\Users\leszek\Desktop\PinnacleStudio_Patch_17_5_0.exe [2014-10-23 08:33:32 | 445,644,800 | ---- | M] () -- C:\Users\leszek\Documents\ophcrack-xp-livecd-3.6.0.iso [2014-10-23 06:23:44 | 002,399,596 | ---- | M] () -- C:\Users\leszek\Documents\Kon Boot v2.1.rar [2014-10-19 19:52:42 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2014-10-19 19:52:39 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2014-10-19 19:52:39 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2014-10-19 19:52:38 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2014-10-15 18:36:42 | 003,910,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014-10-14 12:18:28 | 058,564,453 | ---- | M] () -- C:\Users\leszek\Desktop\035b.psd [2014-10-14 10:24:31 | 005,041,253 | ---- | M] () -- C:\Users\leszek\Desktop\035b.jpg [2014-10-14 09:58:22 | 002,687,056 | ---- | M] () -- C:\Users\leszek\Desktop\F - 0689.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-11-11 10:54:57 | 000,001,090 | ---- | C] () -- C:\Users\leszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk [2014-11-10 11:24:52 | 558,177,864 | ---- | C] () -- C:\Users\leszek\Desktop\MAKBET.Macbeth.1983.BBC.LEKTOR.avi [2014-11-09 15:10:24 | 1172,302,845 | ---- | C] () -- C:\Users\leszek\Desktop\Polsat Boxing Night 3 Gala cz.2 (2014) Komentarz PL.DVBRip.XviD.avi [2014-11-09 13:39:51 | 450,000,806 | ---- | C] () -- C:\Users\leszek\Desktop\Tomasz Adamek - Artur Szpilka (2014) Komentarz PL DVBRip XviD-TROD4T.avi [2014-11-08 00:09:15 | 002,811,224 | ---- | C] () -- C:\Users\leszek\Desktop\awantura - czerwone skurwysyny.mp3 [2014-11-02 20:11:03 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Studio 17.lnk [2014-10-23 18:26:19 | 445,644,800 | ---- | C] () -- C:\Users\leszek\Documents\ophcrack-xp-livecd-3.6.0.iso [2014-10-23 18:22:25 | 002,399,596 | ---- | C] () -- C:\Users\leszek\Documents\Kon Boot v2.1.rar [2014-10-14 10:09:38 | 005,041,253 | ---- | C] () -- C:\Users\leszek\Desktop\035b.jpg [2014-10-14 09:58:10 | 002,687,056 | ---- | C] () -- C:\Users\leszek\Desktop\F - 0689.jpg [2014-10-14 09:31:02 | 058,564,453 | ---- | C] () -- C:\Users\leszek\Desktop\035b.psd [2014-09-18 10:06:34 | 002,277,376 | ---- | C] () -- C:\Windows\System32\eed_ec.dll [2014-09-18 10:06:30 | 000,000,273 | ---- | C] () -- C:\Windows\System32\eed_sl.exe.config [2014-05-01 11:49:12 | 000,044,240 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys [2014-04-05 17:43:22 | 000,001,581 | ---- | C] () -- C:\Windows\wininit.ini [2014-03-10 20:58:17 | 000,019,897 | ---- | C] () -- C:\Windows\prodsett_copy.ini [2014-02-19 12:34:25 | 000,002,161 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini [2014-02-14 22:08:19 | 000,237,568 | R--- | C] () -- C:\Windows\System32\qtmlClient.dll [2013-10-22 21:02:55 | 000,000,017 | ---- | C] () -- C:\Users\leszek\AppData\Local\resmon.resmoncfg [2013-07-22 21:38:43 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe [2013-07-18 13:32:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013-05-27 20:49:29 | 000,000,132 | ---- | C] () -- C:\Users\leszek\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG [2013-05-15 11:36:06 | 000,019,822 | ---- | C] () -- C:\Program Files\AutoMapa EU.md5 [2013-03-14 16:21:50 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll [2013-02-06 21:51:13 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2013-02-06 12:07:05 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll [2013-02-01 16:33:21 | 000,124,792 | ---- | C] () -- C:\Windows\Wiainst.exe [2013-02-01 16:32:32 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssm1mlm.dll [2013-02-01 16:31:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll [2013-02-01 16:31:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll [2013-02-01 16:31:52 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll [2013-01-17 22:27:38 | 000,884,736 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2013-01-17 22:27:38 | 000,147,456 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2013-01-17 22:27:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll [2013-01-17 22:27:37 | 005,124,096 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2013-01-17 22:27:37 | 000,363,008 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2013-01-17 22:27:36 | 000,456,192 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2013-01-17 22:27:36 | 000,188,416 | ---- | C] () -- C:\Windows\System32\ff_theora.dll [2013-01-17 22:27:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll [2013-01-17 22:27:36 | 000,074,240 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll [2013-01-17 22:27:35 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll [2013-01-17 22:27:35 | 000,005,224 | ---- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2013-01-17 22:27:33 | 000,421,888 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll [2013-01-17 22:27:33 | 000,061,440 | ---- | C] () -- C:\Windows\System32\libfaac.dll [2012-12-10 14:26:34 | 003,668,480 | ---- | C] () -- C:\Windows\System32\CosmoRenderer.dll [2012-12-08 20:23:30 | 000,000,288 | ---- | C] () -- C:\Users\leszek\AppData\Roaming\.backup.dm [2012-10-27 21:30:02 | 000,000,132 | ---- | C] () -- C:\Users\leszek\AppData\Roaming\Preferencje Adobe CS5 dla formatu GIF [2012-10-11 16:49:20 | 000,012,288 | ---- | C] () -- C:\Users\leszek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014-06-25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2014-10-11 17:44:59 | 000,000,000 | ---D | M] -- C:\Users\JOLA\AppData\Roaming\AVG [2013-07-13 19:11:25 | 000,000,000 | ---D | M] -- C:\Users\JOLA\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012-11-24 15:20:45 | 000,000,000 | ---D | M] -- C:\Users\JOLA\AppData\Roaming\DAEMON Tools Lite [2013-04-15 13:48:33 | 000,000,000 | ---D | M] -- C:\Users\JOLA\AppData\Roaming\Desk 365 [2013-06-01 11:16:17 | 000,000,000 | ---D | M] -- C:\Users\JOLA\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2013-11-26 18:56:08 | 000,000,000 | ---D | M] -- C:\Users\JOLA\AppData\Roaming\OpenOffice [2013-06-02 10:01:58 | 000,000,000 | ---D | M] -- C:\Users\JOLA\AppData\Roaming\OpenOffice.org [2012-12-16 18:14:41 | 000,000,000 | ---D | M] -- C:\Users\JOLA\AppData\Roaming\PC Suite [2014-08-02 19:15:29 | 000,000,000 | ---D | M] -- C:\Users\JOLA\AppData\Roaming\Samsung [2013-12-25 00:06:00 | 000,000,000 | ---D | M] -- C:\Users\JOLA\AppData\Roaming\Thermaltake KB [2013-07-05 11:46:55 | 000,000,000 | ---D | M] -- C:\Users\JOLA\AppData\Roaming\Thinstall [2013-09-29 09:23:08 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\.minecraft [2014-05-09 21:39:09 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\0F1F1C2Y1H1P1C0I0T [2014-05-30 11:58:22 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Ashampoo [2013-12-23 22:43:31 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Audacity [2013-05-28 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\AutoUpdate [2014-10-11 09:42:56 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\AVG [2013-08-04 19:11:31 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Azureus [2012-07-15 21:51:17 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012-10-22 20:19:24 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\com.adobe.WidgetBrowser [2012-10-03 20:34:26 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\DAEMON Tools Lite [2014-04-10 17:32:05 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\DVD-Cloner [2013-01-31 15:49:57 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2012-09-09 00:55:21 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Gadu-Gadu 10 [2014-11-11 09:45:08 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\GG [2012-12-06 20:38:11 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Imagenomic [2013-11-28 12:16:34 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Iminent [2013-05-28 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Kamerzysta [2013-03-14 16:22:44 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\MOVAVI [2013-06-05 19:08:25 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\NapiProjekt [2012-12-06 20:09:07 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Nik Software [2013-09-27 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Nokia [2012-10-13 14:17:02 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Nokia Suite [2014-09-14 08:15:08 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\OpenFM [2013-11-09 22:39:44 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\OpenOffice [2013-02-22 11:58:42 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\OpenOffice.org [2014-05-09 21:38:40 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Opera Software [2012-10-13 17:17:26 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\PC Suite [2014-02-25 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\proDAD [2014-10-11 09:39:39 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\RHEng [2013-11-01 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Samsung [2013-11-28 11:47:49 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\SANDISK SANSA CLIP user guide [2014-02-18 12:53:41 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Sony [2012-11-20 21:00:04 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2014-05-10 10:27:40 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Systweak [2013-07-05 11:47:24 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\Thinstall [2013-09-18 09:08:23 | 000,000,000 | ---D | M] -- C:\Users\leszek\AppData\Roaming\WinZipper [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720 < End of report >