OTL logfile created on: 2012-07-02 16:32:57 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kościuczyki\Desktop\Akcja Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19272) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,99 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 77,20% Memory free 6,18 Gb Paging File | 5,69 Gb Available in Paging File | 92,09% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 15,17 Gb Free Space | 10,53% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 15,25 Gb Free Space | 10,59% Space Free | Partition Type: NTFS Computer Name: KOŚCIUCZYKI-PC | User Name: Kościuczyki | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-07-02 16:27:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kościuczyki\Desktop\Akcja\OTL.exe PRC - [2012-05-22 05:28:30 | 001,715,552 | ---- | M] (Avant Force) -- C:\Program Files\Avant Browser\ybrowser.exe PRC - [2012-05-22 05:28:30 | 001,390,432 | ---- | M] (Avant Force) -- C:\Program Files\Avant Browser\avant.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-05-22 05:28:30 | 000,677,376 | ---- | M] () -- C:\Program Files\Avant Browser\_sqlite3.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-06-24 09:42:40 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2010-12-28 10:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006-10-05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2011-10-27 03:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.) DRV - [2011-10-27 03:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV - [2011-10-27 03:25:54 | 000,078,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV - [2011-10-27 03:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011-10-27 03:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011-10-27 03:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010-09-17 19:24:18 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009-12-17 16:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009-10-05 11:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2008-07-27 04:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008-01-21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2006-11-28 20:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=065e0b99-80cf-11e1-a93b-001377adbce8 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {B37EDB01-4803-459D-9451-0168A776F721} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{9B1018E0-4125-426E-85F0-934478ADC7E2}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110409105112350&tb_oid=09-04-2011&tb_mrud=09-04-2011 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com/?o=15709&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} IE - HKCU\..\SearchScopes\{02885A83-CA56-4DB3-B309-3D49B2F400CB}: "URL" = http://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=iron&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899}: "URL" = http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q={searchTerms}&sa=Search&siteurl=qooqlle.com%2F IE - HKCU\..\SearchScopes\{9B1018E0-4125-426E-85F0-934478ADC7E2}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=065e0b99-80cf-11e1-a93b-001377adbce8&q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110409105112350&tb_oid=09-04-2011&tb_mrud=09-04-2011 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-06-16 12:40:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-06-16 12:40:25 | 000,000,000 | ---D | M] [2011-03-16 14:08:03 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ullkdsbqvzhhesm] C:\ProgramData\ullkdsbq.exe () O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aviva.com.pl ([bg] https in Zaufane witryny) O15 - HKCU\..Trusted Domains: aviva.com.pl ([sezam] https in Zaufane witryny) O15 - HKCU\..Trusted Domains: vancargo.com ([citrix] https in Zaufane witryny) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F95FA61-5B42-42B2-8C6B-E7621B039A76}: DhcpNameServer = 192.168.1.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD93989E-7707-4449-B328-409C05F1137A}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC) O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Kościuczyki\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Kościuczyki\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{079e8502-5523-11e0-9657-001377adbce8}\Shell - "" = AutoRun O33 - MountPoints2\{079e8502-5523-11e0-9657-001377adbce8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{2440503a-d43d-11df-8e82-001377adbce8}\Shell\AutoRun\command - "" = G:\Launcher.exe O33 - MountPoints2\{6b2baf03-f80d-11df-8f58-001377adbce8}\Shell\AutoRun\command - "" = G:\p6xebrnt.exe O33 - MountPoints2\{6b2baf03-f80d-11df-8f58-001377adbce8}\Shell\open\Command - "" = G:\p6xebrnt.exe O33 - MountPoints2\{6b2baf0e-f80d-11df-8f58-001377adbce8}\Shell\AutoRun\command - "" = H:\p6xebrnt.exe O33 - MountPoints2\{6b2baf0e-f80d-11df-8f58-001377adbce8}\Shell\open\Command - "" = H:\p6xebrnt.exe O33 - MountPoints2\{84953fec-c280-11df-ab61-001377adbce8}\Shell - "" = AutoRun O33 - MountPoints2\{84953fec-c280-11df-ab61-001377adbce8}\Shell\AutoRun\command - "" = F:\SETUP.EXE /AUTORUN O33 - MountPoints2\{84953fec-c280-11df-ab61-001377adbce8}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{84953fec-c280-11df-ab61-001377adbce8}\Shell\install\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-07-02 11:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012-07-02 08:29:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012-07-02 07:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\fshsnakvquasoxi [2012-06-29 10:09:15 | 000,000,000 | ---D | C] -- C:\Users\Kościuczyki\Desktop\OBSŁUGA OD 1.07.2012 [2012-06-25 08:17:14 | 000,000,000 | ---D | C] -- C:\Users\Kościuczyki\Desktop\ASYSTENTKA [2012-06-25 08:14:24 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012-06-25 08:14:23 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012-06-25 08:14:07 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012-06-25 08:14:07 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012-06-25 08:14:07 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012-06-25 08:13:59 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012-06-25 08:13:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012-06-14 09:26:33 | 000,000,000 | ---D | C] -- C:\Users\Kościuczyki\Desktop\SPOTKANIE PONIEDZIAŁEK [2012-06-13 12:56:19 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012-06-13 12:56:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012-06-13 12:56:17 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012-06-13 12:56:17 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012-06-13 12:56:17 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012-06-13 12:56:17 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012-06-13 12:56:17 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012-06-13 12:56:17 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012-06-13 12:56:17 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012-06-13 12:56:17 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012-06-13 12:56:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012-06-13 12:56:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012-06-13 12:56:16 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012-06-13 12:56:16 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012-06-13 12:56:16 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012-06-13 12:56:16 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012-06-13 12:56:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012-06-13 12:56:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012-06-13 12:56:05 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [5 C:\Users\Kościuczyki\Desktop\*.tmp files -> C:\Users\Kościuczyki\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-07-02 16:21:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-07-02 16:19:11 | 000,137,915 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012-07-02 16:18:53 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-02 16:18:52 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-02 16:18:46 | 000,345,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-07-02 08:39:32 | 000,173,056 | ---- | M] () -- C:\Users\Kościuczyki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-02 08:29:22 | 116,362,898 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012-07-02 07:52:14 | 000,000,052 | ---- | M] () -- C:\ProgramData\lihdoahmyemxaha [2012-07-02 07:52:08 | 000,077,824 | ---- | M] () -- C:\ProgramData\ullkdsbq.exe [2012-07-02 07:52:08 | 000,077,824 | ---- | M] () -- C:\ProgramData\jchixcdj.exe [2012-07-02 07:42:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-06-26 15:49:07 | 000,061,667 | ---- | M] () -- C:\Users\Kościuczyki\Desktop\Tarczyca Dodatkowa Ankieta Medyczna_Uproszczony Underwriting_30-05-2011.pdf [2012-06-24 09:42:39 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012-06-24 09:42:39 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-06-14 15:25:30 | 1957,873,664 | ---- | M] () -- C:\Users\Kościuczyki\Desktop\24 Proces sprzedaży - Twój klucz do sukcesu.mpg [2012-06-14 13:47:31 | 000,402,020 | ---- | M] () -- C:\Users\Kościuczyki\Desktop\Regulamin UFK_Nowa Perspektywa i Kapitalna Przyszłość_czerwiec_2011.pdf [2012-06-13 13:03:04 | 000,024,052 | ---- | M] () -- C:\Users\Kościuczyki\Desktop\PC Arkadiusz Kacprzak.jpg [2012-06-03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012-06-03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012-06-03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012-06-03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012-06-03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [5 C:\Users\Kościuczyki\Desktop\*.tmp files -> C:\Users\Kościuczyki\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-02 08:29:22 | 116,362,898 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012-07-02 07:52:14 | 000,077,824 | ---- | C] () -- C:\ProgramData\jchixcdj.exe [2012-07-02 07:52:13 | 000,077,824 | ---- | C] () -- C:\ProgramData\ullkdsbq.exe [2012-07-02 07:52:08 | 000,000,052 | ---- | C] () -- C:\ProgramData\lihdoahmyemxaha [2012-06-26 15:49:07 | 000,061,667 | ---- | C] () -- C:\Users\Kościuczyki\Desktop\Tarczyca Dodatkowa Ankieta Medyczna_Uproszczony Underwriting_30-05-2011.pdf [2012-06-14 13:47:31 | 000,402,020 | ---- | C] () -- C:\Users\Kościuczyki\Desktop\Regulamin UFK_Nowa Perspektywa i Kapitalna Przyszłość_czerwiec_2011.pdf [2012-06-13 13:03:04 | 000,024,052 | ---- | C] () -- C:\Users\Kościuczyki\Desktop\PC Arkadiusz Kacprzak.jpg [2012-05-30 09:06:19 | 000,000,071 | ---- | C] () -- C:\Windows\ricdb.ini [2012-05-30 09:06:18 | 000,000,020 | ---- | C] () -- C:\Windows\System32\RPCS.ini [2012-05-10 10:23:33 | 000,004,096 | -H-- | C] () -- C:\Users\Kościuczyki\AppData\Local\keyfile3.drm [2012-04-07 18:31:24 | 000,075,045 | ---- | C] () -- C:\Windows\System32\c3bd434b.exe [2011-10-31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011-10-31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011-10-31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011-10-31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011-10-31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011-10-14 16:01:47 | 000,000,012 | ---- | C] () -- C:\Users\Kościuczyki\intlname.ols [2011-08-31 08:21:56 | 006,501,171 | ---- | C] () -- C:\Users\Kościuczyki\AppData\Local\data2.cab [2011-08-31 08:21:56 | 000,646,601 | ---- | C] () -- C:\Users\Kościuczyki\AppData\Local\done.exe [2011-08-31 08:21:56 | 000,498,688 | ---- | C] ( ) -- C:\Users\Kościuczyki\AppData\Local\nvwiz.exe [2011-08-31 08:21:56 | 000,000,246 | ---- | C] () -- C:\Users\Kościuczyki\AppData\Local\Setup.dat [2011-08-31 08:10:49 | 000,000,000 | ---- | C] () -- C:\Users\Kościuczyki\AppData\Local\patterns.ini [2011-08-31 08:10:45 | 000,000,002 | ---- | C] () -- C:\Users\Kościuczyki\AppData\Roaming\System.dat [2011-08-31 08:10:45 | 000,000,002 | ---- | C] () -- C:\Users\Kościuczyki\AppData\Roaming\DirectX.dat [2011-08-31 08:10:45 | 000,000,001 | ---- | C] () -- C:\Users\Kościuczyki\AppData\Roaming\Windows.dat [2011-08-31 08:10:45 | 000,000,001 | ---- | C] () -- C:\Users\Kościuczyki\AppData\Roaming\etc.dat [2011-08-31 08:10:44 | 000,498,688 | ---- | C] ( ) -- C:\ProgramData\nvwiz.exe [2011-06-16 12:15:43 | 000,241,886 | ---- | C] () -- C:\Windows\hpwins24.dat [2011-03-16 14:06:52 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010-12-04 19:46:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010-12-04 19:13:47 | 007,793,152 | RHS- | C] () -- C:\ProgramData\GProton.exe [2010-11-17 22:33:08 | 000,000,099 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010-11-17 22:33:07 | 000,102,522 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010-11-17 22:33:07 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010-11-17 22:33:07 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010-11-17 22:33:07 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010-11-17 22:33:07 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010-11-17 22:33:07 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010-11-17 22:33:07 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010-11-17 22:33:07 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010-11-17 22:33:07 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010-11-17 22:33:07 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010-11-17 22:33:07 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010-11-17 22:33:07 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010-11-17 22:33:07 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010-11-17 22:33:07 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010-11-17 22:33:07 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010-11-17 22:33:07 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010-11-17 22:29:20 | 000,000,025 | ---- | C] () -- C:\Windows\CDE PM100.ini [2010-11-10 16:45:15 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe [2010-10-11 20:26:18 | 000,137,915 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010-10-11 20:26:05 | 000,137,915 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010-10-06 11:04:58 | 000,000,552 | ---- | C] () -- C:\Users\Kościuczyki\AppData\Local\d3d8caps.dat [2010-09-27 16:02:42 | 000,073,590 | ---- | C] () -- C:\Windows\hpqins16.dat [2010-09-22 09:58:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010-09-22 09:58:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010-09-21 20:45:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010-09-21 20:42:52 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010-09-21 19:29:47 | 000,169,218 | ---- | C] () -- C:\Windows\hpoins27.dat [2010-09-21 14:10:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010-09-20 08:48:21 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2010-09-17 20:01:29 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-09-17 19:30:49 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2010-09-17 19:13:11 | 000,173,056 | ---- | C] () -- C:\Users\Kościuczyki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-09-17 19:09:55 | 000,000,680 | ---- | C] () -- C:\Users\Kościuczyki\AppData\Local\d3d9caps.dat [2010-09-02 01:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010-07-30 21:04:53 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 64 bytes -> C:\Users\Kościuczyki\Desktop\24 Proces sprzedaży - Twój klucz do sukcesu.mpg:TOC.WMV < End of report >