OTL logfile created on: 2012-07-12 21:06:59 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Łukasz\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,48 Mb Total Physical Memory | 214,77 Mb Available Physical Memory | 41,99% Memory free 865,91 Mb Paging File | 652,63 Mb Available in Paging File | 75,37% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,52 Gb Total Space | 6,84 Gb Free Space | 35,04% Space Free | Partition Type: FAT32 Drive D: | 29,28 Gb Total Space | 27,99 Gb Free Space | 95,60% Space Free | Partition Type: FAT32 Drive E: | 25,66 Gb Total Space | 20,14 Gb Free Space | 78,48% Space Free | Partition Type: FAT32 Computer Name: GUCIO | User Name: Łukasz | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-07-12 21:06:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Łukasz\Moje dokumenty\Pobieranie\OTL.exe PRC - [2012-03-19 07:00:54 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\All Users\Dokumenty\Mozilla Firefox\firefox.exe PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-06-13 20:33:40 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll MOD - [2012-03-19 07:00:52 | 001,969,080 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\Mozilla Firefox\mozjs.dll MOD - [2004-08-25 07:27:00 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012-06-23 18:36:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\pjnvmcbu.sys -- (occwhb) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | System | Stopped] -- -- (Cdaudio) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (AVPsys) DRV - [2011-07-23 16:29:12 | 000,431,672 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010-02-03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-11-20 15:26:50 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901) DRV - [2009-08-04 13:04:28 | 000,102,656 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009-08-04 11:04:26 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5) DRV - [2009-08-04 11:04:26 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5) DRV - [2008-04-14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2004-08-25 07:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2002-12-27 04:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1) DRV - [2001-08-17 20:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gazeta.pl/0,0.html?p=122 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5c0d7deb000000000000000b6a77d39a&tlver=1.4.19.19&affID=17160 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{896B8DA1-0B04-49B6-8A9A-BD8662EA21BB}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=bcc253e2-2367-11e1-9dfc-000b6a77d39a&q={searchTerms} IE - HKLM\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=bcc253e2-2367-11e1-9dfc-000b6a77d39a&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=bcc253e2-2367-11e1-9dfc-000b6a77d39a&q={searchTerms} IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5c0d7deb000000000000000b6a77d39a&tlver=1.4.19.19&affID=17160 IE - HKCU\..\SearchScopes\{896B8DA1-0B04-49B6-8A9A-BD8662EA21BB}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_7_&babsrc=SP_ss&mntrId=5c0d7deb000000000000000b6a77d39a IE - HKCU\..\SearchScopes\{AC19C2D9-DB0E-4418-A64B-C9691CC3E0BC}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101067&mntrId=5c0d7deb000000000000000b6a77d39a IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=bcc253e2-2367-11e1-9dfc-000b6a77d39a&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640 IE - HKCU\..\SearchScopes\{E8A531AA-DE54-4492-B6E2-013378888ED4}: "URL" = http://www.daemon-search.com/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks= [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1&cf=bcc253e2-2367-11e1-9dfc-000b6a77d39a" FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110819&tt=060612_7_&babsrc=KW_ss&mntrId=5c0d7deb000000000000000b6a77d39a&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\3.bin\NPFunWeb.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-24 13:27:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Łukasz\Dane aplikacji\Mozilla\Extensions [2009-06-24 13:27:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Łukasz\Dane aplikacji\Mozilla\Firefox\Profiles\g8rju6yj.default\extensions [2011-03-21 17:07:24 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Łukasz\Dane aplikacji\Mozilla\Firefox\Profiles\g8rju6yj.default\searchplugins\conduit.xml [2011-07-23 16:29:28 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Łukasz\Dane aplikacji\Mozilla\Firefox\Profiles\g8rju6yj.default\searchplugins\daemon-search.xml [2012-06-15 18:17:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Łukasz\Dane aplikacji\Mozilla\Firefox\Profiles\g8rju6yj.default\searchplugins\startsear.xml O1 HOSTS File: ([2010-11-18 17:29:12 | 000,000,733 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [BEWINTERNET-PL-IEWSessionManager] "C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe" File not found O4 - HKLM..\Run: [Browsers Protector] C:\Program Files\Browsers Protector\regmon32.exe () O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [hjenbibtnhieakb] C:\Documents and Settings\All Users\Dane aplikacji\hjenbibt.exe () O4 - HKCU..\Run: [ALLUpdate] "D:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" File not found O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\Łukasz\Ustawienia lokalne\Temp\herss.exe () O4 - HKCU..\Run: [hjenbibtnhieakb] C:\Documents and Settings\All Users\Dane aplikacji\hjenbibt.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{143F99B8-3405-4DDA-98E7-4C074DCB1A5F}: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll () O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Łukasz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Łukasz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005-08-23 21:07:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{4c63f3f0-162a-11de-b693-000b6a77d39a}\Shell\AutoRun\command - "" = G:\jm3cx96.bat O33 - MountPoints2\{4c63f3f0-162a-11de-b693-000b6a77d39a}\Shell\open\Command - "" = G:\jm3cx96.bat O33 - MountPoints2\{57d18840-78c7-11e1-b4e3-000b6a77d39a}\Shell - "" = AutoRun O33 - MountPoints2\{57d18840-78c7-11e1-b4e3-000b6a77d39a}\Shell\AutoRun\command - "" = G:\MicroLauncher.exe O33 - MountPoints2\{57d18842-78c7-11e1-b4e3-000b6a77d39a}\Shell\AutoRun\command - "" = H:\img8hi.exe O33 - MountPoints2\{57d18842-78c7-11e1-b4e3-000b6a77d39a}\Shell\open\Command - "" = H:\img8hi.exe O33 - MountPoints2\{7a50555a-3385-11df-8239-000b6a77d39a}\Shell\AutoRun\command - "" = w9.exe O33 - MountPoints2\{7a50555a-3385-11df-8239-000b6a77d39a}\Shell\open\Command - "" = w9.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (aswBoot.exe /M:4153a6d9) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-07-04 17:14:02 | 000,000,000 | -HSD | C] -- C:\FOUND.107 [2012-07-04 17:09:16 | 000,000,000 | ---D | C] -- C:\_OTL [2012-07-03 23:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer [2012-07-03 21:31:58 | 000,000,000 | -HSD | C] -- C:\FOUND.106 [2012-07-03 20:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Łukasz\Dane aplikacji\Malwarebytes [2012-07-03 20:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2012-07-03 18:45:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012-07-03 12:22:24 | 000,000,000 | -HSD | C] -- C:\FOUND.105 [2012-07-02 21:22:18 | 000,000,000 | -HSD | C] -- C:\FOUND.104 [2012-07-02 15:33:28 | 000,000,000 | -HSD | C] -- C:\FOUND.103 [2012-07-02 07:16:54 | 000,000,000 | -HSD | C] -- C:\FOUND.102 [2012-07-02 00:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\sqwvlqkyicflglb [2012-06-18 22:54:10 | 000,000,000 | -HSD | C] -- C:\FOUND.101 [2012-06-18 17:03:34 | 000,000,000 | -HSD | C] -- C:\FOUND.100 [2012-06-16 16:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\529C505A0007525B000068D90CDF108C [2012-06-15 18:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Browsers Protector [2012-03-21 20:22:36 | 002,447,264 | ---- | C] (DownVision ) -- C:\Documents and Settings\Łukasz\Ustawienia lokalne\Dane aplikacji\setup.exe [774 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ] [10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-07-12 20:51:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-07-12 20:48:28 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\Łukasz\Ustawienia lokalne\Dane aplikacji\d3d9caps.dat [2012-07-07 17:05:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-07-07 11:03:52 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2012-07-04 18:53:30 | 000,000,010 | ---- | M] () -- C:\WINDOWS\Wininit.ini [2012-07-03 21:36:46 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-07-03 20:29:14 | 000,001,112 | ---- | M] () -- C:\Documents and Settings\Łukasz\Pulpit\Skrót do firefox.lnk [2012-07-02 00:15:40 | 000,000,052 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\ygagmqdpqmrqszp [2012-07-02 00:15:32 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\hktqwngv.exe [2012-07-02 00:15:32 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\hjenbibt.exe [2012-06-30 21:49:20 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Łukasz\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-06-23 18:36:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-06-23 18:36:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-06-23 18:36:12 | 009,815,752 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2012-06-16 20:26:48 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\Łukasz\Pulpit\Mozilla Firefox.lnk [774 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-07 17:32:46 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Łukasz\Ustawienia lokalne\Dane aplikacji\d3d9caps.dat [2012-07-07 11:03:50 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2012-07-05 21:54:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-07-04 18:39:45 | 000,118,784 | RHS- | C] () -- C:\img8hi.exe [2012-07-03 20:29:13 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Łukasz\Pulpit\Skrót do firefox.lnk [2012-07-02 00:15:39 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hktqwngv.exe [2012-07-02 00:15:38 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hjenbibt.exe [2012-07-02 00:15:30 | 000,000,052 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ygagmqdpqmrqszp [2011-07-01 20:42:56 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2011-05-07 20:54:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010-10-21 16:49:19 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010-09-15 17:25:54 | 000,000,025 | ---- | C] () -- C:\WINDOWS\TDH_Launcher.ini [2010-07-29 11:13:55 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2009-09-11 15:03:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt [2009-08-17 08:22:12 | 000,078,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-03-28 14:37:12 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Łukasz\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini < End of report >