Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014 Ran by admin (administrator) on OLA on 07-01-2014 11:38:05 Running from C:\Documents and Settings\admin\Pulpit Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe () C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (CryptoTech Sp. z o.o.) C:\Program Files\CryptoTech\CryptoCard\CCMonitor.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (France Telecom SA) C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe (Creative Technology Ltd) C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Netropa Corp.) C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe (HP) C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\Keymaestro\Multimedia Keyboard\Traymon.exe (Netropa Corp.) C:\Program Files\Keymaestro\Onscreen Display\osd.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe () C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe () C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe () C:\Program Files\Plustek\OpticSlim 2420+\AM32.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (OldTimer Tools) C:\Documents and Settings\admin\Pulpit\OTL.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.exe [16126464 2007-04-10] (Realtek Semiconductor Corp.) HKLM\...\Run: [SkyTel] - C:\WINDOWS\SkyTel.exe [1822720 2007-04-04] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] - C:\WINDOWS\Alcmtr.exe [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [ATICCC] - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [45056 2006-01-02] (ATI Technologies Inc.) HKLM\...\Run: [CryptoCard Suite Cert Monitor] - C:\Program Files\CryptoTech\CryptoCard\CCMonitor.exe [237568 2006-04-06] (CryptoTech Sp. z o.o.) HKLM\...\Run: [Network Drive Mapping Utility] - C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe [286336 2007-08-24] () HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) HKLM\...\Run: [CardDetectorZTEMF636] - C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe [274432 2008-10-14] (France Telecom SA) HKLM\...\Run: [CTCheck] - C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [397312 2007-11-06] (Creative Technology Ltd) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [MULTIMEDIA KEYBOARD] - C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe [176128 2002-07-30] (Netropa Corp.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [ToolBoxFX] - C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe [53248 2007-07-11] (HP) HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [738496 2013-10-18] () Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.) HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKCU\...\Run: [Network Drive Mapping Utility] - C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe [286336 2007-08-24] () HKCU\...\Run: [CTSyncU.exe] - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [868352 2007-07-17] () HKCU\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Documents and Settings\admin\Dane aplikacji\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=4273c6df12c998c3c67c13d1aac081b6-a4cca59a7271c076cd3019e85f2869b281084197 /CMPID=1213b MountPoints2: {6623e18c-d6cb-11df-9ad8-001d60965b6a} - F:\AutoRunCardDetector.exe MountPoints2: {c9e4dcd7-e221-11dd-98d4-001d60965b6a} - F:\setupSNK.exe Startup: C:\Documents and Settings\admin\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Plustek OpticSlim 2420+.lnk ShortcutTarget: Plustek OpticSlim 2420+.lnk -> C:\Program Files\Plustek\OpticSlim 2420+\AM32.exe () BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD1600AAJS-75B4A0_WD-WMAT2144293042930&ts=1358430359 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD1600AAJS-75B4A0_WD-WMAT2144293042930&ts=1358430359 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD1600AAJS-75B4A0_WD-WMAT2144293042930&ts=1358430359 URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: HKCU - (No Name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No File SearchScopes: HKLM - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=3896001D60965B6A SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=GLSV5&o=10168&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=GL&apn_dtid=YYYYYYYYPL&apn_uid=1775AE76-A95D-47D9-8DD0-9E6D06C01CBE&apn_sauid=227D1DE3-2226-4E8B-8296-47385535889E SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {B7B664DF-3AF9-4C8E-8148-F42BB7831D27} URL = http://www.ask.com/web?o=15710&l=dis&q={searchTerms} SearchScopes: HKCU - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} - No File BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) BHO: TBSB05810 Class - {A7AF277D-1466-4A7B-93AF-B043984A5671} - C:\Program Files\Glarysoft Toolbar\tbcore3.dll () BHO: No Name - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No File BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Glarysoft Toolbar - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files\Glarysoft Toolbar\tbcore3.dll () Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM - No Name - {82E1477C-B154-48D3-9891-33D83C26BCD3} - No File Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - Glarysoft Toolbar - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files\Glarysoft Toolbar\tbcore3.dll () Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {961480A1-6231-445F-AF8F-5F52B081391A} http://www.e-no1.pl/e-photoshop/eno1_pl/uploader/PoewarePhotoSender.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\buqq7hp6.default-1371562245468 FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\glarysearch.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\v9.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wolnelektury-pl.xml FF Extension: Greasemonkey - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\buqq7hp6.default-1371562245468\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 ========================== Services (Whitelisted) ================= S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-06-07] () R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) R2 nhksrv; C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe [28672 2001-08-06] () R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== R3 AtcL001; C:\Windows\System32\DRIVERS\atl01_xp.sys [35840 2006-10-31] (Attansic Technology corporation.) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.) R1 msikbd2k; C:\Windows\System32\DRIVERS\msikbd2k.sys [6656 2001-12-20] (Netropa Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-10-18] (SCM Microsystems Inc.) S3 ZTEusbnmeaext; C:\Windows\System32\DRIVERS\ZTEusbnmeaext.sys [103936 2008-10-14] (ZTE Incorporated) U2 CertPropSvc; S4 IntelIde; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-07 11:38 - 2014-01-07 11:38 - 00017423 _____ C:\Documents and Settings\admin\Pulpit\FRST.txt 2014-01-07 11:37 - 2014-01-07 11:37 - 00000000 ____D C:\FRST 2014-01-07 11:32 - 2014-01-07 11:32 - 01064805 _____ (Farbar) C:\Documents and Settings\admin\Pulpit\FRST.exe 2014-01-07 11:27 - 2014-01-07 11:38 - 00091134 _____ C:\Documents and Settings\admin\Pulpit\OTL.Txt 2014-01-07 11:27 - 2014-01-07 11:38 - 00043890 _____ C:\Documents and Settings\admin\Pulpit\Extras.Txt 2014-01-07 11:20 - 2014-01-07 11:20 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\admin\Pulpit\OTL.exe 2014-01-07 10:34 - 2014-01-07 10:40 - 01260872 _____ (Macrovision Corporation) C:\Documents and Settings\admin\Pulpit\Install.exe 2014-01-07 09:21 - 2014-01-07 09:20 - 00001012 _____ C:\Documents and Settings\admin\Pulpit\nccert-n.crl 2013-12-20 10:08 - 2013-12-23 10:42 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-11 11:11 - 2013-12-11 11:12 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Asseco Poland SA 2013-12-11 11:10 - 2013-12-11 11:10 - 00000631 _____ C:\Documents and Settings\All Users\Pulpit\Płatnik 9.01.001.lnk 2013-12-11 11:10 - 2013-12-11 11:10 - 00000000 ____D C:\Program Files\Microsoft WSE 2013-12-11 11:10 - 2013-12-11 11:10 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Płatnik 9.01.001 2013-12-11 11:10 - 2013-12-11 11:10 - 00000000 ____D C:\Documents and Settings\admin\Menu Start\Programy\Microsoft WSE 3.0 2013-12-11 10:34 - 2013-12-11 10:34 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\Płatnik 2013-12-11 10:32 - 2009-02-02 15:29 - 15077376 _____ C:\Documents and Settings\admin\Pulpit\Płatnik.mdb 2013-12-10 10:29 - 2013-12-10 10:32 - 00000000 ____D C:\ARCHIWUM 2013-12-10 10:29 - 2013-12-10 10:29 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\VATowiec 2013-12-10 10:29 - 2013-12-10 10:29 - 00000000 ____D C:\BR 2013-12-10 10:23 - 2013-12-10 10:28 - 00000000 ____D C:\Program Files\Mobogenie 2013-12-10 10:23 - 2013-12-10 10:27 - 00000000 ____D C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Mobogenie 2013-12-10 10:23 - 2013-12-10 10:23 - 00000000 ____D C:\Documents and Settings\admin\Moje dokumenty\Mobogenie 2013-12-10 10:23 - 2013-12-10 10:23 - 00000000 _____ C:\Documents and Settings\admin\daemonprocess.txt 2013-12-10 10:21 - 2013-12-10 10:21 - 05933604 _____ (Piotr Kowaluk ) C:\Documents and Settings\admin\Moje dokumenty\br32k.exe ==================== One Month Modified Files and Folders ======= 2014-01-07 11:38 - 2014-01-07 11:38 - 00017423 _____ C:\Documents and Settings\admin\Pulpit\FRST.txt 2014-01-07 11:38 - 2014-01-07 11:27 - 00091134 _____ C:\Documents and Settings\admin\Pulpit\OTL.Txt 2014-01-07 11:38 - 2014-01-07 11:27 - 00043890 _____ C:\Documents and Settings\admin\Pulpit\Extras.Txt 2014-01-07 11:38 - 2008-09-09 11:26 - 00000000 ____D C:\Documents and Settings\admin\Pulpit 2014-01-07 11:37 - 2014-01-07 11:37 - 00000000 ____D C:\FRST 2014-01-07 11:32 - 2014-01-07 11:32 - 01064805 _____ (Farbar) C:\Documents and Settings\admin\Pulpit\FRST.exe 2014-01-07 11:20 - 2014-01-07 11:20 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\admin\Pulpit\OTL.exe 2014-01-07 11:02 - 2013-02-15 16:17 - 00000245 _____ C:\WINDOWS\Msiosd.ini 2014-01-07 11:00 - 2010-07-26 11:35 - 00000310 _____ C:\WINDOWS\Tasks\GlaryInitialize.job 2014-01-07 11:00 - 2008-09-09 11:19 - 01280724 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-07 10:57 - 2008-09-09 13:08 - 00000159 _____ C:\WINDOWS\wiadebug.log 2014-01-07 10:57 - 2008-09-09 13:08 - 00000050 _____ C:\WINDOWS\wiaservc.log 2014-01-07 10:57 - 2008-09-09 11:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-07 10:56 - 2008-09-09 11:26 - 00000188 ___SH C:\Documents and Settings\admin\ntuser.ini 2014-01-07 10:56 - 2008-09-09 11:25 - 00032600 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-07 10:55 - 2012-01-03 07:21 - 00000000 ____D C:\Documents and Settings\All Users\Dokumenty\TaxMachine 2014-01-07 10:55 - 2008-09-10 15:02 - 00000000 ____D C:\TaxMachine 2014-01-07 10:54 - 2012-06-20 06:41 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-07 10:40 - 2014-01-07 10:34 - 01260872 _____ (Macrovision Corporation) C:\Documents and Settings\admin\Pulpit\Install.exe 2014-01-07 09:20 - 2014-01-07 09:21 - 00001012 _____ C:\Documents and Settings\admin\Pulpit\nccert-n.crl 2014-01-07 09:19 - 2011-03-18 08:20 - 00000000 ____D C:\Documents and Settings\admin\Moje dokumenty\Pobieranie 2014-01-07 08:02 - 2012-04-02 09:18 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2014-01-07 07:39 - 2008-04-15 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2013-12-23 13:41 - 2008-09-09 11:26 - 00000000 ____D C:\Documents and Settings\admin 2013-12-23 10:45 - 2008-09-09 13:06 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2013-12-23 10:45 - 2008-09-09 11:26 - 00000000 ____D C:\Documents and Settings\admin\Dane aplikacji 2013-12-23 10:42 - 2013-12-20 10:08 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-19 13:37 - 2009-05-18 15:32 - 00000000 ____D C:\Documents and Settings\admin\Moje dokumenty\różne 2013-12-16 14:59 - 2013-10-30 15:50 - 00029696 _____ C:\Documents and Settings\admin\Pulpit\kilometrówka.xls 2013-12-11 11:12 - 2013-12-11 11:11 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Asseco Poland SA 2013-12-11 11:12 - 2008-09-09 13:06 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2013-12-11 11:12 - 2008-09-09 13:06 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2013-12-11 11:12 - 2008-09-09 11:32 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-12-11 11:10 - 2013-12-11 11:10 - 00000631 _____ C:\Documents and Settings\All Users\Pulpit\Płatnik 9.01.001.lnk 2013-12-11 11:10 - 2013-12-11 11:10 - 00000000 ____D C:\Program Files\Microsoft WSE 2013-12-11 11:10 - 2013-12-11 11:10 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Płatnik 9.01.001 2013-12-11 11:10 - 2013-12-11 11:10 - 00000000 ____D C:\Documents and Settings\admin\Menu Start\Programy\Microsoft WSE 3.0 2013-12-11 11:10 - 2008-09-09 12:02 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2013-12-11 11:10 - 2008-09-09 11:26 - 00000000 ____D C:\Documents and Settings\admin\Menu Start\Programy 2013-12-11 10:58 - 2012-06-20 06:41 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-12-11 10:58 - 2011-06-21 08:29 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-12-11 10:34 - 2013-12-11 10:34 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\Płatnik 2013-12-11 09:47 - 2008-09-11 10:15 - 00000000 ____D C:\Documents and Settings\admin\Dane aplikacji\Macromedia 2013-12-11 07:56 - 2008-09-09 11:56 - 00089024 _____ C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2013-12-11 07:53 - 2008-09-09 13:05 - 00356952 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-10 10:32 - 2013-12-10 10:29 - 00000000 ____D C:\ARCHIWUM 2013-12-10 10:29 - 2013-12-10 10:29 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\VATowiec 2013-12-10 10:29 - 2013-12-10 10:29 - 00000000 ____D C:\BR 2013-12-10 10:28 - 2013-12-10 10:23 - 00000000 ____D C:\Program Files\Mobogenie 2013-12-10 10:27 - 2013-12-10 10:23 - 00000000 ____D C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Mobogenie 2013-12-10 10:23 - 2013-12-10 10:23 - 00000000 ____D C:\Documents and Settings\admin\Moje dokumenty\Mobogenie 2013-12-10 10:23 - 2013-12-10 10:23 - 00000000 _____ C:\Documents and Settings\admin\daemonprocess.txt 2013-12-10 10:23 - 2009-09-25 15:19 - 00000000 ____D C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\cache 2013-12-10 10:23 - 2008-09-09 11:26 - 00000000 ___HD C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji 2013-12-10 10:23 - 2008-09-09 11:26 - 00000000 ____D C:\Documents and Settings\admin\Moje dokumenty 2013-12-10 10:21 - 2013-12-10 10:21 - 05933604 _____ (Piotr Kowaluk ) C:\Documents and Settings\admin\Moje dokumenty\br32k.exe 2013-12-09 09:16 - 2013-09-04 08:58 - 00000000 ____D C:\Documents and Settings\All Users\Dokumenty\Przemek 2013-12-09 07:58 - 2011-03-18 07:24 - 00619667 _____ C:\WINDOWS\setupapi.log Some content of TEMP: ==================== C:\Documents and Settings\admin\Ustawienia lokalne\Temp\MSN22B.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2008-04-15 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2008-04-15 13:00] - [2008-04-15 13:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\rpcss.dll [2008-04-15 13:00] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 C:\Windows\System32\Drivers\volsnap.sys [2008-04-15 13:00] - [2008-04-15 13:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================