[code] OTS logfile created on: 9/11/2011 11:58:12 AM - Run 1 OTS by OldTimer - Version 3.1.44.6 Folder = C:\Users\grazyna\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 456.38 Gb Total Space | 346.08 Gb Free Space | 75.83% Space Free | Partition Type: NTFS Drive D: | 7.37 Gb Total Space | 0.73 Gb Free Space | 9.87% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GRAZYNA-HP Current User Name: grazyna Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\grazyna\Downloads\OTS.exe -> [2011/09/11 11:57:28 | 000,646,656 | ---- | M] (OldTimer Tools) crystal.exe -> C:\Users\grazyna\AppData\Roaming\Crystal.exe -> [2011/08/30 12:22:35 | 000,737,029 | ---- | M] () csrs.exe -> C:\ProgramData\csrs.exe -> [2011/08/10 22:00:42 | 000,339,968 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) winloqon.exe -> C:\ProgramData\winloqon.exe -> [2011/08/10 22:00:42 | 000,331,776 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) avp.exe -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -> [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) klwtblfs.exe -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe -> [2011/04/24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) explorer.exe -> C:\windows\explorer.exe -> [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) mscams32.exe -> C:\Program Files\Microsoft LifeCam\MSCamS32.exe -> [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) atieclxx.exe -> C:\windows\System32\atieclxx.exe -> [2009/09/08 20:56:26 | 000,360,448 | ---- | M] (AMD) atiesrxx.exe -> C:\windows\System32\atiesrxx.exe -> [2009/09/08 20:56:00 | 000,172,032 | ---- | M] (AMD) taskhost.exe -> C:\windows\System32\taskhost.exe -> [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) pdfsvc.exe -> C:\Program Files\PDF Complete\pdfsvc.exe -> [2009/06/18 19:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) psiservice_2.exe -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2007/07/24 21:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) iviregmgr.exe -> C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007/01/05 05:48:50 | 000,112,152 | ---- | M] (InterVideo) [Modules - No Company Name] ppgooglenaclpluginchrome.dll -> C:\Users\grazyna\AppData\Local\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll -> [2011/09/03 14:28:23 | 000,400,440 | ---- | M] () pdf.dll -> C:\Users\grazyna\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll -> [2011/09/03 14:28:22 | 004,118,072 | ---- | M] () avutil-50.dll -> C:\Users\grazyna\AppData\Local\Google\Chrome\Application\13.0.782.220\avutil-50.dll -> [2011/09/03 14:26:51 | 000,104,520 | ---- | M] () avformat-52.dll -> C:\Users\grazyna\AppData\Local\Google\Chrome\Application\13.0.782.220\avformat-52.dll -> [2011/09/03 14:26:49 | 000,203,848 | ---- | M] () avcodec-52.dll -> C:\Users\grazyna\AppData\Local\Google\Chrome\Application\13.0.782.220\avcodec-52.dll -> [2011/09/03 14:26:48 | 001,846,344 | ---- | M] () crystal.exe -> C:\Users\grazyna\AppData\Roaming\Crystal.exe -> [2011/08/30 12:22:35 | 000,737,029 | ---- | M] () system.management.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\7cc7d753f499e27b4bd8a45c3e81c73e\System.Management.ni.dll -> [2011/08/11 14:05:12 | 000,997,888 | ---- | M] () presentationframework.aero.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60aa01ac9637903f30ac346c55ce58bb\PresentationFramework.Aero.ni.dll -> [2011/08/11 08:30:52 | 000,368,128 | ---- | M] () system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll -> [2011/08/11 08:30:37 | 000,771,584 | ---- | M] () system.data.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\86f429e0a23238cf277d464bd0433d86\System.Data.ni.dll -> [2011/08/11 08:30:36 | 006,618,624 | ---- | M] () presentationframework.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\462ca53f84ff85f159d5555d91a5e28d\PresentationFramework.ni.dll -> [2011/08/11 08:30:25 | 014,322,688 | ---- | M] () system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll -> [2011/08/11 00:24:28 | 012,431,360 | ---- | M] () system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll -> [2011/08/11 00:24:22 | 001,586,688 | ---- | M] () uiautomationtypes.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\efadc7a54e78f3755da53c95bdc293fd\UIAutomationTypes.ni.dll -> [2011/08/11 00:24:19 | 000,185,344 | ---- | M] () presentationcore.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll -> [2011/08/11 00:24:17 | 012,216,320 | ---- | M] () windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll -> [2011/08/11 00:24:05 | 003,325,952 | ---- | M] () system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll -> [2011/08/11 00:23:57 | 005,452,800 | ---- | M] () system.configuration.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll -> [2011/08/11 00:23:53 | 000,971,264 | ---- | M] () system.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll -> [2011/08/11 00:23:52 | 007,949,312 | ---- | M] () mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll -> [2011/08/11 00:23:45 | 011,490,304 | ---- | M] () qtgui4.dll -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll -> [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () qtsql4.dll -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll -> [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () qtscript4.dll -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll -> [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () qtnetwork4.dll -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll -> [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () qtcore4.dll -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll -> [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () qtdeclarative4.dll -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll -> [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () qgif4.dll -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll -> [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () hp.activesupportlibrary.dll -> C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll -> [2010/08/31 10:36:19 | 000,102,400 | ---- | M] () presentationframework.resources.dll -> C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_pl_31bf3856ad364e35\PresentationFramework.resources.dll -> [2010/02/25 10:39:52 | 000,249,856 | ---- | M] () mscorlib.resources.dll -> C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll -> [2010/02/25 10:39:44 | 000,311,296 | ---- | M] () system.runtime.remoting.resources.dll -> C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll -> [2010/02/25 10:39:42 | 000,032,768 | ---- | M] () pcalertspillar.dll -> C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll -> [2009/09/30 01:25:46 | 000,061,440 | ---- | M] () eclibrary.dll -> C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll -> [2009/09/30 01:25:44 | 000,131,072 | ---- | M] () messagingserver.dll -> C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll -> [2009/09/30 01:25:38 | 000,040,960 | ---- | M] () messagingclients.dll -> C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll -> [2009/09/30 01:25:38 | 000,036,864 | ---- | M] () remotingclient.dll -> C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll -> [2009/09/30 01:25:38 | 000,007,680 | ---- | M] () messaginginterface.dll -> C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll -> [2009/09/30 01:25:36 | 000,005,632 | ---- | M] () messagingmessages.dll -> C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll -> [2009/09/30 01:25:28 | 000,018,944 | ---- | M] () system.data.dll -> C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll -> [2009/06/10 23:23:17 | 002,933,248 | ---- | M] () [Win32 Services - Safe List] (NMIndexingService) NMIndexingService [On_Demand | Stopped] -> -> File not found (AVP) Usługa Kaspersky Anti-Virus [Auto | Running] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -> [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) (WatAdminSvc) Usługa Technologie aktywacji systemu Windows [Unknown | Stopped] -> C:\windows\System32\Wat\WatAdminSvc.exe -> [2010/08/17 13:21:35 | 001,343,400 | ---- | M] (Microsoft Corporation) (MSCamSvc) MSCamSvc [Auto | Running] -> C:\Program Files\Microsoft LifeCam\MSCamS32.exe -> [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) (AMD External Events Utility) AMD External Events Utility [Auto | Running] -> C:\windows\System32\atiesrxx.exe -> [2009/09/08 20:56:00 | 000,172,032 | ---- | M] (AMD) (SensrSvc) Jasność adaptacyjna [On_Demand | Stopped] -> C:\windows\System32\sensrsvc.dll -> [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) (WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) (pdfcDispatcher) PDF Document Manager [Auto | Running] -> C:\Program Files\PDF Complete\pdfsvc.exe -> [2009/06/18 19:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) (PSI_SVC_2) Protexis Licensing V2 [Auto | Running] -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2007/07/24 21:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) (IviRegMgr) IviRegMgr [Auto | Running] -> C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007/01/05 05:48:50 | 000,112,152 | ---- | M] (InterVideo) [Driver Services - Safe List] (KLIF) Kaspersky Lab Driver [File_System | System | Running] -> C:\windows\System32\drivers\klif.sys -> [2011/09/09 16:06:39 | 000,570,160 | ---- | M] (Kaspersky Lab) (KLIM6) Kaspersky Anti-Virus NDIS 6 Filter [Kernel | System | Running] -> C:\windows\System32\drivers\klim6.sys -> [2011/03/10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) (kl2) kl2 [Kernel | System | Running] -> C:\windows\System32\drivers\kl2.sys -> [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) (KL1) KL1 [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\kl1.sys -> [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) (MSHUSBVideo) NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver [Kernel | On_Demand | Running] -> C:\windows\System32\drivers\nx6000.sys -> [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) (klmouflt) Kaspersky Lab KLMOUFLT [Kernel | On_Demand | Running] -> C:\windows\System32\drivers\klmouflt.sys -> [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) (AtiHdmiService) ATI Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\windows\System32\drivers\AtiHdmi.sys -> [2009/09/29 22:03:58 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) (atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\windows\System32\drivers\atikmdag.sys -> [2009/09/08 21:31:10 | 005,174,272 | ---- | M] (ATI Technologies Inc.) (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\windows\System32\drivers\mfehidk.sys -> [2009/05/16 04:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) (MfeAVFK) McAfee Inc. MfeAVFK [Kernel | On_Demand | Stopped] -> C:\windows\System32\drivers\mfeavfk.sys -> [2009/05/16 04:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) (mfetdik) McAfee Inc. mfetdik [Kernel | System | Running] -> C:\windows\System32\drivers\mfetdik.sys -> [2009/05/16 04:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) (MfeBOPK) McAfee Inc. MfeBOPK [Kernel | On_Demand | Stopped] -> C:\windows\System32\drivers\mfebopk.sys -> [2009/05/16 04:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) (MfeRKDK) McAfee Inc. MfeRKDK [Kernel | On_Demand | Stopped] -> C:\windows\System32\drivers\mferkdk.sys -> [2009/05/16 04:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) (regi) regi [Kernel | Auto | Running] -> C:\windows\System32\drivers\regi.sys -> [2007/04/18 06:09:28 | 000,011,032 | ---- | M] (InterVideo) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.bing.com -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\] > -> -> HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\: Main\\"Default_Page_URL" -> http://www.bing.com -> HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\: Main\\"Start Page" -> http://www.qooqlle.com/ -> HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\: URLSearchHooks\\"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Users\grazyna\AppData\Roaming\Mozilla\FireFox\Profiles\2i58shpt.default\prefs.js -> browser.search.selectedEngine -> "qooqlle" -> browser.search.useDBForOrder -> true -> browser.startup.homepage -> "http://www.qooqlle.com/" -> extensions.enabledItems -> jqs@sun.com:1.0 -> extensions.enabledItems -> {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 -> extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 -> extensions.enabledItems -> cssreloader@kenneth.io:1.0.2 -> extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 -> network.proxy.backup.ftp -> "127.0.0.1" -> network.proxy.backup.ftp_port -> 9666 -> network.proxy.backup.gopher -> "127.0.0.1" -> network.proxy.backup.gopher_port -> 9666 -> network.proxy.backup.socks -> "127.0.0.1" -> network.proxy.backup.socks_port -> 9666 -> network.proxy.backup.ssl -> "127.0.0.1" -> network.proxy.backup.ssl_port -> 9666 -> network.proxy.ftp -> "127.0.0.1" -> network.proxy.ftp_port -> 9666 -> network.proxy.gopher -> "127.0.0.1" -> network.proxy.gopher_port -> 9666 -> network.proxy.http -> "127.0.0.1" -> network.proxy.http_port -> 9666 -> network.proxy.share_proxy_settings -> true -> network.proxy.socks -> "127.0.0.1" -> network.proxy.socks_port -> 9666 -> network.proxy.ssl -> "127.0.0.1" -> network.proxy.ssl_port -> 9666 -> network.proxy.type -> 0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\LINKFILTER@KASPERSKY.RU] -> [2011/09/09 16:21:36 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU] -> [2011/09/09 16:21:36 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\KAVANTIBANNER@KASPERSKY.RU] -> [2011/09/09 16:21:36 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\grazyna\AppData\Roaming\mozilla\Extensions -> [2011/09/09 17:24:37 | 000,000,000 | ---D | M] < FireFox SearchPlugins [User Folders] > -> search.xml -> C:\Users\grazyna\AppData\Roaming\Mozilla\FireFox\Profiles\2i58shpt.default\searchplugins\search.xml -> [2011/09/11 11:03:03 | 000,001,860 | ---- | M] () < HOSTS File > ([2009/06/10 23:39:37 | 000,000,824 | ---- | M] - 21 lines) -> C:\windows\System32\drivers\etc\hosts -> Reset Hosts < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [IEVkbdBHO Class] -> [2011/04/24 23:13:06 | 000,086,416 | ---- | M] (Kaspersky Lab ZAO) {E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [FilterBHO Class] -> [2011/04/24 23:13:12 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{0BF43445-2F28-4351-9252-17FE6E806AA0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\] > -> HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "AVP" -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe ["C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"] -> [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) "csrs" -> C:\ProgramData\csrs.exe [%ALLUSERSPROFILE%\csrs.exe] -> [2011/08/10 22:00:42 | 000,339,968 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) "GProton" -> C:\ProgramData\GProton.exe [%ALLUSERSPROFILE%\GProton.exe] -> [2011/08/11 08:49:53 | 007,793,152 | RHS- | M] () "LifeCam" -> C:\Program Files\Microsoft LifeCam\LifeExp.exe ["C:\Program Files\Microsoft LifeCam\LifeExp.exe"] -> [2010/05/20 15:27:24 | 000,119,152 | ---- | M] (Microsoft Corporation) "NortonOnlineBackupReminder" -> C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe ["C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED] -> [2009/06/30 00:01:26 | 000,600,936 | ---- | M] (Symantec Corporation) "PDF Complete" -> C:\Program Files\PDF Complete\pdfsty.exe [C:\Program Files\PDF Complete\pdfsty.exe] -> [2009/06/18 19:29:10 | 000,563,736 | ---- | M] (PDF Complete Inc) "winloqon" -> C:\ProgramData\winloqon.exe [%ALLUSERSPROFILE%\winloqon.exe] -> [2011/08/10 22:00:42 | 000,331,776 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> C:\windows\System32\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> [2009/07/14 03:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> C:\windows\System32\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> [2009/07/14 03:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\] > -> HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> File not found "Clownfish" -> [] -> File not found "Crystal.exe" -> C:\Users\grazyna\AppData\Roaming\Crystal.exe [C:\Users\grazyna\AppData\Roaming\Crystal.exe] -> [2011/08/30 12:22:35 | 000,737,029 | ---- | M] () "nvwiz" -> C:\ProgramData\nvwiz.exe [C:\ProgramData\nvwiz.exe] -> [2011/09/09 15:59:31 | 000,498,688 | ---- | M] ( ) < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [28] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [5] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\] > -> HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> Dodaj do listy blokowanych banerów -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm] -> [2011/04/24 22:14:22 | 000,001,452 | ---- | M] () Funkcja Google Sidewiki -> [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [Button: &Klawiatura wirtualna] -> [2011/04/24 23:13:06 | 000,086,416 | ---- | M] (Kaspersky Lab ZAO) {CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [Button: &Sprawdzanie adresów internetowych] -> [2011/04/24 23:13:12 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\] > -> HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\] > -> HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1161074108-787105459-3376803242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} [HKLM] -> http://www.myheritage.pl/Genoogle/Components/ActiveX/SearchEngineQuery.dll [CSEQueryObject Object] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 217.172.224.160 89.228.7.228 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {071C80AB-9A9E-46B6-ADC8-A088FB2ADB24}\\DhcpNameServer -> 217.172.224.160 89.228.7.228 (Realtek PCIe FE Family Controller) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\Windows\system32\userinit.exe -> C:\windows\System32\userinit.exe -> [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\System32\SystemPropertiesPerformance.exe -> [2009/07/14 03:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> klogon -> C:\windows\System32\klogon.dll -> [2011/04/24 23:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> Sterownik stacji dysków CD-ROM -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Files/Folders - Created Within 30 Days] Kaspersky Internet Security 2012 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 -> [2011/09/09 16:07:39 | 000,000,000 | ---D | C] Kaspersky Lab -> C:\ProgramData\Kaspersky Lab -> [2011/09/09 16:06:49 | 000,000,000 | ---D | C] Kaspersky Lab -> C:\Program Files\Kaspersky Lab -> [2011/09/09 16:06:49 | 000,000,000 | ---D | C] klif.sys -> C:\Windows\System32\drivers\klif.sys -> [2011/09/09 16:06:39 | 000,570,160 | ---- | C] (Kaspersky Lab) MFAData -> C:\ProgramData\MFAData -> [2011/09/09 15:57:23 | 000,000,000 | ---D | C] NIEMCY -> C:\Users\grazyna\Desktop\NIEMCY -> [2011/08/30 14:33:50 | 000,000,000 | ---D | C] ieui.dll -> C:\Windows\System32\ieui.dll -> [2011/08/30 14:09:41 | 000,176,640 | ---- | C] (Microsoft Corporation) msrating.dll -> C:\Windows\System32\msrating.dll -> [2011/08/30 14:09:41 | 000,162,304 | ---- | C] (Microsoft Corporation) msls31.dll -> C:\Windows\System32\msls31.dll -> [2011/08/30 14:09:41 | 000,161,792 | ---- | C] (Microsoft Corporation) ieakeng.dll -> C:\Windows\System32\ieakeng.dll -> [2011/08/30 14:09:41 | 000,130,560 | ---- | C] (Microsoft Corporation) IEAdvpack.dll -> C:\Windows\System32\IEAdvpack.dll -> [2011/08/30 14:09:41 | 000,110,592 | ---- | C] (Microsoft Corporation) iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2011/08/30 14:09:41 | 000,086,528 | ---- | C] (Microsoft Corporation) SetIEInstalledDate.exe -> C:\Windows\System32\SetIEInstalledDate.exe -> [2011/08/30 14:09:41 | 000,076,800 | ---- | C] (Microsoft Corporation) RegisterIEPKEYs.exe -> C:\Windows\System32\RegisterIEPKEYs.exe -> [2011/08/30 14:09:41 | 000,074,752 | ---- | C] (Microsoft Corporation) jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2011/08/30 14:09:41 | 000,065,024 | ---- | C] (Microsoft Corporation) mshtmler.dll -> C:\Windows\System32\mshtmler.dll -> [2011/08/30 14:09:41 | 000,048,640 | ---- | C] (Microsoft Corporation) msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2011/08/30 14:09:41 | 000,041,472 | ---- | C] (Microsoft Corporation) msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2011/08/30 14:09:41 | 000,010,752 | ---- | C] (Microsoft Corporation) ieapfltr.dat -> C:\Windows\System32\ieapfltr.dat -> [2011/08/30 14:09:40 | 003,695,416 | ---- | C] (Microsoft Corporation) inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2011/08/30 14:09:40 | 001,427,456 | ---- | C] (Microsoft Corporation) msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2011/08/30 14:09:40 | 000,580,608 | ---- | C] (Microsoft Corporation) ieapfltr.dll -> C:\Windows\System32\ieapfltr.dll -> [2011/08/30 14:09:40 | 000,434,176 | ---- | C] (Microsoft Corporation) html.iec -> C:\Windows\System32\html.iec -> [2011/08/30 14:09:40 | 000,367,104 | ---- | C] (Microsoft Corporation) dxtmsft.dll -> C:\Windows\System32\dxtmsft.dll -> [2011/08/30 14:09:40 | 000,353,792 | ---- | C] (Microsoft Corporation) iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2011/08/30 14:09:40 | 000,353,584 | ---- | C] (Microsoft Corporation) url.dll -> C:\Windows\System32\url.dll -> [2011/08/30 14:09:40 | 000,231,936 | ---- | C] (Microsoft Corporation) dxtrans.dll -> C:\Windows\System32\dxtrans.dll -> [2011/08/30 14:09:40 | 000,223,232 | ---- | C] (Microsoft Corporation) wextract.exe -> C:\Windows\System32\wextract.exe -> [2011/08/30 14:09:40 | 000,152,064 | ---- | C] (Microsoft Corporation) iexpress.exe -> C:\Windows\System32\iexpress.exe -> [2011/08/30 14:09:40 | 000,150,528 | ---- | C] (Microsoft Corporation) inseng.dll -> C:\Windows\System32\inseng.dll -> [2011/08/30 14:09:40 | 000,078,848 | ---- | C] (Microsoft Corporation) iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2011/08/30 14:09:40 | 000,074,752 | ---- | C] (Microsoft Corporation) ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2011/08/30 14:09:40 | 000,074,240 | ---- | C] (Microsoft Corporation) iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2011/08/30 14:09:40 | 000,031,744 | ---- | C] (Microsoft Corporation) licmgr10.dll -> C:\Windows\System32\licmgr10.dll -> [2011/08/30 14:09:40 | 000,023,552 | ---- | C] (Microsoft Corporation) mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2011/08/30 14:09:39 | 002,382,848 | ---- | C] (Microsoft Corporation) jscript9.dll -> C:\Windows\System32\jscript9.dll -> [2011/08/30 14:09:39 | 001,797,632 | ---- | C] (Microsoft Corporation) ieaksie.dll -> C:\Windows\System32\ieaksie.dll -> [2011/08/30 14:09:39 | 000,227,840 | ---- | C] (Microsoft Corporation) ieakui.dll -> C:\Windows\System32\ieakui.dll -> [2011/08/30 14:09:39 | 000,163,840 | ---- | C] (Microsoft Corporation) ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2011/08/30 14:09:39 | 000,142,848 | ---- | C] (Microsoft Corporation) iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2011/08/30 14:09:39 | 000,118,784 | ---- | C] (Microsoft Corporation) admparse.dll -> C:\Windows\System32\admparse.dll -> [2011/08/30 14:09:39 | 000,101,888 | ---- | C] (Microsoft Corporation) pngfilt.dll -> C:\Windows\System32\pngfilt.dll -> [2011/08/30 14:09:39 | 000,054,272 | ---- | C] (Microsoft Corporation) imgutil.dll -> C:\Windows\System32\imgutil.dll -> [2011/08/30 14:09:39 | 000,035,840 | ---- | C] (Microsoft Corporation) Google Chrome -> C:\Users\grazyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome -> [2011/08/30 14:09:22 | 000,000,000 | ---D | C] MpSigStub.exe -> C:\Windows\System32\MpSigStub.exe -> [2011/08/30 13:15:22 | 000,222,080 | ---- | C] (Microsoft Corporation) DoctorWeb -> C:\Users\grazyna\DoctorWeb -> [2011/08/30 12:58:59 | 000,000,000 | ---D | C] Mozilla -> C:\Users\grazyna\AppData\Roaming\Mozilla -> [2011/08/30 12:40:38 | 000,000,000 | ---D | C] Mozilla -> C:\Users\grazyna\AppData\Local\Mozilla -> [2011/08/30 12:40:38 | 000,000,000 | ---D | C] tzres.dll -> C:\Windows\System32\tzres.dll -> [2011/08/30 12:31:38 | 000,002,048 | ---- | C] (Microsoft Corporation) nvwiz.exe -> C:\ProgramData\nvwiz.exe -> [2011/08/30 12:22:39 | 000,498,688 | ---- | C] ( ) CavalosMT2 -> C:\Program Files\CavalosMT2 -> [2011/08/19 19:20:05 | 000,000,000 | ---D | C] Skype Voice Records -> C:\Users\grazyna\Documents\Skype Voice Records -> [2011/08/18 20:58:56 | 000,000,000 | ---D | C] Clownfish -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish -> [2011/08/18 20:58:40 | 000,000,000 | ---D | C] Clownfish -> C:\Program Files\Clownfish -> [2011/08/18 20:58:40 | 000,000,000 | ---D | C] METIN2_PL -> C:\Program Files\METIN2_PL -> [2011/08/15 15:49:56 | 000,000,000 | ---D | C] APN -> C:\Users\grazyna\AppData\Local\APN -> [2011/08/13 10:52:13 | 000,000,000 | ---D | C] DVDVideoSoft -> C:\Users\grazyna\Documents\DVDVideoSoft -> [2011/08/13 10:51:04 | 000,000,000 | ---D | C] DVDVideoSoft -> C:\Program Files\Common Files\DVDVideoSoft -> [2011/08/13 10:51:04 | 000,000,000 | ---D | C] 1click dvd converter -> C:\ProgramData\1click dvd converter -> [2011/08/13 10:49:07 | 000,000,000 | ---D | C] 1Click DVD Converter -> C:\Users\Public\Documents\1Click DVD Converter -> [2011/08/13 10:49:06 | 000,000,000 | ---D | C] pcouffin.sys -> C:\Users\grazyna\AppData\Roaming\pcouffin.sys -> [2011/08/11 10:26:03 | 000,047,360 | ---- | C] (VSO Software) winloqon.exe -> C:\ProgramData\winloqon.exe -> [2011/08/10 15:28:41 | 000,331,776 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) csrs.exe -> C:\ProgramData\csrs.exe -> [2011/08/10 15:28:40 | 000,339,968 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) 1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> 1 C:\Users\grazyna\Documents\*.tmp files -> C:\Users\grazyna\Documents\*.tmp -> [Files/Folders - Modified Within 30 Days] bootstat.dat -> C:\Windows\bootstat.dat -> [2011/09/11 11:55:31 | 000,067,584 | --S- | M] () GoogleUpdateTaskUserS-1-5-21-1161074108-787105459-3376803242-1001UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161074108-787105459-3376803242-1001UA.job -> [2011/09/11 11:18:01 | 000,001,066 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/09/11 11:09:44 | 000,009,920 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/09/11 11:09:44 | 000,009,920 | -H-- | M] () System.dat -> C:\Users\grazyna\AppData\Roaming\System.dat -> [2011/09/11 11:03:03 | 000,000,002 | ---- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011/09/11 11:02:18 | 2415,321,088 | -HS- | M] () GoogleUpdateTaskUserS-1-5-21-1161074108-787105459-3376803242-1001Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161074108-787105459-3376803242-1001Core.job -> [2011/09/10 16:18:00 | 000,001,014 | ---- | M] () Internet.lnk -> C:\Users\grazyna\Desktop\Internet.lnk -> [2011/09/09 17:24:28 | 000,002,385 | ---- | M] () WebpageIcons.db -> C:\Users\grazyna\AppData\Local\WebpageIcons.db -> [2011/09/09 16:08:48 | 000,017,408 | ---- | M] () klin.dat -> C:\Windows\System32\drivers\klin.dat -> [2011/09/09 16:07:44 | 000,115,369 | ---- | M] () klick.dat -> C:\Windows\System32\drivers\klick.dat -> [2011/09/09 16:07:44 | 000,097,859 | ---- | M] () klif.sys -> C:\Windows\System32\drivers\klif.sys -> [2011/09/09 16:06:39 | 000,570,160 | ---- | M] (Kaspersky Lab) nvwiz.exe -> C:\ProgramData\nvwiz.exe -> [2011/09/09 15:59:31 | 000,498,688 | ---- | M] ( ) HPCeeScheduleForgrazyna.job -> C:\Windows\tasks\HPCeeScheduleForgrazyna.job -> [2011/09/08 19:09:44 | 000,000,328 | ---- | M] () etc.dat -> C:\Users\grazyna\AppData\Roaming\etc.dat -> [2011/09/08 16:07:12 | 000,000,001 | ---- | M] () perfh015.dat -> C:\Windows\System32\perfh015.dat -> [2011/08/30 19:09:46 | 000,697,674 | ---- | M] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/08/30 19:09:46 | 000,615,810 | ---- | M] () perfc015.dat -> C:\Windows\System32\perfc015.dat -> [2011/08/30 19:09:46 | 000,134,784 | ---- | M] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/08/30 19:09:46 | 000,106,190 | ---- | M] () ieui.dll -> C:\Windows\System32\ieui.dll -> [2011/08/30 14:09:41 | 000,176,640 | ---- | M] (Microsoft Corporation) msrating.dll -> C:\Windows\System32\msrating.dll -> [2011/08/30 14:09:41 | 000,162,304 | ---- | M] (Microsoft Corporation) msls31.dll -> C:\Windows\System32\msls31.dll -> [2011/08/30 14:09:41 | 000,161,792 | ---- | M] (Microsoft Corporation) ieakeng.dll -> C:\Windows\System32\ieakeng.dll -> [2011/08/30 14:09:41 | 000,130,560 | ---- | M] (Microsoft Corporation) IEAdvpack.dll -> C:\Windows\System32\IEAdvpack.dll -> [2011/08/30 14:09:41 | 000,110,592 | ---- | M] (Microsoft Corporation) iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2011/08/30 14:09:41 | 000,086,528 | ---- | M] (Microsoft Corporation) SetIEInstalledDate.exe -> C:\Windows\System32\SetIEInstalledDate.exe -> [2011/08/30 14:09:41 | 000,076,800 | ---- | M] (Microsoft Corporation) RegisterIEPKEYs.exe -> C:\Windows\System32\RegisterIEPKEYs.exe -> [2011/08/30 14:09:41 | 000,074,752 | ---- | M] (Microsoft Corporation) jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2011/08/30 14:09:41 | 000,065,024 | ---- | M] (Microsoft Corporation) mshtmler.dll -> C:\Windows\System32\mshtmler.dll -> [2011/08/30 14:09:41 | 000,048,640 | ---- | M] (Microsoft Corporation) msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2011/08/30 14:09:41 | 000,041,472 | ---- | M] (Microsoft Corporation) msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2011/08/30 14:09:41 | 000,010,752 | ---- | M] (Microsoft Corporation) ieapfltr.dat -> C:\Windows\System32\ieapfltr.dat -> [2011/08/30 14:09:40 | 003,695,416 | ---- | M] (Microsoft Corporation) inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2011/08/30 14:09:40 | 001,427,456 | ---- | M] (Microsoft Corporation) msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2011/08/30 14:09:40 | 000,580,608 | ---- | M] (Microsoft Corporation) ieapfltr.dll -> C:\Windows\System32\ieapfltr.dll -> [2011/08/30 14:09:40 | 000,434,176 | ---- | M] (Microsoft Corporation) html.iec -> C:\Windows\System32\html.iec -> [2011/08/30 14:09:40 | 000,367,104 | ---- | M] (Microsoft Corporation) dxtmsft.dll -> C:\Windows\System32\dxtmsft.dll -> [2011/08/30 14:09:40 | 000,353,792 | ---- | M] (Microsoft Corporation) iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2011/08/30 14:09:40 | 000,353,584 | ---- | M] (Microsoft Corporation) url.dll -> C:\Windows\System32\url.dll -> [2011/08/30 14:09:40 | 000,231,936 | ---- | M] (Microsoft Corporation) dxtrans.dll -> C:\Windows\System32\dxtrans.dll -> [2011/08/30 14:09:40 | 000,223,232 | ---- | M] (Microsoft Corporation) wextract.exe -> C:\Windows\System32\wextract.exe -> [2011/08/30 14:09:40 | 000,152,064 | ---- | M] (Microsoft Corporation) iexpress.exe -> C:\Windows\System32\iexpress.exe -> [2011/08/30 14:09:40 | 000,150,528 | ---- | M] (Microsoft Corporation) inseng.dll -> C:\Windows\System32\inseng.dll -> [2011/08/30 14:09:40 | 000,078,848 | ---- | M] (Microsoft Corporation) iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2011/08/30 14:09:40 | 000,074,752 | ---- | M] (Microsoft Corporation) ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2011/08/30 14:09:40 | 000,074,240 | ---- | M] (Microsoft Corporation) ieuinit.inf -> C:\Windows\System32\ieuinit.inf -> [2011/08/30 14:09:40 | 000,072,822 | ---- | M] () iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2011/08/30 14:09:40 | 000,031,744 | ---- | M] (Microsoft Corporation) licmgr10.dll -> C:\Windows\System32\licmgr10.dll -> [2011/08/30 14:09:40 | 000,023,552 | ---- | M] (Microsoft Corporation) mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2011/08/30 14:09:39 | 002,382,848 | ---- | M] (Microsoft Corporation) jscript9.dll -> C:\Windows\System32\jscript9.dll -> [2011/08/30 14:09:39 | 001,797,632 | ---- | M] (Microsoft Corporation) ieaksie.dll -> C:\Windows\System32\ieaksie.dll -> [2011/08/30 14:09:39 | 000,227,840 | ---- | M] (Microsoft Corporation) ieakui.dll -> C:\Windows\System32\ieakui.dll -> [2011/08/30 14:09:39 | 000,163,840 | ---- | M] (Microsoft Corporation) ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2011/08/30 14:09:39 | 000,142,848 | ---- | M] (Microsoft Corporation) iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2011/08/30 14:09:39 | 000,118,784 | ---- | M] (Microsoft Corporation) admparse.dll -> C:\Windows\System32\admparse.dll -> [2011/08/30 14:09:39 | 000,101,888 | ---- | M] (Microsoft Corporation) pngfilt.dll -> C:\Windows\System32\pngfilt.dll -> [2011/08/30 14:09:39 | 000,054,272 | ---- | M] (Microsoft Corporation) imgutil.dll -> C:\Windows\System32\imgutil.dll -> [2011/08/30 14:09:39 | 000,035,840 | ---- | M] (Microsoft Corporation) pcouffin.sys -> C:\Users\grazyna\AppData\Roaming\pcouffin.sys -> [2011/08/30 13:50:14 | 000,047,360 | ---- | M] (VSO Software) pcouffin.cat -> C:\Users\grazyna\AppData\Roaming\pcouffin.cat -> [2011/08/30 13:50:14 | 000,007,824 | ---- | M] () pcouffin.inf -> C:\Users\grazyna\AppData\Roaming\pcouffin.inf -> [2011/08/30 13:50:14 | 000,001,144 | ---- | M] () patterns.ini -> C:\Users\grazyna\AppData\Local\patterns.ini -> [2011/08/30 12:22:43 | 000,000,000 | ---- | M] () Windows.dat -> C:\Users\grazyna\AppData\Roaming\Windows.dat -> [2011/08/30 12:22:41 | 000,000,001 | ---- | M] () DirectX.dat -> C:\Users\grazyna\AppData\Roaming\DirectX.dat -> [2011/08/30 12:22:41 | 000,000,001 | ---- | M] () Crystal.exe -> C:\Users\grazyna\AppData\Roaming\Crystal.exe -> [2011/08/30 12:22:35 | 000,737,029 | ---- | M] () 1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> 1 C:\Users\grazyna\Documents\*.tmp files -> C:\Users\grazyna\Documents\*.tmp -> [Files - No Company Name] Internet.lnk -> C:\Users\grazyna\Desktop\Internet.lnk -> [2011/09/09 17:24:28 | 000,002,385 | ---- | C] () WebpageIcons.db -> C:\Users\grazyna\AppData\Local\WebpageIcons.db -> [2011/09/09 16:08:46 | 000,017,408 | ---- | C] () klin.dat -> C:\Windows\System32\drivers\klin.dat -> [2011/09/09 16:07:44 | 000,115,369 | ---- | C] () klick.dat -> C:\Windows\System32\drivers\klick.dat -> [2011/09/09 16:07:44 | 000,097,859 | ---- | C] () myClean.bat -> C:\Windows\myClean.bat -> [2011/09/09 15:55:59 | 000,000,434 | ---- | C] () ieuinit.inf -> C:\Windows\System32\ieuinit.inf -> [2011/08/30 14:09:40 | 000,072,822 | ---- | C] () GoogleUpdateTaskUserS-1-5-21-1161074108-787105459-3376803242-1001UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161074108-787105459-3376803242-1001UA.job -> [2011/08/30 14:08:28 | 000,001,066 | ---- | C] () GoogleUpdateTaskUserS-1-5-21-1161074108-787105459-3376803242-1001Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161074108-787105459-3376803242-1001Core.job -> [2011/08/30 14:08:22 | 000,001,014 | ---- | C] () patterns.ini -> C:\Users\grazyna\AppData\Local\patterns.ini -> [2011/08/30 12:22:43 | 000,000,000 | ---- | C] () System.dat -> C:\Users\grazyna\AppData\Roaming\System.dat -> [2011/08/30 12:22:41 | 000,000,002 | ---- | C] () Windows.dat -> C:\Users\grazyna\AppData\Roaming\Windows.dat -> [2011/08/30 12:22:41 | 000,000,001 | ---- | C] () etc.dat -> C:\Users\grazyna\AppData\Roaming\etc.dat -> [2011/08/30 12:22:41 | 000,000,001 | ---- | C] () DirectX.dat -> C:\Users\grazyna\AppData\Roaming\DirectX.dat -> [2011/08/30 12:22:41 | 000,000,001 | ---- | C] () Crystal.exe -> C:\Users\grazyna\AppData\Roaming\Crystal.exe -> [2011/08/30 12:22:37 | 000,737,029 | ---- | C] () pcouffin.cat -> C:\Users\grazyna\AppData\Roaming\pcouffin.cat -> [2011/08/11 10:26:03 | 000,007,824 | ---- | C] () pcouffin.inf -> C:\Users\grazyna\AppData\Roaming\pcouffin.inf -> [2011/08/11 10:26:03 | 000,001,144 | ---- | C] () GProton.exe -> C:\ProgramData\GProton.exe -> [2011/08/11 08:49:53 | 007,793,152 | RHS- | C] () unrar.dll -> C:\Windows\System32\unrar.dll -> [2011/08/10 22:07:39 | 000,175,616 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\grazyna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/08/09 11:53:51 | 000,003,584 | ---- | C] () klopp.dat -> C:\Windows\System32\drivers\klopp.dat -> [2011/03/11 12:43:54 | 000,029,763 | ---- | C] () ezsidmv.dat -> C:\ProgramData\ezsidmv.dat -> [2010/08/16 21:42:08 | 000,000,056 | -H-- | C] () perfh015.dat -> C:\Windows\System32\perfh015.dat -> [2010/02/25 10:40:25 | 000,697,674 | ---- | C] () perfi015.dat -> C:\Windows\System32\perfi015.dat -> [2010/02/25 10:40:25 | 000,337,158 | ---- | C] () perfc015.dat -> C:\Windows\System32\perfc015.dat -> [2010/02/25 10:40:25 | 000,134,784 | ---- | C] () perfd015.dat -> C:\Windows\System32\perfd015.dat -> [2010/02/25 10:40:25 | 000,038,710 | ---- | C] () ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2010/02/25 09:46:36 | 000,000,000 | ---- | C] () LPRES.DLL -> C:\Windows\LPRES.DLL -> [2009/09/30 01:25:16 | 000,013,312 | ---- | C] () atiicdxx.dat -> C:\Windows\System32\atiicdxx.dat -> [2009/07/14 08:09:14 | 000,197,654 | ---- | C] () bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2009/07/14 06:33:53 | 000,416,320 | ---- | C] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/07/14 04:05:48 | 000,615,810 | ---- | C] () perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/07/14 04:05:48 | 000,106,190 | ---- | C] () perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () dssec.dat -> C:\Windows\System32\dssec.dat -> [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () mib.bin -> C:\Windows\mib.bin -> [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () BthpanContextHandler.dll -> C:\Windows\System32\BthpanContextHandler.dll -> [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () BWContextHandler.dll -> C:\Windows\System32\BWContextHandler.dll -> [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () igkrng400.bin -> C:\Windows\System32\igkrng400.bin -> [2009/07/14 00:09:19 | 001,498,564 | ---- | C] () mlang.dat -> C:\Windows\System32\mlang.dat -> [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () RtNicProp32.dll -> C:\Windows\System32\RtNicProp32.dll -> [2009/03/05 11:54:58 | 000,073,728 | ---- | C] () ATIODE.exe -> C:\Windows\System32\ATIODE.exe -> [2009/02/18 10:55:22 | 000,294,912 | ---- | C] () ATIODCLI.exe -> C:\Windows\System32\ATIODCLI.exe -> [2009/02/03 13:52:04 | 000,045,056 | ---- | C] () [Files/Folders - Unicode - All] C:\Users\grazyna\AppData\Roaming\???????sAppData -> C:\Users\grazyna\AppData\Roaming\敎潲䍄敔灭慬整sAppData -> C:\Users\grazyna\AppData\Roaming\???????sAppData -> C:\Users\grazyna\AppData\Roaming\敎潲䍄敔灭慬整sAppData -> [2011/08/10 16:43:14 | 000,000,000 | ---D | M] C:\Users\grazyna\AppData\Roaming\???????sAppData -> C:\Users\grazyna\AppData\Roaming\敎潲䍄敔灭慬整sAppData -> [2011/08/10 16:43:14 | 000,000,000 | ---D | M] < End of report > [/code]