OTL logfile created on: 6/20/2012 5:53:09 PM - Run 7 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Maria\Downloads Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1014.27 Mb Total Physical Memory | 165.62 Mb Available Physical Memory | 16.33% Memory free 1.99 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 102.02 Gb Total Space | 11.26 Gb Free Space | 11.04% Space Free | Partition Type: NTFS Drive D: | 175.78 Gb Total Space | 73.01 Gb Free Space | 41.53% Space Free | Partition Type: NTFS Drive E: | 3.72 Gb Total Space | 3.35 Gb Free Space | 90.08% Space Free | Partition Type: FAT32 Drive F: | 97.66 Gb Total Space | 1.48 Gb Free Space | 1.51% Space Free | Partition Type: NTFS Drive G: | 192.20 Gb Total Space | 102.53 Gb Free Space | 53.34% Space Free | Partition Type: NTFS Drive H: | 931.51 Gb Total Space | 587.44 Gb Free Space | 63.06% Space Free | Partition Type: NTFS Computer Name: MARIA-NOKIA | User Name: Maria | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/06/18 22:42:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Maria\Downloads\OTL.exe PRC - [2012/05/11 16:33:52 | 019,858,432 | ---- | M] (Redefine Sp z o.o.) -- C:\Program Files\ipla\ipla.exe PRC - [2011/12/23 14:48:53 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/07/12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2010/02/04 00:56:52 | 000,011,776 | ---- | M] () -- C:\Windows\System32\prldrsrv.exe PRC - [2009/12/24 21:13:54 | 000,180,224 | ---- | M] () -- C:\Windows\System32\HDPSrv.exe PRC - [2009/12/24 01:48:22 | 000,488,816 | ---- | M] (Nokia) -- C:\Program Files\Power Management\NpwrMngr.exe PRC - [2009/12/22 23:25:08 | 001,607,024 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\HotKey\CeEKey.exe PRC - [2009/09/11 00:39:10 | 000,111,488 | ---- | M] (CSR, plc) -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe PRC - [2009/09/11 00:38:50 | 000,504,160 | ---- | M] (CSR, plc) -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/05/11 16:25:24 | 000,292,864 | ---- | M] () -- C:\Program Files\ipla\MediaFileScanner.dll MOD - [2012/05/11 16:24:42 | 000,386,560 | ---- | M] () -- C:\Program Files\ipla\jabberoo.dll MOD - [2012/05/11 16:22:40 | 000,156,160 | ---- | M] () -- C:\Program Files\ipla\lua.dll MOD - [2012/05/11 16:21:52 | 000,062,464 | ---- | M] () -- C:\Program Files\ipla\ziplib.dll MOD - [2011/12/23 15:28:45 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL MOD - [2009/12/24 21:13:54 | 000,180,224 | ---- | M] () -- C:\Windows\System32\HDPSrv.exe MOD - [2009/06/03 22:14:26 | 000,024,576 | ---- | M] () -- C:\Windows\System32\EKECioCtl.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012/01/24 11:25:20 | 000,078,336 | ---- | M] (Dassault Systèmes) [On_Demand | Stopped] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service) SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [On_Demand | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP) SRV - [2010/02/04 00:56:52 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Windows\System32\prldrsrv.exe -- (PrLdrSrv) SRV - [2009/12/24 21:13:54 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\System32\HDPSrv.exe -- (HDPSrv) SRV - [2009/09/11 00:39:10 | 000,111,488 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2012/06/18 18:18:52 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011/03/10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009/10/21 23:48:04 | 000,159,232 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtuhs62.sys -- (GTNDIS62) DRV - [2009/10/05 22:05:14 | 000,067,840 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtuhsbus.sys -- (GTUHSBUS) DRV - [2009/10/05 22:04:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtuhsser.sys -- (GTUHSSER) DRV - [2009/09/11 00:38:54 | 000,028,000 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp) DRV - [2009/08/20 07:48:59 | 001,178,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/10 00:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2009/07/04 02:01:14 | 000,020,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\HDFilter.sys -- (HDFilter) DRV - [2009/07/03 05:01:24 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) DRV - [2009/06/25 03:15:00 | 000,019,824 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EvMngr.sys -- (EMSC) DRV - [2007/10/16 12:40:50 | 000,097,408 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmusbser.sys -- (qcusbser) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1890436885-4213763473-3846588077-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-1890436885-4213763473-3846588077-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1890436885-4213763473-3846588077-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-1890436885-4213763473-3846588077-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1890436885-4213763473-3846588077-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1890436885-4213763473-3846588077-1000\..\SearchScopes\{2C6E9138-947C-4DC0-978C-1BDD91156153}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms} IE - HKU\S-1-5-21-1890436885-4213763473-3846588077-1000\..\SearchScopes\{647DEAE1-0BE3-4959-8A3A-DDA790896E6A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1890436885-4213763473-3846588077-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/06/18 19:16:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/06/18 19:16:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/12 17:26:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/19 14:53:23 | 000,000,000 | ---D | M] [2011/12/23 08:03:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maria\AppData\Roaming\mozilla\Extensions [2012/06/20 17:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\ijpyb56r.default\extensions [2012/05/19 16:14:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\ijpyb56r.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012/06/12 06:26:55 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\ijpyb56r.default\extensions\anttoolbar@ant.com [2012/05/12 17:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- C:\USERS\MARIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IJPYB56R.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03} File not found (No name found) -- C:\USERS\MARIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IJPYB56R.DEFAULT\EXTENSIONS\{D43723AE-1AE1-4A25-A6A4-BF0929273CAB} File not found (No name found) -- C:\USERS\MARIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IJPYB56R.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM File not found (No name found) -- C:\USERS\MARIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IJPYB56R.DEFAULT\EXTENSIONS\FFXTLBR@FUNMOODS.COM [2012/05/12 17:26:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/12/23 16:11:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012/05/12 17:26:25 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012/05/12 17:26:25 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012/05/12 17:26:25 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012/05/12 17:26:25 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012/05/12 17:26:25 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012/05/12 17:26:25 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Szukaj w Google = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Gmail = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CeEKEY] C:\Program Files\HotKey\CeEKey.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc) O4 - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc) O4 - HKLM..\Run: [e-Kiosk] C:\Program Files\e-Kiosk Reader\eGazetaST.exe (e-Kiosk S.A.) O4 - HKLM..\Run: [HDPSrv] C:\windows\System32\HDPSrv.exe () O4 - HKLM..\Run: [NpwrMngr] C:\Program Files\Power Management\NpwrMngr.exe (Nokia) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-1890436885-4213763473-3846588077-1000..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.) O4 - HKLM..\RunOnce: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1890436885-4213763473-3846588077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O7 - HKU\S-1-5-21-1890436885-4213763473-3846588077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O9 - Extra Button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82BCEE91-B8F9-45AC-BADE-8E29B539B891}: NameServer = 212.2.96.54 212.2.96.53 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A12590EE-FBA3-4863-8FB4-A298FFB2DC28}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - (C:\windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{af8719e9-4418-11e1-a4a5-fc38c0b787b4}\Shell - "" = AutoRun O33 - MountPoints2\{af8719e9-4418-11e1-a4a5-fc38c0b787b4}\Shell\AutoRun\command - "" = D:\autorun.exe O33 - MountPoints2\{af871a02-4418-11e1-a4a5-fc38c0b787b4}\Shell - "" = AutoRun O33 - MountPoints2\{af871a02-4418-11e1-a4a5-fc38c0b787b4}\Shell\AutoRun\command - "" = D:\autorun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/06/20 17:05:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/06/20 16:56:25 | 000,000,000 | ---D | C] -- C:\_OTL [2012/06/19 10:40:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/06/18 23:20:08 | 000,000,000 | ---D | C] -- C:\UsbFix [2012/06/18 18:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012 [2012/06/18 18:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2012/06/18 18:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/06/18 18:18:52 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys [2012/06/14 03:14:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012/06/14 03:13:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012/06/14 03:13:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2012/06/14 03:13:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012/06/14 03:13:53 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012/06/14 03:13:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012/06/14 03:13:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012/06/13 19:35:27 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012/06/13 19:35:24 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll [2012/06/13 19:35:24 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll [2012/06/13 19:35:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe [2012/06/12 19:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/06/12 19:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012/05/22 23:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2012/03/03 23:13:08 | 002,371,152 | ---- | C] (DownVision ) -- C:\Users\Maria\AppData\Local\setup.exe [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Maria\Desktop\*.tmp files -> C:\Users\Maria\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/06/20 18:09:15 | 000,001,034 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/20 18:00:00 | 000,002,432 | ---- | M] () -- C:\Users\Maria\AppData\Local\TempDd1744.html [2012/06/20 18:00:00 | 000,002,089 | ---- | M] () -- C:\Users\Maria\AppData\Local\TempNz1744.html [2012/06/20 17:25:07 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/20 17:25:07 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/20 17:15:41 | 000,001,030 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/20 17:15:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/20 17:14:40 | 797,655,040 | -HS- | M] () -- C:\hiberfil.sys [2012/06/19 20:53:35 | 172,482,109 | ---- | M] () -- C:\windows\MEMORY.DMP [2012/06/18 23:48:37 | 000,703,876 | ---- | M] () -- C:\windows\System32\perfh015.dat [2012/06/18 23:48:37 | 000,621,528 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/06/18 23:48:37 | 000,137,460 | ---- | M] () -- C:\windows\System32\perfc015.dat [2012/06/18 23:48:37 | 000,108,446 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/06/18 18:35:54 | 000,017,408 | ---- | M] () -- C:\Users\Maria\AppData\Local\WebpageIcons.db [2012/06/18 18:31:02 | 000,115,369 | ---- | M] () -- C:\windows\System32\drivers\klin.dat [2012/06/18 18:31:01 | 000,097,961 | ---- | M] () -- C:\windows\System32\drivers\klick.dat [2012/06/18 18:18:52 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys [2012/06/17 20:29:35 | 003,647,180 | ---- | M] () -- C:\Users\Maria\Documents\DSC01053.JPG [2012/06/14 04:02:38 | 000,297,264 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/06/11 11:44:11 | 001,325,178 | ---- | M] () -- C:\Users\Maria\Desktop\praca druk.pdf [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Maria\Desktop\*.tmp files -> C:\Users\Maria\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/06/20 18:00:00 | 000,002,432 | ---- | C] () -- C:\Users\Maria\AppData\Local\TempDd1744.html [2012/06/20 18:00:00 | 000,002,089 | ---- | C] () -- C:\Users\Maria\AppData\Local\TempNz1744.html [2012/06/19 15:08:28 | 172,482,109 | ---- | C] () -- C:\windows\MEMORY.DMP [2012/06/18 18:35:37 | 000,017,408 | ---- | C] () -- C:\Users\Maria\AppData\Local\WebpageIcons.db [2012/06/18 18:31:02 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat [2012/06/18 18:31:01 | 000,097,961 | ---- | C] () -- C:\windows\System32\drivers\klick.dat [2012/06/17 20:27:10 | 003,647,180 | ---- | C] () -- C:\Users\Maria\Documents\DSC01053.JPG [2012/06/11 11:35:40 | 001,325,178 | ---- | C] () -- C:\Users\Maria\Desktop\praca druk.pdf [2012/05/07 21:41:55 | 000,000,024 | -H-- | C] () -- C:\windows\System32\wilsa.dll [2012/05/07 21:41:54 | 000,000,032 | -H-- | C] () -- C:\Program Files\qolfer.dll [2012/02/14 21:52:29 | 000,044,544 | ---- | C] () -- C:\windows\System32\Gif89.dll [2012/01/11 20:31:25 | 000,434,176 | ---- | C] () -- C:\windows\System32\ZSHP1018.EXE [2012/01/05 15:35:41 | 000,047,104 | ---- | C] () -- C:\windows\System32\Mutrn15.dll [2012/01/05 15:35:40 | 000,135,168 | ---- | C] () -- C:\windows\System32\MUadminr.dll [2011/12/23 16:53:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\HDPSetting.ini [2011/12/23 14:52:10 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll [2011/12/23 14:51:40 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini [2011/12/23 14:47:02 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll [2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\windows\System32\drivers\klopp.dat [color=#E56717]========== LOP Check ==========[/color] [2012/05/07 21:42:15 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\AgroServer [2012/04/30 10:26:31 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\bdec [2012/01/14 22:23:41 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Canon [2012/05/08 16:33:12 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\DraftSight [2012/04/30 10:04:07 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\e-Kiosk Reader [2012/04/10 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Gadu-Gadu 10 [2012/06/20 17:18:03 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\ipla [2011/12/30 18:48:58 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Opera [2012/02/15 09:56:46 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\PhotoScape [2011/12/23 15:21:38 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\RDRM [2011/12/24 23:15:07 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Thinstall [2012/05/26 23:34:31 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\uTorrent [2012/05/07 21:43:28 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Zootechnik 2007 [2012/05/01 09:43:24 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 129 bytes -> C:\ProgramData\temp:63238B95 < End of report >