kamo502 utworzono 3 lutego 2013 utworzono 3 lutego 2013 (edytowane) Witam Strasznie zamula mi komputer Nie da sie jednoczesnie sluchac muzyki i przegladac internetu. Mozecie sprawdzic czy cos siedzi? Co poprawic? itp. OTL [log]OTL logfile created on: 2013-02-03 20:45:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gocejna\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory | 581,98 Mb Available Physical Memory | 56,86% Memory free 2,40 Gb Paging File | 1,95 Gb Available in Paging File | 81,02% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 7,55 Gb Total Space | 0,67 Gb Free Space | 8,91% Space Free | Partition Type: NTFS Drive D: | 33,15 Gb Total Space | 16,73 Gb Free Space | 50,47% Space Free | Partition Type: NTFS Drive E: | 33,85 Gb Total Space | 31,96 Gb Free Space | 94,42% Space Free | Partition Type: NTFS Drive F: | 42,15 Gb Total Space | 42,08 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Drive G: | 34,17 Gb Total Space | 34,11 Gb Free Space | 99,81% Space Free | Partition Type: NTFS Computer Name: STACJONARNY | User Name: Gocejna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (All) ========== PRC - [2013-02-03 20:44:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gocejna\Pulpit\OTL.exe PRC - [2013-01-19 16:59:00 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013-01-18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2012-11-22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe PRC - [2012-11-22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe PRC - [2012-07-03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2011-02-18 16:30:32 | 007,233,952 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe PRC - [2011-02-18 16:30:26 | 000,428,088 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2009-10-16 18:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2009-10-16 18:45:00 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe PRC - [2009-10-16 18:45:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2009-10-16 18:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2009-10-16 18:45:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2009-10-16 18:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2009-10-16 18:45:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2009-10-16 18:45:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2009-10-16 18:45:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2009-10-16 18:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2009-10-16 18:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2004-12-22 10:09:44 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE ========== Modules (All) ========== MOD - [2013-02-03 20:44:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gocejna\Pulpit\OTL.exe MOD - [2013-01-19 16:59:00 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Java\jre7\bin\msvcr100.dll MOD - [2013-01-19 16:59:00 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe MOD - [2013-01-18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe MOD - [2013-01-18 09:07:02 | 000,460,240 | ---- | M] () -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll MOD - [2013-01-18 09:07:01 | 004,012,496 | ---- | M] () -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\24.0.1312.56\pdf.dll MOD - [2013-01-18 09:06:14 | 009,962,960 | ---- | M] (The ICU Project) -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\24.0.1312.56\icudt.dll MOD - [2013-01-18 09:06:13 | 001,552,848 | ---- | M] () -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll MOD - [2013-01-18 09:06:09 | 042,904,528 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\24.0.1312.56\chrome.dll MOD - [2012-11-24 15:48:41 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\lang.dll MOD - [2012-11-22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe MOD - [2012-11-22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe MOD - [2012-11-22 15:43:54 | 001,122,304 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\PDF Architect\libeay32.dll MOD - [2012-11-22 15:43:54 | 000,299,008 | ---- | M] (The cURL library, http://curl.haxx.se/) -- C:\Program Files\PDF Architect\libcurl.dll MOD - [2012-11-22 15:43:54 | 000,274,432 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\PDF Architect\ssleay32.dll MOD - [2012-10-28 18:32:34 | 000,088,576 | ---- | M] (pdfforge GbR) -- C:\WINDOWS\system32\pdfcmon.dll MOD - [2012-07-03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe MOD - [2012-01-03 08:23:56 | 000,378,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll MOD - [2011-02-18 16:30:32 | 007,233,952 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe MOD - [2011-02-18 16:30:26 | 000,428,088 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe MOD - [2010-12-18 11:02:02 | 000,672,782 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\avformat-52.dll MOD - [2010-12-18 11:02:02 | 000,335,360 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\PCAutoChapterLib.dll MOD - [2010-12-18 11:02:02 | 000,131,086 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\swscale-0.dll MOD - [2010-12-18 11:02:00 | 004,434,958 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\avcodec-52.dll MOD - [2010-12-18 11:02:00 | 000,069,134 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\avutil-50.dll MOD - [2010-12-15 21:22:04 | 000,765,952 | ---- | M] (LIBGD Development Team) -- C:\Program Files\Samsung\AllShare\AllShareDMS\bgd.dll MOD - [2010-12-15 21:22:04 | 000,015,936 | ---- | M] (Un4seen Developments) -- C:\Program Files\Samsung\AllShare\AllShareDMS\basswma.dll MOD - [2010-12-15 21:22:02 | 000,573,440 | ---- | M] (http://www.id3lib.org/) -- C:\Program Files\Samsung\AllShare\AllShareDMS\id3lib.dll MOD - [2010-12-15 21:22:02 | 000,147,456 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\libexpat.dll MOD - [2010-12-15 21:22:02 | 000,098,872 | ---- | M] (Un4seen Developments) -- C:\Program Files\Samsung\AllShare\AllShareDMS\bass.dll MOD - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe MOD - [2009-10-16 18:45:00 | 011,069,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieframe.dll MOD - [2009-10-16 18:45:00 | 008,490,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2009-10-16 18:45:00 | 002,953,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll MOD - [2009-10-16 18:45:00 | 002,843,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msi.dll MOD - [2009-10-16 18:45:00 | 001,986,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll MOD - [2009-10-16 18:45:00 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AcGenral.dll MOD - [2009-10-16 18:45:00 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll MOD - [2009-10-16 18:45:00 | 001,710,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netshell.dll MOD - [2009-10-16 18:45:00 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shdocvw.dll MOD - [2009-10-16 18:45:00 | 001,439,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\query.dll MOD - [2009-10-16 18:45:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2009-10-16 18:45:00 | 001,267,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comsvcs.dll MOD - [2009-10-16 18:45:00 | 001,209,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll MOD - [2009-10-16 18:45:00 | 001,135,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuaueng.dll MOD - [2009-10-16 18:45:00 | 001,106,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msxml3.dll MOD - [2009-10-16 18:45:00 | 001,092,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\esent.dll MOD - [2009-10-16 18:45:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2009-10-16 18:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe MOD - [2009-10-16 18:45:00 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browseui.dll MOD - [2009-10-16 18:45:00 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-10-16 18:45:00 | 001,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msgina.dll MOD - [2009-10-16 18:45:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2009-10-16 18:45:00 | 000,981,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42u.dll MOD - [2009-10-16 18:45:00 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll MOD - [2009-10-16 18:45:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2009-10-16 18:45:00 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2009-10-16 18:45:00 | 000,732,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsasrv.dll MOD - [2009-10-16 18:45:00 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-10-16 18:45:00 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll MOD - [2009-10-16 18:45:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-10-16 18:45:00 | 000,675,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasdlg.dll MOD - [2009-10-16 18:45:00 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dbghelp.dll MOD - [2009-10-16 18:45:00 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netcfgx.dll MOD - [2009-10-16 18:45:00 | 000,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comctl32.dll MOD - [2009-10-16 18:45:00 | 000,602,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll MOD - [2009-10-16 18:45:00 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll MOD - [2009-10-16 18:45:00 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-10-16 18:45:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2009-10-16 18:45:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2009-10-16 18:45:00 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msftedit.dll MOD - [2009-10-16 18:45:00 | 000,531,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcore.dll MOD - [2009-10-16 18:45:00 | 000,520,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptui.dll MOD - [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe MOD - [2009-10-16 18:45:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2009-10-16 18:45:00 | 000,483,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wzcsvc.dll MOD - [2009-10-16 18:45:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-10-16 18:45:00 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\fastprox.dll MOD - [2009-10-16 18:45:00 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvsd.dll MOD - [2009-10-16 18:45:00 | 000,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimgvw.dll MOD - [2009-10-16 18:45:00 | 000,430,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vssapi.dll MOD - [2009-10-16 18:45:00 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtcprx.dll MOD - [2009-10-16 18:45:00 | 000,427,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samsrv.dll MOD - [2009-10-16 18:45:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll MOD - [2009-10-16 18:45:00 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qmgr.dll MOD - [2009-10-16 18:45:00 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll MOD - [2009-10-16 18:45:00 | 000,406,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usp10.dll MOD - [2009-10-16 18:45:00 | 000,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcss.dll MOD - [2009-10-16 18:45:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\themeui.dll MOD - [2009-10-16 18:45:00 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winhttp.dll MOD - [2009-10-16 18:45:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\localspl.dll MOD - [2009-10-16 18:45:00 | 000,346,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hnetcfg.dll MOD - [2009-10-16 18:45:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2009-10-16 18:45:00 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll MOD - [2009-10-16 18:45:00 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cscui.dll MOD - [2009-10-16 18:45:00 | 000,330,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipnathlp.dll MOD - [2009-10-16 18:45:00 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scesrv.dll MOD - [2009-10-16 18:45:00 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kerberos.dll MOD - [2009-10-16 18:45:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2009-10-16 18:45:00 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\termsrv.dll MOD - [2009-10-16 18:45:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2009-10-16 18:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pdh.dll MOD - [2009-10-16 18:45:00 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\portabledeviceapi.dll MOD - [2009-10-16 18:45:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2009-10-16 18:45:00 | 000,273,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemess.dll MOD - [2009-10-16 18:45:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oakley.dll MOD - [2009-10-16 18:45:00 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\h323.tsp MOD - [2009-10-16 18:45:00 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\es.dll MOD - [2009-10-16 18:45:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapisrv.dll MOD - [2009-10-16 18:45:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbc32.dll MOD - [2009-10-16 18:45:00 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\esscli.dll MOD - [2009-10-16 18:45:00 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mswsock.dll MOD - [2009-10-16 18:45:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll MOD - [2009-10-16 18:45:00 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasapi32.dll MOD - [2009-10-16 18:45:00 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\webcheck.dll MOD - [2009-10-16 18:45:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2009-10-16 18:45:00 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcomn.dll MOD - [2009-10-16 18:45:00 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasppp.dll MOD - [2009-10-16 18:45:00 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll MOD - [2009-10-16 18:45:00 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\unimdm.tsp MOD - [2009-10-16 18:45:00 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netman.dll MOD - [2009-10-16 18:45:00 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\certcli.dll MOD - [2009-10-16 18:45:00 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msutb.dll MOD - [2009-10-16 18:45:00 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schedsvc.dll MOD - [2009-10-16 18:45:00 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll MOD - [2009-10-16 18:45:00 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll MOD - [2009-10-16 18:45:00 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasmans.dll MOD - [2009-10-16 18:45:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2009-10-16 18:45:00 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipsecsvc.dll MOD - [2009-10-16 18:45:00 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapi32.dll MOD - [2009-10-16 18:45:00 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winmm.dll MOD - [2009-10-16 18:45:00 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\repdrvfs.dll MOD - [2009-10-16 18:45:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2009-10-16 18:45:00 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wintrust.dll MOD - [2009-10-16 18:45:00 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\w32time.dll MOD - [2009-10-16 18:45:00 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2009-10-16 18:45:00 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srsvc.dll MOD - [2009-10-16 18:45:00 | 000,166,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\portabledevicetypes.dll MOD - [2009-10-16 18:45:00 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\credui.dll MOD - [2009-10-16 18:45:00 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleacc.dll MOD - [2009-10-16 18:45:00 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtcuiu.dll MOD - [2009-10-16 18:45:00 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rastls.dll MOD - [2009-10-16 18:45:00 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll MOD - [2009-10-16 18:45:00 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll MOD - [2009-10-16 18:45:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2009-10-16 18:45:00 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmisvc.dll MOD - [2009-10-16 18:45:00 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprov.dll MOD - [2009-10-16 18:45:00 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\onex.dll MOD - [2009-10-16 18:45:00 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll MOD - [2009-10-16 18:45:00 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll MOD - [2009-10-16 18:45:00 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll MOD - [2009-10-16 18:45:00 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sfc_os.dll MOD - [2009-10-16 18:45:00 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe MOD - [2009-10-16 18:45:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dssenh.dll MOD - [2009-10-16 18:45:00 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll MOD - [2009-10-16 18:45:00 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shsvcs.dll MOD - [2009-10-16 18:45:00 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wkssvc.dll MOD - [2009-10-16 18:45:00 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wpdshserviceobj.dll MOD - [2009-10-16 18:45:00 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\upnp.dll MOD - [2009-10-16 18:45:00 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advpack.dll MOD - [2009-10-16 18:45:00 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappcfg.dll MOD - [2009-10-16 18:45:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe MOD - [2009-10-16 18:45:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dhcpcsvc.dll MOD - [2009-10-16 18:45:00 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll MOD - [2009-10-16 18:45:00 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umpnpmgr.dll MOD - [2009-10-16 18:45:00 | 000,122,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\stobject.dll MOD - [2009-10-16 18:45:00 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2009-10-16 18:45:00 | 000,116,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstlsapi.dll MOD - [2009-10-16 18:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe MOD - [2009-10-16 18:45:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2009-10-16 18:45:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2009-10-16 18:45:00 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32spl.dll MOD - [2009-10-16 18:45:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cscdll.dll MOD - [2009-10-16 18:45:00 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winscard.dll MOD - [2009-10-16 18:45:00 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\loadperf.dll MOD - [2009-10-16 18:45:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiutils.dll MOD - [2009-10-16 18:45:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcint.dll MOD - [2009-10-16 18:45:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\actxprxy.dll MOD - [2009-10-16 18:45:00 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psbase.dll MOD - [2009-10-16 18:45:00 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srvsvc.dll MOD - [2009-10-16 18:45:00 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll MOD - [2009-10-16 18:45:00 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wlnotify.dll MOD - [2009-10-16 18:45:00 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mydocs.dll MOD - [2009-10-16 18:45:00 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\trkwks.dll MOD - [2009-10-16 18:45:00 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiaprpl.dll MOD - [2009-10-16 18:45:00 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mprapi.dll MOD - [2009-10-16 18:45:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2009-10-16 18:45:00 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll MOD - [2009-10-16 18:45:00 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll MOD - [2009-10-16 18:45:00 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscsvc.dll MOD - [2009-10-16 18:45:00 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\raschap.dll MOD - [2009-10-16 18:45:00 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browser.dll MOD - [2009-10-16 18:45:00 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qutil.dll MOD - [2009-10-16 18:45:00 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolss.dll MOD - [2009-10-16 18:45:00 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetpp.dll MOD - [2009-10-16 18:45:00 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mscms.dll MOD - [2009-10-16 18:45:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll MOD - [2009-10-16 18:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2009-10-16 18:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browselc.dll MOD - [2009-10-16 18:45:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll MOD - [2009-10-16 18:45:00 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mtxclu.dll MOD - [2009-10-16 18:45:00 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll MOD - [2009-10-16 18:45:00 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptnet.dll MOD - [2009-10-16 18:45:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2009-10-16 18:45:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptsvc.dll MOD - [2009-10-16 18:45:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\authz.dll MOD - [2009-10-16 18:45:00 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasqec.dll MOD - [2009-10-16 18:45:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasman.dll MOD - [2009-10-16 18:45:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\colbact.dll MOD - [2009-10-16 18:45:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll MOD - [2009-10-16 18:45:00 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll MOD - [2009-10-16 18:45:00 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\resutils.dll MOD - [2009-10-16 18:45:00 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll MOD - [2009-10-16 18:45:00 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll MOD - [2009-10-16 18:45:00 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rastapi.dll MOD - [2009-10-16 18:45:00 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clusapi.dll MOD - [2009-10-16 18:45:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe MOD - [2009-10-16 18:45:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ndptsp.tsp MOD - [2009-10-16 18:45:00 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll MOD - [2009-10-16 18:45:00 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdigest.dll MOD - [2009-10-16 18:45:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll MOD - [2009-10-16 18:45:00 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll MOD - [2009-10-16 18:45:00 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wzcsapi.dll MOD - [2009-10-16 18:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe MOD - [2009-10-16 18:45:00 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regapi.dll MOD - [2009-10-16 18:45:00 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cnbjmon.dll MOD - [2009-10-16 18:45:00 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msprivs.dll MOD - [2009-10-16 18:45:00 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\ncprov.dll MOD - [2009-10-16 18:45:00 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpmon.dll MOD - [2009-10-16 18:45:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll MOD - [2009-10-16 18:45:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll MOD - [2009-10-16 18:45:00 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemsvc.dll MOD - [2009-10-16 18:45:00 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\audiosrv.dll MOD - [2009-10-16 18:45:00 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfctrs.dll MOD - [2009-10-16 18:45:00 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappprxy.dll MOD - [2009-10-16 18:45:00 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sens.dll MOD - [2009-10-16 18:45:00 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AcAdProc.dll MOD - [2009-10-16 18:45:00 | 000,038,400 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll MOD - [2009-10-16 18:45:00 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ncobjapi.dll MOD - [2009-10-16 18:45:00 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfproc.dll MOD - [2009-10-16 18:45:00 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ssdpapi.dll MOD - [2009-10-16 18:45:00 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pstorsvc.dll MOD - [2009-10-16 18:45:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kmddsp.tsp MOD - [2009-10-16 18:45:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptdll.dll MOD - [2009-10-16 18:45:00 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winipsec.dll MOD - [2009-10-16 18:45:00 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\traffic.dll MOD - [2009-10-16 18:45:00 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eapolqec.dll MOD - [2009-10-16 18:45:00 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hidphone.tsp MOD - [2009-10-16 18:45:00 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspatcha.dll MOD - [2009-10-16 18:45:00 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\batmeter.dll MOD - [2009-10-16 18:45:00 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\profmap.dll MOD - [2009-10-16 18:45:00 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfdisk.dll MOD - [2009-10-16 18:45:00 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vdmdbg.dll MOD - [2009-10-16 18:45:00 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\utildll.dll MOD - [2009-10-16 18:45:00 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3api.dll MOD - [2009-10-16 18:45:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll MOD - [2009-10-16 18:45:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shfolder.dll MOD - [2009-10-16 18:45:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfos.dll MOD - [2009-10-16 18:45:00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcbcp.dll MOD - [2009-10-16 18:45:00 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll MOD - [2009-10-16 18:45:00 | 000,024,064 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\system32\dmserver.dll MOD - [2009-10-16 18:45:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll MOD - [2009-10-16 18:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2009-10-16 18:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ersvc.dll MOD - [2009-10-16 18:45:00 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lpk.dll MOD - [2009-10-16 18:45:00 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.drv MOD - [2009-10-16 18:45:00 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll MOD - [2009-10-16 18:45:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll MOD - [2009-10-16 18:45:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll MOD - [2009-10-16 18:45:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wshtcpip.dll MOD - [2009-10-16 18:45:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dimsntfy.dll MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemprox.dll MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\seclogon.dll MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qmgrprxy.dll MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\midimap.dll MOD - [2009-10-16 18:45:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll MOD - [2009-10-16 18:45:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\nddeapi.dll MOD - [2009-10-16 18:45:00 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfnet.dll MOD - [2009-10-16 18:45:00 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\powrprof.dll MOD - [2009-10-16 18:45:00 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipconf.tsp MOD - [2009-10-16 18:45:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winrnr.dll MOD - [2009-10-16 18:45:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usbmon.dll MOD - [2009-10-16 18:45:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pjlmon.dll MOD - [2009-10-16 18:45:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe MOD - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe MOD - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll MOD - [2009-10-16 18:45:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe MOD - [2009-10-16 18:45:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uniplat.dll MOD - [2009-10-16 18:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe MOD - [2009-10-16 18:45:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasctrs.dll MOD - [2009-10-16 18:45:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfts.dll MOD - [2009-10-16 18:45:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll MOD - [2009-10-16 18:45:00 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\icaapi.dll MOD - [2009-10-16 18:45:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pschdprf.dll MOD - [2009-10-16 18:45:00 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsvpperf.dll MOD - [2009-10-16 18:45:00 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3dlg.dll MOD - [2009-10-16 18:45:00 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlsapi.dll MOD - [2009-10-16 18:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasadhlp.dll MOD - [2009-10-16 18:45:00 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapres.dll MOD - [2009-10-16 18:45:00 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sensapi.dll MOD - [2009-10-16 18:45:00 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\bitsprx4.dll MOD - [2009-10-16 18:45:00 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauserv.dll MOD - [2009-10-16 18:45:00 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msidle.dll MOD - [2009-10-16 18:45:00 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wmi.dll MOD - [2009-10-16 18:45:00 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapiperf.dll MOD - [2009-10-16 18:45:00 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sfc.dll MOD - [2009-10-16 18:45:00 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msimg32.dll MOD - [2009-02-27 19:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL MOD - [2008-07-25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll MOD - [2008-07-25 11:17:02 | 000,088,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll MOD - [2008-07-25 11:17:02 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netfxperf.dll MOD - [2008-07-25 11:17:00 | 000,089,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll MOD - [2008-07-25 11:16:58 | 005,815,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MOD - [2008-07-25 11:16:58 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mscoree.dll MOD - [2008-07-25 11:16:40 | 000,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll MOD - [2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll MOD - [2008-04-14 19:51:58 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdmaud.drv MOD - [2004-12-22 10:09:44 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013-01-19 16:59:00 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012-11-22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012-11-22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012-01-05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2011-02-18 16:30:32 | 007,233,952 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe -- (SamsungAllShare) SRV - [2011-02-18 16:30:22 | 000,022,464 | ---- | M] (Samsung Electronics) [Auto | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (akoxdk9c) DRV - [2013-01-09 16:48:33 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2012-06-03 09:45:50 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-10-16 18:45:00 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Si3132r5.sys -- (Si3132r5) DRV - [2009-10-16 18:45:00 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Si3531.sys -- (Si3531) DRV - [2009-10-16 18:45:00 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5) DRV - [2009-10-16 18:45:00 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3132.sys -- (Si3132) DRV - [2009-10-16 18:45:00 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3124.sys -- (Si3124) DRV - [2009-10-16 18:45:00 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112) DRV - [2009-03-15 13:17:02 | 000,014,720 | ---- | M] (SUPERAL Semiconductor, Inc. Co Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sr9usb.sys -- (SR9USB) DRV - [2008-04-13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-13 21:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2005-05-03 10:31:56 | 000,045,056 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AGPKX.SYS -- (uliagpkx) DRV - [2005-03-09 14:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004-12-22 10:07:12 | 002,304,320 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2004-12-02 09:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004-12-01 03:49:18 | 000,051,840 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\m5289.sys -- (m5289) DRV - [2002-09-16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10014&barid={AEE0A315-4391-11E2-BB2C-8E041AF50470} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10014&barid={AEE0A315-4391-11E2-BB2C-8E041AF50470} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10014&barid={AEE0A315-4391-11E2-BB2C-8E041AF50470} IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10014&barid={AEE0A315-4391-11E2-BB2C-8E041AF50470} IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012-11-29 13:33:31 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.google.pl/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.pl/ CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Photo Zoom for Facebook = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\ CHR - Extension: AdBlock = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\ CHR - Extension: Gmail = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Photo Zoom for Facebook = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\ CHR - Extension: AdBlock = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\ CHR - Extension: Gmail = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009-10-16 18:45:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435B20D0-D2F4-42CB-8CC0-32E2BCDF7E51}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-10-01 19:08:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig - StartUpReg: ALi5289 - hkey= - key= - C:\Program Files\ULI5289\ALi5289.exe (ALi Corporation) MsConfig - StartUpReg: AllShareAgent - hkey= - key= - C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung) MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) MsConfig - StartUpReg: Sweetpacks Communicator - hkey= - key= - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ========== Files/Folders - Created Within 60 Days ========== [2013-02-03 20:44:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gocejna\Pulpit\OTL.exe [2013-01-30 22:03:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gocejna\Recent [2013-01-26 12:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Help [2013-01-26 12:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Dane aplikacji\Help [2013-01-26 12:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PowerQuest PartitionMagic 8.0 [2013-01-26 12:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest [2013-01-19 17:04:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2013-01-19 17:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Sun [2013-01-19 17:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2013-01-19 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013-01-19 16:59:36 | 000,859,552 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013-01-19 16:59:36 | 000,780,192 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013-01-19 16:59:36 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013-01-19 16:59:36 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013-01-19 16:59:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013-01-19 16:59:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013-01-19 16:59:15 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013-01-19 16:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013-01-19 16:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Dane aplikacji\Sun [2013-01-19 16:56:56 | 000,895,904 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Gocejna\Pulpit\chromeinstall-7u11.exe [2013-01-10 23:19:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gocejna\Menu Start\Programy\Narzędzia administracyjne [2013-01-09 18:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013-01-09 17:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Dane aplikacji\Canneverbe Limited [2013-01-09 17:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2013-01-09 17:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2013-01-09 16:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Alcohol 52% [2013-01-09 16:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft [2013-01-09 16:48:33 | 000,466,008 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2012-12-16 21:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Pulpit\Eagle -podrecznik [2012-12-16 16:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner [2012-12-16 16:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012-12-11 13:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2012-12-11 13:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SweetIM [2012-12-11 13:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Pazera Free MP4 to AVI Converter [2012-12-11 13:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\pazera-software [2012-12-11 13:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Dane aplikacji\Media Player Classic [2012-12-11 13:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\SubEdit-Player [2012-12-11 13:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\SubEdit-Player [2012-12-11 13:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ffdshow [2012-12-11 13:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow [2012-12-09 23:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\EAGLE Layout Editor 6.1.0 [2012-12-09 23:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-6.1.0 [2012-12-09 23:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-5.8.0 [2012-12-09 23:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Moje dokumenty\Downloads [2012-12-09 23:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Moje dokumenty\eagle [2012-12-09 23:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Dane aplikacji\CadSoft [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2013-02-03 20:46:05 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\RSIT.exe [2013-02-03 20:44:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gocejna\Pulpit\OTL.exe [2013-02-03 20:44:04 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1284227242-1801674531-1003UA.job [2013-02-03 20:35:22 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1284227242-1801674531-1003Core.job [2013-02-03 19:53:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-02-03 19:53:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-02-03 19:53:30 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys [2013-01-29 15:01:22 | 000,075,597 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\cena.JPG [2013-01-29 14:10:49 | 000,030,568 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\jak2.jpg [2013-01-28 16:43:36 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-01-27 12:35:26 | 000,002,318 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\Google Chrome.lnk [2013-01-22 13:15:40 | 000,068,942 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\279316970-7.jpg [2013-01-22 12:57:31 | 000,022,027 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\przekaznik-przerywacza-pracy-wycieraczek-hella.jpg [2013-01-22 12:55:41 | 000,052,261 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\1.JPG [2013-01-19 16:59:01 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013-01-19 16:58:59 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013-01-19 16:58:59 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013-01-19 16:58:59 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013-01-19 16:58:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013-01-19 16:58:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013-01-19 16:58:59 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013-01-19 16:56:58 | 000,895,904 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Gocejna\Pulpit\chromeinstall-7u11.exe [2013-01-15 17:36:29 | 000,067,276 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\srrsr.JPG [2013-01-09 17:21:54 | 000,000,221 | ---- | M] () -- C:\Documents and Settings\Gocejna\Moje dokumenty\ax_files.xml [2012-12-16 20:59:19 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-12-16 16:24:57 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [2012-12-16 16:19:57 | 033,948,218 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\Elektronika Latwiejsza Niz przypuszczasz - Dieter Nuhrmann.pdf [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013-02-03 20:46:05 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\RSIT.exe [2013-01-29 15:01:22 | 000,075,597 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\cena.JPG [2013-01-29 14:10:48 | 000,030,568 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\jak2.jpg [2013-01-28 16:43:36 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-01-22 13:15:40 | 000,068,942 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\279316970-7.jpg [2013-01-22 12:55:41 | 000,052,261 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\1.JPG [2013-01-22 12:52:56 | 000,022,027 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\przekaznik-przerywacza-pracy-wycieraczek-hella.jpg [2013-01-15 17:36:29 | 000,067,276 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\srrsr.JPG [2013-01-09 17:24:21 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\CDBurnerXP.lnk [2013-01-09 17:24:20 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2013-01-09 17:20:41 | 000,000,221 | ---- | C] () -- C:\Documents and Settings\Gocejna\Moje dokumenty\ax_files.xml [2012-12-16 16:24:57 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [2012-12-16 16:13:47 | 033,948,218 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\Elektronika Latwiejsza Niz przypuszczasz - Dieter Nuhrmann.pdf [2012-12-11 13:32:06 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012-11-24 15:55:30 | 000,065,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2012-11-20 22:26:07 | 000,072,192 | ---- | C] () -- C:\WINDOWS\unlite3.exe [2012-10-01 20:57:56 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012-10-01 20:55:09 | 000,096,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-10-01 19:24:39 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2012-10-01 19:24:33 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2012-10-01 19:24:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012-10-01 19:23:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\unM5289.exe [2012-10-01 19:23:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\UnAGP.exe [2012-10-01 19:11:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012-10-01 19:04:24 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012-11-24 15:53:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009-10-16 18:45:00 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-10-16 18:45:00 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2009-10-16 18:45:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013-01-09 17:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2013-01-10 22:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SweetIM [2012-11-29 13:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gocejna\Dane aplikacji\APP_NAME_NON_STRING [2012-12-09 23:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gocejna\Dane aplikacji\CadSoft [2013-01-09 17:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gocejna\Dane aplikacji\Canneverbe Limited [2012-11-24 16:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gocejna\Dane aplikacji\GHISLER [2012-11-29 13:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gocejna\Dane aplikacji\PDF Architect [2012-11-29 13:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gocejna\Dane aplikacji\pdfforge [2012-11-24 15:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gocejna\Dane aplikacji\Samsung ========== Purity Check ========== ========== Custom Scans ========== < %systemdrive%\*.* > [2012-10-01 19:08:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2012-11-29 12:42:48 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2009-10-16 18:45:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2012-10-01 19:08:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2013-02-03 19:53:30 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys [2012-10-01 19:08:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012-10-01 19:08:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-10-16 18:45:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-10-16 18:45:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2013-02-03 19:53:30 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys < MD5 for: AGP440.SYS > [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys < MD5 for: ATAPI.SYS > [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: BEEP.SYS > [2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys < MD5 for: CDROM.SYS > [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2009-10-16 18:45:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys < MD5 for: EVENTLOG.DLL > [2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NDIS.SYS > [2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys < MD5 for: WINLOGON.EXE > [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] Extras [log] OTL Extras logfile created on: 2013-02-03 20:45:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gocejna\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory | 581,98 Mb Available Physical Memory | 56,86% Memory free 2,40 Gb Paging File | 1,95 Gb Available in Paging File | 81,02% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 7,55 Gb Total Space | 0,67 Gb Free Space | 8,91% Space Free | Partition Type: NTFS Drive D: | 33,15 Gb Total Space | 16,73 Gb Free Space | 50,47% Space Free | Partition Type: NTFS Drive E: | 33,85 Gb Total Space | 31,96 Gb Free Space | 94,42% Space Free | Partition Type: NTFS Drive F: | 42,15 Gb Total Space | 42,08 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Drive G: | 34,17 Gb Total Space | 34,11 Gb Free Space | 99,81% Space Free | Partition Type: NTFS Computer Name: STACJONARNY | User Name: Gocejna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-1757981266-1284227242-1801674531-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML.Z4NCB5CK62GCWQFKVNWFOI55CU] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe" = C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe:*:Enabled:SimpleSlideShowServer -- (Samsung Electronics) "C:\Program Files\Samsung\AllShare\AllShare.exe" = C:\Program Files\Samsung\AllShare\AllShare.exe:*:Enabled:SamsungAllSharePCSW -- (Samsung Electronics Co., Ltd.) "C:\Program Files\Samsung\AllShare\AllShareAgent.exe" = C:\Program Files\Samsung\AllShare\AllShareAgent.exe:*:Enabled:SamsungAllShareAgent -- (Samsung) "C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe" = C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe:*:Enabled:SamsungAllShareServer -- () "C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe" = C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe:*:Enabled:SamsungAllShareHttpServer -- () "C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit -- (Ghisler Software GmbH) "C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation) "C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11 "{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver "{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller "{9B3D7519-F678-49A4-B7D9-A7F56471C6EC}" = SR9600 Driver "{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.0 - Polish "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1 "{EC16B64A-38A7-4D7D-BA2E-671ED441304F}" = ULi PCI to AGP Controller Driver "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "Cascade DTP V4_is1" = Cascade DTP V4 "CCleaner" = CCleaner "EAGLE 6.1.0" = EAGLE 6.1.0 "ESET Online Scanner" = ESET Online Scanner v3 "ffdshow_is1" = ffdshow v1.2.4494 [2012-11-28] "InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 "InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare "Knights and Merchants TPR" = Knights and Merchants TPR "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "SubEdit-Player_is1" = SubEdit-Player "TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0) "Totalcmd" = Total Commander (Remove or Repair) "ULi M5289 SATA Controller Driver" = ULi M5289 SATA Controller Driver "WinRAR archiver" = WinRAR 4.20 (32-bitowy) "Yenka" = Yenka ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1757981266-1284227242-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-01-26 07:14:56 | Computer Name = STACJONARNY | Source = MsiInstaller | ID = 1013 Description = Product: PartitionMagic -- 1: This installation can not be run by directly launching the MSI package; you must run setup.exe. Error - 2013-01-27 07:05:39 | Computer Name = STACJONARNY | Source = Service1 | ID = 0 Description = Service cannot be started. System.IndexOutOfRangeException: Index was outside the bounds of the array. at AllShareSlideShowService.SlideShowService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 2013-01-27 16:13:17 | Computer Name = STACJONARNY | Source = Service1 | ID = 0 Description = Service cannot be started. System.IndexOutOfRangeException: Index was outside the bounds of the array. at AllShareSlideShowService.SlideShowService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 2013-01-28 09:23:31 | Computer Name = STACJONARNY | Source = Service1 | ID = 0 Description = Service cannot be started. System.IndexOutOfRangeException: Index was outside the bounds of the array. at AllShareSlideShowService.SlideShowService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 2013-01-28 11:41:36 | Computer Name = STACJONARNY | Source = Service1 | ID = 0 Description = Service cannot be started. System.IndexOutOfRangeException: Index was outside the bounds of the array. at AllShareSlideShowService.SlideShowService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 2013-01-29 08:49:33 | Computer Name = STACJONARNY | Source = Service1 | ID = 0 Description = Service cannot be started. System.IndexOutOfRangeException: Index was outside the bounds of the array. at AllShareSlideShowService.SlideShowService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 2013-01-29 15:04:26 | Computer Name = STACJONARNY | Source = Service1 | ID = 0 Description = Service cannot be started. System.IndexOutOfRangeException: Index was outside the bounds of the array. at AllShareSlideShowService.SlideShowService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 2013-01-30 17:02:47 | Computer Name = STACJONARNY | Source = Service1 | ID = 0 Description = Service cannot be started. System.IndexOutOfRangeException: Index was outside the bounds of the array. at AllShareSlideShowService.SlideShowService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 2013-01-31 09:11:37 | Computer Name = STACJONARNY | Source = Service1 | ID = 0 Description = Service cannot be started. System.IndexOutOfRangeException: Index was outside the bounds of the array. at AllShareSlideShowService.SlideShowService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 2013-02-03 14:53:40 | Computer Name = STACJONARNY | Source = Service1 | ID = 0 Description = Service cannot be started. System.IndexOutOfRangeException: Index was outside the bounds of the array. at AllShareSlideShowService.SlideShowService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) [ System Events ] Error - 2012-12-09 08:10:08 | Computer Name = STACJONARNY | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.4 dla karty sieciowej o adresie A0001350A343 został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-12-09 08:13:48 | Computer Name = STACJONARNY | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.3 dla karty sieciowej o adresie A0001350A343 został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-12-09 18:28:51 | Computer Name = STACJONARNY | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.2 dla karty sieciowej o adresie A0001350A343 został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-12-11 08:05:35 | Computer Name = STACJONARNY | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.2 dla karty sieciowej o adresie A0001350A343 został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-12-11 16:21:07 | Computer Name = STACJONARNY | Source = BROWSER | ID = 8032 Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{435B20D0-D2F4-42CB-8CC0-32E2BCDF7E51}. Przeglądarka zapasowa jest zatrzymywana. Error - 2012-12-24 17:32:00 | Computer Name = STACJONARNY | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.8 dla karty sieciowej o adresie A0001350A343 został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-12-28 09:15:58 | Computer Name = STACJONARNY | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.9 dla karty sieciowej o adresie A000A000A343 został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-12-30 18:06:40 | Computer Name = STACJONARNY | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.10 dla karty sieciowej o adresie A0001350A343 został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2013-01-04 13:42:11 | Computer Name = STACJONARNY | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.9 dla karty sieciowej o adresie A000A000A343 został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2013-01-05 08:54:58 | Computer Name = STACJONARNY | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.9 dla karty sieciowej o adresie A0001350A343 został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). < End of report > [/log] RSIT [log] Logfile of random's system information tool 1.09 (written by random/random) Run by Gocejna at 2013-02-03 20:48:37 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 689 MB (9%) free of 8 GB Total RAM: 1023 MB (73% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:48:42, on 2013-02-03 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\PDF Architect\HelperService.exe C:\Program Files\PDF Architect\ConversionService.exe C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Gocejna\Pulpit\RSIT.exe C:\Program Files\trend micro\Gocejna.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10014&barid={AEE0A315-4391-11E2-BB2C-8E041AF50470} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10014&barid={AEE0A315-4391-11E2-BB2C-8E041AF50470} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files\PDF Architect\HelperService.exe O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files\PDF Architect\ConversionService.exe O23 - Service: Samsung AllShare PC Service (SamsungAllShare) - Unknown owner - C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe O23 - Service: SimpleSlideShowServer - Samsung Electronics - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- End of file - 5560 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1284227242-1801674531-1003Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1284227242-1801674531-1003UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}] PDF Architect Helper - C:\Program Files\PDF Architect\PDFIEHelper.dll [2012-11-22 91784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-19 461216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-19 170912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] SweetPacks Browser Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {25A3A431-30BB-47C8-AD6A-E1063801134F} - PDF Architect Toolbar - C:\Program Files\PDF Architect\PDFIEPlugin.dll [2012-11-22 731784] {EEE6C35B-6118-11DC-9C72-001320C79847} - SweetPacks Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-10-16 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-01-05 75624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289] C:\Program Files\ULI5289\ALi5289.exe [2005-03-10 405504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe [2011-02-18 250768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-10-16 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-10-01 116648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe [2012-10-04 115032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [2012-08-15 231768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-10-16 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe"="C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe:*:Enabled:SimpleSlideShowServer" "C:\Program Files\Samsung\AllShare\AllShare.exe"="C:\Program Files\Samsung\AllShare\AllShare.exe:*:Enabled:SamsungAllSharePCSW" "C:\Program Files\Samsung\AllShare\AllShareAgent.exe"="C:\Program Files\Samsung\AllShare\AllShareAgent.exe:*:Enabled:SamsungAllShareAgent" "C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe"="C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe:*:Enabled:SamsungAllShareServer" "C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe"="C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe:*:Enabled:SamsungAllShareHttpServer" "C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit" "C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup" "C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe"="C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv ======List of files/folders created in the last 1 month====== 2013-02-03 20:48:38 ----D---- C:\Program Files\trend micro 2013-02-03 20:48:37 ----D---- C:\rsit 2013-01-26 12:25:42 ----D---- C:\Documents and Settings\Gocejna\Dane aplikacji\Help 2013-01-26 12:15:45 ----D---- C:\Program Files\PowerQuest 2013-01-19 17:04:28 ----D---- C:\WINDOWS\Sun 2013-01-19 17:00:16 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sun 2013-01-19 17:00:15 ----D---- C:\Program Files\Common Files\Java 2013-01-19 16:59:36 ----A---- C:\WINDOWS\system32\npDeployJava1.dll 2013-01-19 16:59:36 ----A---- C:\WINDOWS\system32\javaws.exe 2013-01-19 16:59:36 ----A---- C:\WINDOWS\system32\deployJava1.dll 2013-01-19 16:59:15 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-01-19 16:59:15 ----A---- C:\WINDOWS\system32\javaw.exe 2013-01-19 16:59:15 ----A---- C:\WINDOWS\system32\java.exe 2013-01-19 16:58:54 ----D---- C:\Program Files\Java 2013-01-19 16:57:01 ----D---- C:\Documents and Settings\Gocejna\Dane aplikacji\Sun 2013-01-09 18:34:00 ----D---- C:\Program Files\ESET 2013-01-09 17:24:29 ----D---- C:\Documents and Settings\Gocejna\Dane aplikacji\Canneverbe Limited 2013-01-09 17:24:29 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited 2013-01-09 17:24:20 ----A---- C:\WINDOWS\system32\drivers\StarOpen.sys 2013-01-09 17:24:19 ----D---- C:\Program Files\CDBurnerXP 2013-01-09 16:49:37 ----D---- C:\Program Files\Alcohol Soft 2013-01-09 16:48:33 ----A---- C:\WINDOWS\system32\drivers\sptd.sys ======List of files/folders modified in the last 1 month====== 2013-02-03 20:48:38 ----RD---- C:\Program Files 2013-02-03 20:48:27 ----D---- C:\WINDOWS\Prefetch 2013-02-03 19:53:51 ----D---- C:\WINDOWS\Temp 2013-01-31 19:34:09 ----A---- C:\WINDOWS\SchedLgU.Txt 2013-01-31 14:11:45 ----D---- C:\WINDOWS 2013-01-26 12:25:51 ----D---- C:\WINDOWS\Help 2013-01-26 12:15:55 ----HD---- C:\Program Files\InstallShield Installation Information 2013-01-26 12:15:48 ----SHD---- C:\WINDOWS\Installer 2013-01-26 12:15:46 ----D---- C:\WINDOWS\system32\drivers 2013-01-26 12:15:46 ----D---- C:\WINDOWS\system32 2013-01-26 12:15:05 ----D---- C:\Program Files\Common Files\InstallShield 2013-01-23 20:58:21 ----D---- C:\WINDOWS\Network Diagnostic 2013-01-19 17:00:15 ----D---- C:\Program Files\Common Files 2013-01-15 09:36:49 ----D---- C:\WINDOWS\system32\CatRoot2 2013-01-10 22:27:12 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\SweetIM 2013-01-09 17:29:10 ----SD---- C:\Documents and Settings\Gocejna\Dane aplikacji\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 m5289;m5289; C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 51840] R0 Si3112;Si3112; C:\WINDOWS\system32\drivers\Si3112.sys [2009-10-16 62336] R0 Si3124;Si3124; C:\WINDOWS\system32\drivers\Si3124.sys [2009-10-16 69248] R0 Si3132;Si3132; C:\WINDOWS\system32\drivers\Si3132.sys [2009-10-16 74672] R0 Si3132r5;Si3132r5; C:\WINDOWS\system32\drivers\Si3132r5.sys [2009-10-16 215856] R0 Si3531;Si3531; C:\WINDOWS\system32\drivers\Si3531.sys [2009-10-16 212520] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2013-01-09 466008] R0 uliagpkx;ULi AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 45056] R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2009-10-16 10368] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-10-16 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408] R3 SR9USB;SR9600 USB To Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\sr9usb.sys [2009-03-15 14720] S0 Si3114r5;Si3114r5; C:\WINDOWS\system32\drivers\Si3114r5.sys [2009-10-16 195072] S3 akoxdk9c;akoxdk9c; C:\WINDOWS\system32\drivers\akoxdk9c.sys [] S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-12-02 70912] S3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-10-16 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-10-16 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-01-19 170912] R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [2012-11-22 1522312] R2 PDF Architect Service;PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [2012-11-22 905864] R2 SamsungAllShare;Samsung AllShare PC Service; C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [2011-02-18 7233952] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688] S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-01-05 75624] S2 SimpleSlideShowServer;SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [2011-02-18 22464] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-10-16 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- [/log] INFO RSIT [log] Logfile of random's system information tool 1.09 (written by random/random) Run by Gocejna at 2013-02-03 20:48:37 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 689 MB (9%) free of 8 GB Total RAM: 1023 MB (73% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:48:42, on 2013-02-03 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\PDF Architect\HelperService.exe C:\Program Files\PDF Architect\ConversionService.exe C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Gocejna\Pulpit\RSIT.exe C:\Program Files\trend micro\Gocejna.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10014&barid={AEE0A315-4391-11E2-BB2C-8E041AF50470} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10014&barid={AEE0A315-4391-11E2-BB2C-8E041AF50470} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files\PDF Architect\HelperService.exe O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files\PDF Architect\ConversionService.exe O23 - Service: Samsung AllShare PC Service (SamsungAllShare) - Unknown owner - C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe O23 - Service: SimpleSlideShowServer - Samsung Electronics - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- End of file - 5560 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1284227242-1801674531-1003Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1284227242-1801674531-1003UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}] PDF Architect Helper - C:\Program Files\PDF Architect\PDFIEHelper.dll [2012-11-22 91784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-19 461216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-19 170912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] SweetPacks Browser Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {25A3A431-30BB-47C8-AD6A-E1063801134F} - PDF Architect Toolbar - C:\Program Files\PDF Architect\PDFIEPlugin.dll [2012-11-22 731784] {EEE6C35B-6118-11DC-9C72-001320C79847} - SweetPacks Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-10-16 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-01-05 75624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289] C:\Program Files\ULI5289\ALi5289.exe [2005-03-10 405504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe [2011-02-18 250768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-10-16 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-10-01 116648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe [2012-10-04 115032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [2012-08-15 231768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-10-16 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe"="C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe:*:Enabled:SimpleSlideShowServer" "C:\Program Files\Samsung\AllShare\AllShare.exe"="C:\Program Files\Samsung\AllShare\AllShare.exe:*:Enabled:SamsungAllSharePCSW" "C:\Program Files\Samsung\AllShare\AllShareAgent.exe"="C:\Program Files\Samsung\AllShare\AllShareAgent.exe:*:Enabled:SamsungAllShareAgent" "C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe"="C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe:*:Enabled:SamsungAllShareServer" "C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe"="C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe:*:Enabled:SamsungAllShareHttpServer" "C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit" "C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup" "C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe"="C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv ======List of files/folders created in the last 1 month====== 2013-02-03 20:48:38 ----D---- C:\Program Files\trend micro 2013-02-03 20:48:37 ----D---- C:\rsit 2013-01-26 12:25:42 ----D---- C:\Documents and Settings\Gocejna\Dane aplikacji\Help 2013-01-26 12:15:45 ----D---- C:\Program Files\PowerQuest 2013-01-19 17:04:28 ----D---- C:\WINDOWS\Sun 2013-01-19 17:00:16 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sun 2013-01-19 17:00:15 ----D---- C:\Program Files\Common Files\Java 2013-01-19 16:59:36 ----A---- C:\WINDOWS\system32\npDeployJava1.dll 2013-01-19 16:59:36 ----A---- C:\WINDOWS\system32\javaws.exe 2013-01-19 16:59:36 ----A---- C:\WINDOWS\system32\deployJava1.dll 2013-01-19 16:59:15 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-01-19 16:59:15 ----A---- C:\WINDOWS\system32\javaw.exe 2013-01-19 16:59:15 ----A---- C:\WINDOWS\system32\java.exe 2013-01-19 16:58:54 ----D---- C:\Program Files\Java 2013-01-19 16:57:01 ----D---- C:\Documents and Settings\Gocejna\Dane aplikacji\Sun 2013-01-09 18:34:00 ----D---- C:\Program Files\ESET 2013-01-09 17:24:29 ----D---- C:\Documents and Settings\Gocejna\Dane aplikacji\Canneverbe Limited 2013-01-09 17:24:29 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited 2013-01-09 17:24:20 ----A---- C:\WINDOWS\system32\drivers\StarOpen.sys 2013-01-09 17:24:19 ----D---- C:\Program Files\CDBurnerXP 2013-01-09 16:49:37 ----D---- C:\Program Files\Alcohol Soft 2013-01-09 16:48:33 ----A---- C:\WINDOWS\system32\drivers\sptd.sys ======List of files/folders modified in the last 1 month====== 2013-02-03 20:48:38 ----RD---- C:\Program Files 2013-02-03 20:48:27 ----D---- C:\WINDOWS\Prefetch 2013-02-03 19:53:51 ----D---- C:\WINDOWS\Temp 2013-01-31 19:34:09 ----A---- C:\WINDOWS\SchedLgU.Txt 2013-01-31 14:11:45 ----D---- C:\WINDOWS 2013-01-26 12:25:51 ----D---- C:\WINDOWS\Help 2013-01-26 12:15:55 ----HD---- C:\Program Files\InstallShield Installation Information 2013-01-26 12:15:48 ----SHD---- C:\WINDOWS\Installer 2013-01-26 12:15:46 ----D---- C:\WINDOWS\system32\drivers 2013-01-26 12:15:46 ----D---- C:\WINDOWS\system32 2013-01-26 12:15:05 ----D---- C:\Program Files\Common Files\InstallShield 2013-01-23 20:58:21 ----D---- C:\WINDOWS\Network Diagnostic 2013-01-19 17:00:15 ----D---- C:\Program Files\Common Files 2013-01-15 09:36:49 ----D---- C:\WINDOWS\system32\CatRoot2 2013-01-10 22:27:12 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\SweetIM 2013-01-09 17:29:10 ----SD---- C:\Documents and Settings\Gocejna\Dane aplikacji\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 m5289;m5289; C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 51840] R0 Si3112;Si3112; C:\WINDOWS\system32\drivers\Si3112.sys [2009-10-16 62336] R0 Si3124;Si3124; C:\WINDOWS\system32\drivers\Si3124.sys [2009-10-16 69248] R0 Si3132;Si3132; C:\WINDOWS\system32\drivers\Si3132.sys [2009-10-16 74672] R0 Si3132r5;Si3132r5; C:\WINDOWS\system32\drivers\Si3132r5.sys [2009-10-16 215856] R0 Si3531;Si3531; C:\WINDOWS\system32\drivers\Si3531.sys [2009-10-16 212520] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2013-01-09 466008] R0 uliagpkx;ULi AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 45056] R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2009-10-16 10368] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-10-16 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408] R3 SR9USB;SR9600 USB To Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\sr9usb.sys [2009-03-15 14720] S0 Si3114r5;Si3114r5; C:\WINDOWS\system32\drivers\Si3114r5.sys [2009-10-16 195072] S3 akoxdk9c;akoxdk9c; C:\WINDOWS\system32\drivers\akoxdk9c.sys [] S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-12-02 70912] S3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-10-16 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-10-16 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-01-19 170912] R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [2012-11-22 1522312] R2 PDF Architect Service;PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [2012-11-22 905864] R2 SamsungAllShare;Samsung AllShare PC Service; C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [2011-02-18 7233952] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688] S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-01-05 75624] S2 SimpleSlideShowServer;SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [2011-02-18 22464] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-10-16 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- [/log] Z gory dziekuje :)
Natsuki Kuga komentarz 4 lutego 2013 komentarz 4 lutego 2013 1. Do OTL w sekcję Własne opcje skanowania/skrypt wklej: [spoiler] :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....C-8E041AF50470} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...C-8E041AF50470} IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....C-8E041AF50470} IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...C-8E041AF50470} O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) :Reg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] [/spoiler] Kliknij Wykonaj skrypt, pokaż raport.2. Uruchom AdwCleaner z opcji Usuń. Pokaż raport.3. Do SystemLook wklej: [spoiler] :service akoxdk9c :file C:\WINDOWS\system32\drivers\akoxdk9c.sys [/spoiler]Look, pokaż raport.4. Uaktualnij podaną pozycję do najnowszej wersji: Adobe Reader 9.5.0 - Polish Adobe Reader 11: http://www.adobe.com/support/downloads/detail.jsp?ftpID=5507 5. Pokaż nowe logi z OTL oraz log z Gmer (w przyklejonych). 1
kamo502 komentarz 4 lutego 2013 Autor komentarz 4 lutego 2013 1. Log ze skryptu [log] ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-1757981266-1284227242-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found. File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll not found. Registry key HKEY_USERS\S-1-5-21-1757981266-1284227242-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-1757981266-1284227242-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found. File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. Registry value HKEY_USERS\S-1-5-21-1757981266-1284227242-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ deleted successfully. OTL by OldTimer - Version 3.2.69.0 log created on 02042013_220922 [/log] 2. AdW [log] [spoiler] # AdwCleaner v2.110 - Log utworzony 04/02/2013 o 22:10:05 # Aktualizacja 03/02/2013 przez Xplode # System operacyjny : Microsoft Windows XP Dodatek Service Pack 3 (32 bits) # Użytkownik : Gocejna - STACJONARNY # Tryb uruchomienia : Normalny # Ścieżka : C:\Documents and Settings\Gocejna\Pulpit\adwcleaner.exe # Opcja [Usuń] ***** [Usługi] ***** ***** [Pliki / Foldery] ***** Folder Usunięto : C:\Documents and Settings\Gocejna\Dane aplikacji\pdfforge Folder Usunięto : C:\WINDOWS\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Folder Usunięto : C:\WINDOWS\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} ***** [Rejestr] ***** Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Klucz Usunięto : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3 Klucz Usunięto : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B Klucz Usunięto : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B Klucz Usunięto : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3 Klucz Usunięto : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B Klucz Usunięto : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Klucz Usunięto : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Klucz Usunięto : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Klucz Usunięto : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} ***** [Przeglądarki Internetowe] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Rejestr w porządku. -\\ Google Chrome v24.0.1312.57 Plik : C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences [OK] Plik w porządku. ************************* AdwCleaner[S1].txt - [14948 octets] - [04/02/2013 22:10:05] ########## EOF - C:\AdwCleaner[S1].txt - [15009 octets] ########## [/spoiler] [/log] 3. System Look [log] SystemLook 30.07.11 by jpshortstuff Log created at 22:13 on 04/02/2013 by Gocejna Administrator - Elevation successful ========== service ========== akoxdk9c - Unable to open Service Handle. ========== file ========== C:\WINDOWS\system32\drivers\akoxdk9c.sys - Unable to find/read file. -= EOF =- [/log] 4. Uaktualniono. 5. OTL [log]OTL logfile created on: 2013-02-04 22:23:09 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gocejna\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory | 450,84 Mb Available Physical Memory | 44,05% Memory free 2,40 Gb Paging File | 1,73 Gb Available in Paging File | 71,83% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 7,55 Gb Total Space | 0,37 Gb Free Space | 4,85% Space Free | Partition Type: NTFS Drive D: | 33,15 Gb Total Space | 16,73 Gb Free Space | 50,47% Space Free | Partition Type: NTFS Drive E: | 33,85 Gb Total Space | 31,96 Gb Free Space | 94,42% Space Free | Partition Type: NTFS Drive F: | 42,15 Gb Total Space | 42,08 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Drive G: | 34,17 Gb Total Space | 34,11 Gb Free Space | 99,81% Space Free | Partition Type: NTFS Computer Name: STACJONARNY | User Name: Gocejna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (All) ========== PRC - [2013-02-03 20:44:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gocejna\Pulpit\OTL.exe PRC - [2013-01-26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2013-01-19 16:59:00 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012-11-22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe PRC - [2012-11-22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe PRC - [2012-11-13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012-11-13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012-11-13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012-11-13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2011-02-18 16:30:32 | 007,233,952 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe PRC - [2011-02-18 16:30:26 | 000,428,088 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2009-10-16 18:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2009-10-16 18:45:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2009-10-16 18:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2009-10-16 18:45:00 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe PRC - [2009-10-16 18:45:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2009-10-16 18:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2009-10-16 18:45:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2009-10-16 18:45:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2009-10-16 18:45:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2009-10-16 18:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2009-10-16 18:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2004-12-22 10:09:44 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE ========== Modules (All) ========== MOD - [2013-02-03 20:44:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gocejna\Pulpit\OTL.exe MOD - [2013-01-26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe MOD - [2013-01-26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll MOD - [2013-01-26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\24.0.1312.57\pdf.dll MOD - [2013-01-26 03:34:17 | 009,962,960 | ---- | M] (The ICU Project) -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\24.0.1312.57\icudt.dll MOD - [2013-01-26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll MOD - [2013-01-26 03:34:12 | 042,905,552 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\24.0.1312.57\chrome.dll MOD - [2013-01-19 16:59:00 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Java\jre7\bin\msvcr100.dll MOD - [2013-01-19 16:59:00 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe MOD - [2012-11-24 15:48:41 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\lang.dll MOD - [2012-11-22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe MOD - [2012-11-22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe MOD - [2012-11-22 15:43:54 | 001,122,304 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\PDF Architect\libeay32.dll MOD - [2012-11-22 15:43:54 | 000,299,008 | ---- | M] (The cURL library, http://curl.haxx.se/) -- C:\Program Files\PDF Architect\libcurl.dll MOD - [2012-11-22 15:43:54 | 000,274,432 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\PDF Architect\ssleay32.dll MOD - [2012-11-13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe MOD - [2012-11-13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe MOD - [2012-11-13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe MOD - [2012-11-13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe MOD - [2012-11-13 14:07:04 | 000,597,552 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll MOD - [2012-11-13 14:07:00 | 002,628,632 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDResources.dll MOD - [2012-11-13 14:06:52 | 003,214,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll MOD - [2012-11-13 14:06:46 | 000,129,080 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll MOD - [2012-11-13 14:06:36 | 001,254,456 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll MOD - [2012-11-13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012-11-13 14:06:30 | 000,876,056 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl MOD - [2012-11-13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012-11-13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012-11-13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012-11-13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012-11-13 14:06:26 | 003,643,352 | ---- | M] (Project JEDI) -- C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl MOD - [2012-10-28 18:32:34 | 000,088,576 | ---- | M] (pdfforge GbR) -- C:\WINDOWS\system32\pdfcmon.dll MOD - [2012-09-10 15:46:58 | 000,244,624 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll MOD - [2012-09-10 15:46:56 | 001,112,408 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll MOD - [2012-09-05 11:43:24 | 000,715,720 | ---- | M] (Embarcadero Technologies, Inc.) -- C:\Program Files\Spybot - Search & Destroy 2\vclie150.bpl MOD - [2012-08-23 09:45:18 | 000,329,120 | ---- | M] (Embarcadero Technologies, Inc.) -- C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl MOD - [2012-08-23 09:45:16 | 000,243,112 | ---- | M] (Embarcadero Technologies, Inc.) -- C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl MOD - [2012-08-23 09:45:14 | 002,477,736 | ---- | M] (Embarcadero Technologies, Inc.) -- C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl MOD - [2012-08-23 09:45:14 | 002,169,224 | ---- | M] (Embarcadero Technologies, Inc.) -- C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl MOD - [2012-08-23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll MOD - [2012-06-09 19:20:02 | 000,168,448 | ---- | M] (Alexander Roshal) -- C:\Program Files\WinRAR\RarExt.dll MOD - [2012-04-04 06:54:04 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL MOD - [2012-04-04 06:53:54 | 000,394,136 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll MOD - [2011-02-18 16:30:32 | 007,233,952 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe MOD - [2011-02-18 16:30:26 | 000,428,088 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe MOD - [2010-12-18 11:02:02 | 000,672,782 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\avformat-52.dll MOD - [2010-12-18 11:02:02 | 000,335,360 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\PCAutoChapterLib.dll MOD - [2010-12-18 11:02:02 | 000,131,086 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\swscale-0.dll MOD - [2010-12-18 11:02:00 | 004,434,958 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\avcodec-52.dll MOD - [2010-12-18 11:02:00 | 000,069,134 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\avutil-50.dll MOD - [2010-12-15 21:22:04 | 000,765,952 | ---- | M] (LIBGD Development Team) -- C:\Program Files\Samsung\AllShare\AllShareDMS\bgd.dll MOD - [2010-12-15 21:22:04 | 000,015,936 | ---- | M] (Un4seen Developments) -- C:\Program Files\Samsung\AllShare\AllShareDMS\basswma.dll MOD - [2010-12-15 21:22:02 | 000,573,440 | ---- | M] (http://www.id3lib.org/) -- C:\Program Files\Samsung\AllShare\AllShareDMS\id3lib.dll MOD - [2010-12-15 21:22:02 | 000,147,456 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\libexpat.dll MOD - [2010-12-15 21:22:02 | 000,098,872 | ---- | M] (Un4seen Developments) -- C:\Program Files\Samsung\AllShare\AllShareDMS\bass.dll MOD - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe MOD - [2009-10-16 18:45:00 | 011,069,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieframe.dll MOD - [2009-10-16 18:45:00 | 008,490,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2009-10-16 18:45:00 | 002,953,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll MOD - [2009-10-16 18:45:00 | 002,843,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msi.dll MOD - [2009-10-16 18:45:00 | 001,986,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll MOD - [2009-10-16 18:45:00 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AcGenral.dll MOD - [2009-10-16 18:45:00 | 001,710,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netshell.dll MOD - [2009-10-16 18:45:00 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shdocvw.dll MOD - [2009-10-16 18:45:00 | 001,439,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\query.dll MOD - [2009-10-16 18:45:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2009-10-16 18:45:00 | 001,267,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comsvcs.dll MOD - [2009-10-16 18:45:00 | 001,209,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll MOD - [2009-10-16 18:45:00 | 001,135,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuaueng.dll MOD - [2009-10-16 18:45:00 | 001,106,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msxml3.dll MOD - [2009-10-16 18:45:00 | 001,092,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\esent.dll MOD - [2009-10-16 18:45:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2009-10-16 18:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe MOD - [2009-10-16 18:45:00 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browseui.dll MOD - [2009-10-16 18:45:00 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-10-16 18:45:00 | 001,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msgina.dll MOD - [2009-10-16 18:45:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2009-10-16 18:45:00 | 000,981,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42u.dll MOD - [2009-10-16 18:45:00 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll MOD - [2009-10-16 18:45:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2009-10-16 18:45:00 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2009-10-16 18:45:00 | 000,732,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsasrv.dll MOD - [2009-10-16 18:45:00 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-10-16 18:45:00 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll MOD - [2009-10-16 18:45:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-10-16 18:45:00 | 000,675,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasdlg.dll MOD - [2009-10-16 18:45:00 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dbghelp.dll MOD - [2009-10-16 18:45:00 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netcfgx.dll MOD - [2009-10-16 18:45:00 | 000,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comctl32.dll MOD - [2009-10-16 18:45:00 | 000,602,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll MOD - [2009-10-16 18:45:00 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll MOD - [2009-10-16 18:45:00 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-10-16 18:45:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2009-10-16 18:45:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2009-10-16 18:45:00 | 000,545,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hhctrl.ocx MOD - [2009-10-16 18:45:00 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msftedit.dll MOD - [2009-10-16 18:45:00 | 000,531,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcore.dll MOD - [2009-10-16 18:45:00 | 000,520,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptui.dll MOD - [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe MOD - [2009-10-16 18:45:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2009-10-16 18:45:00 | 000,483,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wzcsvc.dll MOD - [2009-10-16 18:45:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-10-16 18:45:00 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\fastprox.dll MOD - [2009-10-16 18:45:00 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvsd.dll MOD - [2009-10-16 18:45:00 | 000,431,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuapi.dll MOD - [2009-10-16 18:45:00 | 000,430,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vssapi.dll MOD - [2009-10-16 18:45:00 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtcprx.dll MOD - [2009-10-16 18:45:00 | 000,427,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samsrv.dll MOD - [2009-10-16 18:45:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll MOD - [2009-10-16 18:45:00 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qmgr.dll MOD - [2009-10-16 18:45:00 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll MOD - [2009-10-16 18:45:00 | 000,406,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usp10.dll MOD - [2009-10-16 18:45:00 | 000,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcss.dll MOD - [2009-10-16 18:45:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\themeui.dll MOD - [2009-10-16 18:45:00 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winhttp.dll MOD - [2009-10-16 18:45:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\localspl.dll MOD - [2009-10-16 18:45:00 | 000,346,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hnetcfg.dll MOD - [2009-10-16 18:45:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2009-10-16 18:45:00 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll MOD - [2009-10-16 18:45:00 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cscui.dll MOD - [2009-10-16 18:45:00 | 000,330,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipnathlp.dll MOD - [2009-10-16 18:45:00 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scesrv.dll MOD - [2009-10-16 18:45:00 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kerberos.dll MOD - [2009-10-16 18:45:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2009-10-16 18:45:00 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\termsrv.dll MOD - [2009-10-16 18:45:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2009-10-16 18:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pdh.dll MOD - [2009-10-16 18:45:00 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\portabledeviceapi.dll MOD - [2009-10-16 18:45:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2009-10-16 18:45:00 | 000,273,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemess.dll MOD - [2009-10-16 18:45:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oakley.dll MOD - [2009-10-16 18:45:00 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\h323.tsp MOD - [2009-10-16 18:45:00 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\icm32.dll MOD - [2009-10-16 18:45:00 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\es.dll MOD - [2009-10-16 18:45:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapisrv.dll MOD - [2009-10-16 18:45:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbc32.dll MOD - [2009-10-16 18:45:00 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\esscli.dll MOD - [2009-10-16 18:45:00 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mswsock.dll MOD - [2009-10-16 18:45:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll MOD - [2009-10-16 18:45:00 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasapi32.dll MOD - [2009-10-16 18:45:00 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\webcheck.dll MOD - [2009-10-16 18:45:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2009-10-16 18:45:00 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcomn.dll MOD - [2009-10-16 18:45:00 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasppp.dll MOD - [2009-10-16 18:45:00 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll MOD - [2009-10-16 18:45:00 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\unimdm.tsp MOD - [2009-10-16 18:45:00 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netman.dll MOD - [2009-10-16 18:45:00 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\certcli.dll MOD - [2009-10-16 18:45:00 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msutb.dll MOD - [2009-10-16 18:45:00 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schedsvc.dll MOD - [2009-10-16 18:45:00 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll MOD - [2009-10-16 18:45:00 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll MOD - [2009-10-16 18:45:00 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasmans.dll MOD - [2009-10-16 18:45:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2009-10-16 18:45:00 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipsecsvc.dll MOD - [2009-10-16 18:45:00 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapi32.dll MOD - [2009-10-16 18:45:00 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winmm.dll MOD - [2009-10-16 18:45:00 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\repdrvfs.dll MOD - [2009-10-16 18:45:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2009-10-16 18:45:00 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wintrust.dll MOD - [2009-10-16 18:45:00 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\w32time.dll MOD - [2009-10-16 18:45:00 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2009-10-16 18:45:00 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srsvc.dll MOD - [2009-10-16 18:45:00 | 000,166,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\portabledevicetypes.dll MOD - [2009-10-16 18:45:00 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\credui.dll MOD - [2009-10-16 18:45:00 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleacc.dll MOD - [2009-10-16 18:45:00 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtcuiu.dll MOD - [2009-10-16 18:45:00 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rastls.dll MOD - [2009-10-16 18:45:00 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll MOD - [2009-10-16 18:45:00 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll MOD - [2009-10-16 18:45:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2009-10-16 18:45:00 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmisvc.dll MOD - [2009-10-16 18:45:00 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprov.dll MOD - [2009-10-16 18:45:00 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\onex.dll MOD - [2009-10-16 18:45:00 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll MOD - [2009-10-16 18:45:00 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll MOD - [2009-10-16 18:45:00 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll MOD - [2009-10-16 18:45:00 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sfc_os.dll MOD - [2009-10-16 18:45:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dssenh.dll MOD - [2009-10-16 18:45:00 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll MOD - [2009-10-16 18:45:00 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shsvcs.dll MOD - [2009-10-16 18:45:00 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wkssvc.dll MOD - [2009-10-16 18:45:00 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wpdshserviceobj.dll MOD - [2009-10-16 18:45:00 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\upnp.dll MOD - [2009-10-16 18:45:00 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advpack.dll MOD - [2009-10-16 18:45:00 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappcfg.dll MOD - [2009-10-16 18:45:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe MOD - [2009-10-16 18:45:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dhcpcsvc.dll MOD - [2009-10-16 18:45:00 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll MOD - [2009-10-16 18:45:00 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umpnpmgr.dll MOD - [2009-10-16 18:45:00 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oledlg.dll MOD - [2009-10-16 18:45:00 | 000,122,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\stobject.dll MOD - [2009-10-16 18:45:00 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2009-10-16 18:45:00 | 000,116,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstlsapi.dll MOD - [2009-10-16 18:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe MOD - [2009-10-16 18:45:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2009-10-16 18:45:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2009-10-16 18:45:00 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32spl.dll MOD - [2009-10-16 18:45:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cscdll.dll MOD - [2009-10-16 18:45:00 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winscard.dll MOD - [2009-10-16 18:45:00 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\loadperf.dll MOD - [2009-10-16 18:45:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiutils.dll MOD - [2009-10-16 18:45:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcint.dll MOD - [2009-10-16 18:45:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\actxprxy.dll MOD - [2009-10-16 18:45:00 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psbase.dll MOD - [2009-10-16 18:45:00 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srvsvc.dll MOD - [2009-10-16 18:45:00 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll MOD - [2009-10-16 18:45:00 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wlnotify.dll MOD - [2009-10-16 18:45:00 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xactsrv.dll MOD - [2009-10-16 18:45:00 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mydocs.dll MOD - [2009-10-16 18:45:00 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\trkwks.dll MOD - [2009-10-16 18:45:00 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mui\0015\hhctrlui.dll MOD - [2009-10-16 18:45:00 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiaprpl.dll MOD - [2009-10-16 18:45:00 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mprapi.dll MOD - [2009-10-16 18:45:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2009-10-16 18:45:00 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll MOD - [2009-10-16 18:45:00 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll MOD - [2009-10-16 18:45:00 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscsvc.dll MOD - [2009-10-16 18:45:00 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\faultrep.dll MOD - [2009-10-16 18:45:00 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\raschap.dll MOD - [2009-10-16 18:45:00 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe MOD - [2009-10-16 18:45:00 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browser.dll MOD - [2009-10-16 18:45:00 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qutil.dll MOD - [2009-10-16 18:45:00 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolss.dll MOD - [2009-10-16 18:45:00 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetpp.dll MOD - [2009-10-16 18:45:00 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mscms.dll MOD - [2009-10-16 18:45:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll MOD - [2009-10-16 18:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2009-10-16 18:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browselc.dll MOD - [2009-10-16 18:45:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll MOD - [2009-10-16 18:45:00 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mtxclu.dll MOD - [2009-10-16 18:45:00 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll MOD - [2009-10-16 18:45:00 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptnet.dll MOD - [2009-10-16 18:45:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2009-10-16 18:45:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptsvc.dll MOD - [2009-10-16 18:45:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\authz.dll MOD - [2009-10-16 18:45:00 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasqec.dll MOD - [2009-10-16 18:45:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasman.dll MOD - [2009-10-16 18:45:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\colbact.dll MOD - [2009-10-16 18:45:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll MOD - [2009-10-16 18:45:00 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll MOD - [2009-10-16 18:45:00 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\resutils.dll MOD - [2009-10-16 18:45:00 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll MOD - [2009-10-16 18:45:00 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll MOD - [2009-10-16 18:45:00 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rastapi.dll MOD - [2009-10-16 18:45:00 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clusapi.dll MOD - [2009-10-16 18:45:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe MOD - [2009-10-16 18:45:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ndptsp.tsp MOD - [2009-10-16 18:45:00 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll MOD - [2009-10-16 18:45:00 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdigest.dll MOD - [2009-10-16 18:45:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll MOD - [2009-10-16 18:45:00 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll MOD - [2009-10-16 18:45:00 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wzcsapi.dll MOD - [2009-10-16 18:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe MOD - [2009-10-16 18:45:00 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regapi.dll MOD - [2009-10-16 18:45:00 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cnbjmon.dll MOD - [2009-10-16 18:45:00 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msprivs.dll MOD - [2009-10-16 18:45:00 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\ncprov.dll MOD - [2009-10-16 18:45:00 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpmon.dll MOD - [2009-10-16 18:45:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll MOD - [2009-10-16 18:45:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll MOD - [2009-10-16 18:45:00 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemsvc.dll MOD - [2009-10-16 18:45:00 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\audiosrv.dll MOD - [2009-10-16 18:45:00 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfctrs.dll MOD - [2009-10-16 18:45:00 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappprxy.dll MOD - [2009-10-16 18:45:00 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sens.dll MOD - [2009-10-16 18:45:00 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AcAdProc.dll MOD - [2009-10-16 18:45:00 | 000,038,400 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll MOD - [2009-10-16 18:45:00 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ncobjapi.dll MOD - [2009-10-16 18:45:00 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfproc.dll MOD - [2009-10-16 18:45:00 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ssdpapi.dll MOD - [2009-10-16 18:45:00 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pstorsvc.dll MOD - [2009-10-16 18:45:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kmddsp.tsp MOD - [2009-10-16 18:45:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptdll.dll MOD - [2009-10-16 18:45:00 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winipsec.dll MOD - [2009-10-16 18:45:00 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\traffic.dll MOD - [2009-10-16 18:45:00 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eapolqec.dll MOD - [2009-10-16 18:45:00 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hidphone.tsp MOD - [2009-10-16 18:45:00 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspatcha.dll MOD - [2009-10-16 18:45:00 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\batmeter.dll MOD - [2009-10-16 18:45:00 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\profmap.dll MOD - [2009-10-16 18:45:00 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfdisk.dll MOD - [2009-10-16 18:45:00 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\utildll.dll MOD - [2009-10-16 18:45:00 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3api.dll MOD - [2009-10-16 18:45:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\jsproxy.dll MOD - [2009-10-16 18:45:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll MOD - [2009-10-16 18:45:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shfolder.dll MOD - [2009-10-16 18:45:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfos.dll MOD - [2009-10-16 18:45:00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcbcp.dll MOD - [2009-10-16 18:45:00 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll MOD - [2009-10-16 18:45:00 | 000,024,064 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\system32\dmserver.dll MOD - [2009-10-16 18:45:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll MOD - [2009-10-16 18:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2009-10-16 18:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ersvc.dll MOD - [2009-10-16 18:45:00 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lpk.dll MOD - [2009-10-16 18:45:00 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.drv MOD - [2009-10-16 18:45:00 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll MOD - [2009-10-16 18:45:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll MOD - [2009-10-16 18:45:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll MOD - [2009-10-16 18:45:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wshtcpip.dll MOD - [2009-10-16 18:45:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dimsntfy.dll MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemprox.dll MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\seclogon.dll MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\midimap.dll MOD - [2009-10-16 18:45:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll MOD - [2009-10-16 18:45:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\nddeapi.dll MOD - [2009-10-16 18:45:00 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfnet.dll MOD - [2009-10-16 18:45:00 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\powrprof.dll MOD - [2009-10-16 18:45:00 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipconf.tsp MOD - [2009-10-16 18:45:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winrnr.dll MOD - [2009-10-16 18:45:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usbmon.dll MOD - [2009-10-16 18:45:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pjlmon.dll MOD - [2009-10-16 18:45:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe MOD - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe MOD - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll MOD - [2009-10-16 18:45:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe MOD - [2009-10-16 18:45:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uniplat.dll MOD - [2009-10-16 18:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe MOD - [2009-10-16 18:45:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasctrs.dll MOD - [2009-10-16 18:45:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfts.dll MOD - [2009-10-16 18:45:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll MOD - [2009-10-16 18:45:00 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\icaapi.dll MOD - [2009-10-16 18:45:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pschdprf.dll MOD - [2009-10-16 18:45:00 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsvpperf.dll MOD - [2009-10-16 18:45:00 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3dlg.dll MOD - [2009-10-16 18:45:00 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlsapi.dll MOD - [2009-10-16 18:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasadhlp.dll MOD - [2009-10-16 18:45:00 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapres.dll MOD - [2009-10-16 18:45:00 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sensapi.dll MOD - [2009-10-16 18:45:00 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauserv.dll MOD - [2009-10-16 18:45:00 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msidle.dll MOD - [2009-10-16 18:45:00 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wmi.dll MOD - [2009-10-16 18:45:00 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapiperf.dll MOD - [2009-10-16 18:45:00 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sfc.dll MOD - [2009-10-16 18:45:00 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msimg32.dll MOD - [2008-07-25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll MOD - [2008-07-25 11:17:02 | 000,088,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll MOD - [2008-07-25 11:17:02 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netfxperf.dll MOD - [2008-07-25 11:17:00 | 000,089,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll MOD - [2008-07-25 11:16:58 | 005,815,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MOD - [2008-07-25 11:16:58 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mscoree.dll MOD - [2008-07-25 11:16:40 | 000,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll MOD - [2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll MOD - [2008-04-14 19:51:58 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdmaud.drv MOD - [2007-11-07 02:19:32 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll MOD - [2007-11-07 02:19:32 | 000,568,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll MOD - [2004-12-22 10:09:44 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013-01-19 16:59:00 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012-11-22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012-11-22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012-01-05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2011-02-18 16:30:32 | 007,233,952 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe -- (SamsungAllShare) SRV - [2011-02-18 16:30:22 | 000,022,464 | ---- | M] (Samsung Electronics) [Auto | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ahy13znn) DRV - [2013-01-09 16:48:33 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2012-06-03 09:45:50 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-10-16 18:45:00 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Si3132r5.sys -- (Si3132r5) DRV - [2009-10-16 18:45:00 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Si3531.sys -- (Si3531) DRV - [2009-10-16 18:45:00 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5) DRV - [2009-10-16 18:45:00 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3132.sys -- (Si3132) DRV - [2009-10-16 18:45:00 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3124.sys -- (Si3124) DRV - [2009-10-16 18:45:00 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112) DRV - [2009-03-15 13:17:02 | 000,014,720 | ---- | M] (SUPERAL Semiconductor, Inc. Co Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sr9usb.sys -- (SR9USB) DRV - [2008-04-13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-13 21:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2005-05-03 10:31:56 | 000,045,056 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AGPKX.SYS -- (uliagpkx) DRV - [2005-03-09 14:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004-12-22 10:07:12 | 002,304,320 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2004-12-02 09:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004-12-01 03:49:18 | 000,051,840 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\m5289.sys -- (m5289) DRV - [2002-09-16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012-11-29 13:33:31 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.google.pl/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.pl/ CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Photo Zoom for Facebook = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\ CHR - Extension: AdBlock = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\ CHR - Extension: Gmail = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Photo Zoom for Facebook = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\ CHR - Extension: AdBlock = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\ CHR - Extension: Gmail = C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009-10-16 18:45:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 [2013-02-04 22:09:36 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2013-02-04 22:09:36 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2013-02-04 22:09:36 | 000,000,000 | ---D | M] O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1757981266-1284227242-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435B20D0-D2F4-42CB-8CC0-32E2BCDF7E51}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-10-01 19:08:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig - StartUpReg: ALi5289 - hkey= - key= - C:\Program Files\ULI5289\ALi5289.exe (ALi Corporation) MsConfig - StartUpReg: AllShareAgent - hkey= - key= - C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung) MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found MsConfig - StartUpReg: SDTray - hkey= - key= - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ========== Files/Folders - Created Within 60 Days ========== [2013-02-04 22:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013-02-04 22:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013-02-04 22:17:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013-02-04 22:09:22 | 000,000,000 | ---D | C] -- C:\_OTL [2013-02-04 22:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Pulpit\1 [2013-02-04 20:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Moje dokumenty\ProcAlyzer Dumps [2013-02-04 17:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Pulpit\Crocodile Clips v3.5 [2013-02-04 13:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy [2013-02-04 13:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Spybot - Search & Destroy 2 [2013-02-04 13:30:35 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe [2013-02-04 13:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013-02-04 13:27:40 | 055,454,464 | ---- | C] (Safer-Networking Ltd. ) -- C:\Documents and Settings\Gocejna\Pulpit\SpybotSD2.exe [2013-02-03 21:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Unity [2013-02-03 20:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2013-02-03 20:48:37 | 000,000,000 | ---D | C] -- C:\rsit [2013-02-03 20:44:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gocejna\Pulpit\OTL.exe [2013-01-30 22:03:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gocejna\Recent [2013-01-26 12:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Help [2013-01-26 12:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Dane aplikacji\Help [2013-01-26 12:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PowerQuest PartitionMagic 8.0 [2013-01-26 12:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest [2013-01-19 17:04:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2013-01-19 17:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Sun [2013-01-19 17:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2013-01-19 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013-01-19 16:59:36 | 000,859,552 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013-01-19 16:59:36 | 000,780,192 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013-01-19 16:59:36 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013-01-19 16:59:36 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013-01-19 16:59:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013-01-19 16:59:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013-01-19 16:59:15 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013-01-19 16:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013-01-19 16:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Dane aplikacji\Sun [2013-01-19 16:56:56 | 000,895,904 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Gocejna\Pulpit\chromeinstall-7u11.exe [2013-01-10 23:19:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gocejna\Menu Start\Programy\Narzędzia administracyjne [2013-01-09 18:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013-01-09 17:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Dane aplikacji\Canneverbe Limited [2013-01-09 17:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2013-01-09 17:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2013-01-09 16:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Alcohol 52% [2013-01-09 16:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft [2013-01-09 16:48:33 | 000,466,008 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2012-12-16 21:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Pulpit\Eagle -podrecznik [2012-12-16 16:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner [2012-12-16 16:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012-12-11 13:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Pazera Free MP4 to AVI Converter [2012-12-11 13:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\pazera-software [2012-12-11 13:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Dane aplikacji\Media Player Classic [2012-12-11 13:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\SubEdit-Player [2012-12-11 13:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\SubEdit-Player [2012-12-11 13:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ffdshow [2012-12-11 13:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow [2012-12-09 23:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\EAGLE Layout Editor 6.1.0 [2012-12-09 23:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-6.1.0 [2012-12-09 23:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-5.8.0 [2012-12-09 23:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Moje dokumenty\Downloads [2012-12-09 23:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Moje dokumenty\eagle [2012-12-09 23:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gocejna\Dane aplikacji\CadSoft [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2013-02-04 22:18:13 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk [2013-02-04 22:17:39 | 000,365,568 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\pzww8bso.exe [2013-02-04 22:12:48 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\SystemLook.exe [2013-02-04 22:12:37 | 000,000,239 | -HS- | M] () -- C:\boot.ini [2013-02-04 22:11:29 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013-02-04 22:11:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-02-04 22:11:21 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys [2013-02-04 22:09:59 | 000,582,111 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\adwcleaner.exe [2013-02-04 21:35:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1284227242-1801674531-1003UA.job [2013-02-04 20:35:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1284227242-1801674531-1003Core.job [2013-02-04 20:33:42 | 000,000,020 | ---- | M] () -- C:\WINDOWS\CROCCLIP.INI [2013-02-04 20:33:38 | 000,010,110 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\schemat.JPG [2013-02-04 15:37:28 | 000,087,448 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\nowosci04.02.pdf [2013-02-04 14:00:57 | 000,005,936 | ---- | M] () -- C:\WINDOWS\wininit.ini [2013-02-04 13:42:23 | 000,002,318 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\Google Chrome.lnk [2013-02-04 13:31:14 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013-02-04 13:31:14 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013-02-04 13:30:47 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Spybot-S&D Start Center.lnk [2013-02-04 13:29:44 | 055,454,464 | ---- | M] (Safer-Networking Ltd. ) -- C:\Documents and Settings\Gocejna\Pulpit\SpybotSD2.exe [2013-02-03 20:46:05 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\RSIT.exe [2013-02-03 20:44:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gocejna\Pulpit\OTL.exe [2013-02-03 19:53:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-01-29 15:01:22 | 000,075,597 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\cena.JPG [2013-01-29 14:10:49 | 000,030,568 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\jak2.jpg [2013-01-28 16:43:36 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-01-22 13:15:40 | 000,068,942 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\279316970-7.jpg [2013-01-22 12:57:31 | 000,022,027 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\przekaznik-przerywacza-pracy-wycieraczek-hella.jpg [2013-01-22 12:55:41 | 000,052,261 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\1.JPG [2013-01-19 16:59:01 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013-01-19 16:58:59 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013-01-19 16:58:59 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013-01-19 16:58:59 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013-01-19 16:58:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013-01-19 16:58:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013-01-19 16:58:59 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013-01-19 16:56:58 | 000,895,904 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Gocejna\Pulpit\chromeinstall-7u11.exe [2013-01-15 17:36:29 | 000,067,276 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\srrsr.JPG [2013-01-09 17:21:54 | 000,000,221 | ---- | M] () -- C:\Documents and Settings\Gocejna\Moje dokumenty\ax_files.xml [2012-12-16 20:59:19 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-12-16 16:24:57 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [2012-12-16 16:19:57 | 033,948,218 | ---- | M] () -- C:\Documents and Settings\Gocejna\Pulpit\Elektronika Latwiejsza Niz przypuszczasz - Dieter Nuhrmann.pdf [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013-02-04 22:18:13 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk [2013-02-04 22:18:13 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk [2013-02-04 22:17:39 | 000,365,568 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\pzww8bso.exe [2013-02-04 22:12:47 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\SystemLook.exe [2013-02-04 22:09:58 | 000,582,111 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\adwcleaner.exe [2013-02-04 20:33:38 | 000,010,110 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\schemat.JPG [2013-02-04 18:13:44 | 000,000,020 | ---- | C] () -- C:\WINDOWS\CROCCLIP.INI [2013-02-04 15:37:26 | 000,087,448 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\nowosci04.02.pdf [2013-02-04 14:00:48 | 000,005,936 | ---- | C] () -- C:\WINDOWS\wininit.ini [2013-02-04 13:31:09 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013-02-04 13:31:08 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013-02-04 13:31:07 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013-02-04 13:30:47 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Spybot-S&D Start Center.lnk [2013-02-04 13:30:47 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Spybot-S&D Start Center.lnk [2013-02-03 20:46:05 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\RSIT.exe [2013-01-29 15:01:22 | 000,075,597 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\cena.JPG [2013-01-29 14:10:48 | 000,030,568 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\jak2.jpg [2013-01-28 16:43:36 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-01-22 13:15:40 | 000,068,942 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\279316970-7.jpg [2013-01-22 12:55:41 | 000,052,261 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\1.JPG [2013-01-22 12:52:56 | 000,022,027 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\przekaznik-przerywacza-pracy-wycieraczek-hella.jpg [2013-01-15 17:36:29 | 000,067,276 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\srrsr.JPG [2013-01-09 17:24:21 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\CDBurnerXP.lnk [2013-01-09 17:24:20 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2013-01-09 17:20:41 | 000,000,221 | ---- | C] () -- C:\Documents and Settings\Gocejna\Moje dokumenty\ax_files.xml [2012-12-16 16:24:57 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [2012-12-16 16:13:47 | 033,948,218 | ---- | C] () -- C:\Documents and Settings\Gocejna\Pulpit\Elektronika Latwiejsza Niz przypuszczasz - Dieter Nuhrmann.pdf [2012-12-11 13:32:06 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012-11-24 15:55:30 | 000,065,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2012-11-20 22:26:07 | 000,072,192 | ---- | C] () -- C:\WINDOWS\unlite3.exe [2012-10-01 20:57:56 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012-10-01 20:55:09 | 000,096,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-10-01 19:24:39 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2012-10-01 19:24:33 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2012-10-01 19:24:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012-10-01 19:23:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\unM5289.exe [2012-10-01 19:23:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\UnAGP.exe [2012-10-01 19:11:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012-10-01 19:04:24 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012-11-24 15:53:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009-10-16 18:45:00 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-10-16 18:45:00 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2009-10-16 18:45:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013-01-09 17:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2012-11-29 13:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gocejna\Dane aplikacji\APP_NAME_NON_STRING [2012-12-09 23:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gocejna\Dane aplikacji\CadSoft [2013-01-09 17:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gocejna\Dane aplikacji\Canneverbe Limited [2012-11-24 16:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gocejna\Dane aplikacji\GHISLER [2012-11-29 13:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gocejna\Dane aplikacji\PDF Architect [2012-11-24 15:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gocejna\Dane aplikacji\Samsung ========== Purity Check ========== ========== Custom Scans ========== < %systemdrive%\*.* > [2013-02-04 22:10:22 | 000,015,079 | ---- | M] () -- C:\AdwCleaner[S1].txt [2012-10-01 19:08:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2013-02-04 22:12:37 | 000,000,239 | -HS- | M] () -- C:\boot.ini [2009-10-16 18:45:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2012-10-01 19:08:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2013-02-04 22:11:21 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys [2012-10-01 19:08:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012-10-01 19:08:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-10-16 18:45:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-10-16 18:45:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2013-02-04 22:11:20 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys < MD5 for: AGP440.SYS > [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys < MD5 for: ATAPI.SYS > [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: BEEP.SYS > [2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys < MD5 for: CDROM.SYS > [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2009-10-16 18:45:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys < MD5 for: EVENTLOG.DLL > [2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NDIS.SYS > [2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys < MD5 for: WINLOGON.EXE > [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] EXTRAS [log]Nie utworzylo [/log] GMER [log]GMER 2.0.18454 - http://www.gmer.net Rootkit quick scan 2013-02-04 22:30:23 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_SP0802N rev.TU100-23 74,56GB Running: pzww8bso.exe; Driver: C:\DOCUME~1\Gocejna\USTAWI~1\Temp\axldipog.sys ---- Disk sectors - GMER 2.0 ---- Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 61 Disk \Device\Harddisk0\DR0 PE file @ sector 156360645 ---- EOF - GMER 2.0 ---- [/log]
Natsuki Kuga komentarz 6 lutego 2013 komentarz 6 lutego 2013 [quote name='kamo502' timestamp='1360012865' post='1694405'] GMER [b]Rootkit quick scan[/b] [/quote] Źle wykonany log z Gmera - zapoznaj się z instrukcją wykonywania raportu (w przyklejonych). 1
kamo502 komentarz 7 lutego 2013 Autor komentarz 7 lutego 2013 Poprawione :) GMER [log]GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-02-07 15:15:15 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_SP0802N rev.TU100-23 74,56GB Running: pzww8bso.exe; Driver: C:\DOCUME~1\Gocejna\USTAWI~1\Temp\axldipog.sys ---- System - GMER 2.0 ---- INT 0x62 ? 865A4CC8 INT 0x82 ? 865A4CC8 INT 0x83 ? 865D4F00 INT 0x84 ? 862B4CC8 INT 0x94 ? 862B4CC8 INT 0xA4 ? 862B4CC8 INT 0xB4 ? 862B4CC8 ---- Kernel code sections - GMER 2.0 ---- .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF74C1346] .text USBPORT.SYS!DllUnload F6C7D8AC 5 Bytes JMP 862B41D8 ? C:\WINDOWS\System32\Drivers\adys1ufm.SYS suspicious PE modification ---- User code sections - GMER 2.0 ---- .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 6C, 85, 00] {SUB [EBP+EAX*4+0x0], CH} .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6F, 85, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 6C, 85, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 6D, 85, 00] {TEST AL, 0x6d; TEST [EAX], EAX} .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915B86 .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6E, 85, 00] {TEST AL, 0x6e; TEST [EAX], EAX} .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 6D, 85, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6E, 85, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915BF7 .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 6C, 85, 00] {TEST AL, 0x6c; TEST [EAX], EAX} .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915D25 .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 6D, 85, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6E, 85, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6F, 85, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 55, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 55, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 55, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 55, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B1A .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 55, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 55, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 55, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912B8B .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 55, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CB9 .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 55, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 55, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 55, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 50, E9, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 53, E9, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 50, E9, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 51, E9, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91BF6A .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 52, E9, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 51, E9, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 52, E9, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91BFDB .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 50, E9, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C109 .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 51, E9, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 52, E9, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 53, E9, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Kernel IAT/EAT - GMER 2.0 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F73C7232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F73C6730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F73C6F12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73C6730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73C6914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73C6856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73C70F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73C6F12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73DAF1E] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 009C0010 IAT C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3860] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 006C0010 IAT C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3868] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01000010 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAF 0xF5 0xC2 0xA8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0E 0x50 0xA6 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x14 0x7D 0x6D 0xBC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAF 0xF5 0xC2 0xA8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0E 0x50 0xA6 0x8A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x14 0x7D 0x6D 0xBC ... ---- Disk sectors - GMER 2.0 ---- Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 61 Disk \Device\Harddisk0\DR0 PE file @ sector 156360645 ---- EOF - GMER 2.0 ---- [/log]
Natsuki Kuga komentarz 8 lutego 2013 komentarz 8 lutego 2013 [quote] .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF74C1346] [/quote] Ciągle źle - musisz wyłączyć najpierw sterownik emulatora dysków (patrz punkt 1 w instrukcji).
kamo502 komentarz 8 lutego 2013 Autor komentarz 8 lutego 2013 (edytowane) Mam nadzieje ze teraz jest OK (nie mialem zainstalowanego zadnego emulatora dysku, chyba ze ktos instalowal cos) GMER [log]GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-02-08 23:08:01 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_SP0802N rev.TU100-23 74,56GB Running: pzww8bso.exe; Driver: C:\DOCUME~1\Gocejna\USTAWI~1\Temp\axldipog.sys ---- User code sections - GMER 2.0 ---- .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D8, D1, 00] {SUB AL, BL; ROL DWORD [EAX], 0x1} .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, DB, D1, 00] {SUB BL, BL; ROL DWORD [EAX], 0x1} .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D8, D1, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D9, D1, 00] {TEST AL, 0xd9; ROL DWORD [EAX], 0x1} .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A7F2 .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, DA, D1, 00] {TEST AL, 0xda; ROL DWORD [EAX], 0x1} .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D9, D1, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, DA, D1, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A863 .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D8, D1, 00] {TEST AL, 0xd8; ROL DWORD [EAX], 0x1} .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A991 .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D9, D1, 00] {SUB CL, BL; ROL DWORD [EAX], 0x1} .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, DA, D1, 00] {SUB DL, BL; ROL DWORD [EAX], 0x1} .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, DB, D1, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A8, 5D, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AB, 5D, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A8, 5D, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A9, 5D, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9133C2 .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AA, 5D, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A9, 5D, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AA, 5D, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913433 .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A8, 5D, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913561 .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A9, 5D, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AA, 5D, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AB, 5D, 00] .text C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00E80010 IAT C:\Documents and Settings\Gocejna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3532] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00740010 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAF 0xF5 0xC2 0xA8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0E 0x50 0xA6 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x14 0x7D 0x6D 0xBC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAF 0xF5 0xC2 0xA8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0E 0x50 0xA6 0x8A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x14 0x7D 0x6D 0xBC ... ---- Disk sectors - GMER 2.0 ---- Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 61 Disk \Device\Harddisk0\DR0 PE file @ sector 156360645 ---- EOF - GMER 2.0 ---- [/log]
Tomek01 komentarz 7 marca 2013 komentarz 7 marca 2013 Nie odinstalowałeś spdt.sys. http://www.disc-tools.com/download/sptd
kamo502 komentarz 8 marca 2013 Autor komentarz 8 marca 2013 Chyba odinstalowane Wchodze w link, ktory podales. Pobieram aplikacje i mam tylko "Instal". Odinstalowanie nieaktywne..
Zayfi komentarz 8 marca 2013 komentarz 8 marca 2013 Twój problem polega na małej ilości wolnego miejsca na dysku C %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 7,55 Gb Total Space | 0,67 Gb Free Space | 8,91% Space Free | Partition Type: NTFS
kamo502 komentarz 10 marca 2013 Autor komentarz 10 marca 2013 moze i byl to problem logi robione w miare dawno a ostatnio zwiekszylem partycje.
Zayfi komentarz 11 marca 2013 komentarz 11 marca 2013 logi robione w miare dawno a ostatnio zwiekszylem partycje. To zrób logi z obecnego stanu bo to co było przed misiącem ma się nijak do rzeczywistości.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.