[code] OTS logfile created on: 2012-04-27 18:41:47 - Run 7 OTS by OldTimer - Version 3.1.47.2 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,55 Gb Total Space | 18,36 Gb Free Space | 24,63% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 11,03 Gb Free Space | 28,25% Space Free | Partition Type: NTFS Drive E: | 35,50 Gb Total Space | 10,14 Gb Free Space | 28,56% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: C2660 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Registry - All] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> pl.v9.com/idg/idg_1335385808_374116 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> pl.v9.com/idg/idg_1335385808_374116 -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> pl.v9.com/idg/idg_1335385808_374116 -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\"Start Page" -> pl.v9.com/idg/idg_1335385808_374116 -> HKEY_CURRENT_USER\: SearchURL\\"provider" -> -> HKEY_CURRENT_USER\: URLSearchHooks\\"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" [HKLM] -> [Search Class] -> File not found HKEY_CURRENT_USER\: URLSearchHooks\\"{90eee664-34b1-422a-a782-779af65cdf6d}" [HKLM] -> C:\Program Files\IncrediMail_MediaBar_4\tbIncr.dll [IncrediMail MediaBar 4 Toolbar] -> [2010-11-29 15:26:48 | 003,908,192 | ---- | M] (Conduit Ltd.) HKEY_CURRENT_USER\: URLSearchHooks\\"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" [HKLM] -> C:\Program Files\uTorrentBar\prxtbuTor.dll [uTorrentBar Toolbar] -> [2011-05-09 10:49:38 | 000,176,936 | ---- | M] (Conduit Ltd.) HKEY_CURRENT_USER\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\WINDOWS\system32\shdocvw.dll [Microsoft Url Search Hook] -> [2008-04-14 22:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation) HKEY_CURRENT_USER\: URLSearchHooks\\"{EEE6C35D-6118-11DC-9C72-001320C79847}" [HKLM] -> C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll [SweetIM ToolbarURLSearchHook Class] -> [2011-08-24 18:21:08 | 000,130,864 | ---- | M] (SweetIM Technologies Ltd.) HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\2wkh7jp1.default\prefs.js -> browser.search.defaultenginename -> "Search the web (Babylon)" -> browser.search.order.1 -> "Search the web (Babylon)" -> browser.search.selectedEngine -> "Google" -> browser.startup.homepage -> "http://www.gazeta.pl/0,0.html?p=135" -> keyword.URL -> "http://search.babylon.com/?babsrc=SP_ss&mntrId=969cc594718b4fd6baabad0bcb25beef&tlver=1.4.31.2&instlRef=sst&ss=1&affID=100395&q=" -> network.proxy.type -> 0 -> sweetim.toolbar.previous.keyword.URL -> "http://search.babylon.com/?babsrc=SP_ss&mntrId=969cc594718b4fd6baabad0bcb25beef&tlver=1.4.31.2&instlRef=sst&ss=1&affID=100395&q=" -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\extensions -> -> HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> C:\Program Files\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2011-07-30 11:07:19 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 11.0\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 11.0\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2012-03-19 06:52:58 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2012-04-14 08:44:50 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions -> [2011-07-08 13:37:43 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\2wkh7jp1.default\extensions -> [2012-04-27 05:53:50 | 000,000,000 | ---D | M] IncrediMail MediaBar 4 Community Toolbar -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\2wkh7jp1.default\extensions\{90eee664-34b1-422a-a782-779af65cdf6d} -> [2012-04-25 22:24:08 | 000,000,000 | ---D | M] uTorrentBar Community Toolbar -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\2wkh7jp1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -> [2012-04-25 20:49:28 | 000,000,000 | ---D | M] DealPly -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\2wkh7jp1.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} -> [2011-12-02 16:46:13 | 000,000,000 | ---D | M] SweetIM Toolbar for Firefox -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\2wkh7jp1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} -> [2011-09-30 16:42:12 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\2wkh7jp1.default\extensions\engine@conduit.com -> [2011-08-23 14:34:34 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\2wkh7jp1.default\extensions\IplextoALL@ALLPlayer.org -> [2012-03-23 07:04:27 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\2wkh7jp1.default\extensions\player@portalarium.com -> [2011-07-31 14:56:46 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\2wkh7jp1.default\extensions\toolbar@ask.com -> [2012-01-11 21:31:24 | 000,000,000 | ---D | M] < FireFox SearchPlugins [User Folders] > -> MyStart Search.xml : MD5=1C8FFD8EE2640A11D92ADBDDFC4F4EAF -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\2wkh7jp1.default\searchplugins\MyStart Search.xml -> [2011-08-23 14:28:15 | 000,002,207 | ---- | M] () sweetim.xml : MD5=EF691DD0310399372EAD6FACEEDBE1BB -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\2wkh7jp1.default\searchplugins\sweetim.xml -> [2011-09-30 16:42:09 | 000,003,915 | ---- | M] () < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2012-01-31 18:23:02 | 000,000,000 | ---D | M] z -> C:\Program Files\Mozilla Firefox\extensions\{86c985d9-2e1f-647c-caad-148dda152a77} -> [2011-11-12 12:45:02 | 000,000,000 | ---D | M] Default -> C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2012-03-19 06:52:58 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} -> [2012-01-31 18:23:02 | 000,000,000 | ---D | M] No name found -> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\2WKH7JP1.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI -> () No name found -> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\2WKH7JP1.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI -> () No name found -> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\2WKH7JP1.DEFAULT\EXTENSIONS\IPLEXTOALL@ALLPLAYER.ORG.XPI -> () No name found -> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\2WKH7JP1.DEFAULT\EXTENSIONS\NOIAFOXOPTION@DAVIDVINCENT.TLD.XPI -> () Portalarium Player -> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\2WKH7JP1.DEFAULT\EXTENSIONS\PLAYER@PORTALARIUM.COM -> [2011-07-31 14:56:46 | 000,000,000 | ---D | M] No name found -> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\2WKH7JP1.DEFAULT\EXTENSIONS\TOGGLEPERSONA@DAVIDVINCENT.TLD.XPI -> () "Avira SearchFree Toolbar plus WebGuard" -> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\2WKH7JP1.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM -> [2012-01-11 21:31:24 | 000,000,000 | ---D | M] < FireFox SearchPlugins [Program Folders] > -> < HOSTS File > ([2003-04-16 14:00:00 | 000,000,742 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2012-03-26 17:38:59 | 000,075,200 | ---- | M] (Adobe Systems Incorporated) {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [HKLM] -> C:\Program Files\uTorrentBar\prxtbuTor.dll [uTorrentBar Toolbar] -> [2011-05-09 10:49:38 | 000,176,936 | ---- | M] (Conduit Ltd.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010-11-29 15:26:48 | 003,908,192 | ---- | M] (Conduit Ltd.) "{90eee664-34b1-422a-a782-779af65cdf6d}" [HKLM] -> C:\Program Files\IncrediMail_MediaBar_4\tbIncr.dll [IncrediMail MediaBar 4 Toolbar] -> [2010-11-29 15:26:48 | 003,908,192 | ---- | M] (Conduit Ltd.) "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" [HKLM] -> C:\Program Files\uTorrentBar\prxtbuTor.dll [uTorrentBar Toolbar] -> [2011-05-09 10:49:38 | 000,176,936 | ---- | M] (Conduit Ltd.) "{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Avira SearchFree Toolbar plus WebGuard] -> [2011-07-09 07:13:34 | 001,493,160 | ---- | M] (Ask) "{EEE6C35B-6118-11DC-9C72-001320C79847}" [HKLM] -> C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [SweetIM Toolbar for Internet Explorer] -> [2011-08-24 18:21:08 | 001,299,248 | ---- | M] (SweetIM Technologies Ltd.) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [&Adres] -> [2008-04-14 22:50:06 | 001,025,024 | ---- | M] (Microsoft Corporation) ShellBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [&Łącza] -> [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) WebBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [&Adres] -> [2008-04-14 22:50:06 | 001,025,024 | ---- | M] (Microsoft Corporation) WebBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [&Łącza] -> [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) WebBrowser\\"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010-11-29 15:26:48 | 003,908,192 | ---- | M] (Conduit Ltd.) WebBrowser\\"{90EEE664-34B1-422A-A782-779AF65CDF6D}" [HKLM] -> C:\Program Files\IncrediMail_MediaBar_4\tbIncr.dll [IncrediMail MediaBar 4 Toolbar] -> [2010-11-29 15:26:48 | 003,908,192 | ---- | M] (Conduit Ltd.) WebBrowser\\"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}" [HKLM] -> C:\Program Files\uTorrentBar\prxtbuTor.dll [uTorrentBar Toolbar] -> [2011-05-09 10:49:38 | 000,176,936 | ---- | M] (Conduit Ltd.) WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Avira SearchFree Toolbar plus WebGuard] -> [2011-07-09 07:13:34 | 001,493,160 | ---- | M] (Ask) WebBrowser\\"{EEE6C35B-6118-11DC-9C72-001320C79847}" [HKLM] -> C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [SweetIM Toolbar for Internet Explorer] -> [2011-08-24 18:21:08 | 001,299,248 | ---- | M] (SweetIM Technologies Ltd.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Tweak UI" -> C:\WINDOWS\System32\tweakui.cpl [RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp] -> [2003-03-25 06:49:02 | 000,106,544 | ---- | M] (Microsoft Corporation) < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Start\Programy\Autostart -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [223] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download All using 4shared Desktop -> C:\Program Files\4shared Desktop\down_all.htm [C:\Program Files\4shared Desktop\down_all.htm] -> [2010-03-22 15:07:28 | 000,001,050 | ---- | M] () &Download using 4shared Desktop -> C:\Program Files\4shared Desktop\down_link.htm [C:\Program Files\4shared Desktop\down_link.htm] -> [2010-03-22 15:07:30 | 000,000,792 | ---- | M] () Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2011-04-14 00:40:10 | 004,284,416 | ---- | M] (Google Inc.) E&ksport do programu Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2003-08-13 10:34:38 | 010,073,144 | ---- | M] (Microsoft Corporation) Search the Web -> C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html [C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html] -> [2011-07-28 13:20:26 | 000,001,068 | R--- | M] () < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Badanie] -> [2003-07-15 06:57:08 | 000,040,512 | ---- | M] (Microsoft Corporation) {d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec [HKLM] -> C:\Documents and Settings\Administrator\Menu Start\Programy\IMVU\Run IMVU.lnk [Button: Run IMVU] -> [2012-01-26 21:23:34 | 000,001,978 | ---- | M] () {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008-04-14 00:23:34 | 000,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008-04-14 22:51:32 | 001,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008-04-14 22:51:32 | 001,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Badanie] -> [2003-07-15 06:57:08 | 000,040,512 | ---- | M] (Microsoft Corporation) CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] -> C:\Documents and Settings\Administrator\Menu Start\Programy\IMVU\Run IMVU.lnk [Run IMVU] -> [2012-01-26 21:23:34 | 000,001,978 | ---- | M] () CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-14 00:23:34 | 000,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 22:51:32 | 001,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Galeria Microsoft ActiveX -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Error: Value error.] -> [2001-01-30 13:56:24 | 000,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.) < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {33564D57-9980-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab [Reg Error: Key error.] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab [Java Plug-in 1.6.0_30] -> {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab [Java Plug-in 1.6.0_30] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab [Java Plug-in 1.6.0_30] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.1.1 0.0.0.0 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {69958381-71E6-48D6-A077-BE0ACDB3AB6C}\\DhcpNameServer -> 192.168.1.1 0.0.0.0 (ADSL2+ Modem USB RNDIS Adapter) -> {B2B1D831-EE24-457B-BF2A-FD927AFA08FC}\\DhcpNameServer -> 192.168.1.1 0.0.0.0 (ADSL2+ Modem USB RNDIS Adapter) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008-04-14 22:51:46 | 000,026,624 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> C:\WINDOWS\System32\logonui.exe -> [2008-04-14 22:51:24 | 000,515,072 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> C:\WINDOWS\System32\shell32.dll -> [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) Control_RunDLL "sysdm.cpl" -> C:\WINDOWS\System32\sysdm.cpl -> [2008-04-14 22:51:54 | 000,303,104 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> crypt32chain -> C:\WINDOWS\System32\crypt32.dll -> [2008-04-14 22:50:18 | 000,602,624 | ---- | M] (Microsoft Corporation) cryptnet -> C:\WINDOWS\System32\cryptnet.dll -> [2008-04-14 22:50:18 | 000,064,512 | ---- | M] (Microsoft Corporation) cscdll -> C:\WINDOWS\System32\cscdll.dll -> [2008-04-14 22:50:18 | 000,102,400 | ---- | M] (Microsoft Corporation) dimsntfy -> C:\WINDOWS\system32\dimsntfy.dll -> [2008-04-14 22:50:26 | 000,019,456 | ---- | M] (Microsoft Corporation) ScCertProp -> C:\WINDOWS\System32\wlnotify.dll -> [2008-04-14 22:50:58 | 000,093,184 | ---- | M] (Microsoft Corporation) Schedule -> C:\WINDOWS\System32\wlnotify.dll -> [2008-04-14 22:50:58 | 000,093,184 | ---- | M] (Microsoft Corporation) sclgntfy -> C:\WINDOWS\System32\sclgntfy.dll -> [2008-04-14 22:50:46 | 000,022,016 | ---- | M] (Microsoft Corporation) SensLogn -> C:\WINDOWS\System32\wlnotify.dll -> [2008-04-14 22:50:58 | 000,093,184 | ---- | M] (Microsoft Corporation) termsrv -> C:\WINDOWS\System32\wlnotify.dll -> [2008-04-14 22:50:58 | 000,093,184 | ---- | M] (Microsoft Corporation) WgaLogon -> C:\WINDOWS\System32\WgaLogon.dll -> [2009-03-10 22:18:06 | 000,265,608 | ---- | M] (Microsoft Corporation) wlballoon -> C:\WINDOWS\System32\wlnotify.dll -> [2008-04-14 22:50:58 | 000,093,184 | ---- | M] (Microsoft Corporation) < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [CDBurn] -> [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) "{7849596a-48ea-486e-8937-a2a3009f31a9}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [PostBootReminder] -> [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) "{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> C:\WINDOWS\system32\stobject.dll [SysTray] -> [2008-04-14 22:50:58 | 000,122,368 | ---- | M] (Microsoft Corporation) "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> C:\WINDOWS\system32\webcheck.dll [WebCheck] -> [2008-04-14 22:50:58 | 000,279,552 | ---- | M] (Microsoft Corporation) < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [Moduł wstępnego ładowania interfejsu Browseui] -> [2008-04-14 22:50:06 | 001,025,024 | ---- | M] (Microsoft Corporation) "{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [Demon buforu kategorii składników] -> [2008-04-14 22:50:06 | 001,025,024 | ---- | M] (Microsoft Corporation) < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> C:\WINDOWS\System32\shell32.dll [] -> [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dll -> C:\WINDOWS\System32\msapsspc.dll -> [2008-04-14 22:50:38 | 000,086,016 | ---- | M] (Microsoft Corporation) schannel.dll -> C:\WINDOWS\System32\schannel.dll -> [2008-04-14 22:50:46 | 000,144,384 | ---- | M] (Microsoft Corporation) digest.dll -> C:\WINDOWS\System32\digest.dll -> [2008-04-14 22:50:26 | 000,068,608 | ---- | M] (Microsoft Corporation) msnsspc.dll -> C:\WINDOWS\System32\msnsspc.dll -> [2008-04-14 22:50:40 | 000,290,816 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> *LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2008-04-14 22:50:40 | 000,132,608 | ---- | M] (Microsoft Corporation) nwprovau -> C:\WINDOWS\System32\nwprovau.dll -> [2008-04-14 22:50:44 | 000,143,360 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> *LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> C:\WINDOWS\System32\kerberos.dll -> [2008-04-14 22:50:36 | 000,299,520 | ---- | M] (Microsoft Corporation) msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2008-04-14 22:50:40 | 000,132,608 | ---- | M] (Microsoft Corporation) schannel -> C:\WINDOWS\System32\schannel.dll -> [2008-04-14 22:50:46 | 000,144,384 | ---- | M] (Microsoft Corporation) wdigest -> C:\WINDOWS\System32\wdigest.dll -> [2008-04-14 22:50:58 | 000,049,152 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008-04-14 00:23:34 | 000,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008-04-14 22:51:40 | 000,142,336 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008-04-14 00:23:34 | 000,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008-04-14 22:51:40 | 000,142,336 | ---- | M] (Microsoft Corporation) "C:\Documents and Settings\Administrator\Pulpit\Skype.exe" -> C:\Documents and Settings\Administrator\Pulpit\Skype.exe [C:\Documents and Settings\Administrator\Pulpit\Skype.exe:*:Enabled:Skype ] -> [2010-05-13 14:12:20 | 026,192,168 | R--- | M] (Skype Technologies S.A.) "C:\Program Files\Gadu-Gadu 10\gg.exe" -> C:\Program Files\Gadu-Gadu 10\gg.exe [C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10] -> [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008-04-14 22:51:32 | 001,695,232 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\System32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008-04-14 22:51:14 | 000,083,456 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\rundll32.exe" -> C:\WINDOWS\System32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikację] -> [2008-04-14 22:51:40 | 000,033,280 | ---- | M] (Microsoft Corporation) "D:\Program Files\Skype\Phone\Skype.exe" -> D:\Program Files\Skype\Phone\Skype.exe [D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype ] -> [2011-10-13 10:27:14 | 017,351,304 | R--- | M] (Skype Technologies S.A.) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> Sterownik stacji dysków CD-ROM -> "ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2011-07-05 14:19:23 | 000,000,000 | ---- | M] () D:\AUTOEXEC.BAT [RESTART=W | ] -> D:\AUTOEXEC.BAT [ NTFS ] -> [2004-05-22 22:47:38 | 000,000,011 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Custom Scans] < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs /s > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs \\"Description" -> [Zapewnia program mapowania punktów końcowych i rozmaite inne usługi RPC.] -> File not found \\"DisplayName" -> [Zdalne wywoływanie procedur (RPC)] -> File not found \\"ErrorControl" -> [1] -> File not found \\"Group" -> [COM Infrastructure] -> File not found \\"ImagePath" -> C:\WINDOWS\System32\svchost.exe [%SystemRoot%\system32\svchost -k rpcss] -> [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) \\"ObjectName" -> [NT AUTHORITY\NetworkService] -> File not found \\"Start" -> [2] -> File not found \\"Type" -> [16] -> File not found \\"FailureActions" -> [00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 60 EA 00 00 [binary data]] -> File not found \\"ServiceSidType" -> [1] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters \Parameters\\"ServiceDll" -> C:\WINDOWS\system32\rpcss.dll [%SystemRoot%\system32\rpcss.dll] -> [2008-04-14 22:50:46 | 000,399,360 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security \Security\\"Security" -> [[Binary data over 100 bytes]] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum \Enum\\"0" -> [Root\LEGACY_RPCSS\0000] -> File not found \Enum\\"Count" -> [1] -> File not found \Enum\\"NextInstance" -> [1] -> File not found < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost /s > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost \\"LocalService" -> [[Binary data over 100 bytes]] -> File not found \\"NetworkService" -> [DnsCache [binary data]] -> File not found \\"netsvcs" -> [[Binary data over 100 bytes]] -> File not found \\"rpcss" -> C:\WINDOWS\System32\RpcSs.dll [RpcSs [binary data]] -> [2008-04-14 22:50:46 | 000,399,360 | ---- | M] (Microsoft Corporation) \\"imgsvc" -> [StiSvc [binary data]] -> File not found \\"termsvcs" -> [TermService [binary data]] -> File not found \\"eapsvcs" -> [eaphost [binary data]] -> File not found \\"dot3svc" -> C:\WINDOWS\System32\dot3svc.dll [dot3svc [binary data]] -> [2008-04-14 22:50:28 | 000,133,632 | ---- | M] (Microsoft Corporation) \\"HTTPFilter" -> [HTTPFilter [binary data]] -> File not found \\"DcomLaunch" -> [DcomLaunchTermService [binary data]] -> File not found \\"Akamai" -> [Akamai [binary data]] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\DComLaunch \DComLaunch\\"CoInitializeSecurityParam" -> [1] -> File not found \DComLaunch\\"DefaultRpcStackSize" -> [8] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\dot3svc \dot3svc\\"AuthenticationCapabilities" -> [12320] -> File not found \dot3svc\\"CoInitializeSecurityParam" -> [1] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\eapsvcs \eapsvcs\\"AuthenticationCapabilities" -> [12320] -> File not found \eapsvcs\\"CoInitializeSecurityParam" -> [1] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\HTTPFilter \HTTPFilter\\"CoInitializeSecurityParam" -> [1] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService \LocalService\\"CoInitializeSecurityParam" -> [1] -> File not found \LocalService\\"AuthenticationCapabilities" -> [8192] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs \netsvcs\\"CoInitializeSecurityParam" -> [1] -> File not found \netsvcs\\"AuthenticationCapabilities" -> [12320] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\PCHealth \PCHealth\\"CoInitializeSecurityParam" -> [2] -> File not found \PCHealth\\"AuthenticationCapabilities" -> [64] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs \termsvcs\\"CoInitializeSecurityParam" -> [1] -> File not found \termsvcs\\"DefaultRpcStackSize" -> [8] -> File not found < MD5 Scans Start> < %systemdrive%\RPCSS.DLL /md5 /s > rpcss.dll : MD5=02396DAB9DD407B06539981F477F3FEC -> C:\RECYCLER\S-1-5-21-1935655697-412668190-839522115-500\Dc174\i386\rpcss.dll -> [2008-04-14 22:50:46 | 000,399,360 | ---- | M] () rpcss.dll : MD5=02396DAB9DD407B06539981F477F3FEC -> C:\WINDOWS\system32\rpcss.dll -> [2008-04-14 22:50:46 | 000,399,360 | ---- | M] (Microsoft Corporation) rpcss.dll : MD5=4BA551CD2284F9F748D2AE0F59DD1998 -> C:\RECYCLER\S-1-5-21-1935655697-412668190-839522115-500\Dc175\rpcss.dll -> [2003-04-16 14:00:00 | 000,260,608 | ---- | M] () rpcss.dll : MD5=C9E5AC78D9A00B1DE8CE2AD1BDDE7E42 -> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll -> [2009-02-09 13:00:18 | 000,401,408 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < End of report > [/code] < MD5 Scans Start> < %systemdrive%\[2003-04-16 14:00:00 | 000,260,608 | ---- | M] () /md5 /s > rpcss.dll -> C:\RECYCLER\S-1-5-21-1935655697-412668190-839522115-500\Dc175\rpcss.dll -> [2003-04-16 14:00:00 | 000,260,608 | ---- | M] () < %systemdrive%\[2008-04-14 22:50:46 | 000,399,360 | ---- | M] () /md5 /s > rpcss.dll -> C:\RECYCLER\S-1-5-21-1935655697-412668190-839522115-500\Dc174\i386\rpcss.dll -> [2008-04-14 22:50:46 | 000,399,360 | ---- | M] () < %systemdrive%\[2008-04-14 22:50:46 | 000,399,360 | ---- | M] (MICROSOFT CORPORATION) /md5 /s > rpcss.dll -> C:\WINDOWS\system32\rpcss.dll -> [2008-04-14 22:50:46 | 000,399,360 | ---- | M] (Microsoft Corporation) < %systemdrive%\[2009-02-09 13:00:18 | 000,401,408 | ---- | M] (MICROSOFT CORPORATION) /md5 /s > rpcss.dll -> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll -> [2009-02-09 13:00:18 | 000,401,408 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < End of report > [/code]