x-kom hosting

Problem z dźwiekiem po usunięciu wirusów

a_urbi
utworzono
utworzono (edytowane)

Witam, wszystkich mam ogromny problem, który spędza mi sen z powiek (dosłownie i w przenośni). Na jednym z komputerów z Windows XP SP3 przez włożenie zawirusowanego PenDriva zaczęły się dziać cyrki. Przeskanowałem komputer combofixem powyrzucał wszystkie zainfekowane pliki po czym przeskanowałem go wszystkimi możliwymi programami antywirusowymi i ostatecznie nie ma żadnych wirusów wszystko teoretycznie chodzi już ok poza jednym wyjątkiem co jakiś czas karta dzwiękowa się wyłącza tzn, przy próbie odtworzenia dźwięku wyrzuca brak sterownika, po restarcie kompa już wszystko jest ok przez jakiś czas (różnie ok 20h). Sterownikiod karty zostały odinstalowane i zainstalowane ponownie, ściągnąłem wszystkie aktualizacje z Microsoftu itp. Nie mam już pomysłów, proszę o pomoc gdyż jest to mój serwer i nie mam mozliwości przeinstalowania systemu. Poniżej zamieszczam logi z GMER 1.0.15.15530 oraz OTL'a.

[b]OTL[/b]
[log]OTL logfile created on: 2010-12-03 11:41:25 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Monitoring\Pulpit\gmer
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 013,00 Mb Total Physical Memory | 117,00 Mb Available Physical Memory | 12,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 285,84 Gb Free Space | 95,89% Space Free | Partition Type: NTFS

Computer Name: MICROS-MONIT | User Name: Monitoring | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-12-03 11:10:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monitoring\Pulpit\gmer\OTL.exe
PRC - [2010-10-12 07:50:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe
PRC - [2010-10-07 08:38:31 | 001,024,512 | ---- | M] (Next! s.c.) -- C:\KronosNET\MailGate_Drv.exe
PRC - [2010-10-07 08:38:22 | 000,838,656 | ---- | M] (Next! s.c.) -- C:\KronosNET\EbsOsm_Drv.exe
PRC - [2010-10-05 15:58:48 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010-09-27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010-09-07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-08-09 22:32:20 | 000,462,967 | ---- | M] (INVENTWARE ) -- C:\Program Files\EBS\OSM\ecs.exe
PRC - [2010-08-09 22:24:56 | 000,069,632 | ---- | M] () -- C:\Program Files\EBS\OSM\svc.exe
PRC - [2010-06-16 09:39:17 | 008,452,096 | ---- | M] (Next!s.c.) -- C:\KronosNET\MonitoringConsole.exe
PRC - [2010-06-16 09:37:40 | 003,230,208 | ---- | M] (Next! s.c.) -- C:\KronosNET\Kernel.exe
PRC - [2010-06-16 09:33:07 | 000,764,416 | ---- | M] (Next! s.c.) -- C:\KronosNET\TMLabDirect_Drv.exe
PRC - [2010-06-16 09:32:46 | 000,866,304 | ---- | M] (Next! s.c.) -- C:\KronosNET\GSMGate_Drv.exe
PRC - [2010-06-16 09:32:22 | 000,785,408 | ---- | M] (Next! s.c.) -- C:\KronosNET\GSM_Drv.exe
PRC - [2010-06-16 09:12:28 | 000,737,792 | ---- | M] (Next! s.c.) -- C:\KronosNET\SatelPhone_Drv.exe
PRC - [2009-01-30 12:41:45 | 000,503,808 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe
PRC - [2008-07-24 17:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008-07-24 17:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008-07-17 12:21:34 | 000,080,392 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-14 13:10:43 | 001,338,880 | ---- | M] () -- C:\Program Files\ActiveGuard\aganalyser.exe
PRC - [2007-04-18 18:06:47 | 000,061,440 | ---- | M] () -- C:\Program Files\ActiveGuard\agsvc.exe
PRC - [2004-01-26 19:08:06 | 000,073,728 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\ActiveGuard\rteng9.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-12-03 11:10:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monitoring\Pulpit\gmer\OTL.exe
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- C:\Documents and Settings\Monitoring\Pulpit\TMLabDirect\TMLabDirect_Drv.exe -- (K_TMLabDirect)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-10-07 08:38:31 | 001,024,512 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\MailGate_Drv.exe -- (K_MailGateDrv)
SRV - [2010-10-07 08:38:22 | 000,838,656 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\EbsOsm_Drv.exe -- (K_EbsOsmDrv)
SRV - [2010-10-05 15:58:48 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010-09-27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-08-09 22:24:56 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\EBS\OSM\svc.exe -- (Monitoring Receiver OSM.2007)
SRV - [2010-06-16 09:37:40 | 003,230,208 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\Kernel.exe -- (K_Kernel)
SRV - [2010-06-16 09:33:07 | 000,764,416 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\TMLabDirect_Drv.exe -- (K_TMLabDirectDrv)
SRV - [2010-06-16 09:32:46 | 000,866,304 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\GSMGate_Drv.exe -- (K_GSMGateDrv)
SRV - [2010-06-16 09:32:22 | 000,785,408 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\GSM_Drv.exe -- (K_GSMDrv)
SRV - [2010-06-16 09:12:28 | 000,737,792 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\SatelPhone_Drv.exe -- (K_SatelPhoneDrv)
SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-07-31 13:15:47 | 000,632,832 | ---- | M] (Next! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\GSM_Drv.exe -- (K_GSM)
SRV - [2009-07-31 13:15:21 | 000,549,888 | ---- | M] (NEXT! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\Controler.exe -- (K_Controler)
SRV - [2009-07-31 13:14:51 | 001,368,576 | ---- | M] () [On_Demand | Stopped] -- C:\Kronos NET\Analiser.exe -- (K_Analiser)
SRV - [2008-10-06 11:19:02 | 000,568,832 | ---- | M] (Next! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\GSMTerminal_drv.exe -- (K_GSMTerminal)
SRV - [2008-07-24 17:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008-07-17 12:21:34 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008-03-17 11:52:50 | 000,549,376 | ---- | M] (Next! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\Satel_Drv.exe -- (K_Satel)
SRV - [2007-04-18 18:06:47 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\ActiveGuard\agsvc.exe -- (ActiveGuard Analyser)
SRV - [2004-01-26 19:08:06 | 000,073,728 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\ActiveGuard\rteng9.exe -- (ASANYe_ActiveGuard_DB)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\catchme.sys -- (catchme)
DRV - [2010-12-03 05:20:18 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-10-05 15:58:31 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010-09-07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-09-07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-09-07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-09-07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-09-07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-09-07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010-09-03 09:20:18 | 006,139,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-11-18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-06-25 21:14:52 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008-07-24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008-07-24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008-07-11 07:06:26 | 000,089,856 | R--- | M] (Moxa Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxsport.sys -- (mxsport)
DRV - [2008-07-09 04:26:32 | 000,025,344 | R--- | M] (Moxa Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxser.sys -- (mxser)
DRV - [2008-04-15 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-04 01:33:34 | 000,087,080 | R--- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OxPCIeSer.sys -- (OxPCIeSer)
DRV - [2008-04-04 01:33:04 | 000,027,304 | R--- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OxPCIeMf.sys -- (OxPCIeSerMf)
DRV - [2008-01-03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-08-24 04:22:56 | 005,776,928 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006-11-22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006-11-22 10:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2006-11-22 10:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2005-05-24 22:26:16 | 000,018,432 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\HHD Software\Free Serial Port Monitor\sermon.sys -- (SerMon)
DRV - [2005-05-24 22:23:52 | 000,007,632 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys -- (NDMSHLP)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010-12-01 09:19:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [3170 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - Startup: C:\Documents and Settings\Monitoring\Menu Start\Programy\Autostart\OSM Console.lnk = C:\WINDOWS\system32\javaw.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\Monitoring\Menu Start\Programy\Autostart\Terminal.lnk = C:\KronosNET\MonitoringConsole.exe (Next!s.c.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-22 17:24:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-12-03 10:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Pulpit\gmer
[2010-12-02 14:10:30 | 001,833,576 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010-12-02 14:10:30 | 001,489,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010-12-02 14:10:30 | 000,891,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2010-12-02 14:10:30 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010-12-02 14:10:30 | 000,084,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010-12-02 14:10:29 | 009,721,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2010-12-02 14:10:29 | 006,139,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2010-12-02 14:10:29 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010-12-02 14:10:29 | 000,054,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2010-12-02 14:10:27 | 002,180,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010-12-02 14:10:27 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2010-12-02 14:10:25 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010-12-02 14:10:25 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010-12-02 14:10:25 | 000,285,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2010-12-02 14:10:25 | 000,064,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2010-12-02 14:10:20 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010-12-02 14:03:56 | 052,523,241 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Monitoring\Pulpit\motherboard_driver_audio_realtek_azalia.exe
[2010-12-02 13:51:00 | 001,246,890 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Monitoring\Pulpit\mb_driver_chipset_intel.exe
[2010-12-01 10:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Dane aplikacji\Windows Search
[2010-12-01 10:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010-12-01 10:14:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010-12-01 10:14:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010-12-01 10:14:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010-12-01 10:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Dane aplikacji\Windows Desktop Search
[2010-12-01 10:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010-12-01 10:13:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010-12-01 10:13:09 | 000,019,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010-12-01 10:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010-12-01 10:11:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010-12-01 10:10:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010-12-01 09:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-12-01 09:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
[2010-12-01 09:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Dane aplikacji\SUPERAntiSpyware.com
[2010-11-30 14:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2010-11-26 09:15:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-11-26 09:03:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-12-03 05:20:18 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010-12-03 05:20:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-12-02 14:04:03 | 052,523,241 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Monitoring\Pulpit\motherboard_driver_audio_realtek_azalia.exe
[2010-12-02 13:53:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-12-02 13:51:07 | 001,246,890 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Monitoring\Pulpit\mb_driver_chipset_intel.exe
[2010-12-01 10:19:35 | 000,581,842 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-12-01 10:19:35 | 000,498,834 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-12-01 10:19:35 | 000,115,092 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-12-01 10:19:35 | 000,086,612 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-12-01 10:14:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-12-01 10:13:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010-12-01 10:13:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010-12-01 10:11:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010-12-01 09:20:00 | 000,002,350 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010-12-01 09:19:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-11-30 13:55:07 | 003,982,557 | R--- | M] () -- C:\Documents and Settings\Monitoring\Pulpit\ComboFix.exe
[2010-11-08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-12-02 21:13:26 | 000,042,474 | ---- | C] () -- C:\Documents and Settings\Monitoring\Moje dokumenty\Alarm.wav
[2010-12-01 10:11:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010-12-01 09:18:32 | 000,002,350 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010-08-27 14:53:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010-07-02 09:09:50 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2010-07-02 09:09:49 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2010-07-02 09:09:49 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2010-07-02 09:09:49 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2010-07-02 09:09:49 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2010-07-02 09:09:40 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sst1cl3.dll
[2009-12-18 09:43:48 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-07-28 13:17:33 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Monitoring\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-25 21:14:52 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009-06-22 19:16:56 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-06-22 17:34:18 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008-05-26 22:22:36 | 000,016,222 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:22:34 | 000,021,728 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:22:32 | 000,016,164 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007-08-06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

< End of report >
[/code]

[b]Plik Extras z OTL'a[/b]
[code]OTL Extras logfile created on: 2010-12-03 11:41:25 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Monitoring\Pulpit\gmer
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 013,00 Mb Total Physical Memory | 117,00 Mb Available Physical Memory | 12,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 285,84 Gb Free Space | 95,89% Space Free | Partition Type: NTFS

Computer Name: MICROS-MONIT | User Name: Monitoring | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1111:TCP" = 1111:TCP:*:Enabled:GPRS
"1111:UDP" = 1111:UDP:*:Enabled:GPRS2
"6831:TCP" = 6831:TCP:*:Enabled:EBS TCP
"6831:UDP" = 6831:UDP:*:Enabled:EBS UDP
"5985:TCP" = 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows
"80:TCP" = 80:TCP:*:Disabled:Zdalne zarządzanie systemem Windows — tryb zgodności (ruch przychodzący HTTP)

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TeamViewer3\TeamViewer.exe" = C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\LanHelper\LanHelper.exe" = C:\Program Files\LanHelper\LanHelper.exe:*:Enabled:LanHelper -- (Hainsoft.com)
"C:\Documents and Settings\Monitoring\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Documents and Settings\Monitoring\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO -- ()


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.0729.1
"{104B40CB-06B3-4697-8B80-DFD6661CCE46}" = KronosNET
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4A05CF-3A6D-4DD6-9C65-E865C9416944}" = Kronos LT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3472693C-6EC5-41FA-B5B9-A22B11AEFE72}" = HHD Software Free Serial Port Monitor 3.31
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E2726D9-F507-48C9-8202-1AAD83524E6B}" = ActiveGuard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5AF71003-1797-4D93-9F37-4F2125CBF539}" = Microsoft .NET Framework 2.0 Language Pack - PLK
"{6181A2F7-2DA5-408A-AAB1-008CA9C9399A}" = Kronos NET
"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"LanHelper_is1" = LanHelper v1.94
"Microsoft .NET Framework 2.0 Language Pack - PLK" = Microsoft .NET Framework 2.0 — pakiet języka polskiego
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OSM_2007_is1" = Monitoring Receiver OSM.20071.2.107.1262STD
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SkanerOnline" = Skaner on-line mks_vir
"TeamViewer 3" = TeamViewer 3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-12-01 05:32:28 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-01 21:59:04 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-02 09:06:19 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-02 09:07:16 | Computer Name = MICROS-MONIT | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd
unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2010-12-02 09:14:35 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-02 09:15:34 | Computer Name = MICROS-MONIT | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd
unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2010-12-02 09:23:26 | Computer Name = MICROS-MONIT | Source = K_Kernel | ID = 4
Description = Error while stopping: EListError - List index out of bounds (

Error - 2010-12-02 09:27:59 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-03 00:20:19 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-03 00:21:15 | Computer Name = MICROS-MONIT | Source = Application Error | ID = 1004
Description = Aplikacja powodująca błąd Kernel.exe, wersja 0.0.0.0, moduł powodujący
błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

[ System Events ]
Error - 2010-12-02 09:28:17 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2

Error - 2010-12-02 09:28:17 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2

Error - 2010-12-02 09:28:48 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: SASDIFSV

Error - 2010-12-02 09:28:48 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2

Error - 2010-12-02 23:03:33 | Computer Name = MICROS-MONIT | Source = BROWSER | ID = 8032
Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii
zapasowych w transporcie \Device\NetBT_Tcpip_{40AA62A8-2DC2-42C6-A997-058BA032F34E}.
Przeglądarka
zapasowa jest zatrzymywana.

Error - 2010-12-02 23:10:11 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7034
Description = Usługa ES lite Service for program management. niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.

Error - 2010-12-03 00:20:36 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2

Error - 2010-12-03 00:20:36 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2

Error - 2010-12-03 00:21:33 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: SASDIFSV

Error - 2010-12-03 00:21:37 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2
< End of report >
[/log]

[b]GMER[/b]
[log]GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-03 11:31:29
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3320620A rev.3.AAE
Running: gmer.exe; Driver: C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\uwlcrpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA98E8CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA98E8BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA98E9160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA98E908A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA98E8782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA98E8C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA98E86C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA98E8726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA98E8DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA98E922E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA98E8D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA98E8EE6]

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A955816D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A9557FC2

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA98F5BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA98F59D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA98F5B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A98F5B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A98F59D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A98F15D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A98F2FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A98F5BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA9167400, 0x87EE2, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA920B620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA920B620]
.protect˙˙˙˙hardlockunknown last code section [0xA920B400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA920B400, 0x5126, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1432] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\system32\SearchIndexer.exe[2612] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[764] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[764] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\aksusb \Device\00000073 AKSCLASS.SYS (Aladdin Class Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----
[/log]

Dodam, że jeszcze w momencie jak zminimalizuję jakieś okno to w górnej części pulpitu zanika część ikon tak jakby był na niej cały czas pasek tytułowy. Ponadto przeinstalowałem directx, próbowałem na drugiej karcie muzycznej, zrobiłem opcje napraw w instalacji windowsa i nadal nic. Pomocy
[color="#ff0000"]
//przenoszę do Bezpieczeństwa
//dan[/color]

Tomek01
komentarz
komentarz

Użycie Combofix'a było lekkomyślne i odradzam na przyszłość. Możliwe, że omyłkowo usunął Ci jakiś sterownik.
Pokaż log, który powstał: Combofix.txt
Pokaz również ew. raporty ze skanów jakie wykonałeś.


W tych logach niewiele widać do usunięcia.

W OTL, w oknie Custom scan/fixes wklej:
[code]:Processes
Explorer.exe

:OTL
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)

:Files
C:\WINDOWS\system32\dvmurl.dll
C:\WINDOWS\System32\tmp.reg

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

Klikasz run fix, komputer uruchamia się ponownie.
Wrzuć log z usuwania oraz nowe logi: OTL i RSIT

a_urbi
komentarz
komentarz (edytowane)

Zrobiłem tak jak napisałeś. Poniżej wstawiam logi.

[b]OTL log z wykonania skryptu[/b]
[log]All processes killed
========== PROCESSES ==========
No active process named Explorer.exe was found!
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ deleted successfully.
C:\WINDOWS\system32\dvmurl.dll moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\dvmurl.dll not found.
File\Folder C:\WINDOWS\System32\tmp.reg not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 65670 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Monitoring
->Temp folder emptied: 27908354 bytes
->Temporary Internet Files folder emptied: 2256544 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1998861 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4704044 bytes
%systemroot%\System32 .tmp files removed: 860196 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 233876 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36,00 mb


OTL by OldTimer - Version 3.2.17.4 log created on 12202010_113004

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_a68.dat not found!

Registry entries deleted on Reboot...
[/log]

[b]OTL log[/b]
[log]OTL logfile created on: 2010-12-20 11:46:52 - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Monitoring\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 013,00 Mb Total Physical Memory | 486,00 Mb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 285,75 Gb Free Space | 95,86% Space Free | Partition Type: NTFS

Computer Name: MICROS-MONIT | User Name: Monitoring | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-12-20 11:28:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monitoring\Pulpit\OTL.exe
PRC - [2010-10-12 07:50:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe
PRC - [2010-10-07 08:38:31 | 001,024,512 | ---- | M] (Next! s.c.) -- C:\KronosNET\MailGate_Drv.exe
PRC - [2010-10-07 08:38:22 | 000,838,656 | ---- | M] (Next! s.c.) -- C:\KronosNET\EbsOsm_Drv.exe
PRC - [2010-10-05 15:58:48 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010-09-27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010-09-07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-08-09 22:32:20 | 000,462,967 | ---- | M] (INVENTWARE ) -- C:\Program Files\EBS\OSM\ecs.exe
PRC - [2010-08-09 22:24:56 | 000,069,632 | ---- | M] () -- C:\Program Files\EBS\OSM\svc.exe
PRC - [2010-06-16 09:39:17 | 008,452,096 | ---- | M] (Next!s.c.) -- C:\KronosNET\MonitoringConsole.exe
PRC - [2010-06-16 09:37:40 | 003,230,208 | ---- | M] (Next! s.c.) -- C:\KronosNET\Kernel.exe
PRC - [2010-06-16 09:33:07 | 000,764,416 | ---- | M] (Next! s.c.) -- C:\KronosNET\TMLabDirect_Drv.exe
PRC - [2010-06-16 09:32:46 | 000,866,304 | ---- | M] (Next! s.c.) -- C:\KronosNET\GSMGate_Drv.exe
PRC - [2010-06-16 09:32:22 | 000,785,408 | ---- | M] (Next! s.c.) -- C:\KronosNET\GSM_Drv.exe
PRC - [2010-06-16 09:12:28 | 000,737,792 | ---- | M] (Next! s.c.) -- C:\KronosNET\SatelPhone_Drv.exe
PRC - [2010-05-14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009-01-30 12:41:45 | 000,503,808 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe
PRC - [2008-07-24 17:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008-07-24 17:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008-07-17 12:21:34 | 000,080,392 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-14 13:10:43 | 001,338,880 | ---- | M] () -- C:\Program Files\ActiveGuard\aganalyser.exe
PRC - [2007-04-18 18:06:47 | 000,061,440 | ---- | M] () -- C:\Program Files\ActiveGuard\agsvc.exe
PRC - [2004-01-26 19:08:06 | 000,073,728 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\ActiveGuard\rteng9.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-12-20 11:28:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monitoring\Pulpit\OTL.exe
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- C:\Documents and Settings\Monitoring\Pulpit\TMLabDirect\TMLabDirect_Drv.exe -- (K_TMLabDirect)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-10-07 08:38:31 | 001,024,512 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\MailGate_Drv.exe -- (K_MailGateDrv)
SRV - [2010-10-07 08:38:22 | 000,838,656 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\EbsOsm_Drv.exe -- (K_EbsOsmDrv)
SRV - [2010-10-05 15:58:48 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010-09-27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-08-09 22:24:56 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\EBS\OSM\svc.exe -- (Monitoring Receiver OSM.2007)
SRV - [2010-06-16 09:37:40 | 003,230,208 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\Kernel.exe -- (K_Kernel)
SRV - [2010-06-16 09:33:07 | 000,764,416 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\TMLabDirect_Drv.exe -- (K_TMLabDirectDrv)
SRV - [2010-06-16 09:32:46 | 000,866,304 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\GSMGate_Drv.exe -- (K_GSMGateDrv)
SRV - [2010-06-16 09:32:22 | 000,785,408 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\GSM_Drv.exe -- (K_GSMDrv)
SRV - [2010-06-16 09:12:28 | 000,737,792 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\SatelPhone_Drv.exe -- (K_SatelPhoneDrv)
SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-07-31 13:15:47 | 000,632,832 | ---- | M] (Next! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\GSM_Drv.exe -- (K_GSM)
SRV - [2009-07-31 13:15:21 | 000,549,888 | ---- | M] (NEXT! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\Controler.exe -- (K_Controler)
SRV - [2009-07-31 13:14:51 | 001,368,576 | ---- | M] () [On_Demand | Stopped] -- C:\Kronos NET\Analiser.exe -- (K_Analiser)
SRV - [2008-10-06 11:19:02 | 000,568,832 | ---- | M] (Next! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\GSMTerminal_drv.exe -- (K_GSMTerminal)
SRV - [2008-07-24 17:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008-07-17 12:21:34 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008-03-17 11:52:50 | 000,549,376 | ---- | M] (Next! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\Satel_Drv.exe -- (K_Satel)
SRV - [2007-04-18 18:06:47 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\ActiveGuard\agsvc.exe -- (ActiveGuard Analyser)
SRV - [2004-01-26 19:08:06 | 000,073,728 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\ActiveGuard\rteng9.exe -- (ASANYe_ActiveGuard_DB)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2010-12-20 11:35:17 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-10-05 15:58:31 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010-09-07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-09-07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-09-07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-09-07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-09-07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-09-07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010-09-03 09:20:18 | 006,139,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-11-18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-06-25 21:14:52 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008-07-24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008-07-24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008-07-11 07:06:26 | 000,089,856 | R--- | M] (Moxa Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxsport.sys -- (mxsport)
DRV - [2008-07-09 04:26:32 | 000,025,344 | R--- | M] (Moxa Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxser.sys -- (mxser)
DRV - [2008-04-15 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2008-04-04 01:33:34 | 000,087,080 | R--- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OxPCIeSer.sys -- (OxPCIeSer)
DRV - [2008-04-04 01:33:04 | 000,027,304 | R--- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OxPCIeMf.sys -- (OxPCIeSerMf)
DRV - [2008-01-03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-08-24 04:22:56 | 005,776,928 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006-11-22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006-11-22 10:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2006-11-22 10:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2005-05-24 22:26:16 | 000,018,432 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\HHD Software\Free Serial Port Monitor\sermon.sys -- (SerMon)
DRV - [2005-05-24 22:23:52 | 000,007,632 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys -- (NDMSHLP)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010-12-01 09:19:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [3170 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - Startup: C:\Documents and Settings\Monitoring\Menu Start\Programy\Autostart\OSM Console.lnk = C:\WINDOWS\system32\javaw.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\Monitoring\Menu Start\Programy\Autostart\Terminal.lnk = C:\KronosNET\MonitoringConsole.exe (Next!s.c.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-22 17:24:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-12-20 11:30:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-12-20 11:28:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Monitoring\Pulpit\OTL.exe
[2010-12-14 12:02:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Monitoring\Recent
[2010-12-14 11:05:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010-12-14 11:05:36 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010-12-14 11:05:36 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010-12-11 20:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Ustawienia lokalne\Dane aplikacji\Help
[2010-12-11 20:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Dane aplikacji\Help
[2010-12-07 09:54:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-12-06 13:46:38 | 000,180,224 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010-12-06 13:43:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010-12-06 13:38:07 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010-12-06 13:38:07 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010-12-06 13:38:07 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010-12-06 13:38:06 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010-12-06 13:38:06 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010-12-06 13:38:06 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010-12-06 13:38:05 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010-12-06 13:38:05 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010-12-06 13:38:04 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010-12-06 13:38:04 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010-12-06 13:38:04 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010-12-06 13:38:01 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010-12-06 13:38:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010-12-06 13:38:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010-12-06 13:38:00 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010-12-06 13:38:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010-12-06 13:38:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010-12-06 13:37:59 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010-12-06 13:37:59 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010-12-06 13:37:59 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010-12-06 13:37:59 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010-12-06 13:37:58 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010-12-06 13:37:56 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010-12-06 13:37:54 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010-12-06 13:37:54 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010-12-06 13:37:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010-12-06 13:37:54 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010-12-06 13:37:54 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010-12-06 13:37:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010-12-06 13:37:53 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010-12-06 13:37:53 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010-12-06 13:37:53 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010-12-06 13:37:53 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010-12-06 13:37:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010-12-06 13:37:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010-12-06 13:37:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010-12-06 13:37:52 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010-12-06 13:37:52 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010-12-06 13:37:52 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010-12-06 13:37:52 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010-12-06 13:37:52 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010-12-06 13:37:52 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010-12-06 13:37:52 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010-12-06 13:37:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010-12-06 13:37:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010-12-06 13:37:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010-12-06 13:37:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010-12-06 13:37:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010-12-06 13:37:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010-12-06 13:37:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010-12-06 13:37:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010-12-06 13:37:51 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010-12-06 13:37:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010-12-06 13:37:47 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010-12-06 13:37:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010-12-06 13:37:45 | 000,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010-12-06 13:37:45 | 000,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010-12-06 13:37:45 | 000,029,184 | ---- | C] (RICOH Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010-12-06 13:37:45 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010-12-06 13:37:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010-12-06 13:37:44 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010-12-06 13:37:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010-12-06 13:37:42 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010-12-06 13:37:42 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010-12-06 13:37:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010-12-06 13:37:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010-12-06 13:37:40 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010-12-06 13:37:40 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010-12-06 13:37:39 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010-12-06 13:37:39 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010-12-06 13:37:39 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010-12-06 13:37:39 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010-12-06 13:37:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010-12-06 13:37:38 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010-12-06 13:37:38 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010-12-06 13:37:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010-12-06 13:37:38 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010-12-06 13:37:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010-12-06 13:37:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010-12-06 13:37:32 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010-12-06 13:37:31 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010-12-06 13:37:28 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010-12-06 13:37:28 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010-12-06 13:37:21 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010-12-06 13:37:21 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010-12-06 13:37:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010-12-06 13:37:20 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010-12-06 13:37:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010-12-06 13:37:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010-12-06 13:37:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010-12-06 13:37:18 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010-12-06 13:37:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010-12-06 13:37:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010-12-06 13:37:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010-12-06 13:37:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010-12-06 13:37:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010-12-06 13:37:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010-12-06 13:37:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010-12-06 13:37:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010-12-06 13:37:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010-12-06 13:37:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010-12-06 13:37:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010-12-06 13:37:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010-12-06 13:37:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010-12-06 13:37:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010-12-06 13:37:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010-12-06 13:37:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010-12-06 13:37:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010-12-06 13:37:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010-12-06 13:37:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010-12-06 13:37:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010-12-06 13:37:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010-12-06 13:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010-12-06 13:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010-12-06 13:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010-12-06 13:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010-12-06 13:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010-12-06 13:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010-12-06 13:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010-12-06 13:37:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010-12-06 13:37:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010-12-06 13:37:14 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010-12-06 13:37:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010-12-06 13:37:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010-12-06 13:37:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010-12-06 13:37:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010-12-06 13:37:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010-12-06 13:37:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010-12-06 13:37:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010-12-06 13:37:13 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010-12-06 13:37:12 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010-12-06 13:37:12 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010-12-06 13:37:12 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010-12-06 13:37:12 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010-12-06 13:37:12 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010-12-06 13:37:12 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010-12-06 13:37:12 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010-12-06 13:37:11 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010-12-06 13:37:11 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010-12-06 13:37:11 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010-12-06 13:37:11 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010-12-06 13:37:11 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010-12-06 13:37:11 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010-12-06 13:37:11 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010-12-06 13:37:11 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010-12-06 13:37:11 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010-12-06 13:37:10 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010-12-06 13:37:10 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010-12-06 13:37:10 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010-12-06 13:37:10 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010-12-06 13:37:10 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010-12-06 13:37:10 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010-12-06 13:37:10 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010-12-06 13:37:07 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010-12-06 13:37:02 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010-12-06 13:37:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010-12-06 13:37:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010-12-06 13:37:00 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010-12-06 13:37:00 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010-12-06 13:37:00 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010-12-06 13:37:00 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010-12-06 13:37:00 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010-12-06 13:37:00 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010-12-06 13:37:00 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010-12-06 13:37:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010-12-06 13:37:00 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010-12-06 13:37:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010-12-06 13:36:59 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010-12-06 13:36:59 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010-12-06 13:36:59 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010-12-06 13:36:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010-12-06 13:36:59 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010-12-06 13:36:59 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010-12-06 13:36:59 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010-12-06 13:36:59 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010-12-06 13:36:59 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010-12-06 13:36:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010-12-06 13:36:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010-12-06 13:36:59 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010-12-06 13:36:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010-12-06 13:36:58 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010-12-06 13:36:58 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010-12-06 13:36:58 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010-12-06 13:36:57 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010-12-06 13:36:57 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010-12-06 13:36:57 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010-12-06 13:36:57 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010-12-06 13:36:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010-12-06 13:36:57 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010-12-06 13:36:57 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010-12-06 13:36:57 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010-12-06 13:36:57 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010-12-06 13:36:51 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010-12-06 13:36:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010-12-06 13:36:49 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010-12-06 13:36:48 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010-12-06 13:36:48 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010-12-06 13:36:48 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010-12-06 13:36:48 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010-12-06 13:36:48 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010-12-06 13:36:48 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010-12-06 13:36:47 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010-12-06 13:36:47 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010-12-06 13:36:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010-12-06 13:36:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010-12-06 13:36:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010-12-06 13:36:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010-12-06 13:36:46 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2010-12-06 13:36:46 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010-12-06 13:36:46 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010-12-06 13:36:46 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010-12-06 13:36:38 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010-12-06 13:36:38 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010-12-06 13:36:38 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010-12-06 13:36:38 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010-12-06 13:36:38 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010-12-06 13:36:38 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010-12-06 13:36:37 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010-12-06 13:36:37 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010-12-06 13:36:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010-12-06 13:36:33 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010-12-06 13:36:33 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010-12-06 13:36:33 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010-12-06 13:36:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010-12-06 13:36:30 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010-12-06 13:36:30 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010-12-06 13:36:30 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010-12-06 13:36:29 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010-12-06 13:36:29 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010-12-06 13:36:29 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010-12-06 13:36:29 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010-12-06 13:36:29 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010-12-06 13:36:29 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010-12-06 13:36:29 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010-12-06 13:36:29 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010-12-06 13:36:29 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010-12-06 13:36:29 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010-12-06 13:36:29 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010-12-06 13:36:29 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010-12-06 13:36:29 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010-12-06 13:36:28 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010-12-06 13:36:28 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010-12-06 13:36:28 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010-12-06 13:36:27 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010-12-06 13:36:26 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010-12-06 13:28:28 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010-12-06 13:28:28 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010-12-06 13:28:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010-12-06 13:28:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010-12-04 08:25:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Monitoring\Moje dokumenty\Moje wideo
[2010-12-04 08:25:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo
[2010-12-02 14:10:30 | 001,833,576 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010-12-02 14:10:30 | 001,489,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010-12-02 14:10:30 | 000,891,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2010-12-02 14:10:30 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010-12-02 14:10:30 | 000,084,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010-12-02 14:10:29 | 009,721,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2010-12-02 14:10:29 | 006,139,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2010-12-02 14:10:29 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010-12-02 14:10:29 | 000,054,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2010-12-02 14:10:27 | 002,180,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010-12-02 14:10:27 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2010-12-02 14:10:25 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010-12-02 14:10:25 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010-12-02 14:10:25 | 000,285,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2010-12-02 14:10:25 | 000,064,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2010-12-02 14:10:20 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010-12-01 10:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Dane aplikacji\Windows Search
[2010-12-01 10:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010-12-01 10:14:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010-12-01 10:14:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010-12-01 10:14:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010-12-01 10:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Dane aplikacji\Windows Desktop Search
[2010-12-01 10:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010-12-01 10:13:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010-12-01 10:13:09 | 000,019,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010-12-01 10:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010-12-01 10:11:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010-12-01 10:10:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010-12-01 09:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-12-01 09:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
[2010-12-01 09:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Dane aplikacji\SUPERAntiSpyware.com
[2010-11-30 14:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2010-11-26 09:03:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-12-20 11:35:17 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010-12-20 11:35:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-12-20 11:30:10 | 000,581,842 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-12-20 11:30:10 | 000,498,834 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-12-20 11:30:10 | 000,115,092 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-12-20 11:30:10 | 000,086,612 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-12-20 11:28:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monitoring\Pulpit\OTL.exe
[2010-12-20 08:29:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-12-15 09:26:16 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-12-14 15:10:20 | 000,885,756 | ---- | M] () -- C:\Documents and Settings\Monitoring\Pulpit\Setup_v1[2].2.0.1111.zip
[2010-12-07 10:04:45 | 143,845,286 | ---- | M] () -- C:\KronosNET.rar
[2010-12-07 10:00:18 | 068,265,059 | ---- | M] () -- C:\Kronos NET(stary).rar
[2010-12-06 13:38:28 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010-12-06 13:36:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010-12-06 13:36:13 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010-12-06 13:36:13 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010-12-06 13:36:02 | 000,004,293 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010-12-06 13:34:48 | 000,023,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-12-06 13:33:26 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2010-12-06 13:31:53 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010-12-02 14:13:06 | 000,187,300 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010-12-01 10:11:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010-12-01 09:19:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-12-14 15:10:17 | 000,885,756 | ---- | C] () -- C:\Documents and Settings\Monitoring\Pulpit\Setup_v1[2].2.0.1111.zip
[2010-12-06 13:37:39 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010-12-06 13:37:18 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010-12-06 13:37:12 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010-12-06 13:37:11 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010-12-06 13:37:10 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010-12-06 13:37:04 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010-12-06 13:37:01 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010-12-06 13:36:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010-12-06 13:36:48 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010-12-06 13:28:20 | 002,033,887 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010-12-06 13:28:20 | 001,246,357 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010-12-06 13:28:20 | 000,808,524 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010-12-06 13:28:20 | 000,545,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010-12-06 13:28:20 | 000,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010-12-06 13:28:20 | 000,171,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2010-12-06 13:28:20 | 000,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010-12-06 13:28:20 | 000,033,765 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010-12-06 13:28:20 | 000,016,825 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010-12-06 13:28:20 | 000,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010-12-06 13:28:20 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010-12-06 13:28:20 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010-12-06 13:28:20 | 000,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010-12-06 13:28:20 | 000,007,407 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010-12-02 21:13:26 | 000,042,474 | ---- | C] () -- C:\Documents and Settings\Monitoring\Moje dokumenty\Alarm.wav
[2010-12-01 10:11:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010-08-27 14:53:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010-07-02 09:09:50 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2010-07-02 09:09:49 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2010-07-02 09:09:49 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2010-07-02 09:09:49 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2010-07-02 09:09:49 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2010-07-02 09:09:40 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sst1cl3.dll
[2009-12-18 09:43:48 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-07-28 13:17:33 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Monitoring\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-25 21:14:52 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009-06-22 19:16:56 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-06-22 17:34:18 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008-05-26 22:22:36 | 000,016,222 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:22:34 | 000,021,728 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:22:32 | 000,016,164 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007-08-06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

< End of report >
[/log]

[b]OTL Extras[/b]
[log]OTL Extras logfile created on: 2010-12-20 11:46:52 - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Monitoring\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 013,00 Mb Total Physical Memory | 486,00 Mb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 285,75 Gb Free Space | 95,86% Space Free | Partition Type: NTFS

Computer Name: MICROS-MONIT | User Name: Monitoring | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1111:TCP" = 1111:TCP:*:Enabled:GPRS
"1111:UDP" = 1111:UDP:*:Enabled:GPRS2
"6831:TCP" = 6831:TCP:*:Enabled:EBS TCP
"6831:UDP" = 6831:UDP:*:Enabled:EBS UDP
"5985:TCP" = 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TeamViewer3\TeamViewer.exe" = C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\LanHelper\LanHelper.exe" = C:\Program Files\LanHelper\LanHelper.exe:*:Enabled:LanHelper -- (Hainsoft.com)
"C:\Documents and Settings\Monitoring\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Documents and Settings\Monitoring\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO -- ()


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.0729.1
"{104B40CB-06B3-4697-8B80-DFD6661CCE46}" = KronosNET
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4A05CF-3A6D-4DD6-9C65-E865C9416944}" = Kronos LT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3472693C-6EC5-41FA-B5B9-A22B11AEFE72}" = HHD Software Free Serial Port Monitor 3.31
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E2726D9-F507-48C9-8202-1AAD83524E6B}" = ActiveGuard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5AF71003-1797-4D93-9F37-4F2125CBF539}" = Microsoft .NET Framework 2.0 Language Pack - PLK
"{6181A2F7-2DA5-408A-AAB1-008CA9C9399A}" = Kronos NET
"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LanHelper_is1" = LanHelper v1.94
"Microsoft .NET Framework 2.0 Language Pack - PLK" = Microsoft .NET Framework 2.0 — pakiet języka polskiego
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"OSM_2007_is1" = Monitoring Receiver OSM.20071.2.107.1262STD
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SkanerOnline" = Skaner on-line mks_vir
"TeamViewer 3" = TeamViewer 3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-12-11 15:56:38 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-13 03:32:04 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-13 21:09:26 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-14 06:02:45 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-15 03:42:24 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-15 04:26:54 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-17 04:12:41 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-17 18:14:51 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-18 13:49:35 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-12-20 03:30:04 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

[ System Events ]
Error - 2010-12-20 06:30:08 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7034
Description = Usługa KronosNET TMLabDirect Driver niespodziewanie zakończyła pracę.
Wystąpiło to razy: 1.

Error - 2010-12-20 06:30:08 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7034
Description = Usługa LogMeIn Maintenance Service niespodziewanie zakończyła pracę.
Wystąpiło to razy: 1.

Error - 2010-12-20 06:30:09 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7034
Description = Usługa LogMeIn niespodziewanie zakończyła pracę. Wystąpiło to razy:
1.

Error - 2010-12-20 06:30:09 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7034
Description = Usługa Monitoring Receiver OSM.2007 niespodziewanie zakończyła pracę.
Wystąpiło to razy: 1.

Error - 2010-12-20 06:30:09 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7034
Description = Usługa ActiveGuard Analyser niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2010-12-20 06:35:47 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2

Error - 2010-12-20 06:35:47 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2

Error - 2010-12-20 06:37:03 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: SASDIFSV

Error - 2010-12-20 06:37:08 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2

Error - 2010-12-20 06:37:10 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7034
Description = Usługa KronosNET Kernel niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.


< End of report >
[/log]

[b]RSIT[/b]
[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by Monitoring at 2010-12-20 11:59:16
Microsoft Windows XP Home Edition Dodatek Service Pack 3
System drive C: has 293 GB (96%) free of 305 GB
Total RAM: 1013 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:59:26, on 2010-12-20
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActiveGuard\rteng9.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\KronosNET\EbsOsm_Drv.exe
C:\KronosNET\GSM_Drv.exe
C:\KronosNET\GSMGate_Drv.exe
C:\KronosNET\MailGate_Drv.exe
C:\KronosNET\SatelPhone_Drv.exe
C:\KronosNET\TMLabDirect_Drv.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\EBS\OSM\svc.exe
C:\Program Files\EBS\OSM\ecs.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ActiveGuard\agsvc.exe
C:\Program Files\ActiveGuard\aganalyser.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\javaw.exe
C:\KronosNET\MonitoringConsole.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\KronosNET\Kernel.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Monitoring\Pulpit\RSIT.exe
C:\Program Files\trend micro\Monitoring.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKUS\S-1-5-21-2000478354-329068152-1801674531-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OSM Console.lnk = ?
O4 - Startup: Terminal.lnk = C:\KronosNET\MonitoringConsole.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{40AA62A8-2DC2-42C6-A997-058BA032F34E}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{40AA62A8-2DC2-42C6-A997-058BA032F34E}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{40AA62A8-2DC2-42C6-A997-058BA032F34E}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS3\Services\Tcpip\..\{40AA62A8-2DC2-42C6-A997-058BA032F34E}: NameServer = 194.204.159.1,194.204.152.34
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ActiveGuard Analyser - Unknown owner - C:\Program Files\ActiveGuard\agsvc.exe
O23 - Service: Adaptive Server Anywhere - ActiveGuard_DB (ASANYe_ActiveGuard_DB) - iAnywhere Solutions, Inc. - C:\Program Files\ActiveGuard\\rteng9.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kronos Analiser (K_Analiser) - Unknown owner - C:\Kronos NET\Analiser.exe
O23 - Service: Kronos Controler (K_Controler) - NEXT! s.c. - C:\Kronos NET\Controler.exe
O23 - Service: KronosNET EbsOsm Driver (K_EbsOsmDrv) - Next! s.c. - C:\KronosNET\EbsOsm_Drv.exe
O23 - Service: Kronos GSM Driver (K_GSM) - Next! s.c. - C:\Kronos NET\GSM_Drv.exe
O23 - Service: KronosNET GSM Driver (K_GSMDrv) - Next! s.c. - C:\KronosNET\GSM_Drv.exe
O23 - Service: KronosNET GSMGate Driver (K_GSMGateDrv) - Next! s.c. - C:\KronosNET\GSMGate_Drv.exe
O23 - Service: Kronos GSMTerminal Driver (K_GSMTerminal) - Next! s.c. - C:\Kronos NET\GSMTerminal_drv.exe
O23 - Service: KronosNET Kernel (K_Kernel) - Next! s.c. - C:\KronosNET\Kernel.exe
O23 - Service: KronosNET MailGate Driver (K_MailGateDrv) - Next! s.c. - C:\KronosNET\MailGate_Drv.exe
O23 - Service: Kronos Satel Driver (K_Satel) - Next! s.c. - C:\Kronos NET\Satel_Drv.exe
O23 - Service: KronosNET SatelPhone Driver (K_SatelPhoneDrv) - Next! s.c. - C:\KronosNET\SatelPhone_Drv.exe
O23 - Service: Kronos TMLabDirect (K_TMLabDirect) - Unknown owner - C:\Documents and Settings\Monitoring\Pulpit\TMLabDirect\TMLabDirect_Drv.exe (file missing)
O23 - Service: KronosNET TMLabDirect Driver (K_TMLabDirectDrv) - Next! s.c. - C:\KronosNET\TMLabDirect_Drv.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Monitoring Receiver OSM.2007 - Unknown owner - C:\Program Files\EBS\OSM\svc.exe

--
End of file - 8409 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-10-12 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"3170 Scan2PC"=C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe [2009-01-30 503808]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-05 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-05 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-05 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-09-03 19573352]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Documents and Settings\Monitoring\Menu Start\Programy\Autostart
OSM Console.lnk - C:\WINDOWS\system32\javaw.exe
Terminal.lnk - C:\KronosNET\MonitoringConsole.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2010-10-05 87424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\LanHelper\LanHelper.exe"="C:\Program Files\LanHelper\LanHelper.exe:*:Enabled:LanHelper"
"C:\Documents and Settings\Monitoring\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Monitoring\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe"="C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger"
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC"
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 2 months======

2010-12-20 11:59:17 ----D---- C:\Program Files\trend micro
2010-12-20 11:59:16 ----D---- C:\rsit
2010-12-20 11:30:04 ----D---- C:\_OTL
2010-12-14 11:05:49 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-12-14 11:05:36 ----A---- C:\WINDOWS\system32\drivers\USBAUDIO.sys
2010-12-11 20:54:14 ----D---- C:\Documents and Settings\Monitoring\Dane aplikacji\Help
2010-12-07 09:54:33 ----SHD---- C:\RECYCLER
2010-12-06 13:46:38 ----RA---- C:\WINDOWS\system32\igfxres.dll
2010-12-06 13:43:06 ----D---- C:\WINDOWS\Prefetch
2010-12-06 13:35:26 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-12-06 13:28:28 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-12-06 13:28:28 ----A---- C:\WINDOWS\system32\irclass.dll
2010-12-02 14:10:30 ----A---- C:\WINDOWS\vncutil.exe
2010-12-02 14:10:30 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2010-12-02 14:10:30 ----A---- C:\WINDOWS\SkyTel.exe
2010-12-02 14:10:30 ----A---- C:\WINDOWS\RtlUpd.exe
2010-12-02 14:10:29 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2010-12-02 14:10:29 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010-12-02 14:10:29 ----A---- C:\WINDOWS\RTLCPL.EXE
2010-12-02 14:10:29 ----A---- C:\WINDOWS\RtkAudioService.exe
2010-12-02 14:10:28 ----A---- C:\WINDOWS\RTHDCPL.EXE
2010-12-02 14:10:27 ----A---- C:\WINDOWS\system32\drivers\Monfilt.sys
2010-12-02 14:10:27 ----A---- C:\WINDOWS\MicCal.exe
2010-12-02 14:10:25 ----A---- C:\WINDOWS\system32\drivers\Ambfilt.sys
2010-12-02 14:10:25 ----A---- C:\WINDOWS\ALCWZRD.EXE
2010-12-02 14:10:25 ----A---- C:\WINDOWS\ALCMTR.EXE
2010-12-02 14:10:20 ----A---- C:\WINDOWS\RtlExUpd.dll
2010-12-01 10:29:23 ----A---- C:\Startup Programs (MICROS-MONIT) 2010-12-01 10.29.05.txt
2010-12-01 10:21:47 ----D---- C:\Documents and Settings\Monitoring\Dane aplikacji\Windows Search
2010-12-01 10:16:04 ----D---- C:\Program Files\Microsoft.NET
2010-12-01 10:14:38 ----D---- C:\WINDOWS\system32\WindowsPowerShell
2010-12-01 10:14:37 ----D---- C:\WINDOWS\system32\winrm
2010-12-01 10:14:34 ----HDC---- C:\WINDOWS\$968930Uinstall_KB968930$
2010-12-01 10:14:33 ----D---- C:\WINDOWS\$NtUninstallKB968930$
2010-12-01 10:14:21 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-12-01 10:14:11 ----D---- C:\Documents and Settings\Monitoring\Dane aplikacji\Windows Desktop Search
2010-12-01 10:13:48 ----D---- C:\Program Files\Windows Desktop Search
2010-12-01 10:13:47 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-12-01 10:13:09 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-12-01 10:12:55 ----D---- C:\Program Files\Windows Media Connect 2
2010-12-01 10:12:47 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-12-01 10:12:15 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-12-01 10:11:58 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-12-01 10:10:27 ----D---- C:\WINDOWS\system32\URTTEMP
2010-12-01 09:18:32 ----A---- C:\WINDOWS\system32\tmp.txt
2010-12-01 09:15:59 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2010-12-01 09:05:25 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2010-12-01 09:05:22 ----D---- C:\Documents and Settings\Monitoring\Dane aplikacji\SUPERAntiSpyware.com
2010-11-30 14:07:37 ----D---- C:\Program Files\SkanerOnline
2010-11-26 09:03:47 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage

======List of files/folders modified in the last 2 months======

2010-12-20 11:59:17 ----RD---- C:\Program Files
2010-12-20 11:37:09 ----D---- C:\WINDOWS\Temp
2010-12-20 11:34:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-20 11:30:16 ----D---- C:\WINDOWS\system32
2010-12-20 11:30:16 ----D---- C:\WINDOWS
2010-12-20 11:30:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-20 10:45:53 ----D---- C:\[LOG]
2010-12-20 08:28:29 ----D---- C:\Program Files\LogMeIn
2010-12-15 08:38:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-15 08:32:25 ----D---- C:\WINDOWS\Help
2010-12-14 12:02:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2010-12-14 12:02:14 ----D---- C:\WINDOWS\Debug
2010-12-14 11:05:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-14 11:05:37 ----D---- C:\WINDOWS\system32\drivers
2010-12-11 20:54:14 ----D---- C:\Program Files\Kronos LT
2010-12-07 09:15:09 ----A---- C:\WINDOWS\system.ini
2010-12-07 09:06:31 ----D---- C:\WINDOWS\AppPatch
2010-12-07 09:06:28 ----D---- C:\Program Files\Common Files
2010-12-06 14:26:04 ----D---- C:\WINDOWS\system
2010-12-06 14:26:03 ----D---- C:\WINDOWS\system32\Setup
2010-12-06 14:25:57 ----D---- C:\WINDOWS\L2Schemas
2010-12-06 14:25:56 ----D---- C:\WINDOWS\system32\usmt
2010-12-06 14:25:46 ----D---- C:\WINDOWS\ime
2010-12-06 14:25:45 ----RSD---- C:\WINDOWS\Fonts
2010-12-06 14:25:44 ----D---- C:\WINDOWS\Network Diagnostic
2010-12-06 14:25:44 ----D---- C:\WINDOWS\Media
2010-12-06 14:25:42 ----D---- C:\WINDOWS\system32\pl-pl
2010-12-06 14:25:35 ----D---- C:\WINDOWS\PeerNet
2010-12-06 14:25:25 ----D---- C:\WINDOWS\system32\npp
2010-12-06 14:25:19 ----D---- C:\WINDOWS\msagent
2010-12-06 14:25:17 ----D---- C:\WINDOWS\system32\pl
2010-12-06 14:23:04 ----D---- C:\WINDOWS\system32\1045
2010-12-06 14:22:54 ----D---- C:\WINDOWS\twain_32
2010-12-06 14:22:23 ----D---- C:\WINDOWS\system32\icsxml
2010-12-06 14:22:02 ----D---- C:\WINDOWS\system32\1033
2010-12-06 14:21:23 ----D---- C:\WINDOWS\Driver Cache
2010-12-06 14:21:22 ----D---- C:\WINDOWS\WinSxS
2010-12-06 13:46:57 ----D---- C:\WINDOWS\Registration
2010-12-06 13:46:42 ----HD---- C:\WINDOWS\inf
2010-12-06 13:45:42 ----SHD---- C:\System Volume Information
2010-12-06 13:45:42 ----D---- C:\WINDOWS\system32\Restore
2010-12-06 13:38:40 ----D---- C:\WINDOWS\system32\config
2010-12-06 13:36:02 ----A---- C:\WINDOWS\ODBCINST.INI
2010-12-06 13:35:51 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-12-06 13:35:49 ----D---- C:\WINDOWS\system32\ias
2010-12-06 13:35:27 ----RD---- C:\WINDOWS\Web
2010-12-06 13:35:21 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-12-06 13:35:11 ----A---- C:\WINDOWS\win.ini
2010-12-06 13:35:07 ----D---- C:\Program Files\Windows Media Player
2010-12-06 13:35:05 ----D---- C:\Program Files\Movie Maker
2010-12-06 13:35:04 ----D---- C:\WINDOWS\system32\oobe
2010-12-06 13:35:03 ----D---- C:\Program Files\Outlook Express
2010-12-06 13:34:59 ----D---- C:\Program Files\Internet Explorer
2010-12-06 13:34:50 ----D---- C:\WINDOWS\system32\Com
2010-12-06 13:34:00 ----SHD---- C:\WINDOWS\Installer
2010-12-06 13:33:58 ----D---- C:\WINDOWS\system32\wbem
2010-12-06 13:33:26 ----SH---- C:\boot.ini
2010-12-06 13:28:40 ----D---- C:\WINDOWS\security
2010-12-06 13:28:21 ----ASH---- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
2010-12-06 13:28:18 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-06 13:15:27 ----D---- C:\Kronos NET
2010-12-06 13:04:40 ----D---- C:\KronosNET
2010-12-02 14:13:05 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-12-02 14:12:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-12-02 14:11:02 ----D---- C:\WINDOWS\system32\RTCOM
2010-12-02 14:10:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-02 14:10:25 ----D---- C:\Program Files\Realtek
2010-12-01 11:00:56 ----RSD---- C:\WINDOWS\assembly
2010-12-01 11:00:56 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-01 10:16:12 ----D---- C:\WINDOWS\system32\en-US
2010-12-01 10:14:57 ----D---- C:\WINDOWS\ie8updates
2010-12-01 10:14:56 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-01 10:13:54 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft
2010-12-01 10:11:58 ----D---- C:\WINDOWS\system32\LogFiles
2010-12-01 10:11:15 ----D---- C:\WINDOWS\system32\mui
2010-11-30 14:07:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-26 09:19:53 ----D---- C:\Documents and Settings
2010-11-26 08:59:28 ----D---- C:\WINDOWS\SoftwareDistribution
2010-11-26 08:43:30 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-11 03:00:18 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40448]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2006-11-22 327168]
R3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2006-11-22 100096]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-09-03 6139496]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 OxPCIeSer;OxPCIeSer; C:\WINDOWS\system32\DRIVERS\OxPCIeSer.sys [2008-04-04 87080]
R3 OxPCIeSerMf;OxPCIeSerMf; C:\WINDOWS\system32\DRIVERS\OxPCIeMf.sys [2008-04-04 27304]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-15 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 SASDIFSV;SASDIFSV; \??\C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASKUTIL.sys []
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mxser;MOXA Smartio/Industio Driver; C:\WINDOWS\system32\DRIVERS\mxser.sys [2008-07-09 25344]
S3 mxsport;MOXA Smartio/Industio Port Driver; C:\WINDOWS\system32\DRIVERS\mxsport.sys [2008-07-11 89856]
S3 NDMSHLP;Device Monitor Helper Driver; \??\C:\Program Files\Common Files\HHD Software\Device Monitor\ndmshlp.sys []
S3 SASENUM;SASENUM; \??\C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASENUM.SYS []
S3 SerMon;Serial Monitor Filter Driver; \??\C:\Program Files\HHD Software\Free Serial Port Monitor\sermon.sys []
S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ActiveGuard Analyser;ActiveGuard Analyser; C:\Program Files\ActiveGuard\agsvc.exe [2007-04-18 61440]
R2 ASANYe_ActiveGuard_DB;Adaptive Server Anywhere - ActiveGuard_DB; C:\Program Files\ActiveGuard\\rteng9.exe [2004-01-26 73728]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2008-07-17 80392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-10-12 153376]
R2 K_EbsOsmDrv;KronosNET EbsOsm Driver; C:\KronosNET\EbsOsm_Drv.exe [2010-10-07 838656]
R2 K_GSMDrv;KronosNET GSM Driver; C:\KronosNET\GSM_Drv.exe [2010-06-16 785408]
R2 K_GSMGateDrv;KronosNET GSMGate Driver; C:\KronosNET\GSMGate_Drv.exe [2010-06-16 866304]
R2 K_Kernel;KronosNET Kernel; C:\KronosNET\Kernel.exe [2010-06-16 3230208]
R2 K_MailGateDrv;KronosNET MailGate Driver; C:\KronosNET\MailGate_Drv.exe [2010-10-07 1024512]
R2 K_SatelPhoneDrv;KronosNET SatelPhone Driver; C:\KronosNET\SatelPhone_Drv.exe [2010-06-16 737792]
R2 K_TMLabDirectDrv;KronosNET TMLabDirect Driver; C:\KronosNET\TMLabDirect_Drv.exe [2010-06-16 764416]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-27 374152]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2010-10-05 116104]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]
R2 Monitoring Receiver OSM.2007;Monitoring Receiver OSM.2007; C:\Program Files\EBS\OSM\svc.exe [2010-08-09 69632]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-15 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-15 14336]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 K_Analiser;Kronos Analiser; C:\Kronos NET\Analiser.exe [2009-07-31 1368576]
S3 K_Controler;Kronos Controler; C:\Kronos NET\Controler.exe [2009-07-31 549888]
S3 K_GSM;Kronos GSM Driver; C:\Kronos NET\GSM_Drv.exe [2009-07-31 632832]
S3 K_GSMTerminal;Kronos GSMTerminal Driver; C:\Kronos NET\GSMTerminal_drv.exe [2008-10-06 568832]
S3 K_Satel;Kronos Satel Driver; C:\Kronos NET\Satel_Drv.exe [2008-03-17 549376]
S3 K_TMLabDirect;Kronos TMLabDirect; C:\Documents and Settings\Monitoring\Pulpit\TMLabDirect\TMLabDirect_Drv.exe []
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
[/log]

Tomek01
komentarz
komentarz

Logi są czyste.
W OTL użyj funkcji CleanUp.

Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki pokaż na forum.

a_urbi
komentarz
komentarz

Zrobiłem dokładnie tak jak napisałeś oba programy nie znalazły żadnych wirusów.

Tomek01
komentarz
komentarz

Co jednocześnie potwierdza, że system jest czysty.

a_urbi
komentarz
komentarz

Dokładnie, co zatem powoduje taką sytuacje, że po czasie wywala się dźięk?

Tomek01
komentarz
komentarz

To może być wina sterowników od dźwięku.

a_urbi
komentarz
komentarz

Sterowniki były instalowane ponownie a co ciekawe na innej karcie dźwiękowej dzieje się dokładnie tak samo

[color="#0000FF"]//Przenoszę
//Tom01[/color]

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.