a_urbi utworzono 17 grudnia 2010 utworzono 17 grudnia 2010 (edytowane) Witam, wszystkich mam ogromny problem, który spędza mi sen z powiek (dosłownie i w przenośni). Na jednym z komputerów z Windows XP SP3 przez włożenie zawirusowanego PenDriva zaczęły się dziać cyrki. Przeskanowałem komputer combofixem powyrzucał wszystkie zainfekowane pliki po czym przeskanowałem go wszystkimi możliwymi programami antywirusowymi i ostatecznie nie ma żadnych wirusów wszystko teoretycznie chodzi już ok poza jednym wyjątkiem co jakiś czas karta dzwiękowa się wyłącza tzn, przy próbie odtworzenia dźwięku wyrzuca brak sterownika, po restarcie kompa już wszystko jest ok przez jakiś czas (różnie ok 20h). Sterownikiod karty zostały odinstalowane i zainstalowane ponownie, ściągnąłem wszystkie aktualizacje z Microsoftu itp. Nie mam już pomysłów, proszę o pomoc gdyż jest to mój serwer i nie mam mozliwości przeinstalowania systemu. Poniżej zamieszczam logi z GMER 1.0.15.15530 oraz OTL'a. [b]OTL[/b] [log]OTL logfile created on: 2010-12-03 11:41:25 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Monitoring\Pulpit\gmer Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 013,00 Mb Total Physical Memory | 117,00 Mb Available Physical Memory | 12,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 285,84 Gb Free Space | 95,89% Space Free | Partition Type: NTFS Computer Name: MICROS-MONIT | User Name: Monitoring | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-12-03 11:10:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monitoring\Pulpit\gmer\OTL.exe PRC - [2010-10-12 07:50:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe PRC - [2010-10-07 08:38:31 | 001,024,512 | ---- | M] (Next! s.c.) -- C:\KronosNET\MailGate_Drv.exe PRC - [2010-10-07 08:38:22 | 000,838,656 | ---- | M] (Next! s.c.) -- C:\KronosNET\EbsOsm_Drv.exe PRC - [2010-10-05 15:58:48 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe PRC - [2010-09-27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe PRC - [2010-09-07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-08-09 22:32:20 | 000,462,967 | ---- | M] (INVENTWARE ) -- C:\Program Files\EBS\OSM\ecs.exe PRC - [2010-08-09 22:24:56 | 000,069,632 | ---- | M] () -- C:\Program Files\EBS\OSM\svc.exe PRC - [2010-06-16 09:39:17 | 008,452,096 | ---- | M] (Next!s.c.) -- C:\KronosNET\MonitoringConsole.exe PRC - [2010-06-16 09:37:40 | 003,230,208 | ---- | M] (Next! s.c.) -- C:\KronosNET\Kernel.exe PRC - [2010-06-16 09:33:07 | 000,764,416 | ---- | M] (Next! s.c.) -- C:\KronosNET\TMLabDirect_Drv.exe PRC - [2010-06-16 09:32:46 | 000,866,304 | ---- | M] (Next! s.c.) -- C:\KronosNET\GSMGate_Drv.exe PRC - [2010-06-16 09:32:22 | 000,785,408 | ---- | M] (Next! s.c.) -- C:\KronosNET\GSM_Drv.exe PRC - [2010-06-16 09:12:28 | 000,737,792 | ---- | M] (Next! s.c.) -- C:\KronosNET\SatelPhone_Drv.exe PRC - [2009-01-30 12:41:45 | 000,503,808 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe PRC - [2008-07-24 17:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe PRC - [2008-07-24 17:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2008-07-17 12:21:34 | 000,080,392 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-03-14 13:10:43 | 001,338,880 | ---- | M] () -- C:\Program Files\ActiveGuard\aganalyser.exe PRC - [2007-04-18 18:06:47 | 000,061,440 | ---- | M] () -- C:\Program Files\ActiveGuard\agsvc.exe PRC - [2004-01-26 19:08:06 | 000,073,728 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\ActiveGuard\rteng9.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-12-03 11:10:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monitoring\Pulpit\gmer\OTL.exe MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- C:\Documents and Settings\Monitoring\Pulpit\TMLabDirect\TMLabDirect_Drv.exe -- (K_TMLabDirect) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010-10-07 08:38:31 | 001,024,512 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\MailGate_Drv.exe -- (K_MailGateDrv) SRV - [2010-10-07 08:38:22 | 000,838,656 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\EbsOsm_Drv.exe -- (K_EbsOsmDrv) SRV - [2010-10-05 15:58:48 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2010-09-27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-08-09 22:24:56 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\EBS\OSM\svc.exe -- (Monitoring Receiver OSM.2007) SRV - [2010-06-16 09:37:40 | 003,230,208 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\Kernel.exe -- (K_Kernel) SRV - [2010-06-16 09:33:07 | 000,764,416 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\TMLabDirect_Drv.exe -- (K_TMLabDirectDrv) SRV - [2010-06-16 09:32:46 | 000,866,304 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\GSMGate_Drv.exe -- (K_GSMGateDrv) SRV - [2010-06-16 09:32:22 | 000,785,408 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\GSM_Drv.exe -- (K_GSMDrv) SRV - [2010-06-16 09:12:28 | 000,737,792 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\SatelPhone_Drv.exe -- (K_SatelPhoneDrv) SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-07-31 13:15:47 | 000,632,832 | ---- | M] (Next! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\GSM_Drv.exe -- (K_GSM) SRV - [2009-07-31 13:15:21 | 000,549,888 | ---- | M] (NEXT! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\Controler.exe -- (K_Controler) SRV - [2009-07-31 13:14:51 | 001,368,576 | ---- | M] () [On_Demand | Stopped] -- C:\Kronos NET\Analiser.exe -- (K_Analiser) SRV - [2008-10-06 11:19:02 | 000,568,832 | ---- | M] (Next! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\GSMTerminal_drv.exe -- (K_GSMTerminal) SRV - [2008-07-24 17:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2008-07-17 12:21:34 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2008-03-17 11:52:50 | 000,549,376 | ---- | M] (Next! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\Satel_Drv.exe -- (K_Satel) SRV - [2007-04-18 18:06:47 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\ActiveGuard\agsvc.exe -- (ActiveGuard Analyser) SRV - [2004-01-26 19:08:06 | 000,073,728 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\ActiveGuard\rteng9.exe -- (ASANYe_ActiveGuard_DB) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASKUTIL.sys -- (SASKUTIL) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - [2010-12-03 05:20:18 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2010-10-05 15:58:31 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2010-09-07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-09-07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-09-07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-09-07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-09-07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-09-07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-09-03 09:20:18 | 006,139,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009-11-18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-11-18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009-06-25 21:14:52 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt) DRV - [2008-07-24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2008-07-24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008-07-11 07:06:26 | 000,089,856 | R--- | M] (Moxa Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxsport.sys -- (mxsport) DRV - [2008-07-09 04:26:32 | 000,025,344 | R--- | M] (Moxa Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxser.sys -- (mxser) DRV - [2008-04-15 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-04-04 01:33:34 | 000,087,080 | R--- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OxPCIeSer.sys -- (OxPCIeSer) DRV - [2008-04-04 01:33:04 | 000,027,304 | R--- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OxPCIeMf.sys -- (OxPCIeSerMf) DRV - [2008-01-03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007-08-24 04:22:56 | 005,776,928 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2006-11-22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006-11-22 10:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb) DRV - [2006-11-22 10:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp) DRV - [2005-05-24 22:26:16 | 000,018,432 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\HHD Software\Free Serial Port Monitor\sermon.sys -- (SerMon) DRV - [2005-05-24 22:23:52 | 000,007,632 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys -- (NDMSHLP) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010-12-01 09:19:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [3170 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe () O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - Startup: C:\Documents and Settings\Monitoring\Menu Start\Programy\Autostart\OSM Console.lnk = C:\WINDOWS\system32\javaw.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Documents and Settings\Monitoring\Menu Start\Programy\Autostart\Terminal.lnk = C:\KronosNET\MonitoringConsole.exe (Next!s.c.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-22 17:24:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-12-03 10:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Pulpit\gmer [2010-12-02 14:10:30 | 001,833,576 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe [2010-12-02 14:10:30 | 001,489,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe [2010-12-02 14:10:30 | 000,891,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL [2010-12-02 14:10:30 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe [2010-12-02 14:10:30 | 000,084,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE [2010-12-02 14:10:29 | 009,721,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE [2010-12-02 14:10:29 | 006,139,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys [2010-12-02 14:10:29 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe [2010-12-02 14:10:29 | 000,054,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll [2010-12-02 14:10:27 | 002,180,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe [2010-12-02 14:10:27 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys [2010-12-02 14:10:25 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE [2010-12-02 14:10:25 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys [2010-12-02 14:10:25 | 000,285,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL [2010-12-02 14:10:25 | 000,064,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE [2010-12-02 14:10:20 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll [2010-12-02 14:03:56 | 052,523,241 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Monitoring\Pulpit\motherboard_driver_audio_realtek_azalia.exe [2010-12-02 13:51:00 | 001,246,890 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Monitoring\Pulpit\mb_driver_chipset_intel.exe [2010-12-01 10:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Dane aplikacji\Windows Search [2010-12-01 10:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010-12-01 10:14:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell [2010-12-01 10:14:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm [2010-12-01 10:14:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$ [2010-12-01 10:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Dane aplikacji\Windows Desktop Search [2010-12-01 10:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search [2010-12-01 10:13:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy [2010-12-01 10:13:09 | 000,019,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2010-12-01 10:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2010-12-01 10:11:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2010-12-01 10:10:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP [2010-12-01 09:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-12-01 09:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com [2010-12-01 09:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Dane aplikacji\SUPERAntiSpyware.com [2010-11-30 14:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2010-11-26 09:15:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-11-26 09:03:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-12-03 05:20:18 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys [2010-12-03 05:20:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-12-02 14:04:03 | 052,523,241 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Monitoring\Pulpit\motherboard_driver_audio_realtek_azalia.exe [2010-12-02 13:53:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-12-02 13:51:07 | 001,246,890 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Monitoring\Pulpit\mb_driver_chipset_intel.exe [2010-12-01 10:19:35 | 000,581,842 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-12-01 10:19:35 | 000,498,834 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-12-01 10:19:35 | 000,115,092 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-12-01 10:19:35 | 000,086,612 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-12-01 10:14:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-12-01 10:13:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010-12-01 10:13:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010-12-01 10:11:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010-12-01 09:20:00 | 000,002,350 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg [2010-12-01 09:19:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-11-30 13:55:07 | 003,982,557 | R--- | M] () -- C:\Documents and Settings\Monitoring\Pulpit\ComboFix.exe [2010-11-08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-12-02 21:13:26 | 000,042,474 | ---- | C] () -- C:\Documents and Settings\Monitoring\Moje dokumenty\Alarm.wav [2010-12-01 10:11:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010-12-01 09:18:32 | 000,002,350 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg [2010-08-27 14:53:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010-07-02 09:09:50 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2010-07-02 09:09:49 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll [2010-07-02 09:09:49 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2010-07-02 09:09:49 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll [2010-07-02 09:09:49 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll [2010-07-02 09:09:40 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sst1cl3.dll [2009-12-18 09:43:48 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-07-28 13:17:33 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Monitoring\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-06-25 21:14:52 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2009-06-22 19:16:56 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-06-22 17:34:18 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll [2008-05-26 22:22:36 | 000,016,222 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008-05-26 22:22:34 | 000,021,728 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008-05-26 22:22:32 | 000,016,164 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007-08-06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll < End of report > [/code] [b]Plik Extras z OTL'a[/b] [code]OTL Extras logfile created on: 2010-12-03 11:41:25 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Monitoring\Pulpit\gmer Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 013,00 Mb Total Physical Memory | 117,00 Mb Available Physical Memory | 12,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 285,84 Gb Free Space | 95,89% Space Free | Partition Type: NTFS Computer Name: MICROS-MONIT | User Name: Monitoring | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1111:TCP" = 1111:TCP:*:Enabled:GPRS "1111:UDP" = 1111:UDP:*:Enabled:GPRS2 "6831:TCP" = 6831:TCP:*:Enabled:EBS TCP "6831:UDP" = 6831:UDP:*:Enabled:EBS UDP "5985:TCP" = 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows "80:TCP" = 80:TCP:*:Disabled:Zdalne zarządzanie systemem Windows — tryb zgodności (ruch przychodzący HTTP) [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\TeamViewer3\TeamViewer.exe" = C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\LanHelper\LanHelper.exe" = C:\Program Files\LanHelper\LanHelper.exe:*:Enabled:LanHelper -- (Hainsoft.com) "C:\Documents and Settings\Monitoring\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Documents and Settings\Monitoring\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH) "C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics) "C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC -- () "C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.0729.1 "{104B40CB-06B3-4697-8B80-DFD6661CCE46}" = KronosNET "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F4A05CF-3A6D-4DD6-9C65-E865C9416944}" = Kronos LT "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3472693C-6EC5-41FA-B5B9-A22B11AEFE72}" = HHD Software Free Serial Port Monitor 3.31 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E2726D9-F507-48C9-8202-1AAD83524E6B}" = ActiveGuard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5AF71003-1797-4D93-9F37-4F2125CBF539}" = Microsoft .NET Framework 2.0 Language Pack - PLK "{6181A2F7-2DA5-408A-AAB1-008CA9C9399A}" = Kronos NET "{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn "{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "avast5" = avast! Free Antivirus "CCleaner" = CCleaner "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "HDMI" = Intel(R) Graphics Media Accelerator Driver "ie8" = Windows Internet Explorer 8 "LanHelper_is1" = LanHelper v1.94 "Microsoft .NET Framework 2.0 Language Pack - PLK" = Microsoft .NET Framework 2.0 — pakiet języka polskiego "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "OSM_2007_is1" = Monitoring Receiver OSM.20071.2.107.1262STD "Samsung CLX-3170 Series" = Samsung CLX-3170 Series "SkanerOnline" = Skaner on-line mks_vir "TeamViewer 3" = TeamViewer 3 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-12-01 05:32:28 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-01 21:59:04 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-02 09:06:19 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-02 09:07:16 | Computer Name = MICROS-MONIT | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2010-12-02 09:14:35 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-02 09:15:34 | Computer Name = MICROS-MONIT | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2010-12-02 09:23:26 | Computer Name = MICROS-MONIT | Source = K_Kernel | ID = 4 Description = Error while stopping: EListError - List index out of bounds ( Error - 2010-12-02 09:27:59 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-03 00:20:19 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-03 00:21:15 | Computer Name = MICROS-MONIT | Source = Application Error | ID = 1004 Description = Aplikacja powodująca błąd Kernel.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. [ System Events ] Error - 2010-12-02 09:28:17 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2 Error - 2010-12-02 09:28:17 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 Error - 2010-12-02 09:28:48 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: SASDIFSV Error - 2010-12-02 09:28:48 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2 Error - 2010-12-02 23:03:33 | Computer Name = MICROS-MONIT | Source = BROWSER | ID = 8032 Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{40AA62A8-2DC2-42C6-A997-058BA032F34E}. Przeglądarka zapasowa jest zatrzymywana. Error - 2010-12-02 23:10:11 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7034 Description = Usługa ES lite Service for program management. niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-12-03 00:20:36 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2 Error - 2010-12-03 00:20:36 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 Error - 2010-12-03 00:21:33 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: SASDIFSV Error - 2010-12-03 00:21:37 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2 < End of report > [/log] [b]GMER[/b] [log]GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-12-03 11:31:29 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3320620A rev.3.AAE Running: gmer.exe; Driver: C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\uwlcrpoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA98E8CF0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA98E8BAC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA98E9160] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA98E908A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA98E8782] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA98E8C86] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA98E86C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA98E8726] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA98E8DA6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA98E922E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA98E8D66] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA98E8EE6] INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A955816D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A9557FC2 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA98F5BAE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA98F59D2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA98F5B0C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A98F5B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A98F59D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A98F15D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A98F2FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A98F5BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA9167400, 0x87EE2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA920B620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA920B620] .protect˙˙˙˙hardlockunknown last code section [0xA920B400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA920B400, 0x5126, 0xE0000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1432] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\WINDOWS\system32\SearchIndexer.exe[2612] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[764] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[764] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\aksusb \Device\00000073 AKSCLASS.SYS (Aladdin Class Driver/Aladdin Knowledge Systems Ltd.) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1 ---- EOF - GMER 1.0.15 ---- [/log] Dodam, że jeszcze w momencie jak zminimalizuję jakieś okno to w górnej części pulpitu zanika część ikon tak jakby był na niej cały czas pasek tytułowy. Ponadto przeinstalowałem directx, próbowałem na drugiej karcie muzycznej, zrobiłem opcje napraw w instalacji windowsa i nadal nic. Pomocy [color="#ff0000"] //przenoszę do Bezpieczeństwa //dan[/color]
Tomek01 komentarz 17 grudnia 2010 komentarz 17 grudnia 2010 Użycie Combofix'a było lekkomyślne i odradzam na przyszłość. Możliwe, że omyłkowo usunął Ci jakiś sterownik. Pokaż log, który powstał: Combofix.txt Pokaz również ew. raporty ze skanów jakie wykonałeś. W tych logach niewiele widać do usunięcia. W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.) :Files C:\WINDOWS\system32\dvmurl.dll C:\WINDOWS\System32\tmp.reg :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowe logi: OTL i RSIT
a_urbi komentarz 20 grudnia 2010 Autor komentarz 20 grudnia 2010 (edytowane) Zrobiłem tak jak napisałeś. Poniżej wstawiam logi. [b]OTL log z wykonania skryptu[/b] [log]All processes killed ========== PROCESSES ========== No active process named Explorer.exe was found! ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ deleted successfully. C:\WINDOWS\system32\dvmurl.dll moved successfully. ========== FILES ========== File\Folder C:\WINDOWS\system32\dvmurl.dll not found. File\Folder C:\WINDOWS\System32\tmp.reg not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 65716 bytes ->Temporary Internet Files folder emptied: 65670 bytes User: LogMeInRemoteUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Monitoring ->Temp folder emptied: 27908354 bytes ->Temporary Internet Files folder emptied: 2256544 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1998861 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 4704044 bytes %systemroot%\System32 .tmp files removed: 860196 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 233876 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 36,00 mb OTL by OldTimer - Version 3.2.17.4 log created on 12202010_113004 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found! File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot. File\Folder C:\WINDOWS\temp\Perflib_Perfdata_a68.dat not found! Registry entries deleted on Reboot... [/log] [b]OTL log[/b] [log]OTL logfile created on: 2010-12-20 11:46:52 - Run 1 OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Monitoring\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 013,00 Mb Total Physical Memory | 486,00 Mb Available Physical Memory | 48,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 10000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 285,75 Gb Free Space | 95,86% Space Free | Partition Type: NTFS Computer Name: MICROS-MONIT | User Name: Monitoring | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-12-20 11:28:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monitoring\Pulpit\OTL.exe PRC - [2010-10-12 07:50:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe PRC - [2010-10-07 08:38:31 | 001,024,512 | ---- | M] (Next! s.c.) -- C:\KronosNET\MailGate_Drv.exe PRC - [2010-10-07 08:38:22 | 000,838,656 | ---- | M] (Next! s.c.) -- C:\KronosNET\EbsOsm_Drv.exe PRC - [2010-10-05 15:58:48 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe PRC - [2010-09-27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe PRC - [2010-09-07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-08-09 22:32:20 | 000,462,967 | ---- | M] (INVENTWARE ) -- C:\Program Files\EBS\OSM\ecs.exe PRC - [2010-08-09 22:24:56 | 000,069,632 | ---- | M] () -- C:\Program Files\EBS\OSM\svc.exe PRC - [2010-06-16 09:39:17 | 008,452,096 | ---- | M] (Next!s.c.) -- C:\KronosNET\MonitoringConsole.exe PRC - [2010-06-16 09:37:40 | 003,230,208 | ---- | M] (Next! s.c.) -- C:\KronosNET\Kernel.exe PRC - [2010-06-16 09:33:07 | 000,764,416 | ---- | M] (Next! s.c.) -- C:\KronosNET\TMLabDirect_Drv.exe PRC - [2010-06-16 09:32:46 | 000,866,304 | ---- | M] (Next! s.c.) -- C:\KronosNET\GSMGate_Drv.exe PRC - [2010-06-16 09:32:22 | 000,785,408 | ---- | M] (Next! s.c.) -- C:\KronosNET\GSM_Drv.exe PRC - [2010-06-16 09:12:28 | 000,737,792 | ---- | M] (Next! s.c.) -- C:\KronosNET\SatelPhone_Drv.exe PRC - [2010-05-14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2009-01-30 12:41:45 | 000,503,808 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe PRC - [2008-07-24 17:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe PRC - [2008-07-24 17:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2008-07-17 12:21:34 | 000,080,392 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-03-14 13:10:43 | 001,338,880 | ---- | M] () -- C:\Program Files\ActiveGuard\aganalyser.exe PRC - [2007-04-18 18:06:47 | 000,061,440 | ---- | M] () -- C:\Program Files\ActiveGuard\agsvc.exe PRC - [2004-01-26 19:08:06 | 000,073,728 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\ActiveGuard\rteng9.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-12-20 11:28:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monitoring\Pulpit\OTL.exe MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- C:\Documents and Settings\Monitoring\Pulpit\TMLabDirect\TMLabDirect_Drv.exe -- (K_TMLabDirect) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010-10-07 08:38:31 | 001,024,512 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\MailGate_Drv.exe -- (K_MailGateDrv) SRV - [2010-10-07 08:38:22 | 000,838,656 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\EbsOsm_Drv.exe -- (K_EbsOsmDrv) SRV - [2010-10-05 15:58:48 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2010-09-27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-08-09 22:24:56 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\EBS\OSM\svc.exe -- (Monitoring Receiver OSM.2007) SRV - [2010-06-16 09:37:40 | 003,230,208 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\Kernel.exe -- (K_Kernel) SRV - [2010-06-16 09:33:07 | 000,764,416 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\TMLabDirect_Drv.exe -- (K_TMLabDirectDrv) SRV - [2010-06-16 09:32:46 | 000,866,304 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\GSMGate_Drv.exe -- (K_GSMGateDrv) SRV - [2010-06-16 09:32:22 | 000,785,408 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\GSM_Drv.exe -- (K_GSMDrv) SRV - [2010-06-16 09:12:28 | 000,737,792 | ---- | M] (Next! s.c.) [Auto | Running] -- C:\KronosNET\SatelPhone_Drv.exe -- (K_SatelPhoneDrv) SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-07-31 13:15:47 | 000,632,832 | ---- | M] (Next! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\GSM_Drv.exe -- (K_GSM) SRV - [2009-07-31 13:15:21 | 000,549,888 | ---- | M] (NEXT! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\Controler.exe -- (K_Controler) SRV - [2009-07-31 13:14:51 | 001,368,576 | ---- | M] () [On_Demand | Stopped] -- C:\Kronos NET\Analiser.exe -- (K_Analiser) SRV - [2008-10-06 11:19:02 | 000,568,832 | ---- | M] (Next! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\GSMTerminal_drv.exe -- (K_GSMTerminal) SRV - [2008-07-24 17:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2008-07-17 12:21:34 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2008-03-17 11:52:50 | 000,549,376 | ---- | M] (Next! s.c.) [On_Demand | Stopped] -- C:\Kronos NET\Satel_Drv.exe -- (K_Satel) SRV - [2007-04-18 18:06:47 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\ActiveGuard\agsvc.exe -- (ActiveGuard Analyser) SRV - [2004-01-26 19:08:06 | 000,073,728 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\ActiveGuard\rteng9.exe -- (ASANYe_ActiveGuard_DB) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASKUTIL.sys -- (SASKUTIL) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - [2010-12-20 11:35:17 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2010-10-05 15:58:31 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2010-09-07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-09-07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-09-07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-09-07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-09-07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-09-07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-09-03 09:20:18 | 006,139,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009-11-18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-11-18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009-06-25 21:14:52 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt) DRV - [2008-07-24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2008-07-24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008-07-11 07:06:26 | 000,089,856 | R--- | M] (Moxa Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxsport.sys -- (mxsport) DRV - [2008-07-09 04:26:32 | 000,025,344 | R--- | M] (Moxa Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxser.sys -- (mxser) DRV - [2008-04-15 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-04-14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2008-04-04 01:33:34 | 000,087,080 | R--- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OxPCIeSer.sys -- (OxPCIeSer) DRV - [2008-04-04 01:33:04 | 000,027,304 | R--- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OxPCIeMf.sys -- (OxPCIeSerMf) DRV - [2008-01-03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007-08-24 04:22:56 | 005,776,928 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2006-11-22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006-11-22 10:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb) DRV - [2006-11-22 10:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp) DRV - [2005-05-24 22:26:16 | 000,018,432 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\HHD Software\Free Serial Port Monitor\sermon.sys -- (SerMon) DRV - [2005-05-24 22:23:52 | 000,007,632 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys -- (NDMSHLP) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010-12-01 09:19:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [3170 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe () O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - Startup: C:\Documents and Settings\Monitoring\Menu Start\Programy\Autostart\OSM Console.lnk = C:\WINDOWS\system32\javaw.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Documents and Settings\Monitoring\Menu Start\Programy\Autostart\Terminal.lnk = C:\KronosNET\MonitoringConsole.exe (Next!s.c.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-22 17:24:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-12-20 11:30:04 | 000,000,000 | ---D | C] -- C:\_OTL [2010-12-20 11:28:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Monitoring\Pulpit\OTL.exe [2010-12-14 12:02:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Monitoring\Recent [2010-12-14 11:05:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll [2010-12-14 11:05:36 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys [2010-12-14 11:05:36 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys [2010-12-11 20:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Ustawienia lokalne\Dane aplikacji\Help [2010-12-11 20:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Dane aplikacji\Help [2010-12-07 09:54:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-12-06 13:46:38 | 000,180,224 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll [2010-12-06 13:43:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010-12-06 13:38:07 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime [2010-12-06 13:38:07 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime [2010-12-06 13:38:07 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime [2010-12-06 13:38:06 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime [2010-12-06 13:38:06 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime [2010-12-06 13:38:06 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime [2010-12-06 13:38:05 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll [2010-12-06 13:38:05 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys [2010-12-06 13:38:04 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll [2010-12-06 13:38:04 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll [2010-12-06 13:38:04 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll [2010-12-06 13:38:01 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll [2010-12-06 13:38:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime [2010-12-06 13:38:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe [2010-12-06 13:38:00 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe [2010-12-06 13:38:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe [2010-12-06 13:38:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll [2010-12-06 13:37:59 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime [2010-12-06 13:37:59 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll [2010-12-06 13:37:59 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys [2010-12-06 13:37:59 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys [2010-12-06 13:37:58 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys [2010-12-06 13:37:56 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll [2010-12-06 13:37:54 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll [2010-12-06 13:37:54 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll [2010-12-06 13:37:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll [2010-12-06 13:37:54 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll [2010-12-06 13:37:54 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe [2010-12-06 13:37:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll [2010-12-06 13:37:53 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll [2010-12-06 13:37:53 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll [2010-12-06 13:37:53 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll [2010-12-06 13:37:53 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe [2010-12-06 13:37:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll [2010-12-06 13:37:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll [2010-12-06 13:37:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll [2010-12-06 13:37:52 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe [2010-12-06 13:37:52 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll [2010-12-06 13:37:52 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll [2010-12-06 13:37:52 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll [2010-12-06 13:37:52 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll [2010-12-06 13:37:52 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll [2010-12-06 13:37:52 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll [2010-12-06 13:37:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll [2010-12-06 13:37:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll [2010-12-06 13:37:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll [2010-12-06 13:37:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll [2010-12-06 13:37:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll [2010-12-06 13:37:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll [2010-12-06 13:37:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll [2010-12-06 13:37:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll [2010-12-06 13:37:51 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll [2010-12-06 13:37:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll [2010-12-06 13:37:47 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll [2010-12-06 13:37:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll [2010-12-06 13:37:45 | 000,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2010-12-06 13:37:45 | 000,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2010-12-06 13:37:45 | 000,029,184 | ---- | C] (RICOH Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2010-12-06 13:37:45 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll [2010-12-06 13:37:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime [2010-12-06 13:37:44 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe [2010-12-06 13:37:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe [2010-12-06 13:37:42 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime [2010-12-06 13:37:42 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys [2010-12-06 13:37:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe [2010-12-06 13:37:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe [2010-12-06 13:37:40 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll [2010-12-06 13:37:40 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll [2010-12-06 13:37:39 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime [2010-12-06 13:37:39 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe [2010-12-06 13:37:39 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll [2010-12-06 13:37:39 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll [2010-12-06 13:37:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll [2010-12-06 13:37:38 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime [2010-12-06 13:37:38 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll [2010-12-06 13:37:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll [2010-12-06 13:37:38 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll [2010-12-06 13:37:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll [2010-12-06 13:37:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll [2010-12-06 13:37:32 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll [2010-12-06 13:37:31 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe [2010-12-06 13:37:28 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex [2010-12-06 13:37:28 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll [2010-12-06 13:37:21 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys [2010-12-06 13:37:21 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll [2010-12-06 13:37:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe [2010-12-06 13:37:20 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll [2010-12-06 13:37:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll [2010-12-06 13:37:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll [2010-12-06 13:37:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll [2010-12-06 13:37:18 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll [2010-12-06 13:37:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll [2010-12-06 13:37:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll [2010-12-06 13:37:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll [2010-12-06 13:37:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll [2010-12-06 13:37:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll [2010-12-06 13:37:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll [2010-12-06 13:37:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll [2010-12-06 13:37:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll [2010-12-06 13:37:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll [2010-12-06 13:37:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll [2010-12-06 13:37:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll [2010-12-06 13:37:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll [2010-12-06 13:37:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll [2010-12-06 13:37:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll [2010-12-06 13:37:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll [2010-12-06 13:37:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll [2010-12-06 13:37:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll [2010-12-06 13:37:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll [2010-12-06 13:37:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll [2010-12-06 13:37:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll [2010-12-06 13:37:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll [2010-12-06 13:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll [2010-12-06 13:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll [2010-12-06 13:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll [2010-12-06 13:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll [2010-12-06 13:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll [2010-12-06 13:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll [2010-12-06 13:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll [2010-12-06 13:37:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll [2010-12-06 13:37:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll [2010-12-06 13:37:14 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll [2010-12-06 13:37:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll [2010-12-06 13:37:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll [2010-12-06 13:37:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll [2010-12-06 13:37:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll [2010-12-06 13:37:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll [2010-12-06 13:37:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll [2010-12-06 13:37:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll [2010-12-06 13:37:13 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll [2010-12-06 13:37:12 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll [2010-12-06 13:37:12 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll [2010-12-06 13:37:12 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll [2010-12-06 13:37:12 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe [2010-12-06 13:37:12 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll [2010-12-06 13:37:12 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe [2010-12-06 13:37:12 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe [2010-12-06 13:37:11 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll [2010-12-06 13:37:11 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll [2010-12-06 13:37:11 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll [2010-12-06 13:37:11 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe [2010-12-06 13:37:11 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe [2010-12-06 13:37:11 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe [2010-12-06 13:37:11 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe [2010-12-06 13:37:11 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll [2010-12-06 13:37:11 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe [2010-12-06 13:37:10 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime [2010-12-06 13:37:10 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe [2010-12-06 13:37:10 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll [2010-12-06 13:37:10 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll [2010-12-06 13:37:10 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime [2010-12-06 13:37:10 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll [2010-12-06 13:37:10 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe [2010-12-06 13:37:07 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll [2010-12-06 13:37:02 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll [2010-12-06 13:37:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll [2010-12-06 13:37:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll [2010-12-06 13:37:00 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll [2010-12-06 13:37:00 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll [2010-12-06 13:37:00 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll [2010-12-06 13:37:00 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe [2010-12-06 13:37:00 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll [2010-12-06 13:37:00 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll [2010-12-06 13:37:00 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll [2010-12-06 13:37:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll [2010-12-06 13:37:00 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe [2010-12-06 13:37:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll [2010-12-06 13:36:59 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll [2010-12-06 13:36:59 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll [2010-12-06 13:36:59 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe [2010-12-06 13:36:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe [2010-12-06 13:36:59 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll [2010-12-06 13:36:59 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll [2010-12-06 13:36:59 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll [2010-12-06 13:36:59 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll [2010-12-06 13:36:59 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll [2010-12-06 13:36:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll [2010-12-06 13:36:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll [2010-12-06 13:36:59 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll [2010-12-06 13:36:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll [2010-12-06 13:36:58 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe [2010-12-06 13:36:58 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll [2010-12-06 13:36:58 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe [2010-12-06 13:36:57 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll [2010-12-06 13:36:57 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe [2010-12-06 13:36:57 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll [2010-12-06 13:36:57 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll [2010-12-06 13:36:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll [2010-12-06 13:36:57 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll [2010-12-06 13:36:57 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe [2010-12-06 13:36:57 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys [2010-12-06 13:36:57 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll [2010-12-06 13:36:51 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime [2010-12-06 13:36:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe [2010-12-06 13:36:49 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe [2010-12-06 13:36:48 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll [2010-12-06 13:36:48 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe [2010-12-06 13:36:48 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll [2010-12-06 13:36:48 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll [2010-12-06 13:36:48 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll [2010-12-06 13:36:48 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime [2010-12-06 13:36:47 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll [2010-12-06 13:36:47 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime [2010-12-06 13:36:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe [2010-12-06 13:36:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe [2010-12-06 13:36:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe [2010-12-06 13:36:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe [2010-12-06 13:36:46 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll [2010-12-06 13:36:46 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2010-12-06 13:36:46 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll [2010-12-06 13:36:46 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll [2010-12-06 13:36:38 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll [2010-12-06 13:36:38 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll [2010-12-06 13:36:38 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll [2010-12-06 13:36:38 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll [2010-12-06 13:36:38 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll [2010-12-06 13:36:38 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll [2010-12-06 13:36:37 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll [2010-12-06 13:36:37 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll [2010-12-06 13:36:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll [2010-12-06 13:36:33 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe [2010-12-06 13:36:33 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll [2010-12-06 13:36:33 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe [2010-12-06 13:36:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll [2010-12-06 13:36:30 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll [2010-12-06 13:36:30 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll [2010-12-06 13:36:30 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe [2010-12-06 13:36:29 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll [2010-12-06 13:36:29 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe [2010-12-06 13:36:29 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll [2010-12-06 13:36:29 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll [2010-12-06 13:36:29 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe [2010-12-06 13:36:29 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll [2010-12-06 13:36:29 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll [2010-12-06 13:36:29 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll [2010-12-06 13:36:29 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll [2010-12-06 13:36:29 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll [2010-12-06 13:36:29 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll [2010-12-06 13:36:29 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll [2010-12-06 13:36:29 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe [2010-12-06 13:36:28 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe [2010-12-06 13:36:28 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll [2010-12-06 13:36:28 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe [2010-12-06 13:36:27 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe [2010-12-06 13:36:26 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll [2010-12-06 13:28:28 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2010-12-06 13:28:28 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll [2010-12-06 13:28:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2010-12-06 13:28:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll [2010-12-04 08:25:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Monitoring\Moje dokumenty\Moje wideo [2010-12-04 08:25:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo [2010-12-02 14:10:30 | 001,833,576 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe [2010-12-02 14:10:30 | 001,489,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe [2010-12-02 14:10:30 | 000,891,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL [2010-12-02 14:10:30 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe [2010-12-02 14:10:30 | 000,084,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE [2010-12-02 14:10:29 | 009,721,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE [2010-12-02 14:10:29 | 006,139,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys [2010-12-02 14:10:29 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe [2010-12-02 14:10:29 | 000,054,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll [2010-12-02 14:10:27 | 002,180,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe [2010-12-02 14:10:27 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys [2010-12-02 14:10:25 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE [2010-12-02 14:10:25 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys [2010-12-02 14:10:25 | 000,285,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL [2010-12-02 14:10:25 | 000,064,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE [2010-12-02 14:10:20 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll [2010-12-01 10:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Dane aplikacji\Windows Search [2010-12-01 10:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010-12-01 10:14:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell [2010-12-01 10:14:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm [2010-12-01 10:14:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$ [2010-12-01 10:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Dane aplikacji\Windows Desktop Search [2010-12-01 10:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search [2010-12-01 10:13:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy [2010-12-01 10:13:09 | 000,019,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2010-12-01 10:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2010-12-01 10:11:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2010-12-01 10:10:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP [2010-12-01 09:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-12-01 09:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com [2010-12-01 09:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monitoring\Dane aplikacji\SUPERAntiSpyware.com [2010-11-30 14:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2010-11-26 09:03:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-12-20 11:35:17 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys [2010-12-20 11:35:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-12-20 11:30:10 | 000,581,842 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-12-20 11:30:10 | 000,498,834 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-12-20 11:30:10 | 000,115,092 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-12-20 11:30:10 | 000,086,612 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-12-20 11:28:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monitoring\Pulpit\OTL.exe [2010-12-20 08:29:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-12-15 09:26:16 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-12-14 15:10:20 | 000,885,756 | ---- | M] () -- C:\Documents and Settings\Monitoring\Pulpit\Setup_v1[2].2.0.1111.zip [2010-12-07 10:04:45 | 143,845,286 | ---- | M] () -- C:\KronosNET.rar [2010-12-07 10:00:18 | 068,265,059 | ---- | M] () -- C:\Kronos NET(stary).rar [2010-12-06 13:38:28 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2010-12-06 13:36:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010-12-06 13:36:13 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010-12-06 13:36:13 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010-12-06 13:36:02 | 000,004,293 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2010-12-06 13:34:48 | 000,023,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2010-12-06 13:33:26 | 000,000,282 | -HS- | M] () -- C:\boot.ini [2010-12-06 13:31:53 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF [2010-12-02 14:13:06 | 000,187,300 | ---- | M] () -- C:\WINDOWS\setupapi.old [2010-12-01 10:11:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010-12-01 09:19:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-12-14 15:10:17 | 000,885,756 | ---- | C] () -- C:\Documents and Settings\Monitoring\Pulpit\Setup_v1[2].2.0.1111.zip [2010-12-06 13:37:39 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2010-12-06 13:37:18 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2010-12-06 13:37:12 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2010-12-06 13:37:11 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2010-12-06 13:37:10 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2010-12-06 13:37:04 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2010-12-06 13:37:01 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2010-12-06 13:36:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2010-12-06 13:36:48 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2010-12-06 13:28:20 | 002,033,887 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2010-12-06 13:28:20 | 001,246,357 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT [2010-12-06 13:28:20 | 000,808,524 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2010-12-06 13:28:20 | 000,545,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT [2010-12-06 13:28:20 | 000,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2010-12-06 13:28:20 | 000,171,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat [2010-12-06 13:28:20 | 000,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2010-12-06 13:28:20 | 000,033,765 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2010-12-06 13:28:20 | 000,016,825 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT [2010-12-06 13:28:20 | 000,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2010-12-06 13:28:20 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2010-12-06 13:28:20 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2010-12-06 13:28:20 | 000,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2010-12-06 13:28:20 | 000,007,407 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2010-12-02 21:13:26 | 000,042,474 | ---- | C] () -- C:\Documents and Settings\Monitoring\Moje dokumenty\Alarm.wav [2010-12-01 10:11:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010-08-27 14:53:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010-07-02 09:09:50 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2010-07-02 09:09:49 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll [2010-07-02 09:09:49 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2010-07-02 09:09:49 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll [2010-07-02 09:09:49 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll [2010-07-02 09:09:40 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sst1cl3.dll [2009-12-18 09:43:48 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-07-28 13:17:33 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Monitoring\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-06-25 21:14:52 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2009-06-22 19:16:56 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-06-22 17:34:18 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll [2008-05-26 22:22:36 | 000,016,222 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008-05-26 22:22:34 | 000,021,728 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008-05-26 22:22:32 | 000,016,164 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007-08-06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll < End of report > [/log] [b]OTL Extras[/b] [log]OTL Extras logfile created on: 2010-12-20 11:46:52 - Run 1 OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Monitoring\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 013,00 Mb Total Physical Memory | 486,00 Mb Available Physical Memory | 48,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 10000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 285,75 Gb Free Space | 95,86% Space Free | Partition Type: NTFS Computer Name: MICROS-MONIT | User Name: Monitoring | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1111:TCP" = 1111:TCP:*:Enabled:GPRS "1111:UDP" = 1111:UDP:*:Enabled:GPRS2 "6831:TCP" = 6831:TCP:*:Enabled:EBS TCP "6831:UDP" = 6831:UDP:*:Enabled:EBS UDP "5985:TCP" = 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\TeamViewer3\TeamViewer.exe" = C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\LanHelper\LanHelper.exe" = C:\Program Files\LanHelper\LanHelper.exe:*:Enabled:LanHelper -- (Hainsoft.com) "C:\Documents and Settings\Monitoring\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Documents and Settings\Monitoring\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH) "C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics) "C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC -- () "C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.0729.1 "{104B40CB-06B3-4697-8B80-DFD6661CCE46}" = KronosNET "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F4A05CF-3A6D-4DD6-9C65-E865C9416944}" = Kronos LT "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3472693C-6EC5-41FA-B5B9-A22B11AEFE72}" = HHD Software Free Serial Port Monitor 3.31 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E2726D9-F507-48C9-8202-1AAD83524E6B}" = ActiveGuard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5AF71003-1797-4D93-9F37-4F2125CBF539}" = Microsoft .NET Framework 2.0 Language Pack - PLK "{6181A2F7-2DA5-408A-AAB1-008CA9C9399A}" = Kronos NET "{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn "{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "avast5" = avast! Free Antivirus "CCleaner" = CCleaner "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "HDMI" = Intel(R) Graphics Media Accelerator Driver "LanHelper_is1" = LanHelper v1.94 "Microsoft .NET Framework 2.0 Language Pack - PLK" = Microsoft .NET Framework 2.0 — pakiet języka polskiego "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "OSM_2007_is1" = Monitoring Receiver OSM.20071.2.107.1262STD "Samsung CLX-3170 Series" = Samsung CLX-3170 Series "SkanerOnline" = Skaner on-line mks_vir "TeamViewer 3" = TeamViewer 3 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-12-11 15:56:38 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-13 03:32:04 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-13 21:09:26 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-14 06:02:45 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-15 03:42:24 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-15 04:26:54 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-17 04:12:41 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-17 18:14:51 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-18 13:49:35 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-12-20 03:30:04 | Computer Name = MICROS-MONIT | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. [ System Events ] Error - 2010-12-20 06:30:08 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7034 Description = Usługa KronosNET TMLabDirect Driver niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-12-20 06:30:08 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7034 Description = Usługa LogMeIn Maintenance Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-12-20 06:30:09 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7034 Description = Usługa LogMeIn niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-12-20 06:30:09 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7034 Description = Usługa Monitoring Receiver OSM.2007 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-12-20 06:30:09 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7034 Description = Usługa ActiveGuard Analyser niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-12-20 06:35:47 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2 Error - 2010-12-20 06:35:47 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 Error - 2010-12-20 06:37:03 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: SASDIFSV Error - 2010-12-20 06:37:08 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2 Error - 2010-12-20 06:37:10 | Computer Name = MICROS-MONIT | Source = Service Control Manager | ID = 7034 Description = Usługa KronosNET Kernel niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. < End of report > [/log] [b]RSIT[/b] [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Monitoring at 2010-12-20 11:59:16 Microsoft Windows XP Home Edition Dodatek Service Pack 3 System drive C: has 293 GB (96%) free of 305 GB Total RAM: 1013 MB (42% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:59:26, on 2010-12-20 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ActiveGuard\rteng9.exe C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\KronosNET\EbsOsm_Drv.exe C:\KronosNET\GSM_Drv.exe C:\KronosNET\GSMGate_Drv.exe C:\KronosNET\MailGate_Drv.exe C:\KronosNET\SatelPhone_Drv.exe C:\KronosNET\TMLabDirect_Drv.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\EBS\OSM\svc.exe C:\Program Files\EBS\OSM\ecs.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ActiveGuard\agsvc.exe C:\Program Files\ActiveGuard\aganalyser.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\javaw.exe C:\KronosNET\MonitoringConsole.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\KronosNET\Kernel.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Monitoring\Pulpit\RSIT.exe C:\Program Files\trend micro\Monitoring.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKUS\S-1-5-21-2000478354-329068152-1801674531-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OSM Console.lnk = ? O4 - Startup: Terminal.lnk = C:\KronosNET\MonitoringConsole.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{40AA62A8-2DC2-42C6-A997-058BA032F34E}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip\..\{40AA62A8-2DC2-42C6-A997-058BA032F34E}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CS2\Services\Tcpip\..\{40AA62A8-2DC2-42C6-A997-058BA032F34E}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CS3\Services\Tcpip\..\{40AA62A8-2DC2-42C6-A997-058BA032F34E}: NameServer = 194.204.159.1,194.204.152.34 O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ActiveGuard Analyser - Unknown owner - C:\Program Files\ActiveGuard\agsvc.exe O23 - Service: Adaptive Server Anywhere - ActiveGuard_DB (ASANYe_ActiveGuard_DB) - iAnywhere Solutions, Inc. - C:\Program Files\ActiveGuard\\rteng9.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kronos Analiser (K_Analiser) - Unknown owner - C:\Kronos NET\Analiser.exe O23 - Service: Kronos Controler (K_Controler) - NEXT! s.c. - C:\Kronos NET\Controler.exe O23 - Service: KronosNET EbsOsm Driver (K_EbsOsmDrv) - Next! s.c. - C:\KronosNET\EbsOsm_Drv.exe O23 - Service: Kronos GSM Driver (K_GSM) - Next! s.c. - C:\Kronos NET\GSM_Drv.exe O23 - Service: KronosNET GSM Driver (K_GSMDrv) - Next! s.c. - C:\KronosNET\GSM_Drv.exe O23 - Service: KronosNET GSMGate Driver (K_GSMGateDrv) - Next! s.c. - C:\KronosNET\GSMGate_Drv.exe O23 - Service: Kronos GSMTerminal Driver (K_GSMTerminal) - Next! s.c. - C:\Kronos NET\GSMTerminal_drv.exe O23 - Service: KronosNET Kernel (K_Kernel) - Next! s.c. - C:\KronosNET\Kernel.exe O23 - Service: KronosNET MailGate Driver (K_MailGateDrv) - Next! s.c. - C:\KronosNET\MailGate_Drv.exe O23 - Service: Kronos Satel Driver (K_Satel) - Next! s.c. - C:\Kronos NET\Satel_Drv.exe O23 - Service: KronosNET SatelPhone Driver (K_SatelPhoneDrv) - Next! s.c. - C:\KronosNET\SatelPhone_Drv.exe O23 - Service: Kronos TMLabDirect (K_TMLabDirect) - Unknown owner - C:\Documents and Settings\Monitoring\Pulpit\TMLabDirect\TMLabDirect_Drv.exe (file missing) O23 - Service: KronosNET TMLabDirect Driver (K_TMLabDirectDrv) - Next! s.c. - C:\KronosNET\TMLabDirect_Drv.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Monitoring Receiver OSM.2007 - Unknown owner - C:\Program Files\EBS\OSM\svc.exe -- End of file - 8409 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-12 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-10-12 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "3170 Scan2PC"=C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe [2009-01-30 503808] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-05 141848] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-05 166424] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-05 137752] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-09-03 19573352] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Documents and Settings\Monitoring\Menu Start\Programy\Autostart OSM Console.lnk - C:\WINDOWS\system32\javaw.exe Terminal.lnk - C:\KronosNET\MonitoringConsole.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] C:\WINDOWS\system32\LMIinit.dll [2010-10-05 87424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 "NoActiveDesktop"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application" "C:\Program Files\LanHelper\LanHelper.exe"="C:\Program Files\LanHelper\LanHelper.exe:*:Enabled:LanHelper" "C:\Documents and Settings\Monitoring\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Monitoring\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer" "C:\WINDOWS\twain_32\Samsung\ScanMgr.exe"="C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger" "C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC" "C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 2 months====== 2010-12-20 11:59:17 ----D---- C:\Program Files\trend micro 2010-12-20 11:59:16 ----D---- C:\rsit 2010-12-20 11:30:04 ----D---- C:\_OTL 2010-12-14 11:05:49 ----A---- C:\WINDOWS\system32\hidserv.dll 2010-12-14 11:05:36 ----A---- C:\WINDOWS\system32\drivers\USBAUDIO.sys 2010-12-11 20:54:14 ----D---- C:\Documents and Settings\Monitoring\Dane aplikacji\Help 2010-12-07 09:54:33 ----SHD---- C:\RECYCLER 2010-12-06 13:46:38 ----RA---- C:\WINDOWS\system32\igfxres.dll 2010-12-06 13:43:06 ----D---- C:\WINDOWS\Prefetch 2010-12-06 13:35:26 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2010-12-06 13:28:28 ----A---- C:\WINDOWS\system32\spxcoins.dll 2010-12-06 13:28:28 ----A---- C:\WINDOWS\system32\irclass.dll 2010-12-02 14:10:30 ----A---- C:\WINDOWS\vncutil.exe 2010-12-02 14:10:30 ----A---- C:\WINDOWS\SOUNDMAN.EXE 2010-12-02 14:10:30 ----A---- C:\WINDOWS\SkyTel.exe 2010-12-02 14:10:30 ----A---- C:\WINDOWS\RtlUpd.exe 2010-12-02 14:10:29 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll 2010-12-02 14:10:29 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010-12-02 14:10:29 ----A---- C:\WINDOWS\RTLCPL.EXE 2010-12-02 14:10:29 ----A---- C:\WINDOWS\RtkAudioService.exe 2010-12-02 14:10:28 ----A---- C:\WINDOWS\RTHDCPL.EXE 2010-12-02 14:10:27 ----A---- C:\WINDOWS\system32\drivers\Monfilt.sys 2010-12-02 14:10:27 ----A---- C:\WINDOWS\MicCal.exe 2010-12-02 14:10:25 ----A---- C:\WINDOWS\system32\drivers\Ambfilt.sys 2010-12-02 14:10:25 ----A---- C:\WINDOWS\ALCWZRD.EXE 2010-12-02 14:10:25 ----A---- C:\WINDOWS\ALCMTR.EXE 2010-12-02 14:10:20 ----A---- C:\WINDOWS\RtlExUpd.dll 2010-12-01 10:29:23 ----A---- C:\Startup Programs (MICROS-MONIT) 2010-12-01 10.29.05.txt 2010-12-01 10:21:47 ----D---- C:\Documents and Settings\Monitoring\Dane aplikacji\Windows Search 2010-12-01 10:16:04 ----D---- C:\Program Files\Microsoft.NET 2010-12-01 10:14:38 ----D---- C:\WINDOWS\system32\WindowsPowerShell 2010-12-01 10:14:37 ----D---- C:\WINDOWS\system32\winrm 2010-12-01 10:14:34 ----HDC---- C:\WINDOWS\$968930Uinstall_KB968930$ 2010-12-01 10:14:33 ----D---- C:\WINDOWS\$NtUninstallKB968930$ 2010-12-01 10:14:21 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$ 2010-12-01 10:14:11 ----D---- C:\Documents and Settings\Monitoring\Dane aplikacji\Windows Desktop Search 2010-12-01 10:13:48 ----D---- C:\Program Files\Windows Desktop Search 2010-12-01 10:13:47 ----D---- C:\WINDOWS\system32\GroupPolicy 2010-12-01 10:13:09 ----N---- C:\WINDOWS\system32\spmsg.dll 2010-12-01 10:12:55 ----D---- C:\Program Files\Windows Media Connect 2 2010-12-01 10:12:47 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$ 2010-12-01 10:12:15 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ 2010-12-01 10:11:58 ----D---- C:\WINDOWS\system32\drivers\UMDF 2010-12-01 10:10:27 ----D---- C:\WINDOWS\system32\URTTEMP 2010-12-01 09:18:32 ----A---- C:\WINDOWS\system32\tmp.txt 2010-12-01 09:15:59 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2010-12-01 09:05:25 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com 2010-12-01 09:05:22 ----D---- C:\Documents and Settings\Monitoring\Dane aplikacji\SUPERAntiSpyware.com 2010-11-30 14:07:37 ----D---- C:\Program Files\SkanerOnline 2010-11-26 09:03:47 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage ======List of files/folders modified in the last 2 months====== 2010-12-20 11:59:17 ----RD---- C:\Program Files 2010-12-20 11:37:09 ----D---- C:\WINDOWS\Temp 2010-12-20 11:34:15 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-12-20 11:30:16 ----D---- C:\WINDOWS\system32 2010-12-20 11:30:16 ----D---- C:\WINDOWS 2010-12-20 11:30:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-12-20 10:45:53 ----D---- C:\[LOG] 2010-12-20 08:28:29 ----D---- C:\Program Files\LogMeIn 2010-12-15 08:38:00 ----D---- C:\WINDOWS\system32\CatRoot2 2010-12-15 08:32:25 ----D---- C:\WINDOWS\Help 2010-12-14 12:02:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2010-12-14 12:02:14 ----D---- C:\WINDOWS\Debug 2010-12-14 11:05:55 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-12-14 11:05:37 ----D---- C:\WINDOWS\system32\drivers 2010-12-11 20:54:14 ----D---- C:\Program Files\Kronos LT 2010-12-07 09:15:09 ----A---- C:\WINDOWS\system.ini 2010-12-07 09:06:31 ----D---- C:\WINDOWS\AppPatch 2010-12-07 09:06:28 ----D---- C:\Program Files\Common Files 2010-12-06 14:26:04 ----D---- C:\WINDOWS\system 2010-12-06 14:26:03 ----D---- C:\WINDOWS\system32\Setup 2010-12-06 14:25:57 ----D---- C:\WINDOWS\L2Schemas 2010-12-06 14:25:56 ----D---- C:\WINDOWS\system32\usmt 2010-12-06 14:25:46 ----D---- C:\WINDOWS\ime 2010-12-06 14:25:45 ----RSD---- C:\WINDOWS\Fonts 2010-12-06 14:25:44 ----D---- C:\WINDOWS\Network Diagnostic 2010-12-06 14:25:44 ----D---- C:\WINDOWS\Media 2010-12-06 14:25:42 ----D---- C:\WINDOWS\system32\pl-pl 2010-12-06 14:25:35 ----D---- C:\WINDOWS\PeerNet 2010-12-06 14:25:25 ----D---- C:\WINDOWS\system32\npp 2010-12-06 14:25:19 ----D---- C:\WINDOWS\msagent 2010-12-06 14:25:17 ----D---- C:\WINDOWS\system32\pl 2010-12-06 14:23:04 ----D---- C:\WINDOWS\system32\1045 2010-12-06 14:22:54 ----D---- C:\WINDOWS\twain_32 2010-12-06 14:22:23 ----D---- C:\WINDOWS\system32\icsxml 2010-12-06 14:22:02 ----D---- C:\WINDOWS\system32\1033 2010-12-06 14:21:23 ----D---- C:\WINDOWS\Driver Cache 2010-12-06 14:21:22 ----D---- C:\WINDOWS\WinSxS 2010-12-06 13:46:57 ----D---- C:\WINDOWS\Registration 2010-12-06 13:46:42 ----HD---- C:\WINDOWS\inf 2010-12-06 13:45:42 ----SHD---- C:\System Volume Information 2010-12-06 13:45:42 ----D---- C:\WINDOWS\system32\Restore 2010-12-06 13:38:40 ----D---- C:\WINDOWS\system32\config 2010-12-06 13:36:02 ----A---- C:\WINDOWS\ODBCINST.INI 2010-12-06 13:35:51 ----ASH---- C:\WINDOWS\fonts\desktop.ini 2010-12-06 13:35:49 ----D---- C:\WINDOWS\system32\ias 2010-12-06 13:35:27 ----RD---- C:\WINDOWS\Web 2010-12-06 13:35:21 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2010-12-06 13:35:11 ----A---- C:\WINDOWS\win.ini 2010-12-06 13:35:07 ----D---- C:\Program Files\Windows Media Player 2010-12-06 13:35:05 ----D---- C:\Program Files\Movie Maker 2010-12-06 13:35:04 ----D---- C:\WINDOWS\system32\oobe 2010-12-06 13:35:03 ----D---- C:\Program Files\Outlook Express 2010-12-06 13:34:59 ----D---- C:\Program Files\Internet Explorer 2010-12-06 13:34:50 ----D---- C:\WINDOWS\system32\Com 2010-12-06 13:34:00 ----SHD---- C:\WINDOWS\Installer 2010-12-06 13:33:58 ----D---- C:\WINDOWS\system32\wbem 2010-12-06 13:33:26 ----SH---- C:\boot.ini 2010-12-06 13:28:40 ----D---- C:\WINDOWS\security 2010-12-06 13:28:21 ----ASH---- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini 2010-12-06 13:28:18 ----D---- C:\WINDOWS\system32\CatRoot 2010-12-06 13:15:27 ----D---- C:\Kronos NET 2010-12-06 13:04:40 ----D---- C:\KronosNET 2010-12-02 14:13:05 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-12-02 14:12:40 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-12-02 14:11:02 ----D---- C:\WINDOWS\system32\RTCOM 2010-12-02 14:10:25 ----HD---- C:\Program Files\InstallShield Installation Information 2010-12-02 14:10:25 ----D---- C:\Program Files\Realtek 2010-12-01 11:00:56 ----RSD---- C:\WINDOWS\assembly 2010-12-01 11:00:56 ----D---- C:\WINDOWS\Microsoft.NET 2010-12-01 10:16:12 ----D---- C:\WINDOWS\system32\en-US 2010-12-01 10:14:57 ----D---- C:\WINDOWS\ie8updates 2010-12-01 10:14:56 ----HD---- C:\WINDOWS\$hf_mig$ 2010-12-01 10:13:54 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft 2010-12-01 10:11:58 ----D---- C:\WINDOWS\system32\LogFiles 2010-12-01 10:11:15 ----D---- C:\WINDOWS\system32\mui 2010-11-30 14:07:37 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-11-26 09:19:53 ----D---- C:\Documents and Settings 2010-11-26 08:59:28 ----D---- C:\WINDOWS\SoftwareDistribution 2010-11-26 08:43:30 ----D---- C:\WINDOWS\system32\drivers\etc 2010-11-11 03:00:18 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40448] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744] R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176] R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys [] R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys [] R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [] R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [] R3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2006-11-22 327168] R3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2006-11-22 100096] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376] R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-09-03 6139496] R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144] R3 OxPCIeSer;OxPCIeSer; C:\WINDOWS\system32\DRIVERS\OxPCIeSer.sys [2008-04-04 87080] R3 OxPCIeSerMf;OxPCIeSerMf; C:\WINDOWS\system32\DRIVERS\OxPCIeMf.sys [2008-04-04 27304] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-15 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S1 SASDIFSV;SASDIFSV; \??\C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASDIFSV.SYS [] S1 SASKUTIL;SASKUTIL; \??\C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASKUTIL.sys [] S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [] S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [] S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480] S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368] S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800] S3 mxser;MOXA Smartio/Industio Driver; C:\WINDOWS\system32\DRIVERS\mxser.sys [2008-07-09 25344] S3 mxsport;MOXA Smartio/Industio Port Driver; C:\WINDOWS\system32\DRIVERS\mxsport.sys [2008-07-11 89856] S3 NDMSHLP;Device Monitor Helper Driver; \??\C:\Program Files\Common Files\HHD Software\Device Monitor\ndmshlp.sys [] S3 SASENUM;SASENUM; \??\C:\DOCUME~1\MONITO~1\USTAWI~1\Temp\SuperAntiSpyware\SASENUM.SYS [] S3 SerMon;Serial Monitor Filter Driver; \??\C:\Program Files\HHD Software\Free Serial Port Monitor\sermon.sys [] S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ActiveGuard Analyser;ActiveGuard Analyser; C:\Program Files\ActiveGuard\agsvc.exe [2007-04-18 61440] R2 ASANYe_ActiveGuard_DB;Adaptive Server Anywhere - ActiveGuard_DB; C:\Program Files\ActiveGuard\\rteng9.exe [2004-01-26 73728] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2008-07-17 80392] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-10-12 153376] R2 K_EbsOsmDrv;KronosNET EbsOsm Driver; C:\KronosNET\EbsOsm_Drv.exe [2010-10-07 838656] R2 K_GSMDrv;KronosNET GSM Driver; C:\KronosNET\GSM_Drv.exe [2010-06-16 785408] R2 K_GSMGateDrv;KronosNET GSMGate Driver; C:\KronosNET\GSMGate_Drv.exe [2010-06-16 866304] R2 K_Kernel;KronosNET Kernel; C:\KronosNET\Kernel.exe [2010-06-16 3230208] R2 K_MailGateDrv;KronosNET MailGate Driver; C:\KronosNET\MailGate_Drv.exe [2010-10-07 1024512] R2 K_SatelPhoneDrv;KronosNET SatelPhone Driver; C:\KronosNET\SatelPhone_Drv.exe [2010-06-16 737792] R2 K_TMLabDirectDrv;KronosNET TMLabDirect Driver; C:\KronosNET\TMLabDirect_Drv.exe [2010-06-16 764416] R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-27 374152] R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2010-10-05 116104] R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040] R2 Monitoring Receiver OSM.2007;Monitoring Receiver OSM.2007; C:\Program Files\EBS\OSM\svc.exe [2010-08-09 69632] R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-15 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-15 14336] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 K_Analiser;Kronos Analiser; C:\Kronos NET\Analiser.exe [2009-07-31 1368576] S3 K_Controler;Kronos Controler; C:\Kronos NET\Controler.exe [2009-07-31 549888] S3 K_GSM;Kronos GSM Driver; C:\Kronos NET\GSM_Drv.exe [2009-07-31 632832] S3 K_GSMTerminal;Kronos GSMTerminal Driver; C:\Kronos NET\GSMTerminal_drv.exe [2008-10-06 568832] S3 K_Satel;Kronos Satel Driver; C:\Kronos NET\Satel_Drv.exe [2008-03-17 549376] S3 K_TMLabDirect;Kronos TMLabDirect; C:\Documents and Settings\Monitoring\Pulpit\TMLabDirect\TMLabDirect_Drv.exe [] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112] S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872] S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-15 14336] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336] S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- [/log]
Tomek01 komentarz 21 grudnia 2010 komentarz 21 grudnia 2010 Logi są czyste. W OTL użyj funkcji CleanUp. Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki pokaż na forum.
a_urbi komentarz 22 grudnia 2010 Autor komentarz 22 grudnia 2010 Zrobiłem dokładnie tak jak napisałeś oba programy nie znalazły żadnych wirusów.
Tomek01 komentarz 22 grudnia 2010 komentarz 22 grudnia 2010 Co jednocześnie potwierdza, że system jest czysty.
a_urbi komentarz 23 grudnia 2010 Autor komentarz 23 grudnia 2010 Dokładnie, co zatem powoduje taką sytuacje, że po czasie wywala się dźięk?
a_urbi komentarz 28 grudnia 2010 Autor komentarz 28 grudnia 2010 Sterowniki były instalowane ponownie a co ciekawe na innej karcie dźwiękowej dzieje się dokładnie tak samo [color="#0000FF"]//Przenoszę //Tom01[/color]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.