Skocz do zawartości

Błędy sterownika prodrv06.sys


Walkerowy

Rekomendowane odpowiedzi

Witam, proszę o analizę logów z OTL oraz z podglądu zdarzeń. W podglądzie zdarzeń pojawił się dziwny błąd, pliku prodrv06.sys. Nie wiem co to, skąd się wzieło, po co.

Drugą ciekawostką dla mnie jest usługa: Andrea ADI Filters Service.

Proszę o pomoc w zlikwidowaniu tych problemów.

 

OTL.txt

 

OTL logfile created on: 2011-10-23 17:31:23 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\eMeM\Desktop\Pobieranie

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

1,99 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,62% Memory free

3,98 Gb Paging File | 2,80 Gb Available in Paging File | 70,21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 80,00 Gb Total Space | 35,36 Gb Free Space | 44,20% Space Free | Partition Type: NTFS

Drive D: | 152,79 Gb Total Space | 133,88 Gb Free Space | 87,63% Space Free | Partition Type: NTFS

 

Computer Name: EMEM-KOMPUTER | User Name: eMeM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011-10-23 17:20:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\eMeM\Desktop\Pobieranie\OTL.exe

PRC - [2011-09-30 14:50:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Programy\Mozilla Firefox\firefox.exe

PRC - [2011-04-06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oasrv.exe

PRC - [2011-04-06 13:01:06 | 002,477,032 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oaui.exe

PRC - [2011-04-06 13:01:04 | 001,165,336 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oahlp.exe

PRC - [2011-04-06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oacat.exe

PRC - [2009-08-29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011-10-16 18:47:23 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2011-09-30 14:50:45 | 001,833,944 | ---- | M] () -- D:\Programy\Mozilla Firefox\mozjs.dll

MOD - [2009-08-29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2007-02-06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)

SRV - [2011-04-06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programy\Online Armor\oasrv.exe -- (SvcOnlineArmor)

SRV - [2011-04-06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programy\Online Armor\OAcat.exe -- (OAcat)

SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011-10-20 16:46:25 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2011-04-06 13:01:30 | 000,032,920 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet)

DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011-01-15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2009-09-23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-06-10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Sterownik karty Intel®

DRV:64bit: - [2009-06-10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Sterownik połączenia sieciowego Intel®

DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008-04-24 17:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2011-04-06 13:02:26 | 000,055,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)

DRV - [2011-04-06 13:01:30 | 000,059,176 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)

DRV - [2011-04-06 13:01:30 | 000,038,064 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)

DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2004-04-08 12:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)

DRV - [2004-04-08 10:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)

DRV - [2003-12-01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)

DRV - [2003-09-06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Programy\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: D:\Programy\Ganymede\Plugins\npganymedenet.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programy\Mozilla Firefox\components [2011-10-04 18:47:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2011-10-16 18:39:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: D:\Programy\Mozilla Thunderbird\components [2011-10-04 18:47:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: D:\Programy\Mozilla Thunderbird\plugins [2011-10-16 18:39:08 | 000,000,000 | ---D | M]

 

[2011-08-30 15:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMeM\AppData\Roaming\mozilla\Extensions

[2011-09-30 14:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMeM\AppData\Roaming\mozilla\Firefox\Profiles\pampk215.emem\extensions

[2011-09-20 10:04:39 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\USERS\EMEM\APPDATA\ROAMING\THUNDERBIRD\PROFILES\I2OIS3VG.DEFAULT\EXTENSIONS\MINTRAYR@TN123.ATH.CX

 

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] D:\Programy\Online Armor\oaui.exe (Emsi Software GmbH)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000..\Run: [F.lux] C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O7 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D40224D-17C7-4509-88F8-3B488A83DC64}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AEC1F91-4522-4851-B992-651511891896}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{62bf0940-fb2a-11e0-946a-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{62bf0940-fb2a-11e0-946a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe

O33 - MountPoints2\{6b710be5-dee3-11e0-b706-002186671253}\Shell - "" = AutoRun

O33 - MountPoints2\{6b710be5-dee3-11e0-b706-002186671253}\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\{88f61b9d-ee77-11e0-85bb-002186671253}\Shell - "" = AutoRun

O33 - MountPoints2\{88f61b9d-ee77-11e0-85bb-002186671253}\Shell\AutoRun\command - "" = G:\Autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011-10-21 16:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices

[2011-10-13 21:07:52 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011-10-13 21:07:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011-10-13 21:07:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011-10-13 21:07:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011-10-13 21:07:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011-10-13 21:07:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011-10-13 21:07:47 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2011-10-13 21:07:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011-10-13 21:07:46 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011-10-13 21:03:54 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll

[2011-10-13 21:03:54 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll

[2011-10-13 21:03:54 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax

[2011-10-13 21:03:54 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax

[2011-10-13 21:03:01 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll

[2011-10-13 21:03:00 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2011-10-13 15:01:15 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Malwarebytes

[2011-10-13 15:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011-10-13 15:00:36 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011-10-08 22:55:05 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eurobattle.net

[2011-10-04 18:29:14 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

[2011-10-04 14:11:34 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Leadertech

[2011-10-03 20:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters

[2011-10-03 19:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2011-09-28 22:40:13 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Local\Adobe

[2011-09-25 19:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EuroPoker Tournament Director's Poker Clock

 

========== Files - Modified Within 30 Days ==========

 

[2011-10-23 17:07:05 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011-10-23 17:07:05 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011-10-23 17:04:45 | 001,707,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011-10-23 17:04:45 | 000,762,672 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat

[2011-10-23 17:04:45 | 000,672,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011-10-23 17:04:45 | 000,155,834 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat

[2011-10-23 17:04:45 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011-10-23 17:03:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011-10-23 16:44:50 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys

[2011-10-20 16:50:47 | 000,000,235 | ---- | M] () -- C:\Users\eMeM\Documents\ax_files.xml

[2011-10-20 16:46:25 | 000,503,352 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys

[2011-10-20 16:33:28 | 000,000,671 | ---- | M] () -- C:\Users\Public\Desktop\Play ToCA Race Driver 2.lnk

[2011-10-19 21:57:51 | 000,000,000 | -H-- | M] () -- C:\Users\eMeM\Documents\Default.rdp

[2011-10-18 16:15:12 | 000,000,278 | R--- | M] () -- C:\Users\eMeM\Show_Hidden_Files_On_Off.vbs

[2011-10-18 15:32:35 | 000,001,138 | ---- | M] () -- C:\Users\eMeM\Desktop\mbam.lnk

[2011-10-16 18:47:23 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2011-10-13 21:22:40 | 000,305,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011-10-13 20:07:40 | 000,007,597 | ---- | M] () -- C:\Users\eMeM\AppData\Local\Resmon.ResmonCfg

[2011-10-08 23:01:44 | 000,001,251 | ---- | M] () -- C:\Users\eMeM\Desktop\gproxy&custom.lnk

[2011-10-08 23:00:00 | 000,001,007 | ---- | M] () -- C:\Users\eMeM\Desktop\dota.lnk

[2011-10-05 17:03:19 | 000,000,534 | ---- | M] () -- C:\Users\eMeM\Desktop\Life for speed.lnk

[2011-10-03 21:59:12 | 000,000,744 | ---- | M] () -- C:\Users\Public\Desktop\Colin McRae Rally 04.lnk

 

========== Files Created - No Company Name ==========

 

[2011-10-20 16:50:47 | 000,000,235 | ---- | C] () -- C:\Users\eMeM\Documents\ax_files.xml

[2011-10-20 16:46:25 | 000,503,352 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys

[2011-10-20 16:33:28 | 000,000,671 | ---- | C] () -- C:\Users\Public\Desktop\Play ToCA Race Driver 2.lnk

[2011-10-19 21:57:51 | 000,000,000 | -H-- | C] () -- C:\Users\eMeM\Documents\Default.rdp

[2011-10-18 16:15:12 | 000,000,278 | R--- | C] () -- C:\Users\eMeM\Show_Hidden_Files_On_Off.vbs

[2011-10-18 15:32:35 | 000,001,138 | ---- | C] () -- C:\Users\eMeM\Desktop\mbam.lnk

[2011-10-05 17:03:19 | 000,000,534 | ---- | C] () -- C:\Users\eMeM\Desktop\Life for speed.lnk

[2011-10-03 21:59:12 | 000,000,744 | ---- | C] () -- C:\Users\Public\Desktop\Colin McRae Rally 04.lnk

[2011-09-22 17:32:25 | 000,007,597 | ---- | C] () -- C:\Users\eMeM\AppData\Local\Resmon.ResmonCfg

[2011-09-05 11:55:39 | 000,059,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys

[2011-09-05 11:55:39 | 000,055,088 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys

[2009-09-23 19:21:08 | 002,050,952 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin

[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

 

========== LOP Check ==========

 

[2011-10-23 14:13:03 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\.purple

[2011-09-09 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Foxit Software

[2011-10-03 23:52:23 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\gtk-2.0

[2011-10-04 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Leadertech

[2011-09-05 11:59:00 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\OnlineArmor

[2011-09-19 23:19:36 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Thunderbird

[2011-10-22 14:02:24 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\uTorrent

[2011-09-23 15:09:15 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

< End of report >

 

 

 

Extras.txt

 

OTL Extras logfile created on: 2011-10-23 17:31:23 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\eMeM\Desktop\Pobieranie

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

1,99 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,62% Memory free

3,98 Gb Paging File | 2,80 Gb Available in Paging File | 70,21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 80,00 Gb Total Space | 35,36 Gb Free Space | 44,20% Space Free | Partition Type: NTFS

Drive D: | 152,79 Gb Total Space | 133,88 Gb Free Space | 87,63% Space Free | Partition Type: NTFS

 

Computer Name: EMEM-KOMPUTER | User Name: eMeM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Programy\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007

"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"HDMI" = Intel® Graphics Media Accelerator Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile

"WinRAR archiver" = WinRAR 4.01 (64-bitowy)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java 7

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0415-1000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2

"{F8718F95-21A1-44B9-97EC-679C93020BAE}" = Colin McRae Rally 04

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Eurobattle.net1.26" = Eurobattle.net

"EuroPoker Tournament Director's Poker Clock" = EuroPoker Tournament Director's Poker Clock

"Foxit Reader_is1" = Foxit Reader 5.0

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.2.1300

"Mozilla Firefox 7.0.1 (x86 pl)" = Mozilla Firefox 7.0.1 (x86 pl)

"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)

"OnlineArmor_is1" = Online Armor 5.0

"Pidgin" = Pidgin

"uTorrent" = µTorrent

"Winamp" = Winamp

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Flux" = F.lux

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2011-10-20 10:28:51 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-20 10:46:00 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-20 10:46:00 | Computer Name = eMeM-komputer | Source = VSS | ID = 8194

Description =

 

Error - 2011-10-20 10:46:01 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-20 10:53:22 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-20 10:53:32 | Computer Name = eMeM-komputer | Source = Application Error | ID = 1000

Description = Nazwa aplikacji powodującej błąd: Au_.exe, wersja: 4.36.1.2033, sygnatura

czasowa: 0x4c93644f Nazwa modułu powodującego błąd: nsDialogs.dll, wersja: 0.0.0.0,

sygnatura czasowa: 0x4b1ae3a8 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00001939

Identyfikator

procesu powodującego błąd: 0xc90 Godzina uruchomienia aplikacji powodującej błąd:

0x01cc8f37f42959c4 Ścieżka aplikacji powodującej błąd: C:\Users\eMeM\AppData\Local\Temp\~nsu.tmp\Au_.exe

Ścieżka

modułu powodującego błąd: C:\Users\eMeM\AppData\Local\Temp\nsa7B57.tmp\nsDialogs.dll

Identyfikator

raportu: 46bc2f1c-fb2b-11e0-aea8-002186671253

 

Error - 2011-10-20 16:07:11 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-21 03:45:54 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-21 10:26:31 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-23 10:12:51 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

[ System Events ]

Error - 2011-10-21 15:29:00 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

Error - 2011-10-21 20:20:20 | Computer Name = eMeM-komputer | Source = volsnap | ID = 393252

Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie

można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.

 

Error - 2011-10-22 16:13:16 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-22 16:13:42 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

Error - 2011-10-23 07:01:07 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-23 07:01:33 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

Error - 2011-10-23 09:46:36 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-23 09:47:02 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

Error - 2011-10-23 10:44:49 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-23 10:45:14 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

 

< End of report >

 

 

 

Podgląd zdarzeń

Odnośnik do komentarza
Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.

Podaj jeszcze log z TDSS Killer -> https://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/page__p__33542#entry33542.

 

W podglądzie zdarzeń pojawił się dziwny błąd, pliku prodrv06.sys. Nie wiem co to, skąd się wzieło, po co.

 

+

 

DRV - [2004-04-08 12:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)

DRV - [2004-04-08 10:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)

DRV - [2003-12-01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)

 

To są stare sterowniki zabezpieczenia StarForce. Należy je usunąć. Deinstalator starych wersji -> http://www.star-force.com/support/drivers/.

 

Drugą ciekawostką dla mnie jest usługa: Andrea ADI Filters Service.

 

+

 

SRV:64bit: - [2007-02-06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)

 

Wedle tego co wyczytałem to jest to jakaś usługa powiązana ze słuchawkami i/lub mikrofonem. Czy posiadasz któreś z tych urządzeń?

 

Witam, proszę o analizę logów z OTL

 

Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

 

:OTL

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: D:\Programy\Ganymede\Plugins\npganymedenet.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

 

:Reg

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Persistence"=-

 

:Commands

[clearallrestorepoints]

[emptytemp]

 

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL.

 

EDIT:

 

Sprawa wyjaśniona z Panią Administrator. Dla wyjaśnienia osoba używająca mojego komputera nadużyła mojego zaufania, czego wwyniki mamy w niepoprawnym skrypcie. Przepraszam autora za to, że ktoś podpisujący się moim imieniem podał złą instrukcję. Pozdrawiam ;) .

Odnośnik do komentarza

Kaspersky TDSSKiller

 

22:59:38.0013 1760 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48

22:59:40.0041 1760 ============================================================

22:59:40.0041 1760 Current date / time: 2011/10/23 22:59:40.0041

22:59:40.0041 1760 SystemInfo:

22:59:40.0041 1760

22:59:40.0041 1760 OS Version: 6.1.7601 ServicePack: 1.0

22:59:40.0041 1760 Product type: Workstation

22:59:40.0041 1760 ComputerName: EMEM-KOMPUTER

22:59:40.0041 1760 UserName: eMeM

22:59:40.0041 1760 Windows directory: C:\Windows

22:59:40.0041 1760 System windows directory: C:\Windows

22:59:40.0041 1760 Running under WOW64

22:59:40.0041 1760 Processor architecture: Intel x64

22:59:40.0041 1760 Number of processors: 2

22:59:40.0041 1760 Page size: 0x1000

22:59:40.0041 1760 Boot type: Normal boot

22:59:40.0041 1760 ============================================================

22:59:41.0211 1760 Initialize success

23:00:06.0857 3248 ============================================================

23:00:06.0857 3248 Scan started

23:00:06.0857 3248 Mode: Manual;

23:00:06.0857 3248 ============================================================

23:00:08.0090 3248 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

23:00:08.0090 3248 1394ohci - ok

23:00:08.0137 3248 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

23:00:08.0137 3248 ACPI - ok

23:00:08.0215 3248 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

23:00:08.0215 3248 AcpiPmi - ok

23:00:08.0293 3248 ADIHdAudAddService (7966c2e1d2fc95bd6246ac1e45ba5e31) C:\Windows\system32\drivers\ADIHdAud.sys

23:00:08.0308 3248 ADIHdAudAddService - ok

23:00:08.0371 3248 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

23:00:08.0402 3248 adp94xx - ok

23:00:08.0464 3248 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

23:00:08.0480 3248 adpahci - ok

23:00:08.0589 3248 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

23:00:08.0589 3248 adpu320 - ok

23:00:08.0683 3248 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

23:00:08.0698 3248 AFD - ok

23:00:08.0761 3248 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

23:00:08.0807 3248 AgereSoftModem - ok

23:00:08.0839 3248 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

23:00:08.0839 3248 agp440 - ok

23:00:08.0885 3248 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

23:00:08.0885 3248 aliide - ok

23:00:08.0932 3248 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

23:00:08.0932 3248 amdide - ok

23:00:08.0979 3248 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

23:00:08.0979 3248 AmdK8 - ok

23:00:08.0995 3248 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

23:00:08.0995 3248 AmdPPM - ok

23:00:09.0041 3248 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

23:00:09.0041 3248 amdsata - ok

23:00:09.0073 3248 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

23:00:09.0073 3248 amdsbs - ok

23:00:09.0135 3248 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

23:00:09.0135 3248 amdxata - ok

23:00:09.0166 3248 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

23:00:09.0166 3248 AppID - ok

23:00:09.0275 3248 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

23:00:09.0275 3248 arc - ok

23:00:09.0307 3248 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

23:00:09.0307 3248 arcsas - ok

23:00:09.0353 3248 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

23:00:09.0353 3248 AsyncMac - ok

23:00:09.0400 3248 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

23:00:09.0400 3248 atapi - ok

23:00:09.0572 3248 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

23:00:09.0572 3248 b06bdrv - ok

23:00:09.0634 3248 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

23:00:09.0650 3248 b57nd60a - ok

23:00:09.0712 3248 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

23:00:09.0712 3248 Beep - ok

23:00:09.0759 3248 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

23:00:09.0759 3248 blbdrive - ok

23:00:09.0931 3248 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

23:00:09.0931 3248 bowser - ok

23:00:09.0977 3248 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

23:00:09.0977 3248 BrFiltLo - ok

23:00:10.0009 3248 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

23:00:10.0009 3248 BrFiltUp - ok

23:00:10.0055 3248 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

23:00:10.0055 3248 Brserid - ok

23:00:10.0087 3248 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

23:00:10.0087 3248 BrSerWdm - ok

23:00:10.0102 3248 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

23:00:10.0102 3248 BrUsbMdm - ok

23:00:10.0133 3248 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

23:00:10.0133 3248 BrUsbSer - ok

23:00:10.0243 3248 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

23:00:10.0243 3248 BthEnum - ok

23:00:10.0289 3248 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

23:00:10.0289 3248 BTHMODEM - ok

23:00:10.0336 3248 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

23:00:10.0352 3248 BthPan - ok

23:00:10.0399 3248 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

23:00:10.0414 3248 BTHPORT - ok

23:00:10.0445 3248 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

23:00:10.0445 3248 BTHUSB - ok

23:00:10.0492 3248 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

23:00:10.0492 3248 cdfs - ok

23:00:10.0539 3248 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

23:00:10.0539 3248 cdrom - ok

23:00:10.0586 3248 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

23:00:10.0586 3248 circlass - ok

23:00:10.0633 3248 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

23:00:10.0648 3248 CLFS - ok

23:00:10.0804 3248 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

23:00:10.0804 3248 CmBatt - ok

23:00:10.0835 3248 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

23:00:10.0835 3248 cmdide - ok

23:00:10.0898 3248 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

23:00:10.0913 3248 CNG - ok

23:00:10.0960 3248 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

23:00:10.0960 3248 Compbatt - ok

23:00:10.0991 3248 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

23:00:10.0991 3248 CompositeBus - ok

23:00:11.0054 3248 cpudrv64 - ok

23:00:11.0179 3248 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

23:00:11.0179 3248 crcdisk - ok

23:00:11.0288 3248 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

23:00:11.0288 3248 CSC - ok

23:00:11.0413 3248 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

23:00:11.0413 3248 DfsC - ok

23:00:11.0475 3248 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

23:00:11.0475 3248 discache - ok

23:00:11.0522 3248 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

23:00:11.0522 3248 Disk - ok

23:00:11.0569 3248 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

23:00:11.0569 3248 dmvsc - ok

23:00:11.0678 3248 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

23:00:11.0693 3248 drmkaud - ok

23:00:11.0756 3248 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

23:00:11.0787 3248 DXGKrnl - ok

23:00:11.0865 3248 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys

23:00:11.0865 3248 e1express - ok

23:00:12.0005 3248 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

23:00:12.0099 3248 ebdrv - ok

23:00:12.0255 3248 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

23:00:12.0286 3248 elxstor - ok

23:00:12.0317 3248 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

23:00:12.0317 3248 ErrDev - ok

23:00:12.0411 3248 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

23:00:12.0411 3248 exfat - ok

23:00:12.0458 3248 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

23:00:12.0473 3248 fastfat - ok

23:00:12.0505 3248 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

23:00:12.0505 3248 fdc - ok

23:00:12.0583 3248 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

23:00:12.0583 3248 FileInfo - ok

23:00:12.0598 3248 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

23:00:12.0614 3248 Filetrace - ok

23:00:12.0629 3248 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

23:00:12.0629 3248 flpydisk - ok

23:00:12.0676 3248 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

23:00:12.0676 3248 FltMgr - ok

23:00:12.0723 3248 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

23:00:12.0723 3248 FsDepends - ok

23:00:12.0754 3248 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

23:00:12.0754 3248 Fs_Rec - ok

23:00:12.0785 3248 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

23:00:12.0801 3248 fvevol - ok

23:00:12.0832 3248 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

23:00:12.0832 3248 gagp30kx - ok

23:00:12.0848 3248 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

23:00:12.0848 3248 hcw85cir - ok

23:00:12.0895 3248 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

23:00:12.0895 3248 HdAudAddService - ok

23:00:13.0019 3248 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:00:13.0019 3248 HDAudBus - ok

23:00:13.0066 3248 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

23:00:13.0066 3248 HidBatt - ok

23:00:13.0097 3248 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

23:00:13.0097 3248 HidBth - ok

23:00:13.0129 3248 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

23:00:13.0129 3248 HidIr - ok

23:00:13.0175 3248 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

23:00:13.0175 3248 HidUsb - ok

23:00:13.0238 3248 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

23:00:13.0238 3248 HpSAMD - ok

23:00:13.0269 3248 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

23:00:13.0285 3248 HTTP - ok

23:00:13.0300 3248 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

23:00:13.0300 3248 hwpolicy - ok

23:00:13.0347 3248 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

23:00:13.0347 3248 i8042prt - ok

23:00:13.0441 3248 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

23:00:13.0441 3248 iaStorV - ok

23:00:13.0690 3248 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys

23:00:13.0846 3248 igfx - ok

23:00:13.0955 3248 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

23:00:13.0955 3248 iirsp - ok

23:00:14.0018 3248 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

23:00:14.0018 3248 intelide - ok

23:00:14.0111 3248 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

23:00:14.0111 3248 intelppm - ok

23:00:14.0143 3248 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:00:14.0143 3248 IpFilterDriver - ok

23:00:14.0174 3248 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

23:00:14.0174 3248 IPMIDRV - ok

23:00:14.0236 3248 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

23:00:14.0236 3248 IPNAT - ok

23:00:14.0267 3248 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

23:00:14.0267 3248 IRENUM - ok

23:00:14.0299 3248 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

23:00:14.0299 3248 isapnp - ok

23:00:14.0330 3248 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

23:00:14.0330 3248 iScsiPrt - ok

23:00:14.0377 3248 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

23:00:14.0392 3248 kbdclass - ok

23:00:14.0423 3248 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

23:00:14.0423 3248 kbdhid - ok

23:00:14.0470 3248 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

23:00:14.0470 3248 KSecDD - ok

23:00:14.0501 3248 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

23:00:14.0501 3248 KSecPkg - ok

23:00:14.0564 3248 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

23:00:14.0564 3248 ksthunk - ok

23:00:14.0642 3248 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

23:00:14.0642 3248 lltdio - ok

23:00:14.0751 3248 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

23:00:14.0751 3248 LSI_FC - ok

23:00:14.0813 3248 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

23:00:14.0813 3248 LSI_SAS - ok

23:00:14.0845 3248 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

23:00:14.0845 3248 LSI_SAS2 - ok

23:00:14.0907 3248 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

23:00:14.0907 3248 LSI_SCSI - ok

23:00:14.0954 3248 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

23:00:14.0954 3248 luafv - ok

23:00:15.0032 3248 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

23:00:15.0032 3248 megasas - ok

23:00:15.0079 3248 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

23:00:15.0094 3248 MegaSR - ok

23:00:15.0125 3248 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

23:00:15.0125 3248 Modem - ok

23:00:15.0172 3248 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

23:00:15.0172 3248 monitor - ok

23:00:15.0297 3248 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

23:00:15.0297 3248 mouclass - ok

23:00:15.0344 3248 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

23:00:15.0344 3248 mouhid - ok

23:00:15.0375 3248 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

23:00:15.0375 3248 mountmgr - ok

23:00:15.0406 3248 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

23:00:15.0406 3248 mpio - ok

23:00:15.0437 3248 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

23:00:15.0437 3248 mpsdrv - ok

23:00:15.0469 3248 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

23:00:15.0469 3248 MRxDAV - ok

23:00:15.0515 3248 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:00:15.0515 3248 mrxsmb - ok

23:00:15.0547 3248 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:00:15.0547 3248 mrxsmb10 - ok

23:00:15.0578 3248 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:00:15.0593 3248 mrxsmb20 - ok

23:00:15.0609 3248 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

23:00:15.0609 3248 msahci - ok

23:00:15.0640 3248 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

23:00:15.0656 3248 msdsm - ok

23:00:15.0749 3248 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

23:00:15.0749 3248 Msfs - ok

23:00:15.0781 3248 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

23:00:15.0796 3248 mshidkmdf - ok

23:00:15.0812 3248 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

23:00:15.0812 3248 msisadrv - ok

23:00:15.0905 3248 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

23:00:15.0905 3248 MSKSSRV - ok

23:00:15.0952 3248 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

23:00:15.0952 3248 MSPCLOCK - ok

23:00:15.0968 3248 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

23:00:15.0983 3248 MSPQM - ok

23:00:16.0030 3248 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

23:00:16.0030 3248 MsRPC - ok

23:00:16.0093 3248 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

23:00:16.0093 3248 mssmbios - ok

23:00:16.0139 3248 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

23:00:16.0139 3248 MSTEE - ok

23:00:16.0155 3248 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

23:00:16.0155 3248 MTConfig - ok

23:00:16.0171 3248 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

23:00:16.0186 3248 Mup - ok

23:00:16.0311 3248 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

23:00:16.0311 3248 NativeWifiP - ok

23:00:16.0389 3248 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

23:00:16.0405 3248 NDIS - ok

23:00:16.0467 3248 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

23:00:16.0467 3248 NdisCap - ok

23:00:16.0514 3248 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

23:00:16.0514 3248 NdisTapi - ok

23:00:16.0561 3248 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

23:00:16.0561 3248 Ndisuio - ok

23:00:16.0576 3248 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

23:00:16.0576 3248 NdisWan - ok

23:00:16.0607 3248 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

23:00:16.0607 3248 NDProxy - ok

23:00:16.0639 3248 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

23:00:16.0639 3248 NetBIOS - ok

23:00:16.0670 3248 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

23:00:16.0670 3248 NetBT - ok

23:00:16.0873 3248 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

23:00:16.0997 3248 netw5v64 - ok

23:00:17.0122 3248 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

23:00:17.0138 3248 nfrd960 - ok

23:00:17.0185 3248 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

23:00:17.0185 3248 Npfs - ok

23:00:17.0263 3248 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

23:00:17.0263 3248 nsiproxy - ok

23:00:17.0356 3248 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

23:00:17.0403 3248 Ntfs - ok

23:00:17.0434 3248 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

23:00:17.0434 3248 Null - ok

23:00:17.0512 3248 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

23:00:17.0512 3248 nvraid - ok

23:00:17.0543 3248 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

23:00:17.0543 3248 nvstor - ok

23:00:17.0621 3248 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

23:00:17.0637 3248 nv_agp - ok

23:00:17.0715 3248 OADevice (76aa576a6abceea31dc05e959bd51e15) C:\Windows\SysWow64\Drivers\OADriver.sys

23:00:17.0715 3248 OADevice - ok

23:00:17.0778 3248 oahlpXX (89113f98156e9120d78f018cdfc5bec4) C:\Windows\syswow64\drivers\oahlp64.sys

23:00:17.0778 3248 oahlpXX - ok

23:00:17.0824 3248 OAmon (ecd517bc4fa048fbe3da2d12147c104e) C:\Windows\SysWOW64\Drivers\OAmon.sys

23:00:17.0824 3248 OAmon - ok

23:00:17.0902 3248 OAnet (3c1c4645a61f2d5cd4f85b2013fd182f) C:\Windows\system32\DRIVERS\oanet.sys

23:00:17.0902 3248 OAnet - ok

23:00:17.0980 3248 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

23:00:17.0980 3248 ohci1394 - ok

23:00:18.0058 3248 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

23:00:18.0058 3248 Parport - ok

23:00:18.0090 3248 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

23:00:18.0090 3248 partmgr - ok

23:00:18.0136 3248 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

23:00:18.0136 3248 pci - ok

23:00:18.0168 3248 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

23:00:18.0168 3248 pciide - ok

23:00:18.0214 3248 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

23:00:18.0214 3248 pcmcia - ok

23:00:18.0246 3248 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

23:00:18.0246 3248 pcw - ok

23:00:18.0308 3248 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

23:00:18.0339 3248 PEAUTH - ok

23:00:18.0511 3248 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

23:00:18.0511 3248 PptpMiniport - ok

23:00:18.0558 3248 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

23:00:18.0558 3248 Processor - ok

23:00:18.0636 3248 prodrv06 - ok

23:00:18.0698 3248 prohlp02 - ok

23:00:18.0807 3248 prosync1 - ok

23:00:18.0870 3248 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

23:00:18.0885 3248 Psched - ok

23:00:18.0963 3248 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

23:00:18.0994 3248 ql2300 - ok

23:00:19.0026 3248 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

23:00:19.0026 3248 ql40xx - ok

23:00:19.0057 3248 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

23:00:19.0057 3248 QWAVEdrv - ok

23:00:19.0088 3248 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

23:00:19.0088 3248 RasAcd - ok

23:00:19.0150 3248 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

23:00:19.0150 3248 RasAgileVpn - ok

23:00:19.0197 3248 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:00:19.0197 3248 Rasl2tp - ok

23:00:19.0228 3248 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

23:00:19.0228 3248 RasPppoe - ok

23:00:19.0291 3248 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

23:00:19.0306 3248 RasSstp - ok

23:00:19.0338 3248 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

23:00:19.0338 3248 rdbss - ok

23:00:19.0369 3248 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

23:00:19.0369 3248 rdpbus - ok

23:00:19.0400 3248 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:00:19.0400 3248 RDPCDD - ok

23:00:19.0447 3248 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

23:00:19.0462 3248 RDPDR - ok

23:00:19.0509 3248 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

23:00:19.0509 3248 RDPENCDD - ok

23:00:19.0540 3248 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

23:00:19.0540 3248 RDPREFMP - ok

23:00:19.0572 3248 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

23:00:19.0572 3248 RDPWD - ok

23:00:19.0618 3248 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

23:00:19.0618 3248 rdyboost - ok

23:00:19.0712 3248 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

23:00:19.0712 3248 RFCOMM - ok

23:00:19.0774 3248 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

23:00:19.0774 3248 rspndr - ok

23:00:19.0806 3248 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

23:00:19.0806 3248 s3cap - ok

23:00:19.0837 3248 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

23:00:19.0852 3248 sbp2port - ok

23:00:19.0884 3248 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

23:00:19.0884 3248 scfilter - ok

23:00:19.0977 3248 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

23:00:19.0977 3248 secdrv - ok

23:00:20.0024 3248 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

23:00:20.0024 3248 Serenum - ok

23:00:20.0149 3248 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

23:00:20.0149 3248 Serial - ok

23:00:20.0196 3248 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

23:00:20.0196 3248 sermouse - ok

23:00:20.0242 3248 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

23:00:20.0242 3248 sffdisk - ok

23:00:20.0289 3248 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

23:00:20.0289 3248 sffp_mmc - ok

23:00:20.0305 3248 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

23:00:20.0305 3248 sffp_sd - ok

23:00:20.0383 3248 sfhlp01 - ok

23:00:20.0430 3248 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

23:00:20.0430 3248 sfloppy - ok

23:00:20.0570 3248 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

23:00:20.0586 3248 SiSRaid2 - ok

23:00:20.0617 3248 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

23:00:20.0617 3248 SiSRaid4 - ok

23:00:20.0664 3248 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

23:00:20.0664 3248 Smb - ok

23:00:20.0820 3248 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

23:00:20.0820 3248 spldr - ok

23:00:20.0944 3248 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys

23:00:20.0944 3248 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97

23:00:20.0944 3248 sptd ( LockedFile.Multi.Generic ) - warning

23:00:20.0944 3248 sptd - detected LockedFile.Multi.Generic (1)

23:00:21.0022 3248 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

23:00:21.0022 3248 srv - ok

23:00:21.0054 3248 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

23:00:21.0069 3248 srv2 - ok

23:00:21.0100 3248 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

23:00:21.0116 3248 srvnet - ok

23:00:21.0178 3248 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

23:00:21.0178 3248 stexstor - ok

23:00:21.0225 3248 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

23:00:21.0225 3248 storflt - ok

23:00:21.0272 3248 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

23:00:21.0288 3248 storvsc - ok

23:00:21.0350 3248 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

23:00:21.0350 3248 swenum - ok

23:00:21.0537 3248 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

23:00:21.0568 3248 Tcpip - ok

23:00:21.0678 3248 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

23:00:21.0693 3248 TCPIP6 - ok

23:00:21.0787 3248 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

23:00:21.0787 3248 tcpipreg - ok

23:00:21.0849 3248 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

23:00:21.0849 3248 TDPIPE - ok

23:00:21.0880 3248 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

23:00:21.0880 3248 TDTCP - ok

23:00:21.0927 3248 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

23:00:21.0943 3248 tdx - ok

23:00:21.0958 3248 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

23:00:21.0974 3248 TermDD - ok

23:00:22.0146 3248 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:00:22.0146 3248 tssecsrv - ok

23:00:22.0177 3248 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

23:00:22.0192 3248 TsUsbFlt - ok

23:00:22.0224 3248 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

23:00:22.0224 3248 TsUsbGD - ok

23:00:22.0286 3248 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

23:00:22.0286 3248 tunnel - ok

23:00:22.0317 3248 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

23:00:22.0317 3248 uagp35 - ok

23:00:22.0348 3248 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

23:00:22.0364 3248 udfs - ok

23:00:22.0473 3248 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

23:00:22.0473 3248 uliagpkx - ok

23:00:22.0536 3248 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

23:00:22.0536 3248 umbus - ok

23:00:22.0598 3248 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

23:00:22.0598 3248 UmPass - ok

23:00:22.0692 3248 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

23:00:22.0692 3248 usbccgp - ok

23:00:22.0801 3248 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

23:00:22.0801 3248 usbcir - ok

23:00:22.0863 3248 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

23:00:22.0863 3248 usbehci - ok

23:00:22.0926 3248 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

23:00:22.0941 3248 usbhub - ok

23:00:22.0972 3248 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

23:00:22.0972 3248 usbohci - ok

23:00:23.0050 3248 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

23:00:23.0050 3248 usbprint - ok

23:00:23.0082 3248 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:00:23.0082 3248 USBSTOR - ok

23:00:23.0144 3248 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

23:00:23.0144 3248 usbuhci - ok

23:00:23.0222 3248 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys

23:00:23.0222 3248 VClone - ok

23:00:23.0331 3248 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

23:00:23.0331 3248 vdrvroot - ok

23:00:23.0394 3248 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

23:00:23.0394 3248 vga - ok

23:00:23.0409 3248 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

23:00:23.0409 3248 VgaSave - ok

23:00:23.0440 3248 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

23:00:23.0440 3248 vhdmp - ok

23:00:23.0487 3248 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

23:00:23.0487 3248 viaide - ok

23:00:23.0534 3248 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

23:00:23.0534 3248 vmbus - ok

23:00:23.0565 3248 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

23:00:23.0565 3248 VMBusHID - ok

23:00:23.0643 3248 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

23:00:23.0643 3248 volmgr - ok

23:00:23.0674 3248 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

23:00:23.0690 3248 volmgrx - ok

23:00:23.0721 3248 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

23:00:23.0721 3248 volsnap - ok

23:00:23.0799 3248 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

23:00:23.0799 3248 vsmraid - ok

23:00:23.0862 3248 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

23:00:23.0862 3248 vwifibus - ok

23:00:23.0986 3248 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

23:00:23.0986 3248 WacomPen - ok

23:00:24.0033 3248 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:00:24.0033 3248 WANARP - ok

23:00:24.0049 3248 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:00:24.0049 3248 Wanarpv6 - ok

23:00:24.0220 3248 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

23:00:24.0220 3248 Wd - ok

23:00:24.0267 3248 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

23:00:24.0267 3248 Wdf01000 - ok

23:00:24.0454 3248 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

23:00:24.0454 3248 WfpLwf - ok

23:00:24.0486 3248 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

23:00:24.0486 3248 WIMMount - ok

23:00:24.0704 3248 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

23:00:24.0704 3248 WinUsb - ok

23:00:24.0766 3248 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

23:00:24.0766 3248 WmiAcpi - ok

23:00:24.0876 3248 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

23:00:24.0876 3248 ws2ifsl - ok

23:00:24.0938 3248 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

23:00:24.0938 3248 WudfPf - ok

23:00:24.0985 3248 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:00:24.0985 3248 WUDFRd - ok

23:00:25.0094 3248 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

23:00:25.0110 3248 \Device\Harddisk0\DR0 - ok

23:00:25.0110 3248 Boot (0x1200) (1c230dbbd80cd1c044487ffeeead2a52) \Device\Harddisk0\DR0\Partition0

23:00:25.0110 3248 \Device\Harddisk0\DR0\Partition0 - ok

23:00:25.0141 3248 Boot (0x1200) (add7d245f6fc8504db23130050ee221c) \Device\Harddisk0\DR0\Partition1

23:00:25.0141 3248 \Device\Harddisk0\DR0\Partition1 - ok

23:00:25.0156 3248 Boot (0x1200) (a7ac71c25b4f4fec1825edaba1e4801f) \Device\Harddisk0\DR0\Partition2

23:00:25.0156 3248 \Device\Harddisk0\DR0\Partition2 - ok

23:00:25.0156 3248 ============================================================

23:00:25.0156 3248 Scan finished

23:00:25.0156 3248 ============================================================

23:00:25.0172 1716 Detected object count: 1

23:00:25.0172 1716 Actual detected object count: 1

23:00:39.0836 1716 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine

23:00:39.0852 1716 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine

 

 

 

To są stare sterowniki zabezpieczenia StarForce. Należy je usunąć. Deinstalator starych wersji -> http://www.star-forc...pport/drivers/.

 

Problemik.

przechwytywaniepn.jpg

 

 

Wedle tego co wyczytałem to jest to jakaś usługa powiązana ze słuchawkami i/lub mikrofonem. Czy posiadasz któreś z tych urządzeń?

 

Nie mam mikrofonu, mam wbudowany głośnik. Ale niedawno instalowałem sterowniki karty dźwiękowej. Ale w sumie to, że je zainstalowałem to nic nie zmieniło, jedynie to, że zniknęła informacja z windows update.

 

OTL Skrypt:

 

All processes killed

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&ksportuj do programu Microsoft Excel\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&ksportuj do programu Microsoft Excel\ not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence not found.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: eMeM

->Temp folder emptied: 957791 bytes

->Temporary Internet Files folder emptied: 74898436 bytes

->Java cache emptied: 2034726 bytes

->FireFox cache emptied: 462438741 bytes

->Flash cache emptied: 5683 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 541788 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 516,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 10232011_230742

 

Files\Folders moved on Reboot...

C:\Users\eMeM\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

 

Registry entries deleted on Reboot...

 

 

 

OTL.txt (Pliki młodsze niż 7 dni):

 

 

OTL logfile created on: 2011-10-23 23:14:54 - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\eMeM\Desktop\Pobieranie

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

1,99 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,79% Memory free

3,98 Gb Paging File | 2,85 Gb Available in Paging File | 71,49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 80,00 Gb Total Space | 35,28 Gb Free Space | 44,10% Space Free | Partition Type: NTFS

Drive D: | 152,79 Gb Total Space | 133,88 Gb Free Space | 87,63% Space Free | Partition Type: NTFS

 

Computer Name: EMEM-KOMPUTER | User Name: eMeM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011-10-23 17:20:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\eMeM\Desktop\Pobieranie\OTL.exe

PRC - [2011-09-30 14:50:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Programy\Mozilla Firefox\firefox.exe

PRC - [2011-04-06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oasrv.exe

PRC - [2011-04-06 13:01:06 | 002,477,032 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oaui.exe

PRC - [2011-04-06 13:01:06 | 000,433,560 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\OAReg.exe

PRC - [2011-04-06 13:01:04 | 001,165,336 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oahlp.exe

PRC - [2011-04-06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oacat.exe

PRC - [2009-08-29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011-09-30 14:50:45 | 001,833,944 | ---- | M] () -- D:\Programy\Mozilla Firefox\mozjs.dll

MOD - [2009-08-29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2007-02-06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)

SRV - [2011-04-06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programy\Online Armor\oasrv.exe -- (SvcOnlineArmor)

SRV - [2011-04-06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programy\Online Armor\OAcat.exe -- (OAcat)

SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011-10-20 16:46:25 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2011-04-06 13:01:30 | 000,032,920 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet)

DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011-01-15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2009-09-23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-06-10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Sterownik karty Intel®

DRV:64bit: - [2009-06-10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Sterownik połączenia sieciowego Intel®

DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008-04-24 17:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2011-04-06 13:02:26 | 000,055,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)

DRV - [2011-04-06 13:01:30 | 000,059,176 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)

DRV - [2011-04-06 13:01:30 | 000,038,064 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)

DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2004-04-08 12:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)

DRV - [2004-04-08 10:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)

DRV - [2003-12-01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)

DRV - [2003-09-06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Programy\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programy\Mozilla Firefox\components [2011-10-04 18:47:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2011-10-16 18:39:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: D:\Programy\Mozilla Thunderbird\components [2011-10-04 18:47:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: D:\Programy\Mozilla Thunderbird\plugins [2011-10-16 18:39:08 | 000,000,000 | ---D | M]

 

[2011-08-30 15:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMeM\AppData\Roaming\mozilla\Extensions

[2011-09-30 14:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMeM\AppData\Roaming\mozilla\Firefox\Profiles\pampk215.emem\extensions

[2011-09-20 10:04:39 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\USERS\EMEM\APPDATA\ROAMING\THUNDERBIRD\PROFILES\I2OIS3VG.DEFAULT\EXTENSIONS\MINTRAYR@TN123.ATH.CX

 

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] D:\Programy\Online Armor\oaui.exe (Emsi Software GmbH)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000..\Run: [F.lux] C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O7 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D40224D-17C7-4509-88F8-3B488A83DC64}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AEC1F91-4522-4851-B992-651511891896}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{62bf0940-fb2a-11e0-946a-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{62bf0940-fb2a-11e0-946a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe

O33 - MountPoints2\{6b710be5-dee3-11e0-b706-002186671253}\Shell - "" = AutoRun

O33 - MountPoints2\{6b710be5-dee3-11e0-b706-002186671253}\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\{88f61b9d-ee77-11e0-85bb-002186671253}\Shell - "" = AutoRun

O33 - MountPoints2\{88f61b9d-ee77-11e0-85bb-002186671253}\Shell\AutoRun\command - "" = G:\Autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 7 Days ==========

 

[2011-10-23 23:07:42 | 000,000,000 | ---D | C] -- C:\_OTL

[2011-10-23 23:00:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2011-10-23 17:56:18 | 000,000,000 | ---D | C] -- C:\Users\eMeM\Desktop\100CANON

[2011-10-21 16:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices

 

========== Files - Modified Within 7 Days ==========

 

[2011-10-23 23:11:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011-10-23 23:11:05 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys

[2011-10-23 17:55:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011-10-23 17:07:05 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011-10-23 17:07:05 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011-10-23 17:04:45 | 001,707,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011-10-23 17:04:45 | 000,762,672 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat

[2011-10-23 17:04:45 | 000,672,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011-10-23 17:04:45 | 000,155,834 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat

[2011-10-23 17:04:45 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011-10-20 16:50:47 | 000,000,235 | ---- | M] () -- C:\Users\eMeM\Documents\ax_files.xml

[2011-10-20 16:46:25 | 000,503,352 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys

[2011-10-20 16:33:28 | 000,000,671 | ---- | M] () -- C:\Users\Public\Desktop\Play ToCA Race Driver 2.lnk

[2011-10-19 21:57:51 | 000,000,000 | -H-- | M] () -- C:\Users\eMeM\Documents\Default.rdp

[2011-10-18 16:15:12 | 000,000,278 | R--- | M] () -- C:\Users\eMeM\Show_Hidden_Files_On_Off.vbs

[2011-10-18 15:32:35 | 000,001,138 | ---- | M] () -- C:\Users\eMeM\Desktop\mbam.lnk

 

========== Files Created - No Company Name ==========

 

[2011-10-23 17:55:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011-10-20 16:50:47 | 000,000,235 | ---- | C] () -- C:\Users\eMeM\Documents\ax_files.xml

[2011-10-20 16:46:25 | 000,503,352 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys

[2011-10-20 16:33:28 | 000,000,671 | ---- | C] () -- C:\Users\Public\Desktop\Play ToCA Race Driver 2.lnk

[2011-10-19 21:57:51 | 000,000,000 | -H-- | C] () -- C:\Users\eMeM\Documents\Default.rdp

[2011-10-18 16:15:12 | 000,000,278 | R--- | C] () -- C:\Users\eMeM\Show_Hidden_Files_On_Off.vbs

[2011-10-18 15:32:35 | 000,001,138 | ---- | C] () -- C:\Users\eMeM\Desktop\mbam.lnk

[2011-09-22 17:32:25 | 000,007,597 | ---- | C] () -- C:\Users\eMeM\AppData\Local\Resmon.ResmonCfg

[2011-09-05 11:55:39 | 000,059,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys

[2011-09-05 11:55:39 | 000,055,088 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys

[2009-09-23 19:21:08 | 002,050,952 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin

[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

 

========== LOP Check ==========

 

[2011-10-23 14:13:03 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\.purple

[2011-09-09 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Foxit Software

[2011-10-03 23:52:23 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\gtk-2.0

[2011-10-04 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Leadertech

[2011-09-05 11:59:00 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\OnlineArmor

[2011-09-19 23:19:36 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Thunderbird

[2011-10-22 14:02:24 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\uTorrent

[2011-09-23 15:09:15 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

< End of report >

 

 

 

 

OTL Extras.txt:

 

 

OTL Extras logfile created on: 2011-10-23 23:14:54 - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\eMeM\Desktop\Pobieranie

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

1,99 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,79% Memory free

3,98 Gb Paging File | 2,85 Gb Available in Paging File | 71,49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 80,00 Gb Total Space | 35,28 Gb Free Space | 44,10% Space Free | Partition Type: NTFS

Drive D: | 152,79 Gb Total Space | 133,88 Gb Free Space | 87,63% Space Free | Partition Type: NTFS

 

Computer Name: EMEM-KOMPUTER | User Name: eMeM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Programy\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007

"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"HDMI" = Intel® Graphics Media Accelerator Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile

"WinRAR archiver" = WinRAR 4.01 (64-bitowy)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java 7

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0415-1000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2

"{F8718F95-21A1-44B9-97EC-679C93020BAE}" = Colin McRae Rally 04

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Eurobattle.net1.26" = Eurobattle.net

"EuroPoker Tournament Director's Poker Clock" = EuroPoker Tournament Director's Poker Clock

"Foxit Reader_is1" = Foxit Reader 5.0

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.2.1300

"Mozilla Firefox 7.0.1 (x86 pl)" = Mozilla Firefox 7.0.1 (x86 pl)

"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)

"OnlineArmor_is1" = Online Armor 5.0

"Pidgin" = Pidgin

"uTorrent" = µTorrent

"Winamp" = Winamp

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Flux" = F.lux

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2011-10-20 10:46:00 | Computer Name = eMeM-komputer | Source = VSS | ID = 8194

Description =

 

Error - 2011-10-20 10:46:01 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-20 10:53:22 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-20 10:53:32 | Computer Name = eMeM-komputer | Source = Application Error | ID = 1000

Description = Nazwa aplikacji powodującej błąd: Au_.exe, wersja: 4.36.1.2033, sygnatura

czasowa: 0x4c93644f Nazwa modułu powodującego błąd: nsDialogs.dll, wersja: 0.0.0.0,

sygnatura czasowa: 0x4b1ae3a8 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00001939

Identyfikator

procesu powodującego błąd: 0xc90 Godzina uruchomienia aplikacji powodującej błąd:

0x01cc8f37f42959c4 Ścieżka aplikacji powodującej błąd: C:\Users\eMeM\AppData\Local\Temp\~nsu.tmp\Au_.exe

Ścieżka

modułu powodującego błąd: C:\Users\eMeM\AppData\Local\Temp\nsa7B57.tmp\nsDialogs.dll

Identyfikator

raportu: 46bc2f1c-fb2b-11e0-aea8-002186671253

 

Error - 2011-10-20 16:07:11 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-21 03:45:54 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-21 10:26:31 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-23 10:12:51 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-23 13:00:03 | Computer Name = eMeM-komputer | Source = Windows Backup | ID = 4103

Description =

 

Error - 2011-10-23 17:07:45 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

[ System Events ]

Error - 2011-10-22 16:13:16 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-22 16:13:42 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

Error - 2011-10-23 07:01:07 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-23 07:01:33 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

Error - 2011-10-23 09:46:36 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-23 09:47:02 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

Error - 2011-10-23 10:44:49 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-23 10:45:14 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

Error - 2011-10-23 17:11:04 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-23 17:11:32 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

 

< End of report >

 

 

 

Odnośnik do komentarza

kominekl

 

Tak jak mówi peter2012, w dziale Malware jest określony regulamin: KLIK. To ma na celu uniknąć m.in. podawania skryptów, które są niewłaściwe. Popatrzmy na Twój skrypt:

 

Komenda [clearallrestorepoints] działa na XP, nie na Vista i Windows 7, na którym jest zdolna tylko utworzyć nowy punkt przywracania. A nawet gdyby działała na tych systemach, to nie wiem co to za akcja, by czyścić bezpodstawnie wszystkie punkty przywracania. Linie "Extra context menu item" to nie są rzeczywiste "not found", tylko dlatego tak się pokazuje, że na końcu są kreski w odwrotną stronę - dla porównania, na liście zainstalowanych Office siedzi i ma się dobrze. Wpis FF "...microsoft.com/GENUINE" zawsze jest "not found" i tego się nie usuwa. Należy także wątpić, czy to było "not found":

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found

... gdyż na liście zainstalowanych jest 64-bitowy Flash:

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

... czyli pasujący do 64-bitowej wersji Firefox (taka tu nie jest zainstalowana).

 

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

I nie wiem co miałeś na myśli chcąc usuwać tę linię Intel.

 

 

 

Walkerowy

 

Jaki powód zakładania tematu w dziale Malware? To nie jest dział analizy logów, tylko dział diagnostyki infekcji. Logi są tylko narzędziem wyciągania danych i mogą być umieszczone w dowolnym dziale, w którym mogą się okazać pomocne. Temat przesuwam do działu Windows.

 

1. Skoro nie ma tu 64-bitowego Firefox, a już wpis 64-bitowego Flash został wyrżnięty, to odinstaluj 64-bitowy Flash. On nie jest tu potrzebny wcale, masz 32-bitowy Firefox do którego pasuje 32-bitowy Flash, który tu jest obecny:

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

2.

23:00:39.0836 1716 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine

23:00:39.0852 1716 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine

Błąd decyzyjny - tu należało dobrać Skip. To nie jest zagrożenie. Cytuję z opisu TDSSKiller:

 

Uwaga: przed podjęciem jakichkolwiek kroków na własną rękę najlepiej się skonsultować, ponieważ wyniki niekoniecznie mogą być rzeczywistym zagrożeniem i mieć kwalifikację do usuwania. Przykładowo, podstawowym obiektem wchodzącym w paradę jest sterownik emulacji napędów wirtualnych SPTD i Kaspersky będzie punktował ten obiekt jako "podejrzany", plik określi jako zablokowany, ale ustawi mu domyślną akcję na Skip. Przypominam ponownie główne ogłoszenie działu: Oprogramowanie emulujące napędy.

 

tdsskillersptd.png

 

Wprawdzie w ostatnim OTL sterownik ten jest w dobrym samopoczuciu:

 

DRV:64bit: - [2011-10-20 16:46:25 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

Ale są wątpliwości czy zresetowałeś system po użyciu TDSSKiller (co finalizuje akcję). Jeśli rzeczywiście SPTD okaże się usunięty, a masz na dysku program go używający, należy ten sterownik przeinstalować narzędziem SPTDinst.

 

3.

Error - 2011-10-23 10:44:49 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-23 10:45:14 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

Stare sterowniki StarForce usuniesz skryptem do OTL o zawartości:

 

:OTL
DRV - [2004-04-08 12:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004-04-08 10:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003-12-01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003-09-06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)

 

 

 

 

.

Odnośnik do komentarza

1. Ok, 64-bit odinstalowany.

2. Przede wszystkim, nie mam oprogramowania emulującego napędy. Co dalej z tym sterownikiem SPTD?

========== OTL ==========

Service prohlp02 stopped successfully!

Service prohlp02 deleted successfully!

C:\Windows\SysWOW64\drivers\prohlp02.sys moved successfully.

Service prodrv06 stopped successfully!

Service prodrv06 deleted successfully!

C:\Windows\SysWOW64\drivers\prodrv06.sys moved successfully.

Service sfhlp01 stopped successfully!

Service sfhlp01 deleted successfully!

C:\Windows\SysWOW64\drivers\sfhlp01.sys moved successfully.

Service prosync1 stopped successfully!

Service prosync1 deleted successfully!

C:\Windows\SysWOW64\drivers\prosync1.sys moved successfully.

 

OTL by OldTimer - Version 3.2.31.0 log created on 10242011_132935

Odnośnik do komentarza
Używany był na tym komputerze program Virtual Clone Driver, był usunięty, ale np wpis w msconfig w miejscu uruchamiania pozostał. Proszę o pomoc w usunięciu pozostałości.

 

1. Virtual Clone Drive nie używa sterownika SPTD, posiłkuje się własnym, czyli:

 

DRV:64bit: - [2011-01-15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

Usunięcie tego sterownika:

- Start > w polu szukania wpisz devmgmt.msc > z prawokliku Uruchom jako Administrator > w menu Widok włącz pokazywanie ukrytych i w gałęzi "Sterowniki niezgodne z Plug and Play" szukaj tego obiektu do deinstalacji.

- Następnie przepuść skrypt OTL o zawartości:

 

:OTL
DRV:64bit: - [2011-01-15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

2. OTL w domyślnej konfiguracji nie skanuje wyłączonych w msconfig wpisów. Jeśli chcesz usunąć taki rodzaj wpisu, to udaj się wprost do rejestru. Virtual Clone Drive startuje przez rejestr, czyli wyłączony wpis w msconfig powinien siedzieć tu:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

 

 

A i przypominam sobie, że również był trial Alcohol 120%...

 

To jest prawdopodobny twórca SPTD. Deinstalacja Alcohol nie usuwa z systemu sterownika SPTD.

 

 

 

 

.

Odnośnik do komentarza

OTL.Txt

 

OTL logfile created on: 2011-10-24 20:07:55 - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\eMeM\Desktop\Pobieranie

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

1,99 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 70,60% Memory free

3,98 Gb Paging File | 3,13 Gb Available in Paging File | 78,50% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 80,00 Gb Total Space | 34,89 Gb Free Space | 43,61% Space Free | Partition Type: NTFS

Drive D: | 152,79 Gb Total Space | 133,88 Gb Free Space | 87,63% Space Free | Partition Type: NTFS

 

Computer Name: EMEM-KOMPUTER | User Name: eMeM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011-10-23 17:20:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\eMeM\Desktop\Pobieranie\OTL.exe

PRC - [2011-04-06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oasrv.exe

PRC - [2011-04-06 13:01:06 | 002,477,032 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oaui.exe

PRC - [2011-04-06 13:01:06 | 000,433,560 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\OAReg.exe

PRC - [2011-04-06 13:01:04 | 001,165,336 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oahlp.exe

PRC - [2011-04-06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oacat.exe

PRC - [2009-08-29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2009-08-29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2007-02-06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)

SRV - [2011-04-06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programy\Online Armor\oasrv.exe -- (SvcOnlineArmor)

SRV - [2011-04-06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programy\Online Armor\OAcat.exe -- (OAcat)

SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011-04-06 13:01:30 | 000,032,920 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet)

DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2009-09-23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-06-10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Sterownik karty Intel®

DRV:64bit: - [2009-06-10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Sterownik połączenia sieciowego Intel®

DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008-04-24 17:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2011-04-06 13:02:26 | 000,055,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)

DRV - [2011-04-06 13:01:30 | 000,059,176 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)

DRV - [2011-04-06 13:01:30 | 000,038,064 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)

DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Programy\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programy\Mozilla Firefox\components [2011-10-04 18:47:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2011-10-16 18:39:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: D:\Programy\Mozilla Thunderbird\components [2011-10-04 18:47:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: D:\Programy\Mozilla Thunderbird\plugins [2011-10-16 18:39:08 | 000,000,000 | ---D | M]

 

[2011-08-30 15:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMeM\AppData\Roaming\mozilla\Extensions

[2011-09-30 14:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMeM\AppData\Roaming\mozilla\Firefox\Profiles\pampk215.emem\extensions

[2011-09-20 10:04:39 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\USERS\EMEM\APPDATA\ROAMING\THUNDERBIRD\PROFILES\I2OIS3VG.DEFAULT\EXTENSIONS\MINTRAYR@TN123.ATH.CX

 

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] D:\Programy\Online Armor\oaui.exe (Emsi Software GmbH)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000..\Run: [F.lux] C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O7 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D40224D-17C7-4509-88F8-3B488A83DC64}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AEC1F91-4522-4851-B992-651511891896}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{62bf0940-fb2a-11e0-946a-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{62bf0940-fb2a-11e0-946a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe

O33 - MountPoints2\{6b710be5-dee3-11e0-b706-002186671253}\Shell - "" = AutoRun

O33 - MountPoints2\{6b710be5-dee3-11e0-b706-002186671253}\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\{88f61b9d-ee77-11e0-85bb-002186671253}\Shell - "" = AutoRun

O33 - MountPoints2\{88f61b9d-ee77-11e0-85bb-002186671253}\Shell\AutoRun\command - "" = G:\Autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 7 Days ==========

 

[2011-10-23 23:07:42 | 000,000,000 | ---D | C] -- C:\_OTL

[2011-10-23 23:00:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2011-10-23 17:56:18 | 000,000,000 | ---D | C] -- C:\Users\eMeM\Desktop\100CANON

[2011-10-21 16:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices

 

========== Files - Modified Within 7 Days ==========

 

[2011-10-24 20:06:12 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011-10-24 20:06:12 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011-10-24 20:03:19 | 001,707,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011-10-24 20:03:19 | 000,762,672 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat

[2011-10-24 20:03:19 | 000,672,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011-10-24 20:03:19 | 000,155,834 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat

[2011-10-24 20:03:19 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011-10-24 19:58:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011-10-24 19:58:43 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys

[2011-10-24 13:46:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2011-10-23 17:55:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011-10-20 16:50:47 | 000,000,235 | ---- | M] () -- C:\Users\eMeM\Documents\ax_files.xml

[2011-10-20 16:33:28 | 000,000,671 | ---- | M] () -- C:\Users\Public\Desktop\Play ToCA Race Driver 2.lnk

[2011-10-19 21:57:51 | 000,000,000 | -H-- | M] () -- C:\Users\eMeM\Documents\Default.rdp

[2011-10-18 16:15:12 | 000,000,278 | R--- | M] () -- C:\Users\eMeM\Show_Hidden_Files_On_Off.vbs

[2011-10-18 15:32:35 | 000,001,138 | ---- | M] () -- C:\Users\eMeM\Desktop\mbam.lnk

 

========== Files Created - No Company Name ==========

 

[2011-10-23 17:55:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011-10-20 16:50:47 | 000,000,235 | ---- | C] () -- C:\Users\eMeM\Documents\ax_files.xml

[2011-10-20 16:33:28 | 000,000,671 | ---- | C] () -- C:\Users\Public\Desktop\Play ToCA Race Driver 2.lnk

[2011-10-19 21:57:51 | 000,000,000 | -H-- | C] () -- C:\Users\eMeM\Documents\Default.rdp

[2011-10-18 16:15:12 | 000,000,278 | R--- | C] () -- C:\Users\eMeM\Show_Hidden_Files_On_Off.vbs

[2011-10-18 15:32:35 | 000,001,138 | ---- | C] () -- C:\Users\eMeM\Desktop\mbam.lnk

[2011-09-22 17:32:25 | 000,007,597 | ---- | C] () -- C:\Users\eMeM\AppData\Local\Resmon.ResmonCfg

[2011-09-05 11:55:39 | 000,059,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys

[2011-09-05 11:55:39 | 000,055,088 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys

[2009-09-23 19:21:08 | 002,050,952 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin

[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

 

========== LOP Check ==========

 

[2011-10-24 00:46:51 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\.purple

[2011-09-09 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Foxit Software

[2011-10-03 23:52:23 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\gtk-2.0

[2011-10-04 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Leadertech

[2011-09-05 11:59:00 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\OnlineArmor

[2011-09-19 23:19:36 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Thunderbird

[2011-10-22 14:02:24 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\uTorrent

[2011-09-23 15:09:15 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

< End of report >

 

 

 

Extras.Txt

 

OTL Extras logfile created on: 2011-10-24 20:07:55 - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\eMeM\Desktop\Pobieranie

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

1,99 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 70,60% Memory free

3,98 Gb Paging File | 3,13 Gb Available in Paging File | 78,50% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 80,00 Gb Total Space | 34,89 Gb Free Space | 43,61% Space Free | Partition Type: NTFS

Drive D: | 152,79 Gb Total Space | 133,88 Gb Free Space | 87,63% Space Free | Partition Type: NTFS

 

Computer Name: EMEM-KOMPUTER | User Name: eMeM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Programy\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007

"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"HDMI" = Intel® Graphics Media Accelerator Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile

"WinRAR archiver" = WinRAR 4.01 (64-bitowy)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java 7

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0415-1000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2

"{F8718F95-21A1-44B9-97EC-679C93020BAE}" = Colin McRae Rally 04

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Eurobattle.net1.26" = Eurobattle.net

"EuroPoker Tournament Director's Poker Clock" = EuroPoker Tournament Director's Poker Clock

"Foxit Reader_is1" = Foxit Reader 5.0

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.2.1300

"Mozilla Firefox 7.0.1 (x86 pl)" = Mozilla Firefox 7.0.1 (x86 pl)

"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)

"OnlineArmor_is1" = Online Armor 5.0

"Pidgin" = Pidgin

"uTorrent" = µTorrent

"Winamp" = Winamp

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Flux" = F.lux

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2011-10-20 10:46:00 | Computer Name = eMeM-komputer | Source = VSS | ID = 8194

Description =

 

Error - 2011-10-20 10:46:01 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-20 10:53:22 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-20 10:53:32 | Computer Name = eMeM-komputer | Source = Application Error | ID = 1000

Description = Nazwa aplikacji powodującej błąd: Au_.exe, wersja: 4.36.1.2033, sygnatura

czasowa: 0x4c93644f Nazwa modułu powodującego błąd: nsDialogs.dll, wersja: 0.0.0.0,

sygnatura czasowa: 0x4b1ae3a8 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00001939

Identyfikator

procesu powodującego błąd: 0xc90 Godzina uruchomienia aplikacji powodującej błąd:

0x01cc8f37f42959c4 Ścieżka aplikacji powodującej błąd: C:\Users\eMeM\AppData\Local\Temp\~nsu.tmp\Au_.exe

Ścieżka

modułu powodującego błąd: C:\Users\eMeM\AppData\Local\Temp\nsa7B57.tmp\nsDialogs.dll

Identyfikator

raportu: 46bc2f1c-fb2b-11e0-aea8-002186671253

 

Error - 2011-10-20 16:07:11 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-21 03:45:54 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-21 10:26:31 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-23 10:12:51 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

Error - 2011-10-23 13:00:03 | Computer Name = eMeM-komputer | Source = Windows Backup | ID = 4103

Description =

 

Error - 2011-10-23 17:07:45 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193

Description =

 

[ System Events ]

Error - 2011-10-23 07:01:07 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-23 07:01:33 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

Error - 2011-10-23 09:46:36 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-23 09:47:02 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

Error - 2011-10-23 10:44:49 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-23 10:45:14 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

Error - 2011-10-23 17:11:04 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-23 17:11:32 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

Error - 2011-10-24 07:17:08 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060

Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało

zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania

w celu uzyskania zgodnej wersji sterownika.

 

Error - 2011-10-24 07:17:36 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

 

 

< End of report >

 

 

 

1. Sterownika nie znalazłem, ale skrypt wykonałem ze skutkiem pomyślnym.

 

2. Wpis w rejestrze został przeze mnie usunięty.

 

3. SPTD został przeze mnie usunięty programem SPTDinst.

Odnośnik do komentarza
Jak usunąć tę usługę

 

Czy Ty aby nie przesadzasz? Nie widzę podstaw do zajmowania się tym.

 

 

czy z logów z tego posta wszystko wporządku?

 

Tak. I jeszcze możesz sobie zaktualizować wtyczkę Adobe Flash w IE, bo masz ją zainstalowaną w starszej wersji 10 (czyli: instalacja Flash musi się odbyć z poziomu IE).

 

 

I jak skasować folder TDSSKiller_Quarantine z dysku C:?

Czy jest jakaś funkcja tak jak np. w OTL Czyszczenie czy po prostu PPM i usuń?

 

Nie ma żadnej funkcji auto, po prostu usuń to ręcznie.

 

 

.

Odnośnik do komentarza
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...